The University of New Brunswick (UNB) in Fredericton recently became home to one of the first research facilities in Canada focusing solely on information and network security studies.
Dubbed the Information Security Centre of Excellence, the research centre was an offshoot of collaboration between UNB and network security management firm Q1 Labs. The centre is funded, for the most part, through a federal government grant of some $2.2 million awarded in 2004, said Ali Ghorbani, professor and assistant dean of the faculty of computer science at UNB and the lead researcher for the new centre.
There are currently seven researchers working at the centre. Five more researchers are expected to join the team by September, the professor said.
“Both organizations, UNB and Q1 Labs, realized that there are clearly some great opportunities for some forward-looking research in the security arena,” said Brendan Hannigan, chief operating officer for Q1 Labs.
A native of New Brunswick, Q1 Labs started as an entity within the UNB. Even after the company was acquired by a U.S. firm, Q1 Labs continued its collaboration with the university. Q1 Labs is headquartered in Waltham, Mass. but its research and development facility remains in Fredericton.
“We also have a good interaction in terms of hiring. We hire a lot of graduates from the university,” Hannigan said.
The research centre will focus its studies on five areas of information security: automated security rule tuning, learning and adaptation; network anomaly detection; multi-stage attack graphing and visualization; attack simulation; and automatic discovery and classification of network applications.
With completion expected by mid-2009, a large part of the research will be on automating network security and intrusion detection functions, said Ghorbani.
For instance, most intrusion detection products in the market require a network administrator to manually fine tune different thresholds and values that the system uses in order to detect anomalies, explained Ghorbani. The research aims to automate that rule tuning process based on the behaviour of the system, he added.
Research on network anomaly detection, on the other hand, aims to supplement signature-based intrusion detection technology. “Anomaly-based detection has been identified as one of the main challenges. We are building technologies that will detect without signature,” said Ghorbani.
The technology that results from this study would be capable of building a normal profile of the network, so that any deviation from that profile will be considered as suspicious and possibly anomalous. Ghorbani’s team has also been working on network attack visualization using 3D technology.
“As an attack starts and completes, there are many steps involved. We [want to] visualize that to understand the process of starting an attack and completing an attack, and what scenarios are involved in doing that,” explained Ghorbani.
The research centre’s work in this area aims to develop an algorithm for attack simulation. This will allow a network administrator to run various attack scenarios to determine how an incident in one area of the system affects the rest of the network.
Work is also underway to build a system that will enable automatic discovery and classification of network applications, with very little or no intervention from the administrator. The technology can intelligently detect applications running in the system that are not authorized or part of the infrastructure, and appropriately flag those apps, Ghorbani explained.
Q1 Labs’ Hannigan noted that the areas that have been identified for research are counted as some of the most critical problems facing the enterprise today.
“There’s a lot of information that security systems have to gather and analyze. And then there are some fundamental algorithms that can be applied to that data to try and figure out what’s important and what’s not important; that’s a very complex process,” Hannigan said.
As part of the agreement, Q1 Labs will retain exclusive rights to all intellectual property derived as a result of the centre’s research endeavours. The resulting algorithms will be incorporated into Q1 Lab’s flagship product, QRadar, Hannigan said.
UNB will have research rights to the technology that’s produced as a result of the current study, to further extend research in other areas of network security, said Ghorbani.