Advice for Academic Researchers
A blog and book reader emailed the following question:
I am an info sec undergrad and have been granted a scholarship to continue my studies towards a phd with the promise of DoD service at the other end. It is critical for me to research and select the most important area of security from the Defense Department's perspective.
My question to you is this: Drawing upon your knowledge, what specific area(s) of information security do you feel will be most critical in the next several years (especially in the eyes of the Dept. of Defense)?
I post this question because I'm sure blog readers will contribute interesting comments.
For my part, I'm really interested in the following: characterizing network traffic. In other words, develop tools and techniques to describe what is happening on the network. (I'm sure a few commercial vendors think they are doing this already, but nothing approaches the level that we really need.)
Without understanding what is happening, we can't decide if the activity is normal, suspicious, or malicious. Current approaches are far too primitive and limited. This work is not as "shiny" as developing a new detection algorithm, but getting back to basics is the sort of approach that could survive in a research environment.
I am an info sec undergrad and have been granted a scholarship to continue my studies towards a phd with the promise of DoD service at the other end. It is critical for me to research and select the most important area of security from the Defense Department's perspective.
My question to you is this: Drawing upon your knowledge, what specific area(s) of information security do you feel will be most critical in the next several years (especially in the eyes of the Dept. of Defense)?
I post this question because I'm sure blog readers will contribute interesting comments.
For my part, I'm really interested in the following: characterizing network traffic. In other words, develop tools and techniques to describe what is happening on the network. (I'm sure a few commercial vendors think they are doing this already, but nothing approaches the level that we really need.)
Without understanding what is happening, we can't decide if the activity is normal, suspicious, or malicious. Current approaches are far too primitive and limited. This work is not as "shiny" as developing a new detection algorithm, but getting back to basics is the sort of approach that could survive in a research environment.
Comments
It's really about using techniques such as analytics and business intelligence to understand not just the activity on the network, but also the behavior elements of who is communicating over the network.