BEGIN:VCALENDAR
VERSION:2.0
PRODID:Linklings LLC
BEGIN:VTIMEZONE
TZID:America/Denver
X-LIC-LOCATION:America/Denver
BEGIN:DAYLIGHT
TZOFFSETFROM:-0700
TZOFFSETTO:-0600
TZNAME:MDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0600
TZOFFSETTO:-0700
TZNAME:MST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20260422T000711Z
LOCATION:505
DTSTART;TZID=America/Denver:20231116T144500
DTEND;TZID=America/Denver:20231116T150000
UID:submissions.supercomputing.org_SC23_sess309_drs126@linklings.com
SUMMARY:Preemptive Intrusion Detection:  Real-World Measurements, Bayesian
 -Based Detection, and AI-Driven Countermeasures
DESCRIPTION:Phuong Cao (University of Illinois)\n\nThe problem of preempti
 ng attacks before damages remains the top security priority. The gap betwe
 en alerts and early detection remains wide open because noisy attack attem
 pts and unreliable alerts mask real attacks from humans. This dissertation
  brings together: 1) attack patterns mining driven by real security incide
 nts, 2) probabilistic graphical models linking patterns with runtime alert
 s, and 3) an in vivo testbed which embeds a honeypot in a live Science DMZ
  network for realistic assessment. Traditional techniques that seek specif
 ic attack signatures or anomalies are ineffective because defenders only s
 ee a partial view of ongoing attacks while having to wrestle with unreliab
 le alerts and heavy background noise of attack attempts. In contrast, our 
 principle objective is to reinforce scant, incomplete evidence of potentia
 l attacks with the ground truth of past security incidents. We evaluated o
 ur system, Cyborg's, accuracy, and performance in three experiments at the
  National Center for Supercomputing Applications at the University of Illi
 nois. Our deployment stops 8 out of 10 replayed attacks before system inte
 grity violation and all ten before data exfiltration. In addition, we disc
 overed and stopped a family of ransomware attacks before the data breach. 
 During the period of deployment, this thesis resulted in a honeypot that c
 ollected 15 billion attack attempts (the world's largest publicly analyzed
  dataset) for analytics. In the future, we are looking at integrating AI t
 echniques such as large language models to build intelligent honeypot syst
 ems that are indistinguishable from real systems to collect attack intelli
 gence and educate the security operator.\n\nTag: Accelerators, Artificial 
 Intelligence/Machine Learning, Applications, Cloud Computing, Distributed 
 Computing, Data Analysis, Visualization, and Storage, I/O and File Systems
 , Quantum Computing, Security\n\nRegistration Category: Tech Program Reg P
 ass\n\nSession Chairs: André Brinkmann (Johannes Gutenberg University Main
 z) and Xubin He (Temple University, Department of Computer and Information
  Sciences)\n\n
END:VEVENT
END:VCALENDAR