Cyber Innovation Lab – A Cybersecurity Testbed for the Advancement of Intrusion Detection Systems
Panel Name
Cybersecurity, Privacy, and Artificial Intelligence
Location
Lecture Center Concourse
Start Date
3-5-2019 3:00 PM
End Date
3-5-2019 5:00 PM
Presentation Type
Poster Session
Academic Major
Business
Abstract
This work presents the development of an air gapped physical network to serve as a testbed to find innovative methods for the detection and mitigation of modern cyber threats, known as the Cyber Innovation Lab. The project involved designing a network to provide a realistic platform to launch attacks against, then installing and configuring various web applications and services on both Windows and Linux platforms. The systems were designed to be easy to reconfigure to their original state, to allow for consistency in attack outcomes. In order to build the data set to support research, an attack taxonomy was devised from both current practitioner and academic literature. Additionally, a data pre-processing framework was devised. Finally, live attacks were run against the network to allow for data collection via host and network-based sensors. This data will be used to support investigations into machine learning based intrusion detection systems and the analysis of system memory to determine attack types.
First Faculty Advisor
Sanjay Goel
First Advisor Email
goel@albany.edu
First Advisor Department
School of Business
The work you will be presenting can best be described as
Finished or mostly finished by conference date
Cyber Innovation Lab – A Cybersecurity Testbed for the Advancement of Intrusion Detection Systems
Lecture Center Concourse
This work presents the development of an air gapped physical network to serve as a testbed to find innovative methods for the detection and mitigation of modern cyber threats, known as the Cyber Innovation Lab. The project involved designing a network to provide a realistic platform to launch attacks against, then installing and configuring various web applications and services on both Windows and Linux platforms. The systems were designed to be easy to reconfigure to their original state, to allow for consistency in attack outcomes. In order to build the data set to support research, an attack taxonomy was devised from both current practitioner and academic literature. Additionally, a data pre-processing framework was devised. Finally, live attacks were run against the network to allow for data collection via host and network-based sensors. This data will be used to support investigations into machine learning based intrusion detection systems and the analysis of system memory to determine attack types.