As our society becomes intricately linked through computer networks, security has become a major issue. Compromise or loss of data integrity can cause violation of customer privacy and damage to customers resulting in lawsuits, penalties, and erosion of market value in firms. Billions of dollars in losses each year occur because of computer-related incidents (i.e. viruses, worms, and data theft) and as the complexity of our computing infrastructure increases, new threats keep emerging. One of the most insidious threats today is botnets, which allow hackers to control the machines of ordinary users to commit crimes. We not only need to understand how hackers attack our systems to gain control, but also need to develop solutions for building resilient networks so that they can survive new threats and automatically deal with attacks. My research in security combines three streams: 1) intrusion detection, 2) resilient self-organizing networks, 3) economics of security 4) Security Education. This statement discusses these streams, shows what impact the grants have had on the research, and how this research links to my teaching.
Intrusion DetectionMy research on intrusion detection involves developing security models inspired by biological systems. Biological systems have security mechanisms that are resilient and reliable (e.g. immune system and gene regulatory pathway), while computer security mechanisms are fragile and unreliable. The goal of incorporating biological mechanisms is to make computer security more reliable and resilient. The first model is based on the Mammalian Immune System on which I have worked with Dr. Jagdish Gangolly from the Accounting & Law Department in the School of Business in the past and am currently working with Dr. Stephen F. Bush from GE Global Research. Two papers on computer security models using biological paradigms have been published in the Wiley Interscience Complexity Journal and the International Journal of Information Management. I am currently working with a doctoral student at UAlbany, Prahalad Rangan, in developing a simulation for a distributed Immune System on the network. I am also working with Larry Lessner to develop an epidemiological model based on Poisson Point Processes for arrival of threats to computers in a network. A model is also being developed based on cellular processes to determine the interactions among the network components and to detect anomalies in the network. A paper on this work in collaboration with Dr. Bush is under review at the IEEE Network Magazine
An important problem in the area of intrusion detection is botnets. Such networks are used for unlawful activities such as spam and virus attacks leading to financial losses for companies. This research involves analysis of network traffic data collected from different sources on the network that is intelligently mined to identify infected machines, sources of attacks, and other anomalies on the network. We have developed techniques for collecting network data and detecting botnet infected machines by analyzing the data. These tools employ darknets, honeynets, packet shapers, snort, etc. We have also analyzed botnet attacks in an attempt to gain insight into its operations. I am working with Justin Azoff, Adnan Baykal, and Damira Pon on this research. A paper on analysis of a botnet attack has been published in the Journal of Information Systems Security. A paper describing a decision support system for detection of botnets using data collected from darknets (fictitious networks to fool intruders) and Intrusion Detection Systems (IDS) will be submitted to Decision Support Systems.To support this work, a security research laboratory was built to allow testing and calibration of security models. The lab can be quarantined so that viruses and worms can be propagated on the isolated network without infecting the University. A test bed has also been developed using standard network traffic data collected by the Defense Advanced Research Projects Agency (DARPA). This allows for the examination of other intrusion detection models. We are currently examining the use of complexity metrics in detection of malicious traffic.
Resilient Self-Organizing NetworksThe Internet today is mainly based on the client-server model where clients (users) connect to servers (e.g. amazon.com) in order to conduct business. The fundamental problem is that if the server fails because of malicious attacks or hardware failure, the user does not get service. Thus, such failures can lead to disruption of business processes which can create long lasting damage to business reputation and relationships. We have developed an alternate computing model that resists such failures. This architecture consists of services that can be easily discovered on the network in real-time so that if one service fails, another can take its place. This architecture was used to support engineering design at General Electric. I am working with Dr. Shashi Talya from GE Global Research and Dr. Michael Sobolewski from Texas Tech University in developing this architecture. A paper on this novel service-oriented grid architecture has been published in the Decision Support Systems Journal. A paper on the security of this architecture is under review at the Decision Support Systems Journal. I am also working with Dr. S.S. Ravi and Dr. Dan Rosenkrantz from the Computer Science department and Dr. Jagdish Gangolly from the Accounting and Law department, in developing analytic metrics for resilience of such networks. A paper on this work is under review at the IEEE Transactions on Service-Oriented Computing.
Information is typically scanned for the presence of security threats on computers and servers before it is released on the network. However, this method is slow, dependent on personal user action, and inefficient in dealing with the fast spread of computer pathogens. Through an active network framework, the security burden can be distributed from personal computers and servers to the network itself. This framework allows for packets that normally carry data to also carry instructions (code). Using this framework, security threats can be discovered before they reach individual machines providing early detection of faults or attacks developing on the network. Coupled with our work in intrusion detection, this model will help in improving the ability of detecting and controlling attacks on the network. On this research, I am working with Dr. Stephen Bush from GE Global Research and a doctoral student. One article on this work has been published in the IEEE Journal on Selected Areas in Communications.
Economics of SecuritySecurity breaches can cause significant losses in organization and may impact the stock valuation of publicly traded firms. This risk analysis often forms the basis for implementation of security in an organization. Unfortunately, existing information security risk models are cumbersome and vague and the data used in the analysis is of poor quality. In addition, organizations typically enact policies that provide enforcement guidelines and procedures to implement security, however, organizations are unable to directly measure the impact of these policies on their security. My work on economics of security focuses on three aspects: 1) Information security risk modeling, 2) Development of security policy metrics and, 3) Valuating the impact of security breaches on financial returns.
The new risk model developed as part of this work simplifies the risk analysis process and makes it more transparent. In addition, it allows the analysis to be gradually improved by adding data as it becomes available instead of having to completely restart the risk analysis process. The model allows use of both quantitative and qualitative analyses. This is useful because it may be difficult to obtain accurate quantitative data and therefore users can begin with a more subjective analysis. However, due to the limited data available on the predictability of threats occurring and resulting costs, there is some uncertainty in the calculations. Uncertainty in the model is incorporated with Bayesian Modeling and Monte Carlo Simulation. I am working with Eitel Laurķa from Marist College in the development of the analytic risk models, and with a doctoral student, Vicki Chen, who works at General Electric Power Generation, in finding practical applications of this model. I am also working with a doctoral student Damira Pon and two MBA graduates from UAlbany in evaluating catastrophic risks to develop Business Continuity and Disaster Recovery plans. Two papers based on using security risk analysis for business process reengineering have been published in the International Journal of Production Economics. One paper on qualitative risk analysis based on the model is under review at Decision Support Systems. Another paper detailing the matrix-based approach for quantitative risk analysis is under revision for submission to Decision Support Systems. One paper on analysis analyzing catastrophic failures for disaster recovery is in progress.
Research on security policies is focused on developing metrics to characterize policies. The work is using natural language processing to determine the attributes of the security policies. These metrics can then be correlated with the success and failure of policies. This work is receiving support from the New York State Office for Cyber Security and Critical Infrastructure Coordination (CSCIC). I am working with Dr. Shobha Chengalur-Smith from the Information Technology Management department on this research. A paper with a preliminary set of metrics is under review at the Journal of Strategic Information Systems.The work on measuring the impact of security on market valuations of publicly traded companies involves data collection of security breaches and performing event studies of these incidents. For this work data on security breaches in publicly traded companies was collected and an event study was performed to determine the impact on the market valuation of firms. This work involves Dr. Hany Shawky from the Finance department and an ex-doctoral student Christopher Brown. In a similar vein we are also examining the financial impact of music piracy on the media firms. This research blends ethics, finance, strategy, and information technology. This work is being done in collaboration with Dr. Paul Miesing and Dr. Uday Chandra in the School of Business at UAlbany. This work uses the event study methodology to examine the impact of emergence of P2P music sharing software and the subsequent enactment of copyright legislation for electronic media on firms. A paper on this work is under review at the California Management Review.
Security EducationThis work involves developing innovative models for information security education. A "teaching hospital" model was created. This model envisages using information security problems from industry and abstracting them into living-cases to be used for education of students and public workforce. Partnerships with government and industry is a source of such cases and an active research program in information security involving faculty and students is the source of manpower in this model. My main collaborator in this work is Damira Pon a doctoral student at UAlbany, however, several faculty from the entire university were involved in this effort. A paper on this was published in the ACM Journal of Educational Resources in Computing. A case on this work has been published in an edited book Tools for Teaching Computer Networking and Hardware Concepts. Research is currently being done in analyzing the model further and to develop a new model that will address the issues with this model.
Copyright © 2013, Sanjay Goel. All Rights Reserved.