Cross-layer personalization as a first-class citizen for situation awareness and computer infrastructure security

Aokun Chen, Pratik Brahma, Dapeng Oliver Wu, Natalie Ebner, Brandon Matthews, Jedidiah Crandall, Xuetao Wei, Michalis Faloutsos, Daniela Oliveira

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We propose a new security paradigm that makes cross-layer personalization a premier component in the design of security solutions for computer infrastructure and situational awareness. This paradigm is based on the observation that computer systems have a personalized usage profile that depends on the user and his activities. Further, it spans the various layers of abstraction that make up a computer system, as if the user embedded his own DNA into the computer system. To realize such a paradigm, we discuss the design of a comprehensive and cross-layer profiling approach, which can be adopted to boost the effectiveness of various security solutions, e.g., malware detection, insider attacker prevention and continuous authentication. The current state-of-the-art in computer infrastructure defense solutions focuses on one layer of operation with deployments coming in a "one size fits all" format, without taking into account the unique way people use their computers. The key novelty of our proposal is the cross-layer personalization, where we derive the distinguishable behaviors from the intelligence of three layers of abstraction. First, we combine intelligence from: a) the user layer, (e.g., mouse click patterns); b) the operating system layer; c) the network layer. Second, we develop cross-layer personalized profiles for system usage. We will limit our scope to companies and organizations, where computers are used in a more routine and one-on-one style, before we expand our research to personally owned computers. Our preliminary results show that just the time accesses in user web logs are already sufficient to distinguish users from each other, with users of the same demographics showing similarities in their profiles. Our goal is to challenge today's paradigm for anomaly detection that seems to follow a monoculture and treat each layer in isolation. We also discuss deployment, performance overhead, and privacy issues raised by our paradigm.

Original languageEnglish (US)
Title of host publicationNSPW 2016 - Proceedings of the 2016 New Security Paradigms Workshop
PublisherAssociation for Computing Machinery
Pages23-35
Number of pages13
ISBN (Electronic)9781450348133
DOIs
StatePublished - Sep 26 2016
Externally publishedYes
Event25th New Security Paradigms Workshop, NSPW 2016 - Granby, United States
Duration: Sep 26 2016Sep 29 2016

Publication series

NameACM International Conference Proceeding Series
Volume26-29-September-2016

Conference

Conference25th New Security Paradigms Workshop, NSPW 2016
CountryUnited States
CityGranby
Period9/26/169/29/16

Keywords

  • Cross-layer personalization
  • Intrusion detection system

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Cross-layer personalization as a first-class citizen for situation awareness and computer infrastructure security'. Together they form a unique fingerprint.

Cite this