This project explores the use of data mining and adaptive software techniques in intrusion detection systems. An intruder may attempt to compromise integrity, confidentiality, or availability of network services. We note that many network intrusions have a distinct attack signatures. Such intrusions typically comprise unique and observable characteristics that enable their positive identification by traditional network intrusion detection systems using a misuse detection approach. Unfortunately, a slight variation in attack signature is often sufficient to prevent detection. In addition, new attack types often do not have a known attack signature (e.g., , those that exploit a recently disclosed or unpublicized software vulnerability). In this project, we investigate the use of data mining techniques to automatically detect normal/abnormal application behaviors. To perform real-time classification of application behavior, we will collect features including various packet fields, composite features, and features constructed from "windows" of multiple packets.
This project explores the use of knowledge discovery to support adaptive software in handheld and wearable computers. Nodes in the "wireless edge" of the Internet experience operating conditions that are greatly different from those in wired networks. Software on such systems must adapt to highly dynamic conditions on wireless networks (e.g., dynamic packet loss rate), protect against security threats (e.g., as the user roams among different wireless domains), and implement dynamic energy management policies to conserve battery power. Our prior experimental studies demonstrate that dynamically recomposable software provides an effective way for these systems to adapt to changing conditions. However, the decision making is not a trivial task considering the large number of inputs including multiple parameters in each of several areas: channel conditions, energy status, security policies, memory and processor usage, application requirements, characteristics of networked data, and user preferences. Data mining techniques are then needed to discover interesting patterns (e.g., abrupt change, cluster structure, and abnormal behaviors) to help the decision making process. This project will be conducted using a mobile computing testbed containing a variety of mobile computing platforms, wireless networks, and testing tools.