Biography

Dr Ghanea-Hercock is currently a Chief Research Scientist in the British Telecommunications Future Technologies Group. He has 15 years experience in managing defence and security research projects in the UK, and was Theme Leader for Networks and Security in the UK MOD DIF Defence Technology Centre.

He Chairs a Workshop on Adaptive Network Defence, at the Santa Fe Institute in New Mexico and is Chair of the Steering Committee for the UK Technology Strategy Board Cyber-Security Network. This group has a national UK role in advising government and industry on best practice in all issues surrounding Cyber Security. He is also a member of the Steering Committee for the UK Network Security Innovation Platform, and has served as an invited expert on various UK Foresight Cognitive Systems and Cyber Trust groups.

Professionally he is a Chartered Engineer and a Fellow of the British Computer Society, a Visiting Fellow at the School of Electronics and Computer Science at Southampton University, and an Honorary Fellow at Imperial College. He has also served for five years as an Independent Expert with the UK Defence Science Advisory Council (DSAC).

Abstract

Network Security: a Complex Adaptive System

This paper is about shifting mind sets. The missing piece in our mental model of network security is that it is fundamentally a Complex Adaptive System (CAS). This perspective changes everything from how we react to threats, to how we should plan future defence strategies. The prevailing view considers the interaction between people, process and technology, but still fixates on the fallicious notion that the sum can be captured in a static snapshot, which can then be solved. The truth is this is an eternal arms race with no end, ever. Hence, we need to design defences that adapt, move and react in real time. The ideal is a fully autonomous, self-organising defence system that learns and adapts to real-time threats.

This paper presents an agent-based network defence system modelled on the mammalian lymphatic network. The lymphatic network is a fully distributed and parallel network that transports lymphocytes around the body and is a core component of biological immune systems. An agent architecture termed Phobos has been developed, and is designed to operate as a virtual lymphatic network. It provides a secure parallel and fully distributed transport system within an organisations network. A distributed collection of agent nodes act as localised processing centres and provide the primary defence functions of the system, i.e. user monitoring and authentication. In particular the use of a peer-to-peer network topology ensures a high degree of reliability and resilience to targeted attacks on the agent nodes. Software agents are an ideal adaptive and responsive mechanism for automating the many defence requirements of a computing network. Secondly, if these agents act in a collaborative manner, to distribute solutions to security violations, a rapid and scalable defence mechanism can be constructed. The Phobos agent architecture therefore provides a number of security services with the goal of automating the process of user authentication and trust management.

A significant number of papers have elucidated how we can use models based on natural immune systems to develop artificial immune technologies. However, one aspect of immune inspired defence mechanisms, that has not yet received attention, is the actual structure of the lymphatic network. This paper considers the topology and operation of the lymphatic network as a basis for designing the architecture of a computing network defence system. This CAS view is illustrated through examples of biological defence mechanisms and how we might translate these into practical computer-based security solutions.