Security Inference from Noisy Data
CALIFORNIA UNIV BERKELEY DEPT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE
Pagination or Media Count:
My thesis is that contemporary information systems allow automatic extraction of security-related information from large amounts of noisy data. Extracting this information is the security inference problem attackers or defenders extract information from noisy data that helps to compromise an adversarys security goals. I believe security inference is an important problem. Security inference often reveals a large amount of sensitive information that may be useful either to attackers or to system administrators. Attackers can use security inference to extract private information system administrators can use security inference to determine the nature of attackers. Security inference is often a challenging problem because of the size and noisy nature of many real-world datasets. Our solution is to apply statistical analysis to this problem. We present two case studies that extract meaningful security knowledge from noisy data using statistical analysis. One goal is to explore selection of proper statistical analysis tools for security inference. The two case studies use a diverse set of statistical methods, which we believe to be applicable to other settings. We also propose a general framework for modeling security inference problems, which identifies key steps in the security inference process. In the first case study, we examine the problem of keyboard acoustic emanations.
- Computer Systems Management and Standards