Subventions et des contributions :

Subvention ou bourse octroyée s'appliquant à plus d'un exercice financier. (2017-2018 à 2022-2023)

Computing infrastructure in Canada as well as across the world are increasingly under attack from intruders attempting to steal information that is safety, business and privacy critical. Such intruders are often backed by criminal enterprises or nation-state actors and are technically very sophisticated with plenty of resources. In 2015, British insurance company Lloyd's estimated the world-wide loss due to cyber crime USD $500 billion. By 2019, this is expected to quadruple to $2 trillion. A crucial weapon in the fight against this worsening crisis is an engineering solution to detect network intrusions and deploy countermeasures.
Current intrusion detection systems work by monitoring network activity and looking for activity patterns that match known attack steps. Often, this results in detection after the attack has taken place and response is limited to recovery operations instead of thwarting an ongoing attack. This proposal aims to develop innovative solutions for intrusion detection and response that far surpass the state-of-the-art in following ways: a) generate many possible attack scenarios when an initial stage of an intrusion is detected, b) deploy additional monitoring tools that are specifically designed to gather evidence to confirm or deny these attack scenarios, c) plan defensive measures that can effectively counter the most likely scenarios and d) deploy these defensive measures in a way that is is least disruptive while continually evaluating the situation as above. Long term vision is to develop intelligent intrusion response systems that are aware of the security situation within the next decade.
The short term objectives in this proposal that are designed to achieve the above goals include developing a novel way to represent intrusion events that can capture high-level intent as well as low-level network activity, recognizing combinations of intrusion events that are part of a larger attack and deploying these tools within a framework that allows building situational awareness. In the long term, this proposal aims to develop algorithms that can predict impending penetrations based on identification of ongoing attacks and develop countermeasures that can thwart these predicted attacks. A highlight of the proposed research is the development of algorithms that can learn from past attacks as well as setup decoy targets and dynamically change the network paths to divert attacks away from critical systems. The latter will also allow gathering crucial data about these attacks that will be used to design better detection tools in the future.
Information security is becoming a critical need for the foreseeable future and innovative approaches as well as highly trained professionals are needed to meet the looming challenges. This program will train the engineers with necessary background as well as with hands-on experience, who will be able to fill this critical and growing need.