System Smart Intrusion Detection

Project: Research project (funded)Research

Project Details


Criminal use of the national network infrastructure is commonplace: blackmail, and phishing (social engineering) alone are significant in economic terms. These activities exploit network hosts that have been previously subverted, by attacks that are becoming increasingly sophisticated. Existing Intrusion Detection Systems (IDSs) are unable to detect new or subtle attacks, and deploying IDS sensors in higher volumes results in high report volumes, but little more effectiveness. This project will show that by taking a system design approach to the choice and configuration of sensors, together with network deployment strategies that allow flexible sensor placement, it is possible to substantially improve the detection of subtle attacks. This work does not focus on improvements to individual intrusion detection components; but rather exploits the synergy that can be obtained by combining the strengths of different types of sensor, in a holistic approach to intrusion management design.

Key findings

The project was highly collaborative (with Cranfield, our academic partner). The primary outcomes of the work are:

a) it is possible to automatically discover configurations of sensors that maximise chances of detecting network attacks.

b) there are several intrusion detection success crtieria that can be traded off against each other. A "deployment model" was created (and won a best paper prize). Using a search based approach optimal tradeoffs in deployments can be found. These may include unit node costs (e.g. purchase price) but also management costs based on throughputs and investigation of false alarms for example.

c) a Bayesian inspired approach is possible to identifying the most likley perpetrator of an insider attack.

Effective start/end date28/09/0727/07/10


  • EPSRC: £228,258.00