Operational Research for Context Aware Intrusion Detection

Lead Research Organisation: University of Nottingham
Department Name: School of Computer Science

Abstract

Computer security and intrusion detection systems are key areas for the future growth and prosperity of the UK. The largest and most difficult problem in the computer security industry today is how to deal with the volume of information as too many false attacks are being reported.The optimisation of intrusion detection, seen through the eyes of an Operational Researcher, can be achieved through appropriate mathematical models, similar to resource allocation problems such as Set Covering. Set Covering Problems are a staple of combinatorial optimisation and scheduling research. They are both mature areas, where current research has advanced to such levels that real-world problems can be solved successfully by using the latest mathematical modelling and heuristic optimisation techniques.It is the aim of this Fellowship to fuse Operational Research and intrusion detection and then transfer the successes of the former into the latter. Through careful mathematical modelling, I intend to transform the intrusion detection problem into a quasi Set Covering problem. I will then use my theoretical results and experience from this area to optimise the central processes. In essence, this will create a context aware intrusion detection system.An important aspect of the Fellowship is the opportunity to broaden my expertise to encompass other areas, notably mathematical modelling of intrusion detection. Such expertise is currently largely absent in the computer security community. I believe that the Fellowship will leave me in an extremely well placed position to start a unique research area at the intersection between Operational Research, optimisation and computer security.The Fellowship is supported by industrial collaborators (100,000+) and the University of Nottingham (70,000+ and PhD studentship).

Publications

10 25 50
publication icon
Aickelin U (2007) Sensing danger: Innate immunology for intrusion detection in Information Security Technical Report

publication icon
Aickelin U (2007) Rule generalisation in intrusion detection systems using SNORT in International Journal of Electronic Security and Digital Forensics

publication icon
Feyereisl J (2012) Privileged information for data clustering in Information Sciences

publication icon
Greensmith J (2008) Artificial Immune Systems

publication icon
Hopkins, Ronald D.; Tokere, Wesley P. (2009) Computer Security: Intrusion, Detection and Prevention

publication icon
Hopkins, Ronald D.; Tokere, Wesley P. (2009) Computer Security: Intrusion, Detection and Prevention

 
Description Computer security and intrusion detection systems are key areas for the future growth and prosperity of the UK. The largest and most difficult problem in the computer security industry today is how to deal with the volume of information as too many false attacks are being reported. The optimisation of intrusion detection, seen through the eyes of an Operational Researcher, can be achieved through appropriate mathematical models, similar to resource allocation problems such as Set Covering. Set Covering Problems are a staple of combinatorial optimisation and scheduling research. They are both mature areas, where current research has advanced to such levels that real-world problems can be solved successfully by using the latest mathematical modelling and heuristic optimisation techniques. It is the aim of this Fellowship to fuse Operational Research and intrusion detection and then transfer the successes of the former into the latter. experience from this area to optimise the central processes. In essence, this will create a context aware intrusion detection system.
Exploitation Route context aware intrusion detection systems
better AI for intrusion detection and Computer Security in general
Sectors Creative Economy,Digital/Communication/Information Technologies (including Software),Security and Diplomacy

URL http://aickelin.com
 
Description Follow on work with GCHQ Follow on work with UKBA
Sector Digital/Communication/Information Technologies (including Software),Security and Diplomacy