Sample Current 研究项目

Emulytics

The Emultyics / Operating Systems Intelligence project is collecting data from a wide variety of websites for analysis. The analysis ranges from analyzing specific types of hardware to compare the rate of vulnerabilities by device type and vendor to analyzing frequently publishing 网络安全 experts predictions to determine the best prognosticators 重大网络安全事件. We are specifically collecting and analyzing threats to traditional and non-traditional information technology systems. 此外，我们 are analyzing various online sources to attempt to identify anti-language in 网络安全. This work is being explored collaboratively with and partially supported by Sandia 国家实验室.

The goal of this effort is to automate the 收集 of threat information, processing of the information with the explicit goal of improving the recreation of the APT:

• 工具
• 技术
• 程序 

Some of the initial tasks that NMT is exploring:

• Develop tools (webcrawler) to gather threat information from the internet in an automated 时尚.
  • Pull relevant related information from differing sources and find other sources that are related (such as twitter handles, blogs, …) and crawl sites.
  • Developing algorithms to use this information for deeper associations, techniques to see who is referencing these sites/documents/tagging documents, relationships to users/accounts/…, and develop a methodology to continually gather information, find interesting “new topics” such as new APT 32 or new CVEs and kick off new information 收集.
  • Develop tools to post process the information from the sources to extract key threat 国际奥委会的信息.
• Develop tools to post process the information to pull out CVEs and discover if there are any POC code related to the actor campaigns, identify what application / service was exploited and if it’s downloadable
• Develop tools to post process the information to extract techniques and procedures 从威胁报告中
• Develop tools to post process the information to begin mapping context of the TTP 到MITRE ATT&CK矩阵
  

 

Enterprise-Wide Cybersecurity

Enterprise-Wide Cybersecurity involves analyzing data across individual computer events and traffic in an 企业 to better secure the collective of all machines in the 企业. This large scale work is being explored collaboratively with Sandia National Laboratories and the Institute for Complex Additive Systems Analysis. 

The research project involves integration of the advanced technologies. 

• A threat removal system to automate the movement of recognized threats from an 企业 network to a virtual standin (an advanced honeynet system) using software defined 网络. This system full instruments the virtual standin to collect threat intelligence. Threats can be identified manually and submitted by system administrators or via the process identification system. 
• A process identification system to use process models to recognize threat as they arrive in the 企业 network, which will then send the threat identification to 威胁消除系统. 
• An intelligent system to use threat intelligence collected by the threat removal system to automate generation of new threat models for the process identification system. 

研究概述

Dr. 洛里Liebrock's research interests focus on issues related to 网络安全. Her overriding interest is in 企业-wide 网络安全 to improve large scale 网络安全. She has worked with numerous students on a variety of issues in 网络安全 from analysis of impact of legal and policy changes on organizations, to metrics for determining the effectiveness of classifiers on applied problems, to forensics, 企业-wide 网络安全和乳化. Her approach to 网络安全 research integrates the transdisciplinary breadth of 网络安全 - from computer science, to policy, to 心理学.

She has also done significant research in parallel computing. 一个长期的焦点 is on using problem topology during compilation. In particular, the use of topology to automate data distribution and allow application of regular application optimizations to partially regular problems. She has developed algorithms for automatic distribution of irregularly coupled regular mesh (a.k.a. composite grid or multiblock) problems, e.g., aircraft aerodynamics and water-cooled nuclear reactor simulations, via the 问题拓扑的使用. For use with these automatic distribution algorithms, she has developed a program template and a set of style guidelines for these applications that allow automatic transformation of an application code with no notion of data distribution into a standard High Performance Fortran program with complete distribution 规范.