Sathya Chandran Sundaramurthy scite author profile

Sathya Chandran Sundaramurthy

5Publications

107Citation Statements Received

57Citation Statements Given

How they've been cited

129

107

How they cite others

Affiliations

University of South Florida, Kansas State University, University of California, Santa Barbara

Publications

Order By: Most citations

A Tale of Three Security Operation Centers

Sundaramurthy

Case

Truong

et al. 2014

View full text Add to dashboard Cite

Security researchers have been trying to understand functioning of a security operation center (SOC) and how security analysts perform their job. This effort is motivated by the fact that security monitoring and analysis is not just a technical problem. Researchers must take into consideration the human and organizational factors for their research ideas to succeed. Much work towards this direction has been through interviews of security analysts in SOCs. Interviews, however useful, will not be always possible as analysts work in a high-stress and time constrained environment. Thus the understanding of operational challenges through interviews is quite shallow. There is also an issue of trust that limits the amount of information an analyst shares with an interviewing researcher. In our work, we take an anthropological approach to address this problem. Students with Computer Science background get trained in anthropological methods by an anthropologist and are embedded as security analysts in operation centers. Embedded students perform the same job as an analyst and see the operational world from the view point of an analyst. Through reflection on the observations made by the students we gain a holistic perspective of the challenges in operation centers. In this paper we report preliminary results on the ongoing fieldwork at two corporate and a University SOC.

show abstract

An Anthropological Approach to Studying CSIRTs

Sundaramurthy

McHugh²,

et al. 2014

IEEE Secur. Privacy

View full text Add to dashboard Cite

Prioritizing intrusion analysis using Dempster-Shafer theory

Zomlot

Sundaramurthy

Luo

et al. 2011

View full text Add to dashboard Cite

Intrusion analysis and incident management remains a difficult problem in practical network security defense. The root cause of this problem is the large rate of false positives in the sensors used by Intrusion Detection System (IDS) systems, reducing the value of the alerts to an administrator. Standard Bayesian theory has not been effective in this regard because of the lack of good prior knowledge. This paper presents an approach to handling such uncertainty without the need for prior information, through the Dempster-Shafer (DS) theory. We address a number of practical but fundamental issues in applying DS to intrusion analysis, including how to model sensors' trustworthiness, where to obtain such parameters, and how to address the lack of independence among alerts. We present an efficient algorithm for carrying out DS belief calculation on an IDS alert correlation graph, so that one can compute a belief score for a given hypothesis, e.g. a specific machine is compromised. The belief strength can be used to sort incident-related hypotheses and prioritize further analysis by a human analyst of the hypotheses and the associated evidence. We have implemented our approach for the open-source IDS system Snort and evaluated its effectiveness on a number of data sets as well as a production network. The resulting belief scores were verified through both anecdotal experience on the production system as well as by comparing the belief rankings of hypotheses with the ground truths provided by the data sets we used in evaluation, showing thereby that belief scores can be effective in mitigating the high false positive rate problem in intrusion analysis.

show abstract

Humans Are Dynamic - Our Tools Should Be Too

Sundaramurthy

Wesch

et al. 2017

IEEE Internet Comput.

View full text Add to dashboard Cite

MTD CBITS: Moving Target Defense for Cloud-Based IT Systems

Bardas

Sundaramurthy²,

et al. 2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.