Enhancing Network Intrusion Protection Systems with predictive capability for stopping unknown malicious attacks
Lead Participant:
LONDON METROPOLITAN UNIVERSITY
Abstract
• Our vision
Many real time detection and predictive solutions are not working seamlessly together and have limited predictive potential. We propose a dual system capable of forecasting network attacks just before they happen. It combines a signature-based network intrusion detection (NIDS) with an anomaly-based analytics and integrates them through additional correlation analysis of their event timelines.
• Key project objectives
1. Utilizing the experience of Londonmet Cyber Security Research Centre and bringing it to industry
2. Supporting the researchers and graduates of Londonmet for creating their own businesses
3. Assisting SMEs specialized in managing service providers for offering additional security analytics services on their premises
4. Establishing partnerships with vendors of network analysers for enhancing their products by incorporating intelligent agents
• Main areas of focus
1. Network Traffic Data Analysis in Real-time- Correlation Methods for Time Series
2. Cloud Applications Containerization
3. Cloud Service Workflows Management
4. Managed Service Provider Policies
• Innovation
Firstly, we are adding intelligence to network analysers by correlating the network communications on different layers. This would improve the detection rate. Secondly, we are containerizing the analytics engines. This will enable workflow automation and will provide additional analytical capabilities for managed service providers.
Many real time detection and predictive solutions are not working seamlessly together and have limited predictive potential. We propose a dual system capable of forecasting network attacks just before they happen. It combines a signature-based network intrusion detection (NIDS) with an anomaly-based analytics and integrates them through additional correlation analysis of their event timelines.
• Key project objectives
1. Utilizing the experience of Londonmet Cyber Security Research Centre and bringing it to industry
2. Supporting the researchers and graduates of Londonmet for creating their own businesses
3. Assisting SMEs specialized in managing service providers for offering additional security analytics services on their premises
4. Establishing partnerships with vendors of network analysers for enhancing their products by incorporating intelligent agents
• Main areas of focus
1. Network Traffic Data Analysis in Real-time- Correlation Methods for Time Series
2. Cloud Applications Containerization
3. Cloud Service Workflows Management
4. Managed Service Provider Policies
• Innovation
Firstly, we are adding intelligence to network analysers by correlating the network communications on different layers. This would improve the detection rate. Secondly, we are containerizing the analytics engines. This will enable workflow automation and will provide additional analytical capabilities for managed service providers.
Lead Participant | Project Cost | Grant Offer |
|---|---|---|
| LONDON METROPOLITAN UNIVERSITY | £26,250 | £ 26,250 |
Participant |
||
| LONDON METROPOLITAN UNIVERSITY | ||
| INNOVATE UK |
People |
ORCID iD |
| Vassil Vassilev (Project Manager) |