Securing Future Networked Infrastructures through Dynamic Normal Behaviour Profiling
Lead Research Organisation:
University of Glasgow
Department Name: School of Computing Science
Abstract
Regular attacks on online services are becoming an ever-present reality. Hackers seek to breach the security of organisations to compromise users and gain confidential information, or deny others access to internet shops and services to inflict monetary harm. System administrators and security researchers are engaged in an unending game of cat-and-mouse with these adversaries, and can often only react to attacks and security holes after the fact. More proactive, automated methods are needed to identify potentially harmful or disruptive traffic as it presents itself.
The objective of the research is to explore recent advances in programmable network mechanisms (such as, e.g., Software-Defined Networking and Network Function Virtualisation) together with cutting-edge machine learning techniques to develop distributed, on-the-fly machine analysis and handling of anomalous traffic as deviations from a normal behaviour profile that will be constructed based on the evolving behaviour of network traffic in due course.
While the constituent parts of this work are well-understood, the novelty in this research arises from our intended exploration of how machine learning-driven network analysis and programmable networks will interact for the purposes of everyday network management, threat detection and threat control.
Given the reality of the threat that cyber attacks pose to modern business and government, this work is particularly timely.
The development of more advanced and capable networking systems, statistical models and their intersection will have wide impact, and is expected to potentially benefit UK businesses, universities and institutes by increasing their resilience against common and uncommon adversaries.
This work directly aligns with the following ambitions from the EPSRC's prosperity outcomes - R3: "Develop better solutions to acute threats: cyber, defence, financial and health" (Resilient Nation); C1: "Enable a competitive, data driven economy"; C3: "Deliver intelligent technologies and systems"; and C4: "Ensure a safe and trusted cyber society" (Connected Nation).
Furthermore, it is directly relevant to the EPSRC growth area "Statistics and applied probability", the maintenance area "Artificial intelligence technologies", and "ICT networks and distributed systems".
The objective of the research is to explore recent advances in programmable network mechanisms (such as, e.g., Software-Defined Networking and Network Function Virtualisation) together with cutting-edge machine learning techniques to develop distributed, on-the-fly machine analysis and handling of anomalous traffic as deviations from a normal behaviour profile that will be constructed based on the evolving behaviour of network traffic in due course.
While the constituent parts of this work are well-understood, the novelty in this research arises from our intended exploration of how machine learning-driven network analysis and programmable networks will interact for the purposes of everyday network management, threat detection and threat control.
Given the reality of the threat that cyber attacks pose to modern business and government, this work is particularly timely.
The development of more advanced and capable networking systems, statistical models and their intersection will have wide impact, and is expected to potentially benefit UK businesses, universities and institutes by increasing their resilience against common and uncommon adversaries.
This work directly aligns with the following ambitions from the EPSRC's prosperity outcomes - R3: "Develop better solutions to acute threats: cyber, defence, financial and health" (Resilient Nation); C1: "Enable a competitive, data driven economy"; C3: "Deliver intelligent technologies and systems"; and C4: "Ensure a safe and trusted cyber society" (Connected Nation).
Furthermore, it is directly relevant to the EPSRC growth area "Statistics and applied probability", the maintenance area "Artificial intelligence technologies", and "ICT networks and distributed systems".
Organisations
| Description | A better method for automatically detecting, and preventing, DDoS attacks by digital vandals or criminals upon businesses and websites, and novel methods for measuring and analysing aspects of high-speed networks. |
| Exploitation Route | Installed in experimental networks by enterprising companies to better defend and monitor their networks. |
| Sectors | Digital/Communication/Information Technologies (including Software),Security and Diplomacy |