Space-Time Signal Processing for Detecting and Classifying Distributed Attacks in Networks

A mathematical framework for detection and classification of weak, distributed patterns on computer networks is proposed. The framework will provide rigorous methods for understanding performance bounds and optimality of intrusion detection methods, while also providing concrete and implementable algorithms. The algorithms will find immediate application in cyber-security efforts, as well as more general sensor networks. The mathematical techniques we propose to use include processing of raw data measurements at the nodes into higher-order process states using Numerica’s expertise in advanced multiple hypothesis testing , extensions of recently developed compressed sensing methods for compression of second order statistics, and pattern detection using dependencies in second order data – coherence estimates, for example, provide a low-dimensional statistic for the identification of pattern classes. The research will be conducted in tandem with simulations on synthetic data, and actual Internet traffic in real-time using the PlanetLab emulation test-bed. Experimental simulations will not only be used to test algorithms and validate performance bounds, but also to inform and enhance measurement plans and hypotheses. BENEFIT: The proposed research will provide a rigorous mathematical framework for understanding intrusion detection algorithms on computer networks. These algorithms will provide immediate enhancements to current cyber-security efforts, and consequently will benefit computer network security in the corporate sector, all federal agencies, and national infrastructures where breaches of cyber-security are becoming more prevalent and have potentially catastrophic consequences. Thus, the algorithms will help to ensure the integrity of our nation’s sensitive computer networks. Commercially, the development of cybersecurity algorithms and software is a multi-billion dollar industry annually and expected to grow robustly as our nation’s exposure to cyber threats increases.