The Information Security Research Group (ISRG) was formally created in 2000 with a vision to perform distinctive world leading research, consultancy and teaching in the areas of computer forensic and computer network defense.
The field of Cyber Security is recognized as a major issue for today’s society and economy. In particular, the strategic defense and security review recognised cyber attack as a tier one threat to the economic well being of UK. The recent cyber security strategy document defined the following objectives:
Since its creation the ISRG has developed close working strategic relationships with industry, government agencies and academia in the delivery of operationally focused applied information security research (Figure 1). The engagement with industry has ensured that the applied nature of the research conducted by the ISRG is directly relevant to the needs of industry and wealth creation. In addition, this symbiotic relationship with industry also ensures that the BSc/MSc teaching awards delivered by the University of South Wales directly address the needs of industry and resulted employment opportunities for our graduates.
Figure 1 – Research Focus and Interaction
The research vision and strategy for the Information Security research focus in the operational area and the interplay between Situational Awareness, Computer Network Defence, Computer Forensic and Vulnerability Development. In particular, for the creation of a single integrated approached to computer network defense and computer forensics via the development of tools and techniques that support information sharing.
The Information Security Research Group has a strong and well-established theme in the areas of network security, computer forensics and threat analysis. The group focuses on the issues associated with the design and development of early warning systems that are capable of detecting and responding to a variety of cyber based attacks, and on the issues associated with the field of computer forensics. In particular we are developing technologies such as secure XML, threat assessment methods, vulnerability management, IDS data integration, data mining and data fusion, secure wireless mobile computing applications etc.
The group maintains two specialised research labs, the Network Security Research Lab (NSRL), the Computer Forensics Research Lab (CFRL).
The NSRL contains among other infrastructure an isolated network that simulates the Internet and various wireless network environments, where experiments concerning new threats are being conducted in a regular basis. Furthermore,a state of the art intrusion detection system (IDS) is used for monitoring the infrastructure of the university, gathering threat data that are being used in the various research projects of the group. A local computer cloud is being used in order to perform password and encrypted files analysis (e.g. implementing “brute force” attacks against password files of all kinds of operating systems). The computer cloud is also being used for the development of a new generation of intrusion detection system.
The CFRL is a restricted access lab used for analysing computer files in a manner that makes the information gained presentable as evidence in a court. Methods and tools are developed that, in an evidentially sound manner, extract information from the information system to address problems that are currently being encountered in the forensic process. The group offers commercial services to organisations such as the Police and other public and private bodies. A number of forensic servers are used, running various computer forensic tools for retrieving and analysing files and systems.
The information security research group has also been responsible for the inception, validation and running of the following programmes: