One of the first research facilities in Canada focusing solely on information and network security studies recently found a home at The University of New Brunswick (UNB) in Fredericton, N.B.
The Information Security Centre of Excellence is an offshoot of collaboration between UNB and network security management firm Q1 Labs. The center is funded largely through a federal government grant of some C$2.2 million (US$18.8 million) awarded in 2004, said Ali Ghorbani, professor and assistant dean of the faculty of computer science at UNB and the lead researcher for the new center.
Seven researchers currently work at the center. Five more are expected to join the team by September, the professor said.
“Both organizations, UNB and Q1 Labs, realized that there are clearly some great opportunities for some forward-looking research in the security arena,” said Brendan Hannigan, chief operating officer for Q1 Labs.
Q1 Labs started as an entity within the UNB. Even after the organization was acquired by a U.S. company, Q1 Labs continued its collaboration with the university. Q1 Labs is headquartered in Waltham, Mass., but its research and development facility remains in Fredericton. “We also have a good interaction in terms of hiring. We hire a lot of graduates from the university,” Hannigan said.
The research center will focus its studies on five areas of information security: automated security rule tuning, learning and adaptation; network anomaly detection; multistage attack graphing and visualization; attack simulation; and automatic discovery and classification of network applications. With completion expected by mid-2009, a large part of the research will be on automating network security and intrusion-detection functions, said Ghorbani.
For instance, most intrusion-detection products in the market require a network administrator to manually fine tune different thresholds and values that the system uses in order to detect anomalies, explained Ghorbani. The research aims to automate that rule tuning process based on the behavior of the system, he added.
Research on network anomaly detection, on the other hand, aims to supplement signature-based intrusion detection technology. “Anomaly-based detection has been identified as one of the main challenges. We are building technologies that will detect without signature,” said Ghorbani. The technology that results from this study would be capable of building a normal profile of the network, so that any deviation from that profile will be considered as suspicious and possibly anomalous.
Ghorbani’s team has also been working on network attack visualization using 3-D technology. “As an attack starts and completes, there are many steps involved. We [want to] visualize that to understand the process of starting an attack and completing an attack, and what scenarios are involved in doing that,” explained Ghorbani.
The research center’s work in this area aims to develop an algorithm for attack simulation. This will allow a network administrator to run various attack scenarios to determine how an incident in one area of the system affects the rest of the network.
Work is also under way to build a system that will enable automatic discovery and classification of network applications, with very little or no intervention from the administrator. The technology can intelligently detect applications running in the system that are not authorized or part of the infrastructure, and appropriately flag those apps, Ghorbani explained.
Q1 Labs’ Hannigan noted that the areas that have been identified for research are counted as some of the most critical problems facing the enterprise today.
As part of the agreement, Q1 Labs will retain exclusive rights to all intellectual property derived as a result of the center’s research endeavors. The resulting algorithms will be incorporated into Q1 Lab’s flagship product, QRadar, Hannigan said. UNB will have research rights to the technology that’s produced as a result of the current study, to further extend research in other areas of network security, said Ghorbani.
—By Mari-Len De Guzman, Computerworld Canada
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.