skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: PULSAR:Deploying Network Monitoring and Intrusion Detection for the Science DMZ
The Purdue Live Security Analyzer (PULSAR) is a state-of-the-art, high speed network monitoring and intrusion detection system designed to enhance the security of Purdue University's research cyberinfrastructure. PULSAR project goals include empowering domain scientists to conduct research at Purdue with heightened cybersecurity requirements and engaging undergraduate students through the design, deployment and operation of advanced cyberinfrastructure. Deployment strategies and design decisions are discussed, ultimately providing a recipe book for other institutions to use as a guide for effective implementation of a large scale intrusion detection system for Science DMZs.  more » « less
Award ID(s):
1738981
PAR ID:
10108734
Author(s) / Creator(s):
; ; ; ; ; ; ; ; ; ; ; ;
Date Published:
Journal Name:
PEARC 19: Practice and Experience in Advanced Research Computing
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, SEC '19: Proceedings of the 4th ACM/IEEE Symposium on Edge Computing)
    The prevailing network security measures are often implemented on proprietary appliances that are deployed at fixed network locations with constant capacity. Such a rigid deployment is sometimes necessary, but undermines the flexibility of security services in meeting the demands of emerging applications, such as augmented/virtual reality, autonomous driving, and 5G for industry 4.0, which are provoked by the evolution of connected and smart devices, their heterogeneity, and integration with cloud and edge computing infrastructures. To loosen these rigid security deployments, in this paper, we propose a data-centric SECurity-as-a-Service (SECaaS) framework for elastic deployment and provisioning of security services at the Multi-Access Edge Computing (MEC) infrastructure. In particular, we discuss three security services that are suitable for edge deployment: (i) an intrusion detection and prevention system (IDPS), (ii) an access control enforcement system (ACE), and (iii) a communication anonymization service (CA). We benchmark the common security microservices along with the design and implementation of a proof of concept communication anonymization application. 
    more » « less
  2. ; ; ; ; ; ; ; (, 2018 ACM SIGSAC Conference on Computer and Communications Security)
    Identifying the root cause and impact of a system intrusion remains a foundational challenge in computer security. Digital provenance provides a detailed history of the flow of information within a computing system, connecting suspicious events to their root causes. Although existing provenance-based auditing techniques provide value in forensic analysis, they assume that such analysis takes place only retrospectively. Such post-hoc analysis is insufficient for realtime security applications; moreover, even for forensic tasks, prior provenance collection systems exhibited poor performance and scalability, jeopardizing the timeliness of query responses. We present CamQuery, which provides inline, realtime provenance analysis, making it suitable for implementing security applications. CamQuery is a Linux Security Module that offers support for both userspace and in-kernel execution of analysis applications. We demonstrate the applicability of CamQuery to a variety of runtime security applications including data loss prevention, intrusion detection, and regulatory compliance. In evaluation, we demonstrate that CamQuery reduces the latency of realtime query mechanisms, while imposing minimal overheads on system execution. CamQuery thus enables the further deployment of provenance-based technologies to address central challenges in computer security. 
    more » « less
  3. ; ; ; ; ; ; (, Proceedings of the 51st ACM Technical Symposium on Computer Science Education)
    A set of Information Assurance and Security hands-on learning modules is developed and open to the public. Topics include networking security, database security, defensive programming, web security, system fundamentals, mobile security, malware detection using Machine learning, and big data analytics on network intrusion detection. The design follows hands-on casebased pedagogical model, which yields a satisfaction rate up to 92.5% for self-learners. 
    more » « less
  4. ; (, 2019 International Conference on Information and Communication Technology Convergence (ICTC))
    Smart grid has evolved as the next generation power grid paradigm which enables the transfer of real time information between the utility company and the consumer via smart meter and advanced metering infrastructure (AMI). These information facilitate many services for both, such as automatic meter reading, demand side management, and time-of-use (TOU) pricing. However, there have been growing security and privacy concerns over smart grid systems, which are built with both smart and legacy information and operational technologies. Intrusion detection is a critical security service for smart grid systems, alerting the system operator for the presence of ongoing attacks. Hence, there has been lots of research conducted on intrusion detection in the past, especially anomaly-based intrusion detection. Problems emerge when common approaches of pattern recognition are used for imbalanced data which represent much more data instances belonging to normal behaviors than to attack ones, and these approaches cause low detection rates for minority classes. In this paper, we study various machine learning models to overcome this drawback by using CIC-IDS2018 dataset [1]. 
    more » « less
  5. ; ; ; (, 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE))
    null (Ed.)
    We propose HYDRA-C, a design-time evaluation framework for integrating monitoring mechanisms in multicore real-time systems (RTS). Our goal is to ensure that security (or other monitoring) mechanisms execute in a "continuous" manner - i.e., as often as possible, across cores. This is to ensure that any such mechanisms run with few interruptions, if any. HYDRA-C is intended to allow designers of RTS to integrate monitoring mechanisms without perturbing existing timing properties or execution orders. We demonstrate the framework using a proofof-concept implementation with intrusion detection mechanisms as security tasks. We develop and use both, (a) a custom intrusion detection system (IDS) as well as (b) Tripwire - an open source data integrity checking tool. We compare the performance of HYDRA-C with a state-of-the-art multicore RT security integration approach and find that our method does not impact the schedulability and, on average, can detect intrusions 19.05% faster without impacting the performance of RT tasks. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email