Thursday, October 23, 2002 Volen 101, 2:00-3.00 pm
Abstract:
Understanding the nature of the information flowing into and out of a system or network is fundamental to determining if there is adherence to a usage policy or whether the security of the system has been compromised. In this talk I will describe how behavioral authentication can be used to detect anomalies in the expected behavior of both processes and users.
The first application, classifying server traffic, addresses the problem that traditional methods of determining traffic type rely on the port label carried in the packet header to indicate the type of service (e.g., HTTP, Telnet, SSH, etc). This method can fail, however, in the presence of proxy servers that re-map port numbers or host services that have been compromised to act as back doors or covert channels. I will present an approach to classifying server traffic based on models of server stream behavior. The models are learned during a training phase from traffic described using a set of features we designed to capture the behavior of TCP services.
In the second application, user-reauthentication, I will describe methods for learning a profile of the valid user and illustrate how this profile can be used to monitor current behavior to detect anomalies, which in turn may indicate either misuse or an intrusion.
Bio: Carla E. Brodley is an associate professor in the School of Electrical and Computer Engineering at Purdue University. She received her bachelors degree in Mathematics from McGill University in 1985 and her MS and PhD in computer science from the University of Massachusetts at Amherst in 1991 and 1994. Prof. Brodley's research interests include computer security, machine learning and knowledge discovery in databases. She has worked in the areas of intrusion detection, anomaly detection in networks, hardware support for security, classifier formation, unsupervised learning and applications of machine learning to remote sensing, computer security, and content-based image retrieval of medical images.
She is the recipient of an NSF Career award. In 2001 she served as program co-chair for the International Conference on Machine Learning (ICML) and in 2004 she will serve as the general chair for ICML. Currently she is an associate editor of the Journal of Artificial Intelligence Research and serves on the editorial board of the Journal of Machine Learning Research. She is a member of the Computing Research Association's Committee on the Status of Women in Computing Research (CRA-W) and she is the editor of the ``Expanding the Pipeline'' column of the Computing Research News.
Host: Tim Hickey