Deborah A. Frincke

Learn More
are becoming a major concern. Our nation’s infrastructure is heavily network based in all industries. However, the nation’s network infrastructure can’t deal with attacks on a local or global scale, leaving network and computer security up to an organization’s individual efforts. With the growing concern with regard to cyberterrorism there’s a need for new(More)
Accurate identification of misuse is a key factor in determining appropriate ways to protect systems. Modern intrusion detection systems often use alerts from different sources such as hosts and sub-networks to determine whether and how to respond to an attack. However, alerts from different locations should not be treated equally. We propose improving and(More)
This article has given a broadbrush description of issues related to smart-grid security. Designing solutions in at this stage, before widespread deployment, would be beneficial; in some cases solutions exist, whereas in others research investments will be needed. Several open questions about goals still require discussion, especially around such topics as(More)
Computer and network systems are vulnerable to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources(More)
Embedded systems have become integral parts of a diverse range of systems. Unfortunately, research on embedded system security, in general, and intrusion detection, in particular, has not kept pace. Embedded systems are, by nature, application specific and therefore frameworks for developing application-specific intrusion detection systems for distributed(More)
The trend towards a strong interdependence among networks has serious security implications. Not only does the compromise of one network adversely a ect resources needed by others, but the compromised network may be part of a multi-network attack targeting other systems. The task of identifying such attacks in progress can be quite di cult. Other(More)
Intrusion detection systems (IDS) often provide poor quality alerts, which are insufficient to support rapid identification of ongoing attacks or predict an intruder’s next likely goal. In this paper, we propose a novel approach to alert postprocessing and correlation, the Hidden Colored Petri-Net (HCPN). Different from most other alert correlation methods,(More)
The goal of our project is to create a set of next-generation cyber situational-awareness capabilities with applications to other domains in the long term. The objective is to improve the decision-making process to enable decision makers to choose better actions. To this end, we put extensive effort into making certain that we had feedback from network(More)