Battle hardened commerce security

FEDUNI RESEARCH: Internet Commerce Security Laboratory (ICSL)

 Battle hardened commerce security

As the battle for the security of our commercial and financial transactions wages, it is comforting to know that there are quiet warriors, invisible to most of us, fighting cyber-criminals with every keystroke.

One such group is the Internet Commerce Security Laboratory (ICSL) at FedUni. Renowned for their advanced analytic techniques, the Lab team focus on commercially relevant research into fraudulent online activity.

Many IT security companies, driven by profitability, provide generic approaches to cyber-security problems. The ICSL, however, offer a significant point of difference. As ICSL Director, Associate Professor Iqbal Gondal, explains, "We deliver customised, targeted responses designed to address the specific needs of our internet-commerce clients." In other words, ICSL are positioned to fill the gaps — the vulnerabilities — left open by standard security measures.

ICSL identify threats and develop industry-based techniques to deliver new tools and algorithms, as well as useable intelligence. Working with the Australian Federal Police (AFP), Assoc. Prof. Gondal reveals, "Our intention has been to enable early detection of criminal activity and reduce the policing time it takes to analyse data." This approach translates to other stakeholders, including founding partners IBM® and Westpac.

As with any battle, offense is as important as defence. The ICSL have developed pioneering algorithms to mine 'big data', identify malware and phishing incursions, and extract the characteristics of an attack in order to profile the attacker. "In this instance we seek to identify the attackers, often distinguishable by their approach, and then we go after them," asserts Assoc. Prof. Gondal.

Interconnected and overlapping areas of research within ICSL also include forensics, fraud and identity theft detection, and infrastructure security. ICSL researchers work to automate laborious and time-consuming forensic examinations of compromised computers and networks. They seek out weaknesses within client systems and processes that could be exploited by criminals. They trawl the vast expanses of the digital realm — detecting, recognising, classifying and monitoring the 'needles in the haystack' of 'big data'.

Two key models are available for industry engagement with ICSL: projects and partnerships. Within the project-based model, ICSL and the client identify an area of common interest where ICSL might develop customised technology. ICSL demonstrates its capability and produces a short business case, including budget expectation. Further discussion and refinement results in an expanded business case or submission of a formal proposal to the client.

The second model is partnership based. Together, ICSL and partner, develop an idea to 'proof of concept' stage prior to seeking appropriate funding and undertaking the project.

A centre of excellence within FedUni's Faculty of Science and Technology, ICSL's dedicated professionals can also access specialist academic expertise from the wider University community. "ICSL develops the tech that enables our clients to do business in a far more secure manner, " notes Assoc. Prof. Gondal. "We have a proven record of delivering high-calibre cyber-security solutions with confidence and trust."