The security of the world’s information systems is not limited to websites and data storage. Recent concerns about cyber security have even extended to ensuring biomedical devices, such as pacemakers, cannot be hacked to reduce battery life.
Swinburne’s Cybersecurity Lab encompasses all facets of data security. It is engaged in researching and developing technologies to protect our current and future information systems and networks. These range from technologies that secure an individual’s information to those that safeguard critical infrastructure.
We are driving major research in cyber security and providing the thought leadership and knowledge required to protect society from cyberattacks on all levels: individuals, businesses and at national and international levels.
Focus areas and capabilities
The Cybersecurity Lab is tackling the technological vulnerabilities of today and attempting to predict those of the future. To that end, our research and development:
- provides robust authentication and identification in uncontrolled environments with pervasive devices and limited special infrastructure
- ensures information privacy, integrity and robustness to users of information and communication technology.
Our special areas of interest include:
- scalable trustworthy systems
- the system evaluation life cycle
- combatting malware and botnets
- survivability of time-critical systems
- situational understanding and attack attribution
- privacy-aware security
- the predictive cyber security posture
- security in accelerating digitation – sharing data and information security
- Internet of Things, sensors and operational technology (OT) related security
- identity and access management (users are the weakest link)
- cloud security
- governance over data security
- health device security
- CPS/IoT security
Project 1: Classifying Internet traffic for security applications
With Internet traffic data increasing exponentially each year, traffic classification has become a fundamental approach to Internet security. To defend against serious cyber-attacks and minimise their damage, this project aims to develop a set of innovative solutions relating to four key aspects.
- Solve the real-time problem: Develop new Internet traffic classification technologies that can classify complex traffic in a timely and accurate manner.
- Solve the scalability problem: Develop new technologies for processing a large volume of traffic data to enable scalable online traffic classification.
- Solve the robustness problem: Develop robust classification technologies that have the capability of recognising unknown traffic flows.
- Solve the privacy problem: Develop secure classification algorithms that can protect the private information of Internet users in the process of analysis.
The proposed models and techniques are important for enhancing the protection of Australian critical infrastructures against malicious cyber-attacks and the work and daily lives of all Australians.
Project 2: Fine-grained Anomaly Behaviour Identification for Predicting Cyber Insider Cyber Attacks
Cyber insider attacks were highlighted as “the most damaging risk” in Australia’s Cyber Security Strategy, published in 2016. The intelligence of insider attackers is well studied and addressed. The project will develop innovative ways of predicting cyber insider attacks to effectively protect the large-scale private networks of government, enterprises and industry.
This Cybersecurity Lab project, sponsored by DST Group and conducted in collaboration with Deakin University, will design a novel fine-grained anomaly behaviour identification system to predict cyber insider attacks, which may pose a threat to Australia’s government and enterprises.
This project will analyse big behaviour data, make real-time decisions, and learn varying behaviour features, and develop its system through:
- A new data-driven security analytics technique, to deal with the diverse, complex and voluminous set of network and host data that capture different behaviours of internal users.
- A new intelligent and self-evolution system, to combat an evolving insider’s behaviour, which is able to track and update the time-varying features to reduce false positives.
- A new optimisation method for decision aggregation, to effectively combine the predictions resulting from all the data sets, thereby supporting real-time decision-making.