Cync research focus areas include, but are not limited to the following:
This focus area helps different types of operators increase their knowledge of what is going on, whether it be information found in logs, alarms, or general data traffic flow. Data associated with incidents can be large and complex which makes it difficult for operators to find the important and relevant information. Part of this information overload can be aided with visualization and tools which will help identify any patterns within the data. Sometimes just being able to view the data as a “picture” versus text will aid one with identifying trends and anomalous data flows, or allow one to put together disparate events which may indicate an attack. There are many different existing tools that exist in this area and we are looking for those concepts which are new, innovative and help fill gaps of the current state.
This focus area interest lies within the location of sensors (the edge, internal, host), information that is gathered (whether it be IDS via logs, alarms, snort or general traffic, or specifically deep packet captures), sensor methods (e.g. active sensing, passive sensing), polymorphic/zero day detection or true attribution.
There are four main areas of interest here—performance (hardware acceleration and software improvements), framework (common data representation, etc.), algorithm development (new, faster algorithms, or tools to increase the ease of algorithm development), and load balancing.
Interest in this area has to do with automation (automate repetitive tasks; or identify, save, and execute an automatic workflow), collaboration (social networking tools including ones which work with forums, wikis and microblogging; or networked sharing/communication), and integration (application integration like a feltboard).
Modeling and Simulation (M&S):
Interest in this focus area is specific to M&S include simulated and virtual networks, random or synthetic generated traffic (including repeat of captured traffic data), attacks (canned and evolving attack sets), internet scale network simulation, and ability to access and analyze the effect of an attack on applications and services, net-wide, including ancillary services unrelated to the attack. There are many current tools available in this area too and once again we are looking for innovative and far-reaching technology solutions.