|
This research group focuses on distributed network intrusion systems, multi-level information security simulators, and agent-based modelling and autonomous intelligent systems.
Distributed network intrusion detection research
Research is directed at innovative approaches to network security and specifically network intrusion detection. There are numerous technologies involved in this research, but the key technology framework consists of three main approaches. Firstly, a stochastic approach is followed where pure statistical analysis of the network traffic is used. This approach can be used for Worm and Trojan virus detection as well as distributed network attacks and other such distributed malicious activity.
The second approach is to use rule-based systems such as expert systems or finite state automatons. These approaches are close to the popular methods used in intrusion detection systems (IDS) design, although more interesting approaches such as Petri-nets has also been used. The third approach is focused on the developments in the area of computational intelligence. Here genetic algorithms, Bayesian nets or agent-based modelling are some of the techniques applied to improve the ability of the IDS to detect anomalous traffic. These technologies are incorporated into a research platform constructed as distributed autonomous agents that react and adapt to the environment and coordinate with each other to protect a network better against intrusions. Thus the research focuses on the creation of autonomous intelligent networked systems that exchange information and construct a coherent picture of the network and its resources, analyse the picture for consistency and perform anomaly detection.
Multi-level information security simulator research
This research focuses on the creation of a technology framework for modelling and simulation of information security systems on a number of levels. At the lowest level, the simulator models the movement of network packets on a computer network, the behaviour of firewalls and IDS (such as the one described above), as well as the behaviour of routers, switches and hubs. At this level of simulation, the challenge is in the construction of a behavioural accurate simulation that can be used to model Worm, Trojan or hacker attacks.
The simulator can also handle other information infrastructure aspects such as the national power grid. This enables the simulation of the effect that hacker attacks on such systems will have at a national level. In addition, the simulator also incorporates network resources such as databases, file servers, mainframes and other network resources. Through the modelling of how these resources are interconnected, share information and are dependent on each other, researchers are able to simulate the effects that attacks may have on these resources. They can also simulate the effect that specific security policies may have on the security and vulnerability of the network and its resources. At higher levels, the simulator models the business processes that are active in an organisation. These processes are then coupled to the resources required for execution of the processes and thus the effect of security policies and malicious activity on the business processes can be modelled. The research focuses on a number of aspects of network security and network modelling, including the visualisation of large networks (global networks), the automated mapping of networks and network resources, the modelling of business processes and ITC infrastructure and their interdependence, as well as human behaviour modelling, agent-based modelling and computational intelligence.
Agent-based modelling research
Agents are autonomous software programs - sometimes imbedded in hardware - that construct a view of the world via sensor systems and then act on their view of the world to make changes to that world. An example of an agent-based system is the IDS described above. In this example the agent comprises the software programs that monitor the network, via the network interface (network card): they analyse this information and use it to construct a picture of the way the network operates. Through this knowledge, they can then detect anomalies and act on it. The CSIR has a number of active agent-based modelling (ABM) research projects. The research focuses on a number of key aspects such as the:
- Fusion of information from different sources
- Construction of a joint picture of the situation amongst agents
- Construction of a joint and agreed-upon plan
- Coordination of actions by agents
- Modelling of human actions.
All three research focus areas mentioned (intrusion detection research, security simulator research and agent-based modelling research) contain aspects of distributed autonomous intelligent systems. Part of the focus of the group is on research into the key higher-level systems capability for the construction of autonomous intelligent systems.
This research focuses on the computational intelligence aspects of autonomous intelligent systems through the agent-based modelling approach described above. Each autonomous intelligent system can thus be seen as an 'agent' in terms of agent-based modelling, an agent that needs to construct a view of the world, and act upon that information to change its own state and interact with the world.
The key focus areas for autonomous intelligent systems within the research group are the:
- Effective exchange of information amongst agents
- Fusion of such information to create a joint, shared picture of the world
- Construction of joint plans that all the agents agree upon
- Smooth coordinated execution of such plans within the environment that the autonomous intelligent systems operate in.
|
