Princeton University

School of Engineering & Applied Science

Counter Advanced Persistent Threat through Big-Data Enabled Security Intelligence

Dr. Zhichun Li, NEC Research Labs
B205 Engineering Quadrangle
Thursday, April 28, 2016 - 11:00am to 12:00pm

Abstract:  Today serious security incidents keep appearing in mainstream media. Cyber-attack is no longer just for fun but has grown up and become a large dark industry. Data breaches from Target, Home Depot, JP Morgan Chase, Sony, eBay, etc., not only cause severe impact to the business or government agency, but also affect millions of people. The attacks behind the scene are so call Advanced Persistent Threats (APTs). In this talk, I will introduce what is an APT, and what characteristics those attacks have by going through a case study on how Target got hacked. Then, I will examine why APT is hard to detect by existing industry security solutions, and potentially how we can do better. To fight against APT, we started the Automated Security Intelligence (ASI) project in 2012, and later found DARPA Transparent Computing (TC) program BAA in 2014 shared the same vision, which is “connecting the dots” across multiple activities that are individually not suspicious enough, but collectively indicate malice or abnormal behavior.  The ASI project achieves ubiquitous monitoring inside enterprises with Windows, Linux and Mac agents, includes a big-data middleware to handle the massive events collected, and provides a platform that supports various security applications. In particular, in this talk, I will highlight research progress from two early efforts on “connecting the dots”:  temporal behavior query language, which enables a search tool for security analysts to quickly explore the potential linkage among events, and activity backtracking, which is a semi-automatic tool on answering “how this happens”.
Biography:  Zhichun (ZL) Li is a senior researcher at NEC Research Labs in Princeton, NJ. At NEC Labs, he manages the newly formed Computer Security Department. He has initiated and led the large-scale interdisciplinary research project called Automated Security Intelligence involving 15 researchers from Princeton and Tokyo. He has broad research interests in the areas of security and systems with an emphasis on enterprise security with big-data, smartphone security, network security etc. Before joining NEC Labs, he received his Ph.D. on Dec 2009 from Northwestern University.  He earned both M.S. and B.S. degrees from Tsinghua University in China.  Previously, he has conducted research at Microsoft Research Redmond and International Computer Science Institute (ICSI) in UC Berkeley.