6 research outputs found
Interactive visualization of event logs for cybersecurity
Hidden cyber threats revealed with new visualization software Eventpa
A methodology for the quantitative evaluation of attacks and mitigations in IoT systems
PhD ThesisAs we move towards a more distributed and unsupervised internet, namely through the
Internet of Things (IoT), the avenues of attack multiply. To compound these issues, whilst
attacks are developing, the current security of devices is much lower than for traditional
systems.
In this thesis I propose a new methodology for white box behaviour intrusion detection
in constrained systems. I leverage the characteristics of these types of systems, namely their:
heterogeneity, distributed nature, and constrained capabilities; to devise a pipeline, that given
a specification of a IoT scenario can generate an actionable intrusion detection system to
protect it.
I identify key IoT scenarios for which more traditional black box approaches would
not suffice, and devise means to bypass these limitations. The contributions include; 1) A
survey of intrusion detection for IoT; 2) A modelling technique to observe interactions in IoT
deployments; 3) A modelling approach that focuses on the observation of specific attacks
on possible configurations of IoT devices; Combining these components: a specification
of the system as per contribution 1 and a attack specification as per contribution 2, we can
deploy a bespoke behaviour based IDS for the specified system. This one of a kind approach
allows for the quick and efficient generation of attack detection from the onset, positioning
this approach as particularly suitable to dynamic and constrained IoT environments
From intrusion detection to software design
I believe the single most important reason why we are so helpless against cyber-attackers is that present systems are not super- visable. This opinion is developed in years spent working on network in- trusion detection, both as academic and entrepreneur. I believe we need to start writing software and systems that are supervisable by design; in particular, we should do this for embedded devices. In this paper, I present a personal view on the field of intrusion detection, and conclude with some consideration on software design
From intrusion detection to software design
I believe the single most important reason why we are so helpless against cyber-attackers is that present systems are not super- visable. This opinion is developed in years spent working on network in- trusion detection, both as academic and entrepreneur. I believe we need to start writing software and systems that are supervisable by design; in particular, we should do this for embedded devices. In this paper, I present a personal view on the field of intrusion detection, and conclude with some consideration on software design