Potential Research Problems

Updated 8/28/09

Each of these areas are potential dissertation topics that I am willing to support.  Note that students in “Research in…” project courses can also use these areas for their work by selecting a narrow component of the area for their project (additional project topics listed at the end of the document). 

       

      Swarm Immunity

                        Current autoimmune approaches focus on the identity of unusual activity by hard coding established norms into the AIS components.  An autoimmune approach that is based on swarm intelligence may possess enhanced flexibility and adaptability in complex environments.  This research should include a focus on autoimmune capability as an emergent behavior. 

 

      Principal Component Analysis for Feature Extraction

                                   The extreme amount of approach to feature extraction in large data sets makes it difficult for current intrusion detection approaches to identify attacks, especially in high-speed connections. 

 

      Self-replicating Intrusion Detection

                                   Most intrusion detection approaches rely on pre-determined components that are coded and placed in the system.  A potentially viable alternative is an approach that grows and adapts to the particular environment that it is operating in.  This may increase effectiveness and reduce complexity of the intrusion detection approach. 

       

      Self-Authorizing Systems

                       This research will focus on the development of an authentication approach for trusted computing systems that is based on the fact that the ability of an entity to gain access to information is confirmation of their authorization. 

 

      Aggressive Misuse Detection

                                   Most intrusion detection systems utilize a passive observe and identify approach which rely on the presentation of the correct sequence of activity to correctly detect an attack.  This research would focus on the development of an autonomous approach that would be capable of adaptively pursuing potential “leads” as it aggressively hunts the attacker in the data stream.  This research should focus on detection speed instead of perfect accuracy. 

 

      Self-organized Criticality/Scale-free self-organization

                        Do self-organizing systems perform better based on power law distributions or as random connections within the problem space?

 

      Competitive Swarms

                                    Existing swarm intelligence approaches assume a fundamental level of cooperation among the agents.  This may limit the capabilities of the entire system as well as contributing to the unpredictability of emergent behavior.

 

      Self-organizing Network

                                   This research will expand on the benefits of a Random Boolean Network, but where the connections are motivated by a self-organizing process.

 

      Artificial Stem Cells

                       Neural networks must be designed and modified as a complete system.  This research will focus on the development of neural “stem cells” which have the ability to evolve based on the characteristics of the local environment.  The neural stem cells will probably require lifetimes.  If they are unnecessary to the optimal network they should be pruned to reduce complexity.

 

Distributed Reasoning

                                     This research will focus on the development of a reasoning approach that emerges as an artifact of the self-organization of simple distributed components.

 

      Distributed Learning

                                   Can learning occur without changes in behavioral characteristics (i.e., can learning be a cooperative process that emerges without changes to individual agents)?

 

      Predictive Emergence

                                   Emergence is a hallmark of self-organizing systems.  Unfortunately, it is usually impossible to predict and anticipated with all the excitement of a child on Christmas eve.  Is it possible to predict, and therefore influence, emergent behavior in self-organizing systems?

 

      Fractals/self-similarity in neural systems

                        Preliminary work has been conducted on fractal neural networks.  Most of this work has focused on the ability to apply a higher level of abstraction to neural modeling.  There may also be an opportunity to apply this work to network-based anomaly detection.

 

 

      Network Rating Model

                                   The Rainbow Series was used by NSA to evaluate Trusted Computing Bases (TCB).  No similar method of objectively evaluating disparate networks has been devised.

 

 

      Data Reduction in Network Data Streams using Wavelets or other approaches

                                    Wavelets have been applied to the detection of unusual activity in network data streams.  The approach may also enable the system to reduce the data necessary to detect intrusions to only relevant data elements.

                                     

      Back-tracking of Network Attacks

                       Even when intrusion detection is successful, there is no viable approach to tracking the intrusive activity back to its source.

 

Potential Projects

Updated 8/28/09

Each of these areas are possible research projects for students in “Research in…” courses.  These projects are too limited for dissertation research, though they could serve as the foundation for acceptable dissertation research.

 

      Minimum Data Set for Effective Intrusion Detection in Wireless Networks

                                     What data elements need to be collected and analyzed for various wireless attacks?

 

      Pruning of Rules in Expert Systems to Increase Performance

                        Expert systems are recognized as useful tools for many applications, but a method of accurately pruning unused rules may increase the efficiency of expert systems.

 

 

      Accurate Attack Modeling

                        Current attack models include attack trees and pseudo code.  Nether of these is useful for automated intrusion detection approaches.

 

      Illusory Security

                       Make a protected system appear stronger than it really is, which may provide intrusion prevention.

 

      Deceptive Security

                                  An approach that makes it appear that systems strengths are actually weaknesses so that actual vulnerabilities may be ignored by an attacker.

                         

 

       

       

      Real-time Risk Monitor (three possibilities)

                        1.  Automated alert function that notifies the user when risk appetite is exceeded due to changes in the system.

                        2.  A risk analysis model that can incorporate near real-time changes in the protected environment to more accurately track overall risk.

                        3.  A risk analysis model that addresses the unique characteristics of wireless networks. 

 

 

      Adaptive Obscurity

                       Security through obscurity is an acceptable, if not entirely successful, risk mitigation approach.  A method of adaptively modifying the ability of the protected system to hide from potential attackers.

 

 

      Attack Indicators

                                  What is the set of representative indicators of a system under attack?  Based on available metrics, what does an attack look like?