The Network and Information Security Methods Team (NISM) exists as a separate unit in the Research Division since 2009, having emerged from the Network Control Team. The Team's area of interest covers all aspects of information security, including but not limited to the following research topics:

Internet threat detection methods 

NISM is actively working on methods of threat detection, covering both threats against server and client applications. Various kinds of detection mechanisms are analyzed – signature-based, behavioral and heuristic. Detection algorithms are developed for malicious JavaScripts as well as Flash files. New analyses are proposed for monitoring the activity of network worms and botnets, based on data collected by honeypot systems. A very promising area of research is the application of machine learning techniques and statistical analysis to the problems of increasing the quality of results generated by existing detection engines (automatic elimination of false positives) and selection of suspicious URLs for detailed analysis (fast-flux detection, detection of similarities between domain names and URLs).

Access control methods

Work in this area concentrates on development of semantics of trust management languages from the RT family (Role-Based Trust anagement). Main area of interest is increasing the practical applicability of the languages by introducing validity time restrictions for credentials.

Virtualization security

The goal of the project "Secure workstation for special applications" developed by a consortium led by the Military University of Technology is to develop a secure system using virtualization technology to enable processing information from separate security domains and/or with different sensitivity levels on a single physical machine. The focus of the project is on strengthening the security of the virtualization platform, providing strict separation of data from different domains, development of cryptographic protection, advanced access control and authorization mechanisms and audit support.  

Crisis management of ICT resource

As part of the project “Models of threats to agglomeration and crisis management system – case study for the Capital City of Warsaw” developed by a consortium led by the Military University of Technology, NASK prepared a design concept of a threat and threat consequences simulator for critical ICT infrastructure. The simulator was designed for crisis management applications, to be used as the main training tool as well as a tool for analysis of crisis development scenarios in actual threat situations.

Cooperation with CERT Polska

A large part of the Team's research work proceeds in close cooperation with CERT Polska Security Projects Team. NISM provides research support to projects led by CERT Polska, offering advanced data analysis methods and taking part in conceptual design and development of new solutions. The cooperation gives the Team access to the rich experience of CERT Polska in handling incidents, as well as to CERT's data collections, resulting in a solid grounding of the Team's research in real, current observations of the network and systems' security landscape. Joint work concentrates in two areas:

• Development of threat detection methods. The work carried out in joint projects such as Arakis and HoneySpider Network correlates closely with the main research interests of NISM.
• Technical support for sharing of information from the area of network and systems' security and correlation of information provided by different parties. This is the common central focus of several joint projects, both european (WOMBAT, FISHA) and national (SOPAS).