[Nrg-l] Michael Collins: Colloq **NOW**

Mark Crovella crovella at cs.bu.edu
Fri Aug 28 10:55:49 EDT 2009

CS Colloquium
11am Friday 8/28
MCS 135

Michael Collins
RedJack LLC

Title: The role of measurement in IDS and IPS: are we ready to ask the
right questions?

IDS and IPS are "bolt-on" solutions; the implicit hope in their design
and operation is that by attaching them
to networks, we can provide an environment that is, depending on one's
point of view, tolerably secure or tolerably insecure. Historically,
intrusion detection and prevention systems have relied on the assumption
that attacks are rare, external and targeted specifically at high-
value targets.  Attackers, in the meantime, have adapted to these
assumptions and focus on largely disinterested attacks against the
entire Internet.

In my talk, I will discuss the impact of constant and adaptive attacks
on the training, use and application of IDS.   In particular, I will
discuss modeling IDS as design specifications for attackers -
attackers have concrete goals, and if we can model their behavior
rationally, we can ask the hard questions about IDS: is it feasible for
such bolt-on defenses to work, and what are the alternatives?

Michael Collins is the chief scientist for RedJack, LLC., a Network
Security and Data Analysis company located in the Washington
D.C. area.  Prior to his work at RedJack, Dr. Collins was a member of
the technical staff at the CERT/Network Situational Awareness group at
Carnegie Mellon University.  His primary focus is on network
instrumentation and traffic analysis, in particular on the analysis of
large datasets and the impact of distributed attacks on Internet

Dr. Collins graduated with a PhD in Electrical Engineering from
Carnegie Mellon University in 2008, he holds Master's and Bachelor's
Degrees from the same institution.  In his spare time, he enjoys talking
about himself in the third person.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cs-mailman.bu.edu/pipermail/nrg-l/attachments/20090828/74afba2e/attachment.html 

More information about the Nrg-l mailing list