MENLO PARK, Calif., Feb. 23, 2016 /PRNewswire/ -- Researchers at SRI International are leading a collaborative effort to create new technologies that will expose advanced persistent threats (APTs), a type of cyberattack responsible for prolonged—and often costly—network security breaches. Funded by a $5.3 million award from the Defense Advanced Research Projects Agency (DARPA), SRI is working with partner institutions Purdue University, University of Wisconsin and University of Georgia to develop the innovative TRacking and Analysis of Causality at Enterprise level (TRACE) system that would quickly detect APTs and minimize the damage they cause.
Modern computing systems typically act like "black boxes" that accept inputs and generate outputs, but provide little visibility into their internal workings. APTs take advantage of this by quietly accessing networks at vulnerable points, then essentially hiding out within the system while stealing information or funds. Because computing systems are so opaque, APTs can cause harm for months or even years before being detected. The so-called Carbanak APT attack, one of the most costly cyberheists in history, went undetected for roughly two years while hackers reportedly stole up to $1 billion from financial institutions around the world.
TRACE is a highly scalable, distributed and programmable tracking and data collection system for enterprise networks. As part of DARPA's Transparent Computing (TC) program that aims to make opaque computing systems transparent in order to expose APTs early, TRACE is built on the foundations of prior work from SRI on provenance tracking and Purdue's research on fine-grained information-flow tracking.
"The main goal of the TRACE project is to make systems more transparent by fine-grained and pervasive tracking of causality information across enterprise networks," says Gabriela Ciocarlie, Ph.D., a senior computer scientist at SRI and principal investigator for the project.
TRACE is designed to promptly detect APTs and other cyberthreats by using provenance information to automatically or semi-automatically "connect the dots" across multiple activities that may be individually legitimate but collectively signal malice or abnormal behavior.
"TRACE uses very specialized instrumentations within the host of an enterprise to see data propagating from one entity to another," Ciocarlie says. "We want to make sure there's a causal relationship between the two of them—that one event caused the next."
Comparable technologies today force enterprises to choose between data accuracy and system performance. TRACE will use advanced, high-performance technologies to provide high-accuracy data at the host level without sacrificing speed. While the TC program focuses on detecting APTs, the provenance tracking technologies behind TRACE could also be used for other functions including privacy leakage analysis and scientific data curation.
Other SRI researchers and co-principal investigators on the TRACE project include Senior Computer Scientist Ashish Gehani, Ph.D., and Senior Computer Scientist Vinod Yegneswaran, Ph.D.
The Purdue University team is led by Professor Dongyan Xu, Ph.D., and Associate Professor Xiangyu Zhang, Ph.D.; the University of Georgia team is led by Assistant Professor Kyu Lee, Ph.D.; and the University of Wisconsin team is led by Professor Somesh Jha, Ph.D.
About SRI International
SRI International creates world-changing solutions making people safer, healthier, and more productive. SRI is a research center headquartered in Menlo Park, California that works primarily in advanced technology and systems, biosciences, computing, and education. SRI brings its innovations to the marketplace through technology licensing, spin-off ventures, and new product solutions.
SOURCE SRI International