Dr Paul Miller leads the Security Intelligence group at CSIT. Next generation security needs to be transparent to the user as well as ensuring a heightened level of service availability. This involves moving away from traditional controls such as directive, deterrent and preventative, to one focused on detection and user accountability. Achieving this requires situation awareness. Security analytics involves the development of novel artificial intelligence techniques applied to security data.
Our focus is on the development of online unsupervised learning approaches for event detection in combination with reasoning techniques that combine experiential knowledge with detected events to provide high-level situation awareness. Specific areas of expertise are probabilistic modelling, deep learning neural networks, graph mining and evidential reasoning networks. The data can range from software op-codes, network traffic, and security alerts on the one hand, to video and access control logs on the other. Applications include malware detection on Android platforms, network intrusion detection, video surveillance and advanced persistent threat.