Doctoral Research Topics
Predicting Future Attacker Activity
The topic of predicting future actions is an important
dissertation topic. The approach that I could support involves
the use of a technique called hierarchical temporal memory (HTM).
The approach was developed by Jeff Hawkins and described in his book On Intelligence. There
are also a few youtube videos where he describes the general idea and
his most recent algorithms. There is also free software and
documents available at Numenta (the
company that he has built around the idea).
The reason that this is a viable approach is that it incorporates the
idea of prediction directly. Activity is viewed at the lower
levels and based upon what has been seen previously and predictions are
made about what will be seen in the next time slices. So if you
have a user who is doing certain things and the system can then make a
prediction that they are about to do something damaging to the network
then an alert can be sent to an administrator or any number of other
things. Bottom line, the approach is capable of near real time
speeds, it's never been tried, and I think that it will work.
I suggest that you pick up a copy of On Intelligence. It's a
quick read. Once you've finished send me a note and we can
discuss next steps.
Detecting "Dead Code" in Source Code
"Dead Code" is lines of executable code in software that is not part of
the normal calls of the algorithm. It is code inserted into the
program intentionally that can only be executed when a specific set of
conditions are applied. A good example, though fictional, was
described in a Tom Clancy book. A programmer has built a software
upgrade for the New York Stock Exchange that tracks all of the buying
and selling during each trading day. After the upgrade is
installed a broker (who is part of the devious plot) makes a series of
specific stock trades at values far outside the normal value.
These trades trigger the dead code in the software upgrade and
from that point on none of the millions of stock transactions are
recorded. At the end of the trading day no one knows who bought
what and for how much. Results in a mild financial crisis.
A few years ago a former student of mine developed an approach to
detecting dead code in Java sourcecode using Petri Nets.
The work was progressing very nicely but he was unable to finish.
I would like for someone to complete the work. We published
paper that described the general approach and the preliminary results
that can be found here.
Integrating Artificial Immune Theory
with Swarm Intelligence
Both artificial immune systems and swarm intelligence have been
successfully applied to a variety of applications. However, in my
opinion, AIS has been limited to only a few biological analogies.
As an example, negative selection algortihms have been applied to
intrusion detection. But biologicial immune systems function much
more like swarms. No centralized control and emergent behavior
enable biological approaches to respond quickly to anomalies that may
represent attacks. Some work has been
done but there is much more that can be investigated in this area.
Using Neural Networks to Attribute
Network Activity to Specific User
Due to the complexity of the network environment and the volume of
activity it can be extremely difficult to attribute events to a
specific user, especially one who is actively attempting to avoid
detection. I am looking for a student to investigate the
application of Neural
Abstraction Pyramids to this problem. NAPs are designed to
dissect a unified picture into the component patterns that make it
up. Instead of using it on a picture, the idea is to apply it to
network activity (the whole picture) and then break it into parts
(individual events) in order to enable us to attribute the parts to a
Viral Anti-viral Approach
I am looking for one or more students who would be interested in
conducting research similar to newly
released work in Japan (a critique of the work is available here).
-Last updated 01/05/2012-