ProjectMonitoring and Disruption Management

Monitoring and Disruption Management

 

This project aims at building mechanisms and tools for monitoring and responding to anomalies such as faults, overload, misconfiguration, and intrusion. The scope includes data gathering and estimation, statistical anomaly detection, policy based security, and the methods and tools for finding the root-causes of anomalies of various kinds. The scope also includes the methods for suggesting counter-measures.

The long term research goals are to enable self-healing and resilience in networked systems. The motivation is simple: Given the increase in size in the networks there is too much to keep an eye on for humans to cope and the increasing complexity and interdependency makes anomalies potentially more destructive, as well as harder to anticipate, detect and diagnose. For the solutions to scale, it is also important to make them as decentralized and distributed as possible.

In the project, we will develop specific novel tools and ideas, ensure that they fit together and start building the framework in the long-term vision. We will continue some of the work done during year one and two of CNS, and will align our work with that done in the EU-project 4WARD and the Vinnova project DiSC. The work will focus both on achieving particular functionalities (e.g. detecting equipment malfunction), and on using the experience and insight gathered during such work to begin extracting principles, concepts and techniques for how to build these types of network management functionality and systems in general.

Publications
Number of items: 3.

Olsson, Tomas (2009) Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence. In: Eleventh International Conference on Information and Communications Security (ICICS 2009), 14-17 Dec 2009, Beijing, China.

Olsson, Tomas (2009) Impact estimation using data flows over attack graphs. In: The 14th Nordic Conference on Secure IT Systems (NordSec 2009), 14-16 Oct 2009, Oslo, Norway.

Dey, Champa (2009) Reducing IDS False Positives Using Incremental Stream Clustering Algorithm. Masters thesis, Royal Institute of Technology.

This list was generated on Sun Jan 22 21:35:43 2017 CET.