The research areas I am interested in includes: Intrusion Detection and Prevention Systems, Automatic Network Security Management, and Policy-based Security Configuration Analysis.
Alerts Management for IDPS: Alerts generated by Intrusion Detection System are either to be false positive or true positive. In most cases, IDS generates a large number of false alerts which could reached to thousands on a daily basis. Unfortunately, network administrators are facing a dilemma where either to ignore those alerts totally or sorting through all of the alerts. Accordingly, we need to mange those alerts in order to make it easy for the network administrators to determine the real attacks
Policy-based Security Configuration Management: We are interested in proposing a policy-based framework for the configuration and control of the security enforcement mechanisms of an enterprise information system. The approach is based on dynamic adaptation of security measures based on the assessment of system vulnerability and threat prediction and provides several levels of attack containment. As an application, we are trying to implement a dynamic policy-based adaptation mechanism between the IDPS and the light weight anomaly-based IDS.
