Due to increased computer systems connectivity, deployment of complex systems, and the available tools for malicious user, the number and sophistication of computer attacks over the Internet are increasing. Recent surveys show that our nation’s critical infrastructure is vulnerable to cyber attacks, therefore making cyber security an essential component of Homeland Security. Traditional security measures focus on deployment of defensive technologies against malicious users, like hackers, disgruntled insiders, or cyber terrorists. Recently, works to capture behavioral information about malicious users have emerged. Software and hardware decoy systems have been developed that allow observation of attackers’ activities, while deferring damage to the production system. However, current approaches provide limited data integration and analysis support. Further, they need to incorporate legal restrictions regarding data collection, dissemination, and usability in court.
This project addresses the need of providing intelligent data integration framework for cyber security data and to enforce legal restrictions on data collection, storage, usage, and dissemination processes. Further, the proposed model can be used to control information exchange between different local, state, and federal law enforcement agencies to ensure maximal information availability, while satisfying organizational and legal requirements. A layered security framework is being developed that builds upon Honeynet and Semantic Web technologies, using XML, RDF data models, ontologies, and inferencing capabilities (RuleML). The aim is to develop a bridge over heterogeneous data (Honeynet) and human readable rules (law) governing this data. Ontologies are used for two purposes. The first is as syntactic means with self-describing meanings to allow integration of security data. The second purpose is to express legal restrictions in a machine understandable format.
Duminda Wijesekera - Dept. of Information and Software Engineering, GMU, Fairfax Va. 22030