System-Smart Intrusion Detection

Lead Research Organisation: University of York

Department Name: Computer Science

Abstract

Criminal use of the national network infrastructure is commonplace: blackmail, and phishing (social engineering) alone are significant in economic terms. These activities exploit network hosts that have been previously subverted, by attacks that are becoming increasingly sophisticated. Existing Intrusion Detection Systems (IDSs) are unable to detect new or subtle attacks, and deploying IDS sensors in higher volumes results in high report volumes, but little more effectiveness. This project will show that by taking a system design approach to the choice and configuration of sensors, together with network deployment strategies that allow flexible sensor placement, it is possible to substantially improve the detection of subtle attacks. This work does not focus on improvements to individual intrusion detection components; but rather exploits the synergy that can be obtained by combining the strengths of different types of sensor, in a holistic approach to intrusion management design.

Funded Value:

£228,258

Funded Period:

Sep 07 - Jul 10

Funder:

EPSRC

Project Status:

Closed

Project Category:

Research Grant

Project Reference:

EP/E028128/1

Principal Investigator:

John Clark

Research Subject:

Info. & commun. Technol. (100%)

Research Topic:

Networks & Distributed Systems (100%)

Organisations

People	ORCID iD
John Clark (Principal Investigator)

Publications

Author Name

Title Publication Date Published

|< < 1 2 > >|

10 25 50

Chen H (2010) Optimising IDS Sensor Placement

Chen H (2009) Computational Intelligence in Security for Information Systems

Chivers H (2010) Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise in Information Systems Frontiers

John Andrew Clark (Author) (2009) A Multi-objective Optimisation Approach to IDS Sensor Placement

N/a Chivers (2009) Accumulating Evidence of Insider Attacks

Poulding S (2013) The optimisation of stochastic grammars to enable cost-effective probabilistic structural testing

Sen S (2011) Evolutionary computation techniques for intrusion detection in mobile ad hoc networks in Computer Networks

Shaikh S (2008) Characterising intrusion detection sensors in Network Security

Shaikh S (2009) Advances in Information Security and Assurance

Shaikh S (2009) Towards scalable intrusion detection in Network Security

Key Findings
Impact Summary


Description	1) A specialist threat modeling technique can allow rigorous analysis of authentication systems; 2) A password management system is possible that detects misuse of (the same) passwords across sites. 3) Optimisation based approaches can be adopted to select optimal configurations of probe positioning across network to maximize intrusion detection (and allow tradeoffs to be made between resources and detectability)
Exploitation Route	We are currently considering at whether the optimisation angle can be refined in the context of IoT
Sectors	Digital/Communication/Information Technologies (including Software),Manufacturing, including Industrial Biotechology,Security and Diplomacy


Description	We have demonstrated out work to CESG. We are also beginning to use the background expertise to apply for further funding to the EU, envisaged in 2015.
First Year Of Impact	2014
Sector	Digital/Communication/Information Technologies (including Software),Security and Diplomacy

Abstract

Organisations

People

ORCID iD

Publications