SlideShare a Scribd company logo

MSc (Computer Science) - Academic Proposal, May 2009 - Shaon Diwakar

NewsMaven
NewsMaven

This research proposal aims to develop autonomous post-intrusion network isolation systems using neural networks, rule-sets, and mathematical models. The research has four main goals: 1) investigate techniques to prevent comprehensive network infiltration if a system is compromised, 2) investigate proactive user auditing to mitigate fraud risk, 3) provide a model for network forensics after an intrusion, and 4) demonstrate a practical implementation. The methodology will include a literature review, mathematical modeling, analyzing isolation scenarios, and developing software. The research will be conducted over three semesters, with deliverables including a literature review, network isolation process, prototype architecture in the first semester, software development in the second, and testing/refinement in the

Related slideshows

Privacy & Ethical Impact Assessment Workshop_RAMSES Project
Privacy & Ethical Impact Assessment Workshop_RAMSES ProjectPrivacy & Ethical Impact Assessment Workshop_RAMSES Project
Privacy & Ethical Impact Assessment Workshop_RAMSES Project
 
International Journal of Wireless Networks Systems (IJWNS)
International Journal of Wireless Networks Systems (IJWNS)International Journal of Wireless Networks Systems (IJWNS)
International Journal of Wireless Networks Systems (IJWNS)
 
International Journal on Cryptography and Information Security (IJCIS)
International Journal on Cryptography and Information Security (IJCIS)International Journal on Cryptography and Information Security (IJCIS)
International Journal on Cryptography and Information Security (IJCIS)
 
1 of 3
Download to read offline
Research proposal - Autonomous post intrusion, network isolation systems Shaon Diwakar University of Technology, Sydney May 2009 Abstract In an interconnected world, mitigating the risk of data loss as well as maintaining network and endpoint security, presents both an opportunity and a cost to businesses. Over the last two decades, sig- nificant efforts have been made to improve the reliability and security of networked systems to prevent them from abuse, exploitation and fraud. As a result, the market has driven a marked improvement in the sophistication of defensive technologies such as intrusion detec- tion, intrusion prevention and endpoint security solutions, which are employed to defend against increasingly complex, offensive network and application attacks. Today, as people place an ever-increasing reliance on networked computer systems, the threat of directed (terrorist activity, corporate espionage) or secondary attacks (malware/viral infection) has been very real and to date, amounted to significant financial losses for busi- nesses and governments worldwide. This dissertation, will demonstrate the application of neural net- works, rule-sets and mathematical models pertaining to the detection, isolation and remediation following network and application security attacks in IPv4 networks. 1
1 Research aim This research will focus on three important facets of network security with four main overarching goals, foremost, an investigation of techniques that could be employed to prevent comprehensive network infiltration, in the event of a networked system becoming partially, or completely under the control of an unauthorised individual or group (cracker, terrorists). The pro- posed method will investigate various forms of network isolation, automatic modification of router/switch access controls, changes in firewall state and modification of user accounts. Secondly, investigate whether proactive user level auditing through anal- yses of anomalies in account usage patterns could be used to mitigate the risk of abuse & fraud in a high-risk environment (e.g. in the banking, intelligence and health sectors). Thirdly, provide a model or methodology that can be used in the event of an intrusion to provide a certain level of network forensics (dates & times of user account compromises, service misuse or attacks). And finally, the fourth aim of this master’s thesis is to practically demon- strate the implementation of the proposed system(s) in a controlled environ- ment using open source applications or off-the-shelf software. 2 Methodology This research will involve both in part, an investigation of network isolation mechanisms and, subsequent quantitative testing of the hypotheses derived. Such research could be carried out in the following manner: 2
• Literature review of prior, related work in the network security field (intrusion detection, intrusion prevention and deep packet inspection technology); • Mathematical modelling of rule-based & fuzzy logic algorithm(s) that can be used to determine what constitutes a network compromise; • Analyses of common scenarios where the proposed model(s) would ac- tively prevent further network infiltration; • Development of a software system that demonstrates the value of said isolation mechanisms. 3 Research plan This research will be performed over three semesters (1.5 years) as prescribed for a full-time MSc Computing Science (Research) student. A high-level schedule for the proposed work is outlined below. Semester Major deliverable I Literature review, network isolation process, prototype software architecture. II Software development. III Testing, bug-fixing, neural network spiking, preparation for academic submission & presentation. 3

More Related Content

MSc (Computer Science) - Academic Proposal, May 2009 - Shaon Diwakar

  • 1. Research proposal - Autonomous post intrusion, network isolation systems Shaon Diwakar University of Technology, Sydney May 2009 Abstract In an interconnected world, mitigating the risk of data loss as well as maintaining network and endpoint security, presents both an opportunity and a cost to businesses. Over the last two decades, sig- nificant efforts have been made to improve the reliability and security of networked systems to prevent them from abuse, exploitation and fraud. As a result, the market has driven a marked improvement in the sophistication of defensive technologies such as intrusion detec- tion, intrusion prevention and endpoint security solutions, which are employed to defend against increasingly complex, offensive network and application attacks. Today, as people place an ever-increasing reliance on networked computer systems, the threat of directed (terrorist activity, corporate espionage) or secondary attacks (malware/viral infection) has been very real and to date, amounted to significant financial losses for busi- nesses and governments worldwide. This dissertation, will demonstrate the application of neural net- works, rule-sets and mathematical models pertaining to the detection, isolation and remediation following network and application security attacks in IPv4 networks. 1
  • 2. 1 Research aim This research will focus on three important facets of network security with four main overarching goals, foremost, an investigation of techniques that could be employed to prevent comprehensive network infiltration, in the event of a networked system becoming partially, or completely under the control of an unauthorised individual or group (cracker, terrorists). The pro- posed method will investigate various forms of network isolation, automatic modification of router/switch access controls, changes in firewall state and modification of user accounts. Secondly, investigate whether proactive user level auditing through anal- yses of anomalies in account usage patterns could be used to mitigate the risk of abuse & fraud in a high-risk environment (e.g. in the banking, intelligence and health sectors). Thirdly, provide a model or methodology that can be used in the event of an intrusion to provide a certain level of network forensics (dates & times of user account compromises, service misuse or attacks). And finally, the fourth aim of this master’s thesis is to practically demon- strate the implementation of the proposed system(s) in a controlled environ- ment using open source applications or off-the-shelf software. 2 Methodology This research will involve both in part, an investigation of network isolation mechanisms and, subsequent quantitative testing of the hypotheses derived. Such research could be carried out in the following manner: 2
  • 3. • Literature review of prior, related work in the network security field (intrusion detection, intrusion prevention and deep packet inspection technology); • Mathematical modelling of rule-based & fuzzy logic algorithm(s) that can be used to determine what constitutes a network compromise; • Analyses of common scenarios where the proposed model(s) would ac- tively prevent further network infiltration; • Development of a software system that demonstrates the value of said isolation mechanisms. 3 Research plan This research will be performed over three semesters (1.5 years) as prescribed for a full-time MSc Computing Science (Research) student. A high-level schedule for the proposed work is outlined below. Semester Major deliverable I Literature review, network isolation process, prototype software architecture. II Software development. III Testing, bug-fixing, neural network spiking, preparation for academic submission & presentation. 3