Researchers at SRI International are leading a collaborative effort to create new technologies that will expose advanced persistent threats (APTs), a type of cyberattack responsible for prolonged—and often costly—network security breaches. Funded by a $5.3 million award from the Defense Advanced Research Projects Agency (DARPA), SRI is working with partner institutions Purdue University, the University of Wisconsin-Madison and the University of Georgia to develop the innovative TRacking and Analysis of Causality at Enterprise level (TRACE) system that would quickly detect APTs and minimize the damage they cause.
On the UW-Madison side of the project, research efforts will be led by Professor Somesh Jha.
Modern computing systems typically act like “black boxes” that accept inputs and generate outputs, but provide little visibility into their internal workings. APTs take advantage of this by quietly accessing networks at vulnerable points, then essentially hiding out within the system while stealing information or funds. Because computing systems are so opaque, APTs can cause harm for months or even years before being detected. The so-called Carbanak APT attack, one of the most costly cyberheists in history, went undetected for roughly two years while hackers reportedly stole up to $1 billion from financial institutions around the world.
TRACE is a highly scalable, distributed and programmable tracking and data collection system for enterprise networks.