Cybersecurity Researchers at the Georgia Institute of Technology have developed a new software that will largely automate the process of detecting a cyber attack on an instant note. Thus, by doing so it will allow the investigators to quickly and accurately pinpoint on how the intrusion into the network took place, what kind of data was accessed by the hackers and what all computers were compromised during the event.
The process is known as Refinable Attack Investigation(RAIN), where the system will allow forensic investigators a detailed record of the intrusion and this includes the whereabouts of the hackers(in most cases) with recorded evidence.
Therefore, the researchers argue that the new system has the potential to provide multiple levels of detail, facilitating automated searchers through information at a high level to identify the specific events for which more clinically analyzed data has to be produced.
Wenke Lee, who is leading the research and also a co-director of Georgia Tech’s Institute for Information Security & Privacy said in a statement that RAIN has capabilities for not only finding wrong in a network but has also the ability to figure out how the attacker got into the system and what has been done.
Lee claims that all the present systems in the world have the capability to provide detailed info about the current status of the computers and networks after a cyber attack. And it is up to the investigators to infer how the attack has been launched and what has been compromised which usually takes weeks or months in most cases.
Though, some security experts feel that digital logs can help in providing info about attacks. But because the logs need a lot of data storage capacity, they are often ignored by network admins. Whereas the RAIN continuously monitors a system and logs events which it feels are suspicious. And records such as these can be used later to allow a trade-off between realistic overhead- when it comes to performance and data storage.
On an additional note, RAIN creates a multi-level review capability that is coarse at first, then records events in a detailed manner as soon as specific events of interest are identified.
Defense Advanced Research Projects Agency (DARPA) is said to be sponsoring the research along with National Science Foundation and Office of Naval research. And more details on RAIN will be reported on October 31st,2017 at the ACM Conference on Computer and Communications Security (CCS).
