LTS Lecture Series: "Improving System Security with Big Data Techniques" by Tudor Dumitras

Thu Jul 11, 2013 2:00 PM

LTS Auditorium, Laboratory for Telecommunications Sciences, 8080 Greenmead Drive, College Park, MD 20740

Tudor Dumitras
Department of Electrical and Computer Engineering, and
Institute for Advanced Computer Studies
University of Maryland, College Park

According to US government reports, international cyber attacks compromise classified information, including the designs of advanced weapons systems, and cost the American economy hundreds of billions of dollars per year. Traditional defensive techniques, such as firewalls, password-protection systems, and other passive measures, have limited utility against skilled and persistent targeted hackers.

In this talk, I will present our ongoing research on understanding advanced cyber attacks through Big Data techniques. For example, we showed that zero-day attacks, which exploit vulnerabilities before their public disclosure, go on undetected for 312 days (approximately 10 months) on average. The duration of zero-day attacks had remained an open question for more than a decade because, in general, data is not collected until after the attack is discovered and because zero-day attacks are rare events that are unlikely to be observed in honeypots or in lab experiments. Additionally, we showed that zero-day attacks are more common than previously thought: 60% of the vulnerabilities identified in the study were not known to have been used in zero-day attacks.

These results derive from telemetry collected on 11 million hosts over a period of 3 years. I will also describe the Worldwide Intelligence Network Environment (WINE), the data analytics platform that enabled these studies. By sampling and aggregating up to 19 billion telemetry reports per day, WINE provides representative data for analyzing the past and present cyber-threat landscapes. WINE also allows security researchers to conduct experiments at scale and archives the raw data used in each experiment, for reproducibility. I will also discuss the implications of these data-driven insights for the future security technologies and for public policy.

Tudor Dumitras is an Assistant Professor in the Electrical & Computer Engineering Department at the University of Maryland, College Park. His research focuses on Big Data approaches to problems in system security and dependability. In his previous role at Symantec Research Labs he built the Worldwide Intelligence Network Environment (WINE) - a platform for experimenting with Big Data techniques. He received an Honorable Mention in the NSA competition for the Best Scientific Cybersecurity Paper of 2012. He also received the 2011 A. G. Jordan Award from the ECE Department at Carnegie Mellon University, the 2009 John Vlissides Award from ACM SIGPLAN, and the Best Paper Award at ASP-DAC'03. Tudor holds a Ph.D. degree from Carnegie Mellon University.