Detection by Learning Software Models

A new cyber security research project at University of Edinburgh’s School of Informatics in collaboration with Edinburgh Parallel Computing Centre, British Telecom Labs in Adastral Park and The Alan Turing Institute.

By combining methods from machine learning and formal verification, we will automatically learn precise semantic models of software and devices which describe normal traffic patterns and logging behaviours. Then anomalous, potentially malicious behaviours stand out as being different to these learned behaviours. The aim is to build an adaptive anomaly detection framework, to raise alarms to help manage and automatically configure application-level firewalls.

People

Please contact David Aspinall for further information.