Dr. Melissa Danforth

Computer and Electrical Engineering and Computer Science Department
California State University, Bakersfield

Skip navigation links

This page displays best in Firefox and Opera browsers.

Research Interests
My current research interests are focused on assisting administrators in conducting threat assessments on their networks with respects to services provided or mission critical resources. I am working with attack graphs to develop a multi-faceted tool that can be used for a variety of threat assessment and management purposes such as response, forensics, patch management and network design. The attack graph work involves expert systems and a framework for representing potential exploits and network state to compose the attack graphs and evolutionary computation to analyze the attack graph.

I am also interested in taking ideas from biology and applying them to computer security. One such field is artificial immune systems (AIS), which takes some concepts of biological immune systems and applies them to anomaly detection. My current work uses a genetic algorithm to evolve the detectors as part of the AIS. I am also interested in exploring other biological concepts such as specialized detectors and multi-level immune systems which incorporate both adaptive and nonadaptive methods.

Curriculum Vitae
My current CV: cv.pdf

  • Cybersecurity and Networking Research Lab - This laboratory houses the isolated network, which is used for secure research into automated and manual network-based attacks. It is used for my research, student research and laboratory sessions in the security related courses (CMPS 340 and CMPS 476).
  • EVA (Evoluntionary Vulnerability Analysis) - Use machine learning and evolutionary computation to derive and analyze attack graphs. Attack graphs show possible exploit paths an attacker could take through a network. They are derived by scanning the network for vulnerabilities and using an expert system with knowledge of exploits to discover exploit paths. Evolutionary computation is used to analyze the attack graph to determine a set of hardening measures (e.g. patches or firewall rules), to redesign the network to be more secure, to compare the potential paths against IDS alerts, and to guide IDS response measures.
  • WCIS (Web Classifying Immune System) - This is an artificial immune system which determines a set of "attack fingerprints" (patterns in network traffic). It uses negative selection (removing fingerprints that match known normal traffic) and affinity maturation (breeding the best fingerprints to derive new fingerprints) to develop a set of sensors whose fingerprints are distributed across the "not normal" space, which allows it to potentially detect unknown, zero-day attacks. WCIS also supports "immunization" with known attacks, which allows it to develop sets of fingerprints that generalize for certain attack classifications.
Please view my CV above for the most recent list of publications and work in progress.