[Nrg-l] [Reminder]: David Moore and Colleen Shannon (fwd)

Nahur Fonseca nahur at cs.bu.edu
Mon Sep 27 14:59:32 EDT 2004


NRG is starting in 5 minutes at MCS 135.


---------- Forwarded message ----------
Date: Wed, 22 Sep 2004 10:42:14 -0400 (EDT)
From: Nahur Fonseca <nahur at cs.bu.edu>
To: nrg-l at cs.bu.edu
Subject: [NRG]: David Moore and Colleen Shannon

Dear all,

We are proud to announce taht Daivd Moore and Colleen Shannon will
present part of the work they have been developing at CAIDA in the
next NRG meeting.

Since we have two talks, we will start the first one earlier, 
on Monday 9/27 from 3 to 4 PM, and the second one from 4 to 5 PM.

Please, find the talks' abstracts bellow, or see more details in
the NRG web site at http://www.cs.bu.edu/groups/nrg/



Title: The UCSD Network Telescope
Speaker: Colleen Shannon

The UCSD Network Telescope provides a unique vantage point for
monitoring security events that affect the Interenet as a whole,
including distributed denial-of-service attacks, internet worms, and
targeted scanning behavior.
This talk will explain the network telescope motivation and architecture
and describe recent trends in denial-of-service and Internet worm
Although it received little media attention, the Witty worm was the
first widely-propagated Internet worm to carry a destructive payload.
It also had a number of other unique and disturbing characteristics,
including being the first Internet worm kicked off in a coordinated
manner using a large number of previously compromised hosts, spreading
by infecting a security (firewall) product, and demonstrating
conclusively that a worm with a small vulnerable population can be


Title: Building a Better NetFlow
Speaker: David Moore

Network operators need to determine the composition of the traffic mix
on links when looking for dominant applications, users, or estimating
traffic matrices. Cisco's NetFlow has evolved into a solution that
satisfies this need by reporting flow records that summarize a sample of
the traffic traversing the link. But sampled NetFlow has shortcomings
that hinder the collection and analysis of traffic data.

We propose Adaptive NetFlow, deployable through an update to router
software, which addresses many shortcomings of NetFlow by dynamically
adapting the sampling rate to achieve robustness without sacrificing
accuracy. To enable counting of non-TCP flows, we propose an optional
Flow Counting Extension that requires augmenting existing hardware at
routers. Both our proposed solutions readily provide descriptions of the
traffic of progressively smaller sizes. Transmitting these at
progressively higher levels of reliability allows graceful degradation
of the accuracy of traffic reports in response to network congestion on
the reporting path.


Colleen Shannon is a staff researcher at CAIDA (the Cooperative
Association for Internet Data Analysis).  She leads the network
telescope work within CAIDA; her research interests focus particularly
on examining network security.  She recently authored a study of the
spread of the Witty worm, prominently featured in the current issue of
IEEE Security and Privacy magazine.  In the past, she pioneered a method
of localtime analysis of host behavior that helps to identify the
function of machines infected with an Internet worm.
She recently assessed the viability of using current technology to
automatically block the propagation of Internet worms.  Colleen also has
experience at developing easily navigable, user-friendly web interfaces
to datasets.  The results of Colleen's recent collaboration with five
other researchers in analyzing the SQL Slammer worm was a top story of
the July/August 2003 issue of the IEEE Security and Privacy Magazine.

David Moore is a popular speaker and researcher with expertise in
Internet measurement and network security.  He is a principal
investigator and the technical director of the Cooperative Association
for Internet Data Analysis (CAIDA) at the San Diego Supercomputer Center
at UCSD and also a computer science PhD candidate at the University of
California, San Diego.

His work with others on tracking denial-of-service attacks and Internet
worm spread has appeared in Information Security Magazine, IEEE Security
& Privacy Magazine and Scientific American and, of course, slashdot.
His presentations include invited talks at Usenix LISA, Usenix Security,
NANOG (North American Operators Group), and others.

More information about the Nrg-l mailing list