CIO —
One of the first research facilities in Canada focusing solely on information and network security studies recently found a home at The University of New Brunswick (UNB) in Fredericton, N.B.
The Information Security Centre of Excellence is an offshoot of collaboration between UNB and network security management firm Q1 Labs. The center is funded largely through a federal government grant of some C$2.2 million (US$18.8 million) awarded in 2004, said Ali Ghorbani, professor and assistant dean of the faculty of computer science at UNB and the lead researcher for the new center.
Seven researchers currently work at the center. Five more are expected to join the team by September, the professor said.
“Both organizations, UNB and Q1 Labs, realized that there are clearly some great opportunities for some forward-looking research in the security arena," said Brendan Hannigan, chief operating officer for Q1 Labs.
Q1 Labs started as an entity within the UNB. Even after the organization was acquired by a U.S. company, Q1 Labs continued its collaboration with the university. Q1 Labs is headquartered in Waltham, Mass., but its research and development facility remains in Fredericton. “We also have a good interaction in terms of hiring. We hire a lot of graduates from the university,” Hannigan said.
The research center will focus its studies on five areas of information security: automated security rule tuning, learning and adaptation; network anomaly detection; multistage attack graphing and visualization; attack simulation; and automatic discovery and classification of network applications. With completion expected by mid-2009, a large part of the research will be on automating network security and intrusion-detection functions, said Ghorbani.
For instance, most intrusion-detection products in the market require a network administrator to manually fine tune different thresholds and values that the system uses in order to detect anomalies, explained Ghorbani. The research aims to automate that rule tuning process based on the behavior of the system, he added.
Research on network anomaly detection, on the other hand, aims to supplement signature-based intrusion detection technology. “Anomaly-based detection has been identified as one of the main challenges. We are building technologies that will detect without signature,” said Ghorbani. The technology that results from this study would be capable of building a normal profile of the network, so that any deviation from that profile will be considered as suspicious and possibly anomalous.
Ghorbani’s team has also been working on network attack visualization using 3-D technology. “As an attack starts and completes, there are many steps involved. We [want to] visualize that to understand the process of starting an attack and completing an attack, and what scenarios are involved in doing that,” explained Ghorbani.
