Security & Information Assurance

The nature of the network security threat is undergoing a major shift of paradigm, where advanced attacks on high value targets are being devised by organized groups. Among the broad range of issues, we focus on two major issues: (1) security management architectures for balanced anonymity and accountability, and (2) behavior based anomaly detection. Allowing users anonymity while making them accountable for misbehavior is a basic question related to numerous important applications. We aim to create security management architectures to balance between crypto strengths, key management complexity, and performance cost.

The notion of anomalous behavior varies greatly in different systems, and is one of the most studied subjects in different fields, e.g., outliers, change points, etc. In addition to the basic design of the measuring and statistic mechanisms, the traffic dynamics need to be considered in the anomaly detector to achieve robust, stable detection results. Otherwise, a fixed threshold based detectors can become oscillating, or totally non-responsive under fluctuating traffic. Our earlier study shows that the sliding mode control (SMC) is a highly effective and practical feedback control scheme for this purpose. How to support these solution components under one security management framework is a topic of great interest being pursued actively. More details on those specific topics can be found in the following web pages.

• Anonymity, Authenticity, and Accountability Management
• The Zero Knowledge Proof
• Packet Flow Anomaly Detection
• Cybersecurity Remote Education Access Tool (CREAT)