Research

Computer Systems Security & Intrusion Detection


The primary focus of my research is Computer Systems Security and Intrusion Detection and Prevention Systems. In the latter part we aim to create effective Intrusion Detection and Prevention System which are able to detect and protect Network Intrusions effectively and in reasonable time. This is an important area in Computer Security as made evident by, for example, the recent hacking of Sony PS3, which involved 24.6 million customer accounts being vulnerable, and the hacking of websites both including US and Canadian government sites.

Intrusion Detection Systems can be classified by the detection techniques which they use: misuse detection, anomaly detection, specification-based detection, and model-based detection. Misuse detection identifies intrusion by well-defined attack patterns which exploit weaknesses in system and application software. Anomaly detection, refers to intrusions that are significant deviations of established normal user and system behaviours.

Misuse detection and anomaly detection are popular methods in intrusion detection field. Misuse detection has already applied on commercial IDSs because of its predictability and high accuracy. In contrast, anomaly detection has fewer products in the market, but it is considered as a more powerful method for its theoretical potential on identifying novel attacks.

In our research we have extended Anomaly detection by using Self-organization Feature Maps (classified as an Artificial Neural Network (ANN)), to identify Intrusions. This is done by training the system to recognize the ``closeness'' of an attack with attributes (42 of them in the case of the KDD-99 dataset), to a certain class of attack, or if the data is normal. We have obtained encouraging results and furthered the research by using different ANNs, with a voting system and a novel equation to determine the vote.

We have also shown the correlation of Intrusion Detection Techniques in Mobile Ad-Hoc Networks to routing protocols and identified new characteristics and changes that need to be made to achieve a higher level of security than is currently possible.

Digital Watermarking is another area we have worked on. Digital watermarking is the process of embedding information into a digital signal which may be used to verify its authenticity or the identity of its owners, in the same manner as paper bearing a watermark for visible identification. In digital watermarking, the signal may be audio, pictures, or video. If the signal is copied, then the information also is carried in the copy. The author of the image is thus able to determine and prove that the image is his/hers. Of course, this is subject to the watermark in the image being robust, that is resilient to attacks such as cropping, adding of noise, Xeroxing, etc. We have developed algorithms that are robust and resilient to most of the attacks, and these have been published in a number of conferences.