The funding is for an initial phase of work aimed at developing and demonstrating a distributed insider threat detection system that is capable of working on a host or in-line.
The work is based on defining user roles and determining the expected range of behaviours for each of those roles. It recognises that a role may be fulfilled by multiple people, and one person may fulfill multiple roles. It further takes a biological approach to identifying whether user actions are consistent with those expected behaviours, and can react accordingly. The result of such an approach is to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks.
The University of South Wales was created in 2014 when the University of Glamorgan and the University of Wales, College Newport merged to create the University of South Wales. It is the sixth largest university in the UK.
Professor Andrew Blyth said:
The support that we receive from CDE has allowed the Information Security Research Group at the University of South Wales to perform cutting-edge research that directly addresses the needs of MOD for cyber defence.