<<
Statistical Parser (SPARSE) is a part of the research in Intrusion Detection System group at Columbia University. The goal of this work is to develop proof-of concept tools to identify malware stealthily embedded in files or other objects to avoid detection by conventional AV scanners.
STAND proposes extending the training phase of AD sensors (in a manner agnostic to the underlying AD algorithm) to include a sanitization phase. This phase combines what we call micro-models in a voting scheme to determine which parts of the training data may represent attacks. We also show how a collaborative approach that combines models from different networks or domains can further refine the sanitization process.
The BARTER project proposes a behavior-based access control for wireless and wired networks. A user is granted access to a network based on its profile or typical behavior over time. We are studying the feasibility of representing a user profile by its content or by other non-content volumetric parameters. Previous worked studied how to implement this approach for Mobile Ad-Hoc Networks (MANETS).
Polymorphic malcode remains a troubling threat to the security community. The ability for malcode to be automatically transformed into semantically equivalent variants frustrates attempts to rapidly construct a single, simple, easily veriable representation. We present a quantitative analysis of the strengths and limitations of shellcode polymorphism and consider its impact on current intrusion detection practice. We focus on the nature of shellcode decoding routines; the empirical evidence we gather helps show that modeling the class of self-modifying code is likely intractable by known methods, including both statistical constructs and string signatures.
RUU is the insider project, which explores solutions to traitors and masqueraders within an organization.
The Project includes host side sensors, and active trapping technology to detect malicious insiders.
For older projects, check the old projects page or the old IDS website.