I am also interested in taking ideas from biology and applying them to computer security. One such field is artificial immune systems (AIS), which takes some concepts of biological immune systems and applies them to anomaly detection. My current work uses a genetic algorithm to evolve the detectors as part of the AIS. I am also interested in exploring other biological concepts such as specialized detectors and multi-level immune systems which incorporate both adaptive and nonadaptive methods.
- Cybersecurity and Networking Research Lab - This laboratory houses the isolated network, which is used for secure research into automated and manual network-based attacks. It is used for my research, student research and laboratory sessions in the security related courses (CMPS 340 and CMPS 476).
- EVA (Evoluntionary Vulnerability Analysis) - Use machine learning and evolutionary computation to derive and analyze attack graphs. Attack graphs show possible exploit paths an attacker could take through a network. They are derived by scanning the network for vulnerabilities and using an expert system with knowledge of exploits to discover exploit paths. Evolutionary computation is used to analyze the attack graph to determine a set of hardening measures (e.g. patches or firewall rules), to redesign the network to be more secure, to compare the potential paths against IDS alerts, and to guide IDS response measures.
- WCIS (Web Classifying Immune System) - This is an artificial immune system which determines a set of "attack fingerprints" (patterns in network traffic). It uses negative selection (removing fingerprints that match known normal traffic) and affinity maturation (breeding the best fingerprints to derive new fingerprints) to develop a set of sensors whose fingerprints are distributed across the "not normal" space, which allows it to potentially detect unknown, zero-day attacks. WCIS also supports "immunization" with known attacks, which allows it to develop sets of fingerprints that generalize for certain attack classifications.