The NEMESIS research group focuses on the development of
innovative intrusion defense technologies. A central focus of
work is the application of advanced artificial intelligence and complex
adaptive systems in preventing, detecting, and responding to
distributed network attacks.
Each of these problems
a current area of research that will
contribute to the overall NEMESIS research effort. While each
student will work on a specific research problem with a specific
approach each of these problems are complex enough that multiple
students may be conducting research on each simultaneously
Detection of Attacks
attacks can be significantly more difficult
to detect if the the steps in the attack are spread over a period of
hours or days.
Detection of Attacks
detection of network attacks can also be
complicated if multiple attackers attackers work together to conduct an
Techniques to Streamline Data Analysis
significant limitation of existing IDS approaches
is the difficulty in identifying relevant information in complex
high-speed network data streams. Only a fraction of the
data is applicable to the IDS analysis but locating the appropriate
data, especially in real-time, is extremely difficult. A
is required to identified relevant data elements based on the needs of
the IDS dynamically and in real-time.
Represent New Attacks in Near Real-time
attack modeling relies on attack trees or
pseudo-code to describe an attack. While both are useful for
individual to understand an attack sequence in the conceptual sense,
neither are applicable for use as online inputs to IDS in real-time.
A new method is required that is able to capture the relevant
information and then serve as an input vector to an IDS.
of Attacks in Noisy
to the variety of activity and processes
occuring in a network environment the identification of the subset of
data that is relevant to analysis can be extremely difficult.
Detection of Attacks with
approaches rarely have a complete view of an
attack, but they typically require the observed activity to match an
existing model of the attack to complete the detection process.
Adaptive Verification of
Penetration Testing Effectiveness
testing is frequently used to evaluate
the security of information systems. Automated penetration
testing tools require an adaptive mechanism that would allow them to
determine the effectiveness of penetration efforts in real-time.
Back Tracing Network
is currently no effective method of tracing an
attacker back to the source. Tagging and node hoping provide
little information and lack reliability.
Qualified doctoral students
who are interested in investigating one
of the indicated problems are being recruited. The process
with an email to Dr. Cannady indicating which of the problems you are
interested in and your experience and expertise.
be followed by the development of a suitable problem statement,
followed by an annotated bibliography, followed by an idea paper.
Each of these problems are designed to lead to the
If you are interested/qualified/capable to do the work, I
provide you the supervision and support necessary to get you through
the dissertation process.
A few points to consider:
I will be working closely
with each student and there will
probably be some level of group collaboration between students working
in similar areas.
Each student will be
required to publish the results of their
research in a peer-review journal or conference proceeding (in addition
to their dissertation).
The approach will need to
be validated by building (coding) and
testing a suitable prototype.
No policy work and no case
Regular progress in your
research is required. If you are
too involved in coursework, your job, or your other responsibilities to
dedicate to doctoral research then you should wait until you can apply
the requisite time to the work before contacting me. Students
fail to progress in their research for one month will receive a letter
of warning. Failure to make progress for a second month will
result in the student being dismissed from the research group.