SecureNet - Network Security - Protection

Objectif

The objective of the work is the systematic study and further development of methods to defend open computer networks against attack by malicious software, including viruses.
A project was set up to demonstrate the feasibility of the development of products for defending open computer networks against malicious software. The definition phase was divided into 5 work packages (WP) to be considered over 10 months. WP1 covered the collection and classification of threats of integrated broadband communication (IBC) environments namely, case studies of virus classification, modes of mobile viruses, detection capabilities and known weaknesses of IBC networks. WP2 covered the investigation of heuristic and formal algorithms for the detection, diagnosis and neutralisation, as well as selfcorrecting distributed computation (SDC) techniques for the provision of a trusted environment and the implications on IBC. WP3 consisted of the definition of an overall system concept, and WP4 covered the cost benefit analysis and selection of the most promising combinations of these techniques. WP5 covered the design and implementation specifications for a product (ie a set of tools) which incorporated the case selected in WP4. The project results indicated the necessity to attack the problem of detecting malicious software by monitoring system behaviour rather than by using the appearance of the malicious code itself. The wider applicability of the concepts in terms of analysing very large log audit files, for example, was also identified.
Technical Approach

The basic concept revolves around the co-operation of a neural net with an expert system and the use of self-correcting distributed computation (SDC) techniques.

The neural net component is responsible for the adaptive classification of events and the expert system uses the input from the neural net to perform a diagnosis and propose or perform neutralisation of any incurred damage. SDC techniques will be used to enhance immunity and to provide a minimum trusted environment.

During 1992, the project was in a definition phase whose success was intended to demonstrate the feasibility of the development of products for defending Open Computer Networks against malicious software.

The definition phase was divided into five work packages to be considered over 10 months. WP1 covered the collection and classification of threats of IBC environment namely, case studies of virus classification, modes of mobile viruses, detection capabilities and known weaknesses of IBC networks.

WP2 covered the investigation of heuristic and formal algorithms for the detection, diagnosis and neutralisation, as well as SDC techniques for the provision of a trusted environment and the implications on IBC.

WP3 consisted of the definition of an overall system concept, and WP4 covered the cost/benefit analysis and selection of the "most promising" combination of these techniques.

Finally, WP5 covered the design and implementation specifications for a product (i.e. a set of tools) which incorporated the case selected in WP4.

Key Issues

R&D is needed into methods of defence against specific forms of attack on software, notably "viruses" and "worms". This is because of the rising frequency of such attacks and the regrettably large number of people willing and able to devise and launch them. Viruses are important in view of the following:

Their extensive reproduction capability.
Detecting their origin is an undecidable problem.
They have the ability to completely alter (hence destroy) data.
Techniques for defence tend not to be preventive.

Expected Impact

The Project results indicate the necessity to attack the problem of detecting malicious software by monitoring system behaviour rather than by using the appearance of the malicious code itself. The wider applicability of the concepts in terms of analysing very large log/audit files, for example, was also identified.

Champ scientifique (EuroSciVoc)

CORDIS classe les projets avec EuroSciVoc, une taxonomie multilingue des domaines scientifiques, grâce à un processus semi-automatique basé sur des techniques TLN. Voir: Le vocabulaire scientifique européen.

• sciences naturelles informatique et science de l'information logiciel
• sciences naturelles informatique et science de l'information sécurité informatique logiciel malveillant
• sciences naturelles informatique et science de l'information intelligence artificielle systèmes experts
• sciences naturelles informatique et science de l'information sécurité informatique sécurité du réseau
• sciences naturelles informatique et science de l'information intelligence artificielle programmation heuristique

Programme(s)

Programmes de financement pluriannuels qui définissent les priorités de l’UE en matière de recherche et d’innovation.

• FP3-RACE 2 - Specific research and technological development programme (EEC) in the field of communication technologies, 1990-1994

Thème(s)

Les appels à propositions sont divisés en thèmes. Un thème définit un sujet ou un domaine spécifique dans le cadre duquel les candidats peuvent soumettre des propositions. La description d’un thème comprend sa portée spécifique et l’impact attendu du projet financé.

• T.881 - Malicious software and IBC
• T.883 - Generic security servers design and prototypes
• PL6 - Project line 6 - Information security

Appel à propositions

Procédure par laquelle les candidats sont invités à soumettre des propositions de projet en vue de bénéficier d’un financement de l’UE.

Régime de financement

Régime de financement (ou «type d’action») à l’intérieur d’un programme présentant des caractéristiques communes. Le régime de financement précise le champ d’application de ce qui est financé, le taux de remboursement, les critères d’évaluation spécifiques pour bénéficier du financement et les formes simplifiées de couverture des coûts, telles que les montants forfaitaires.

Données non disponibles

Coordinateur

Participants (6)