BEGIN:VCALENDAR
VERSION:2.0
PRODID:Linklings LLC
BEGIN:VTIMEZONE
TZID:America/Denver
X-LIC-LOCATION:America/Denver
BEGIN:DAYLIGHT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
TZNAME:MDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
TZNAME:MST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20240116T185912Z
LOCATION:E Concourse
DTSTART;TZID=America/Denver:20231114T100000
DTEND;TZID=America/Denver:20231114T170000
UID:submissions.supercomputing.org_SC23_sess290_drs126@linklings.com
SUMMARY:Preemptive Intrusion Detection:  Real-World Measurements, Bayesian
 -Based Detection, and AI-Driven Countermeasures
DESCRIPTION:Doctoral Showcase, Posters\n\nPhuong Cao (University of Illino
 is)\n\nThe problem of preempting attacks before damages remains the top se
 curity priority. The gap between alerts and early detection remains wide o
 pen because noisy attack attempts and unreliable alerts mask real attacks 
 from humans. This dissertation brings together: 1) attack patterns mining 
 driven by real security incidents, 2) probabilistic graphical models linki
 ng patterns with runtime alerts, and 3) an in vivo testbed which embeds a 
 honeypot in a live Science DMZ network for realistic assessment. Tradition
 al techniques that seek specific attack signatures or anomalies are ineffe
 ctive because defenders only see a partial view of ongoing attacks while h
 aving to wrestle with unreliable alerts and heavy background noise of atta
 ck attempts. In contrast, our principle objective is to reinforce scant, i
 ncomplete evidence of potential attacks with the ground truth of past secu
 rity incidents. We evaluated our system, Cyborg's, accuracy, and performan
 ce in three experiments at the National Center for Supercomputing Applicat
 ions at the University of Illinois. Our deployment stops 8 out of 10 repla
 yed attacks before system integrity violation and all ten before data exfi
 ltration. In addition, we discovered and stopped a family of ransomware at
 tacks before the data breach. During the period of deployment, this thesis
  resulted in a honeypot that collected 15 billion attack attempts (the wor
 ld's largest publicly analyzed dataset) for analytics. In the future, we a
 re looking at integrating AI techniques such as large language models to b
 uild intelligent honeypot systems that are indistinguishable from real sys
 tems to collect attack intelligence and educate the security operator.\n\n
 Tag: Artificial Intelligence/Machine Learning, Security\n\nRegistration Ca
 tegory: Tech Program Reg Pass, Exhibits Reg Pass
END:VEVENT
END:VCALENDAR