Additional Doctoral Research Topics


Predicting Future Attacker Activity

The topic of predicting future actions is an important dissertation topic.  The approach that I could support involves the use of a technique called hierarchical temporal memory (HTM).  The approach was developed by Jeff Hawkins and described in his book On Intelligence.  There are also a few youtube videos where he describes the general idea and his most recent algorithms.  There is also free software and documents available at Numenta (the company that he has built around the idea).  

The reason that this is a viable approach is that it incorporates the idea of prediction directly.  Activity is viewed at the lower levels and based upon what has been seen previously and predictions are made about what will be seen in the next time slices.  So if you have a user who is doing certain things and the system can then make a prediction that they are about to do something damaging to the network then an alert can be sent to an administrator or any number of other things.  Bottom line, the approach is capable of near real time speeds, it's never been tried, and I think that it will work. 

I suggest that you pick up a copy of On Intelligence.  It's a quick read.  Once you've finished send me a note and we can discuss next steps.



Detecting "Dead Code" in Source Code

"Dead Code" is lines of executable code in software that is not part of the normal calls of the algorithm.  It is code inserted into the program intentionally that can only be executed when a specific set of conditions are applied.  A good example, though fictional, was described in a Tom Clancy book.  A programmer has built a software upgrade for the New York Stock Exchange that tracks all of the buying and selling during each trading day.  After the upgrade is installed a broker (who is part of the devious plot) makes a series of specific stock trades at values far outside the normal value.  These trades trigger the dead code in the software upgrade and from that point on none of the millions of stock transactions are recorded.  At the end of the trading day no one knows who bought what and for how much.  Results in a mild financial crisis.

A few years ago a former student of mine developed an approach to detecting dead code in Java sourcecode using Petri Nets.  The work was progressing very nicely but he was unable to finish.  I would like for someone to complete the work.  We published paper that described the general approach and the preliminary results that can be found here.



Integrating Artificial Immune Theory with Swarm Intelligence

Both artificial immune systems and swarm intelligence have been successfully applied to a variety of applications.  However, in my opinion, AIS has been limited to only a few biological analogies.  As an example, negative selection algortihms have been applied to intrusion detection.  But biologicial immune systems function much more like swarms.  No centralized control and emergent behavior enable biological approaches to respond quickly to anomalies that may represent attacks.  Some work has been done but there is much more that can be investigated in this area.



Using Neural Networks to Attribute Network Activity to Specific User

Due to the complexity of the network environment and the volume of activity it can be extremely difficult to attribute events to a specific user, especially one who is actively attempting to avoid detection.  I am looking for a student to investigate the application of Neural Abstraction Pyramids to this problem. NAPs  are designed to dissect a unified picture into the component patterns that make it up.  Instead of using it on a picture, the idea is to apply it to network activity (the whole picture) and then break it into parts (individual events) in order to enable us to attribute the parts to a single individual.



Viral Anti-viral Approach

I am looking for one or more students who would be interested in conducting research similar to newly released work in Japan (a critique of the work is available here).



-Last updated 01/05/2012-