You are here
Adaptive Network Security Management
Phone: (703) 528-0334
This project is dedicated to the development of an adaptive network security management tool that is analogous to implementing and incident/response paring mechanism on top of a universal remote control facility for a variety of network and security tools, network types and operating systems. Our proposed approach to accomplishing this is to integrate and agent architecture with a Case-Based Reasoning (CBR) mechanism. The purpose of the agent architecture will be to provide an integrated access to various COTS or public domain management tools that are available, and to provide the necessary substrate to implement response and user interaction mechanisms. Case-based reasoning will be used to define a set of incident/response pairs for network and security management. We will use our case-based reasoning tool to provide a way for network and security managers to update the case-base to match newly discovered threats, and investigate the process of automatic adaptation and decentralized updating of case-bases via an automated alert distribution process. Our research will concentrate on four basic components of the problem: interface requirements; an appropriate case-based reasoning tool; databases of known problems, system weaknesses, and associated response; and design of a network security management system.
* Information listed above is at the time of submission. *