I am interested in security, privacy and trust issues in different types of computer and communication networks, with an intention to understand the threat models and the potential behavior of the attackers, in order to ultimately (to some extent) achieve autonomic cyberdefense. The research topics cover,
Network Security: anomaly detection, root cause analysis, security evaluation
Trust: Trust and reputation management
Privacy: authentication protocols, data protection
The current target scenarios include,
Software Defined Networking (SDN)
Network Functions Virtualization (NFV)
Cyber Physical Systems (CPS), e.g., e-health care, Intelligent Transportation Systems (ITS)
Generally, I am interested in security issues w.r.t two aspects of computer networks and systems, i.e., intelligence and controllability (or automation).
Intelligence: nowadays it is not a grand challenge to collect a large amount of data thanks to the advancement of IoT and cloud computing, which are essentially heterogeneous, multi-sourced. But how to understand their relationships, especially from a security perspective, is a non trivial issue. We have been tremendous efforts in the past decades on developing IDS, SIME, etc., while simply applying Machine Learning or data mining techniques to the collected data without sufficient knowledge of threat models deems to be ineffective. Another important concern is that the obtained intelligence are not always actionable, e.g., high-level security policies can be hardly interpreted and enforced in network infrastructure and control the behavior of the network.
Controllability: administrators are always faced with hard decision making problems: how to specify and enforce the most appropriate security policies? How to turn the high level policies into actions in real time? How to dynamically configure the network and security devices? How to balance the tradeoff between defense cost (e.g., software hardening, topology changing) and attack cost (e.g. Data loss, downtime of services).
Bridging intelligence and controllability together and creating a closed loop between attack-oriented data monitoring and defense-driven network configuration is not a trivial process. We used to develop scalable and adaptive middleware approaches (see following topics), which are plug-ins or add-ons in nature, and far less efficient and effective than built-in networking approaches. The emergence of SDN and NFV offers the opportunity to develop built-in approaches.
Topic 1: Cost-effective security management, root cause analysis
Developing adaptive and scalable middleware to enhance usability, effectiveness and interoperability of legacy security mechanisms in enterprise networks. The objective is to assist security administrators in taking optimal security hardening, ranging from vulnerability patching to security mechanism re-configuration and policy enforcement, by leveraging network failure cost resulting from attacks and maintenance cost incurred by defenses. The advent of Software-Defined Network and Cloud Computing has significantly changed the battlefield between attackers and defenders.
Shuzhen Wang, Zonghua Zhang, Youki Kadobayashi: Exploring attack graph for cost-benefit security hardening: A probabilistic approach. Computers & Security 32: 158-169 (2013)
Zonghua Zhang, Farid Naït-Abdesselam, Pin-Han Ho, Youki Kadobayashi: Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks. Computers & Security 30(6-7): 525-537 (2011)
Zonghua Zhang, Pin-Han Ho, Liwen He: Measuring IDS-estimated attack impacts for rational incident response: A decision theoretic approach. Computers & Security 28(7): 605-614 (2009)
Zonghua Zhang, Hong Shen: M-AID: An adaptive middleware built upon anomaly detectors for intrusion detection and rational response. ACM Trans. on Autonomic and Adaptive Systems 4(4) (2009)
Topic 2: Reputation and trust management
Designing secure, robust and light-weight reputation management schemes for enhancing the quality of various services in mobile social networks. One of the major aims is to help mobile users to evaluate the quality of services of interest such as APIs and games while avoiding to choose malicious ones.
Zonghua Zhang, Pin-Han Ho, Farid Naït-Abdesselam: RADAR: A reputation-driven anomaly detection system for wireless mesh networks. ACM Wireless Networks 16(8): 2221-2236 (2010)
Juan Li, Zonghua Zhang, Weiyi Zhang: MobiTrust: Trust Management System in Mobile Social Computing. in Proceeding of CIT 2010: 954-959
Zonghua Zhang, Jingwei Liu, Youki Kadobayashi: STARS: A Simple and Efficient Scheme for Providing Transparent Traceability and Anonymity to Reputation Systems. in Proceeding of DPM/SETOP 2010: 170-187
Topic 3: Anomaly detection and Network forensics
Designing efficient and reliable privacy-preserving methods, algorithms and protocols for forensic analysis on threat data of interest. The purpose is to integrate cross-site encrypted footprints associated with multi-layer observations for manifesting and characterizing attack behavior.
Zonghua Zhang, Hong Shen: Constructing Multi-Layered Boundary to Defend Against Intrusive Anomalies: An Autonomic Detection Coordinator. in Proceedings of DSN 2005: 118-127
Other topics of interest: Security in Vehicular Ad-Hoc Networks, Wireless Body Area Networks ...
Key terms: Computer Networks, Future Internet, Privacy-Preserving (Anomaly Detection, Network Forensics, Root Cause Analysis), Security Evaluation, Security Econometrics, Trust and Reputation Management, Applied Cryptography, Machine Learning