As networks get faster and as network-centric applications get more complex, our understanding of the cyber-infrastructure continues to diminish. This is particularly important as more and more different networks are connected to the public Internet leaving open routes to potential cyber-attacks. As response measures against cyber-terrorism, system and network operators are deploying intrusion detection sensors at diverse locations across their administrative domains, seeking a more complete coverage against potential threats. Though much work has been done single point network intrusion and malicious attack detection systems, their shortcomings necessitated distributed intrusion detection systems, for which little has been done.
Furthermore, all of the current works are either just warning systems, or they react in an open loop manner, where in case of an attack they require manual response. The overall objective of this research proposal is to investigate heuristics for automated early detection and warning of known and unknown network-based cyber-attacks facilitating a distributed passive monitoring infrastructure, and to investigate the automated reaction alternative strategies for self-reconfiguration and adaptation of the security system.
Our target is to design a distributed network intrusion detection and automated prevention system over an overlay of passive monitoring sensors. Information from different sensors at network vantage points will be used by new heuristic algorithms. Our target is to achieve a self-reconfigurable security system. Our approach includes misuse and anomaly detection techniques, while the system will have self-reconfiguration functionalities in order to react automatically to security attacks eliminating the need for manual configuration, and thus closing the feedback loop. The applicant fellow is an experienced researcher with a high quality research profile, which wants to pursue this research within a European institution.
Call for proposal
See other projects for this call