Research Overview

Our research investigates real-time automated anomaly detection and resilience in computer networks. Such properties are extremely desirable at a time of conflict: where society's reliance on many networks is paramount and there is a perpetual strain on their ability to deliver the required services due causes ranging from malfunction to malicious activity. To achieve our research aims, normal behaviour must be defined for a given network. Considering the Internet as a whole, it is not possible to attain such a definition due to the ever-changing, evolving nature of the architecture with devices being added and removed continually. Similarly, traffic patterns are not observable to a sufficient trend to form the concept of normality.

In other contexts however, it is possible to define the required model of normal behaviour. Through our cooporation with industry, we are examining the network infrastructure of Air Traffic Control (ATC). In this environment, change presents unknown consequencies which are undesirable from both a safety and business case perspective. Therefore ATC computer networks have a far more static architecture than the Internet. They are also isolated from other networks and the traffic is far more predictable. Automated anomaly detection with closer to real-time performance and strong resilience are also highly advantageous for ATC systems.

Our current work involves modelling the relationship between cyber-physical components. We thank NATS and JANET for their cooperation with our efforts.