Research output per year
Research output per year
Project Details
Description
Criminal use of the national network infrastructure is commonplace: blackmail, and phishing (social engineering) alone are significant in economic terms. These activities exploit network hosts that have been previously subverted, by attacks that are becoming increasingly sophisticated. Existing Intrusion Detection Systems (IDSs) are unable to detect new or subtle attacks, and deploying IDS sensors in higher volumes results in high report volumes, but little more effectiveness. This project will show that by taking a system design approach to the choice and configuration of sensors, together with network deployment strategies that allow flexible sensor placement, it is possible to substantially improve the detection of subtle attacks. This work does not focus on improvements to individual intrusion detection components; but rather exploits the synergy that can be obtained by combining the strengths of different types of sensor, in a holistic approach to intrusion management design.
Key findings
The project was highly collaborative (with Cranfield, our academic partner). The primary outcomes of the work are:
a) it is possible to automatically discover configurations of sensors that maximise chances of detecting network attacks.
b) there are several intrusion detection success crtieria that can be traded off against each other. A "deployment model" was created (and won a best paper prize). Using a search based approach optimal tradeoffs in deployments can be found. These may include unit node costs (e.g. purchase price) but also management costs based on throughputs and investigation of false alarms for example.
c) a Bayesian inspired approach is possible to identifying the most likley perpetrator of an insider attack.
a) it is possible to automatically discover configurations of sensors that maximise chances of detecting network attacks.
b) there are several intrusion detection success crtieria that can be traded off against each other. A "deployment model" was created (and won a best paper prize). Using a search based approach optimal tradeoffs in deployments can be found. These may include unit node costs (e.g. purchase price) but also management costs based on throughputs and investigation of false alarms for example.
c) a Bayesian inspired approach is possible to identifying the most likley perpetrator of an insider attack.
| Status | Finished |
|---|---|
| Effective start/end date | 28/09/07 → 27/07/10 |
Funding
- EPSRC: £228,258.00
-
The Optimisation of Stochastic Grammars to Enable Cost-Effective Probabilistic Structural Testing
Poulding, S. M., Alexander, R., Clark, J. A. & Hadley, M. J., Jul 2013. 8 p.Research output: Contribution to conference › Paper › peer-review
Open AccessFile -
Demonstration software for IDS Sensor Placement
Chen, H., Fuller, R. & Clark, J. A., 31 Mar 2011Research output: Non-textual form › Software
-
Evolutionary computation techniques for intrusion detection in mobile ad hoc networks
Sen, S. & Clark, J. A., 27 Oct 2011, In: Computer networks-The international journal of computer and telecommunications networking. 55, 15, p. 3441-3457 17 p.Research output: Contribution to journal › Article › peer-review
Activities
- 1 Public engagement and outreach (general)
-
"Workshop Discussions with Roke Manor Research
John Andrew Clark (Contributor)
1 Jan 2011 → 31 Mar 2011Activity: Other › Public engagement and outreach (general)