A cyber security research project at University of Edinburgh’s School of Informatics in collaboration with Edinburgh Parallel Computing Centre, British Telecom Labs in Adastral Park, Norwegian Defence Research Establishment (FFI) and The Alan Turing Institute.
By combining methods from machine learning and formal verification, we plan to learn precise semantic models of software and devices which describe normal traffic patterns and logging behaviours. Then anomalous, potentially malicious behaviours stand out as being different to these learned behaviours. The eventual aim is to build an adaptive anomaly detection framework, to raise alarms to help manage and automatically configure application-level firewalls.
Please contact David Aspinall, PI for further information.
People
- David Aspinall, Informatics, University of Edinburgh
- Henry Clausen, Informatics, University of Edinburgh
- Robert Flood, Informatics, University of Edinburgh
- Michael Gibson, BT Labs
- Gudmund Grov, Norwegian Defence Research Establishment (FFI)
- Marc Sabaté, EPCC, University of Edinburgh
Thanks to other contributors, including: Wei Chen, Alex Healing, Nikola Pavlov, Chenghao Ye.
Publications and presentations
- Challenges in Learning from Behaviour, invited talk, AI-CyberSec 2021 Workshop. David Aspinall (with Henry Clausen and Robert Flood).
- Controlling network traffic microstructures for machine-learning model probing. Henry Clausen, Robert Flood, and David Aspinall. 17th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2021), September 2021
- Examining traffic microstructures to improve model development. Henry Clausen and David Aspinall. 2021 IEEE Security and Privacy Workshops (SPW), May 2021
- CBAM: A Contextual Model for Network Anomaly Detection. Henry Clausen, Gudmund Grov, and David Aspinall. MDPI Computers 2021 (MDPI), June 2021
- Better anomaly detection for access attacks using deep bidirectional LSTMs. Henry Clausen, Gudmund Grov, Marc Sabaté, and David Aspinall. 3rd International Conference on Machine Learning for Networking (MLN’2020), November 2020.
- Evading stepping-stone detection with enough chaff. Henry Clausen, Michael S. Gibson, and David Aspinall. 14th International Conference on Network and System Security (NSS 2020), November 2020.
- Traffic Generation using Containerization for Machine Learning. Henry Clausen, Robert Flood and David Aspinall. Presented at ACSAC 2019 DYNAMICS, San Juan, December 2019.
- A Data-driven Toolset Using Containers to Generate Datasets for Network Intrusion Detection. Robert Flood, MSc thesis 2019.
- Towards Intelligible Robust Anomaly Detection by Learning Interpretable Behavioural Models. Gudmund Grov, Marc Sabate, Wei Chen, and David Aspinall, Norwegian Information Security Conference, NISK 2019, Narvik, November 2019.