The aim of this Faraday research project is to model, evaluate and build a decision support system that works alongside advanced intrusion detection systems. Intrusion Detection Systems are software systems designed to identify and prevent the misuse of computer networks and systems. The project is to explore mathematical methods for intrusion detection data mining in order to create knowledge bases that represent high-level threat models, situational models and attacker profiles. Such knowledge bases may then be used to process data from distributed intrusion detection sensors in real time (this process is known as data fusion). This should allow an intrusion detection system to present a richer, more accurate, picture of current threats by being able to piece together information from diverse sources.

Project staff and support

Gianni Tedesco (Postgraduate Faraday Associate, University of Nottingham)
Uwe Aickelin (Academic supervisor, University of Nottingham)
John Brosnan (Industrial supervisor, NetFort Technologies)
Melvin Brown (Technology Translator, Smith Institute)

This project is being carried out at the University of Nottingham, in conjunction with NetFort Technologies. It is supported by an EPSRC industrial CASE award, made available through the Faraday Partnership for Industrial Mathematics. Start date: 1 June 2005; duration: 3.5 years.