No Slide Title

Download Report

Transcript No Slide Title

Explaining & Recovering from Computer Break-ins
New Ideas
•
Forensic analysis of intrusions uses
database of current vulnerabilities and
exploits
•
Analysis drives explanation-based
recommendation of steps for recovery
and prevention
•
Automated reporting from sites
updates database used in analyzing
subsequent attacks
Impact
•
•
•
•
DoD Information Security improved by
DERBI providing expertise to widely
distributed, minimally trained System
Administrators
Crisis response improved by current
information distributed via database
Downtime and exposure minimized by
nullifying current attacks
Situation awareness raised by
reporting coverage and accuracy
Schedule
FY98
Exploit database
Intrusion indicators
knowledge base
Evidential correlations
among indicators
Explanation and
reporting
Recovery and repair
Artificial Intelligence Center, SRI International: Mabry Tyson
FY99 FY00