University of Illinois at Urbana-Champaign
The Grainger College of Engineering
Information Trust Institute

Award for Paper on Automatic Management of Logging Infrastructure

12/9/2010 4:46:00 AM ITI Staff

A paper by Information Trust Institute researchers was honored with a best-paper travel award from the National Security Agency.

Written by ITI Staff

Christopher R. Johnson
Christopher R. Johnson
Christopher R. Johnson

A paper by Information Trust Institute researchers was honored with a best-paper travel award from the National Security Agency.

The paper, "Automatic Management of Logging Infrastructure," was written by Christopher R. Johnson, who is an undergraduate student at Knox College in Galesburg, Illinois, along with graduate student Mirko Montanari and Professor Roy H. Campbell of the University of Illinois. It describes work done by Johnson under Montanari and Campbell's guidance during an Information Trust Institute internship on the Urbana-Champaign campus in the summer of 2010.

The paper introduces an architecture the authors developed that allows a system to react automatically to problems with its network logging infrastructure.

Logging infrastructures must be secure and reliable, because in the absence of reliable logs, anomaly detection systems will sometimes be unable to detect malicious activity. An attack on logging infrastructure may even be the first step of a larger attack, since the loss of logs would help make subsequent attack steps undetectable. Unfortunately, traditional manual maintenance of logging infrastructure is very difficult.

The new system developed by Johnson, Montanari, and Campbell uses a method that can detect problems, choose the best way to fix them, and then notify automated agents that they need to take action, all with little or no human administrator involvement.

The paper was originally presented at the 2010 Center of Academic Excellence Workshop on Insider Threat (CAEWIT), which was held in St. Louis, Missouri, on November 14-17. However, the National Security Agency (NSA) identified the paper as one of the three best papers presented at CAEWIT, as a result of which the NSA offered the authors an all-expenses-paid trip for one of them to present the work at the NSA Insider Threat Symposium to be held in Fort Meade, Maryland in January 2011. Johnson will accept the trip award from NSA, and Campbell will attend the January event with support from other funding.

December 9, 2010

Share this story

This story was published December 9, 2010.