Research program in computer and network security

This proposal describes a program of research in Computer and Network security to be carried out at Dalhousie University under the auspices of the newly established Privacy and Security Laboratory. The proposed program covers both observational and experimental studies. Over the years, the internet has grown to the point that it exhibits emergent behaviors, i.e. aggregate phenomena that cannot be predicted from the behaviors of the individual systems or groupings of individual systems from which it is composed. These manifest themselves in a variety of ways, including the collapse of parts of the core routing structure during scanning worm outbreaks, and a highly visible disturbance of an otherwise power law connection statistic by a relatively small pool of machines infected with the Welchia-B worm. By aggregating and analyzing massive amounts of network data, we develop global situational awareness of the network that allows us to place local observations in perspective. At the same time, the defense of individual enterprises and systems requires local detection and defense measures. There have been a few attempts at performing evaluations of defensive mechanisms such as Intrusion Detection Systems, but these have been largely unsatisfactory for a number of reasons. The second major thrust of the proposed research plan is the creation of an isolated test facility that can be used for a variety of projects involving malicious code such as worms and for exploring new ways to both detect and mitigate attacks on end systems and networks. This test facility will also support research projects in a number of related areas, including the generation of realistic background traffic for use in security testing, and better techniques for evaluating intrusion detection and prevention systems. It can also serve as a dedicated simulation or emulation facility to explore selected aspects of network behavior for larger networks. The program also provides opportunities for the training of both researchers and practitioners in computer security practices.