Adaptive Intrusion Management System (AIMS)
Project Description
Emerging Cyber-based applications are highly data-intensive and exhibit increasing reliance on the dependability of information systems. Applications are abound in defense, surveillance, finance, manufacturing, health care, airline, enterprise management, and national critical infrastructures. For these applications, information is the most valuable asset for organizations. This dependency dramatically magnifies the consequence of damages resulting from even simple system intrusions. Although several piecemeal solutions address concerns related to the trustworthiness of various components of such systems, there is a dearth of theoretical foundations for developing secure systems. The goal of this project is to develop a prototype, named Adaptive Intrusion Management System (AIMS), by integrating intrusion detection, response and recovery techniques and correlating effects of system intrusions at different architectural layers. AIMS will provide a real-time capability for diagnosing attacks, pinpointing the cause and determining/predicting its impact on the level of trust and availability of the system. The development will require real-time analysis of multiple transaction streams, served by the system, for correlating detectable (or detected) events and potential malicious activities. Situations can arise when static security policies may not provide sufficient safeguards against emerging scenario/threats and require a quick security enhancement response as a scenario unfolds based on the information extracted from data streams. In such situations, real-time analysis of access control policies is critical to prevent any potential security breaches. It is, therefore, essential to develop an adaptive mechanism for access control policies that can evolve with time, a key capability provided by AIMS.
