System-Smart Intrusion Detection

Criminal use of the national network infrastructure is commonplace: blackmail, and phishing (social engineering) alone are significant in economic terms. These activities exploit network hosts that have been previously subverted, by attacks that are becoming increasingly sophisticated. Existing Intrusion Detection Systems (IDSs) are unable to detect new or subtle attacks, and deploying IDS sensors in higher volumes results in high report volumes, but little more effectiveness. This project will show that by taking a system design approach to the choice and configuration of sensors, together with network deployment strategies that allow flexible sensor placement, it is possible to substantially improve the detection of subtle attacks. This work does not focus on improvements to individual intrusion detection components; but rather exploits the synergy that can be obtained by combining the strengths of different types of sensor, in a holistic approach to intrusion management design.