CIS Lecture Series
Finding Flow: Connecting the Dots to Disclose Attacker Trails
Kangkook Jee, NEC Labs America
Modern computing systems are largely opaque, provide with little to no transparency to its internal mechanisms. This severely limits the defender’s capability in detecting and countering APT (advanced persistent threat) campaigns. The dedicated adversaries act slowly and deliberately. They often stay for months or even years in the target network before achieving their goals (e.g., data leakage, sabotaging the capability). Beyond such sophisticated campaigns, a lack of understanding of complex system operations obstructs efforts to detect less sophisticated attacks or to diagnose non-malicious faulty behavior that spans multiple applications and hosts.
I will introduce my research devoted to a large-scale, end-point security solution that (i) collects system activities (events or artifacts) from each end-host, and then (ii) connects system activities to disclose the relevant context to find individually benign activities but collectively malice or erroneous operations to counter sophisticated attack campaigns. My research is deployed to multiple locations covering hundreds of end-points. Thus, it introduces and tackles interesting research challenges such as efficient data collection, big data processing, automated forensic analysis, and alert flooding. The talk also addresses accuracy and efficiency trade-offs in implementing end-point data collection.
Kangkook Jee is a researcher at NEC Labs America where he has worked on system security solutions for enterprise, IoT, and CPS systems. After graduating with his undergraduate degree from Korea University, he worked for IBM for 5 years and then went to Columbia University for both his Master’s and Ph.D. degrees. His research interests cover topics related to the overall system and software security. In particular, his thesis topic focused on designing an accurate and efficient information flow-tracking framework. He is an avid runner and occasional capture-the-flag player.
Friday, February 22, 2019 at 9:30am to 10:45am
Gore Hall, Room 205
Gore Hall, University of Delaware, Newark, DE 19716, USA