Event Details

Operational Cyber-Security: Challenges and Approaches

Presenter: Dr. Stephen W. Neville - Adjunct Assistant Professor, Dept. of Electrical and Computer Engineering, University of Victoria
Supervisor:

Date: Thu, May 8, 2003
Time: 14:30:00 - 15:30:00
Place: EOW 430

ABSTRACT

Abstract

Cyber security is a growing issue within both industry and academia. The growing reliance on computer networks and information infrastructure means that it is becoming critical to ensure that these systems have a suitably high level of availability, reliability, and integrity. Cyber-attacks are a significant threat to these system level requirements.

A significant focus within the research community has been directed at building various classes of attack detectors. Recently, this research effort has begun to address the issue of how to combine the information available from these various sensors (correlation approaches). This is a significant issue within operational settings, since the deployed sensors tend to be highly heterogeneous in terms of their knowledge domains, their data representations, and their interfaces. It is largely left to the security analyst or network analyst to construct a consistent and accurate cyber-situation awareness of the systems under their care. This data correlation effort is the first step along the path to building decision support systems for intrusion management. This talk will look at the overall issues inherent in building such a system and the issues and open research areas which exist within this domain.

The first half of this talk will look at the issues intrinsic in operational cyber-security and how these issues lead to the need for automated decision support systems. From this discussion will flow the basic requirements and architecture for such a decision support system. This base architecture will be used to identify the open research areas. The second half of the talk will look at one of these open areas in more detail. Namely, the need for the time-based data correlations currently available to move to more complete data fusion approaches. A formal description of this problem for signature-based intrusion detection systems (IDS's) will be presented and it will be illustrated how this leads to a practical approach to the data fusion problem.

For Further Information Contact
Dr. N.J. Dimopoulos (721-8902)