Operational Research for Context Aware Intrusion Detection

Computer security and intrusion detection systems are key areas for the future growth and prosperity of the UK. The largest and most difficult problem in the computer security industry today is how to deal with the volume of information as too many false attacks are being reported.The optimisation of intrusion detection, seen through the eyes of an Operational Researcher, can be achieved through appropriate mathematical models, similar to resource allocation problems such as Set Covering. Set Covering Problems are a staple of combinatorial optimisation and scheduling research. They are both mature areas, where current research has advanced to such levels that real-world problems can be solved successfully by using the latest mathematical modelling and heuristic optimisation techniques.It is the aim of this Fellowship to fuse Operational Research and intrusion detection and then transfer the successes of the former into the latter. Through careful mathematical modelling, I intend to transform the intrusion detection problem into a quasi Set Covering problem. I will then use my theoretical results and experience from this area to optimise the central processes. In essence, this will create a context aware intrusion detection system.An important aspect of the Fellowship is the opportunity to broaden my expertise to encompass other areas, notably mathematical modelling of intrusion detection. Such expertise is currently largely absent in the computer security community. I believe that the Fellowship will leave me in an extremely well placed position to start a unique research area at the intersection between Operational Research, optimisation and computer security.The Fellowship is supported by industrial collaborators (100,000+) and the University of Nottingham (70,000+ and PhD studentship).