[Nrg-l] NRG Talk by Paul Barford :27th Oct

Vijay Erramilli evijay at cs.bu.edu
Sun Oct 23 21:25:39 EDT 2005


Hi All,

This week we are having one of our own grads returning to NRG!

Paul Barford will give a talk titled:"Toward Self-Directed Network Intrusion Detection and Prevention"

Where: Grad. Lounge
When: Thursday 27th Oct 2005 11 am.

The abstract follows.

Cheers,
vijay


***************************************************************************

Title:  Toward Self-directed Network Intrusion Detection and Prevention

Abstract:


Network attacks and intrusions have been a fact of life in the Internet
for many years and continue to present serious challenges for network
researchers and operators alike. The objective of our work is to develop
tools and systems that automate or otherwise enhance key activities of
network security analysts. In the first part of this talk, I will describe
our malicious traffic assessment activities using our Internet Sink
(iSink) system for dark address space monitoring. iSink is a highly
scalable system that includes both passive packet capture and a set of
stateless active responders that enable details of exploits to be
captured. Our results illustrate the variability in the traffic on dark
address space and the feasibility of efficient classification of attack
types.  I will also describe how data from dark address space monitors can
be used to provide near real time network "situational awareness" for
security analysts. iSink data is also the basis for our Nemean system that
automatically synthesizes signatures for intrusion detection.  Unlike
standard intrusion signatures, Nemean's signatures are protocol aware
which we show greatly enhances their resilience to false alarms.  I will
describe Nemean, and conclude with a brief description of our current
activities in adapting Nemean into a real time intrusion prevention
system.

Bio:

Paul Barford received his BS in Electrical Engineering from the University
of Illinois at Champaign-Urbana in 1985, and his Ph.D. in Computer Science
from Boston University in December, 2000.  He is an Assistant Professor of
Computer Science at the University of Wisconsin at Madison.  He is the
founder and director of the Wisconsin Advanced Internet Laboratory and his
research interests are in measurement, analysis and security of wide area
networked systems and network protocols.


More information about the Nrg-l mailing list