Detection of Attacks on Cognitive Channels

1
Detection of Attacks on Cognitive Channels

• Annarita Giani, UC Berkeley

Cognitive Channel
Network Channel

• NEW IDEAS
• Identification of a new generation of threats
• Process Query System (PQS) based approaches to
  detect complex attacks and covert channels
• Flow aggregation definition, analysis and
  application
• Covert Channel Detection statistical theory of
  undetectable covert communication

SERVER
CLIENT
USER
Focus of the current protection and detection
approaches
Current IDSs are not successful to detect attacks
on cognitive channels
Sophisticated attacks High frequency and changing
nature of attacks. Inherent limits of
network-based IDS. Inability to identify
attackers goals and new strategies. No guidance
for response. Often simplistic analysis.
PROJECT SCHEDULE/MILESTONES

• MILITARY IMPACT
• Protection of logistical infrastructures and
  sensitive information.
• Design of robust and secure distributed systems
  for military communications and
  counterintelligence activity.
• Discovery of sensitive information leakages
• Data Tampering Prevention.

1 (Since Jan 2007) information theoretic
approach to the design and analysis of
undetectable covert channels. 2 (Dec 2007)
Development of a graph theoretic approach to the
analysis of flow attribution and
aggregation for computer security. 3 (June
2008) Definition of metrics to capture closeness
between activities and group them into
patterns 4 (June 2009) Integration of
aggregated flows into a tracking system
(PQS or Markov Chain Monte Carlo Data Association
for Multiple-Target Tracking)