1. Research proposal - Autonomous post
intrusion, network isolation systems
Shaon Diwakar
University of Technology, Sydney
May 2009
Abstract
In an interconnected world, mitigating the risk of data loss as
well as maintaining network and endpoint security, presents both an
opportunity and a cost to businesses. Over the last two decades, sig-
nificant efforts have been made to improve the reliability and security
of networked systems to prevent them from abuse, exploitation and
fraud. As a result, the market has driven a marked improvement in
the sophistication of defensive technologies such as intrusion detec-
tion, intrusion prevention and endpoint security solutions, which are
employed to defend against increasingly complex, offensive network
and application attacks.
Today, as people place an ever-increasing reliance on networked
computer systems, the threat of directed (terrorist activity, corporate
espionage) or secondary attacks (malware/viral infection) has been
very real and to date, amounted to significant financial losses for busi-
nesses and governments worldwide.
This dissertation, will demonstrate the application of neural net-
works, rule-sets and mathematical models pertaining to the detection,
isolation and remediation following network and application security
attacks in IPv4 networks.
1
2. 1 Research aim
This research will focus on three important facets of network security with
four main overarching goals, foremost, an investigation of techniques that
could be employed to prevent comprehensive network infiltration, in the
event of a networked system becoming partially, or completely under the
control of an unauthorised individual or group (cracker, terrorists). The pro-
posed method will investigate various forms of network isolation, automatic
modification of router/switch access controls, changes in firewall state and
modification of user accounts.
Secondly, investigate whether proactive user level auditing through anal-
yses of anomalies in account usage patterns could be used to mitigate the risk
of abuse & fraud in a high-risk environment (e.g. in the banking, intelligence
and health sectors).
Thirdly, provide a model or methodology that can be used in the event
of an intrusion to provide a certain level of network forensics (dates & times
of user account compromises, service misuse or attacks).
And finally, the fourth aim of this master’s thesis is to practically demon-
strate the implementation of the proposed system(s) in a controlled environ-
ment using open source applications or off-the-shelf software.
2 Methodology
This research will involve both in part, an investigation of network isolation
mechanisms and, subsequent quantitative testing of the hypotheses derived.
Such research could be carried out in the following manner:
2
3. • Literature review of prior, related work in the network security field
(intrusion detection, intrusion prevention and deep packet inspection
technology);
• Mathematical modelling of rule-based & fuzzy logic algorithm(s) that
can be used to determine what constitutes a network compromise;
• Analyses of common scenarios where the proposed model(s) would ac-
tively prevent further network infiltration;
• Development of a software system that demonstrates the value of said
isolation mechanisms.
3 Research plan
This research will be performed over three semesters (1.5 years) as prescribed
for a full-time MSc Computing Science (Research) student. A high-level
schedule for the proposed work is outlined below.
Semester Major deliverable
I Literature review, network isolation process, prototype
software architecture.
II Software development.
III Testing, bug-fixing, neural network spiking, preparation
for academic submission & presentation.
3
