Finding Very Damaging Needles in Very Large Haystacks
Vern Paxson, University of California, Berkeley / Corelight, Inc. / International Computer Science Institute
July 31, 2018 11:00am, in DC 1304
Many of the most costly security compromises that enterprises suffer manifest as tiny trickles of behavior hidden within oceans of other site activity. This talk will examine the problem of developing robust detectors for particular forms of such activity. The process is in some ways a dual to that of adversaries who seek to design algorithms to identify users who employ particular approaches for keeping their network activity private. The themes include research pitfalls, the crucial need to leverage domain knowledge in an apt fashion, and why machine learning is difficult to effectively apply to such problems.
Vern Paxson is a Professor of EECS at UC Berkeley, and co-founder and Chief Scientist of Corelight, a company based on the network monitoring technology he has developed for many years. He also leads the Networking and Security Group at the International Computer Science Institute in Berkeley. His research focuses heavily on measurement-based analysis of network activity and Internet attacks. He works extensively on high performance network monitoring, detection algorithms, cybercrime, and countering censorship and abusive surveillance. He was inducted in 2006 as a Fellow of the ACM, and in 2011 he received ACM's SIGCOMM Award "for his seminal contributions to the fields of Internet measurement and Internet security, and for distinguished leadership and service to the Internet community." His measurement work has also been recognized by ACM's Grace Murray Hopper Award and by the 2015 IEEE Internet Award.