Completed Project : Alert Correlation
Alert correlation is a process that takes as input the alerts produced by one or more intrusion detection sensors and provides a more succinct and high-level view of occurring or attempted intrusions. The main objective is to produce intrusion reports that capture a high-level view of the activity on the network without losing security-relevant information.
|
|
Read more...
|
|
Automated Rule Tuning | | | | | | |  | | Rules are widely used in network management systems. In essence, they allow implementation of the system security policy in a flexible format that can be easily maintained and interpreted by human. However, one of the drawbacks of the rules is the reliance on the user guidance in rule development as well as in their adjustment to the changes in the network environment and security policy. | | | | Current Members: | |  Natalia Stakhanova
| | | | Previous Members: | | Shah Arif Iqbal | | | |
|
|
Read more...
|
Automatic Discovery and Classification of Network Applications| | | | | |  | | Identifying network traffic into different applications is very challenging and is still an issue yet to be solved. In practice, traffic application classification relies to a large extent on the transport layer port numbers, which was an effective way in the early days of the Internet. Port numbers, however, provide very limited information nowadays. An alternative way, currently applied by QRadar, is to examine the payload of network flows and then create signatures for each application. | | | | Current Members: | | Mahbod Tavallaee |
| | Previous Members: |
| Wei Lu | | |
|
|
Read more...
|
Botnet Detection |
|
Read more...
|
Conflict-free IDS Rule Management
Generally, misuse and specification-based approaches are implemented in a form of rule-based intrusion detection system (IDS) that aims to detect attacks by analyzing network traffic against a predefined set of rules. These rules generally describe the various IDS-defined features of the searched traffic (e.g. destination port, payload content, confidence level of the IDS, etc.) and the response action to be deployed in case the observed traffic matches the description.
Current Members: | Natalia Stakhanova | |
|
|
Read more...
|
|
Data Visualization |
|
Read more...
|
|
Network Anomaly Detection | | | | | |  | | Anomaly detection systems flag observed activities that deviate significantly from the established normal usage profiles as anomalies. This paradigm takes the attitude that something that is abnormal is probably suspicious. | | | | Current Members: | | Mahbod Tavallaee |
| | Previous Members: | | Wei Lu | | |
|
|
Read more...
|
Prediction of Network Attacks| | | | | | |  | | Predictability of network state has received a considerable attention in many domains, including adaptive applications, congestion control, admission control, wireless and network management. Although in the past decade a range of prediction algorithms have proposed, they generally present isolated efforts focused of various traffic characteristics and do not constitute a systematic approach to prediction of network state. | | | | Current Members: | | Natalia Stakhanova | | | | Previous Members: | | Mahsa Kiani | | | |
|
|
Read more...
|
Simulation of Network Attacks |
|
Read more...
|
UNB Honeynet |
|
Read more...
|
|
|
|
|
|
Research
