Abstract
We propose a new security paradigm that makes cross-layer personalization a premier component in the design of security solutions for computer infrastructure and situational awareness. This paradigm is based on the observation that computer systems have a personalized usage profile that depends on the user and his activities. Further, it spans the various layers of abstraction that make up a computer system, as if the user embedded his own DNA into the computer system. To realize such a paradigm, we discuss the design of a comprehensive and cross-layer profiling approach, which can be adopted to boost the effectiveness of various security solutions, e.g., malware detection, insider attacker prevention and continuous authentication. The current state-of-the-art in computer infrastructure defense solutions focuses on one layer of operation with deployments coming in a "one size fits all" format, without taking into account the unique way people use their computers. The key novelty of our proposal is the cross-layer personalization, where we derive the distinguishable behaviors from the intelligence of three layers of abstraction. First, we combine intelligence from: a) the user layer, (e.g., mouse click patterns); b) the operating system layer; c) the network layer. Second, we develop cross-layer personalized profiles for system usage. We will limit our scope to companies and organizations, where computers are used in a more routine and one-on-one style, before we expand our research to personally owned computers. Our preliminary results show that just the time accesses in user web logs are already sufficient to distinguish users from each other, with users of the same demographics showing similarities in their profiles. Our goal is to challenge today's paradigm for anomaly detection that seems to follow a monoculture and treat each layer in isolation. We also discuss deployment, performance overhead, and privacy issues raised by our paradigm.
©2016 ACM.
©2016 ACM.
| Original language | English |
|---|---|
| Title of host publication | NSPW '16 |
| Subtitle of host publication | Proceedings of the 2016 New Security Paradigms Workshop |
| Publisher | Association for Computing Machinery |
| Pages | 23-35 |
| ISBN (Print) | 978-1-4503-4813-3 |
| DOIs | |
| Publication status | Published - Sept 2016 |
| Externally published | Yes |
| Event | 25th New Security Paradigms Workshop, NSPW 2016 - Granby, United States Duration: 26 Sept 2016 → 29 Sept 2016 |
Publication series
| Name | ACM International Conference Proceeding Series |
|---|---|
| Volume | 26-29-September-2016 |
Conference
| Conference | 25th New Security Paradigms Workshop, NSPW 2016 |
|---|---|
| Country/Territory | United States |
| City | Granby |
| Period | 26/09/16 → 29/09/16 |
Bibliographical note
Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].Research Keywords
- Cross-layer personalization
- Intrusion detection system