Date:
Location:
CRCS Privacy and Security Lunch Seminar
Date: Wednesday, April 15, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119
Speaker: Mike Collins
Title: Its The Hackers’ World, and We Just Live Here: The Pragmatics of Network Defense
Abstract: In 2002, several colleagues and I wanted to get a couple weeks of network traffic traces in order to study user behaviors in react to public holidays. That research effort led to the CENTAUR capability, used by the DoD to monitor its internal networks to this day.
Intrusion detection systems historically have relied on an implicit
assumption that attacks are rare and targeted specifically at
high-value targets. In this talk, I intend to discuss how those
assumptions hold up against the data collected from watching a very large network for the past five years over 150 million+ IP addresses.
On the whole, the results are not heartening: several protocols have been effectively abandoned due to worm traffic, and anomaly detection technology is drowned in a constant flood of garbage data and failed attacks. The constant stream of garbage traffic and the ease with which new attacks are injected into the system bring up serious questions about the viability of endpoint defenses. Conversely, evidence exists to suggest that bad actors appear persistently in specific locations, the most notable recent example being the McColo
shutdown.
In my talk, I will discuss the impact of attacks on the training, use and application of anomaly detection mechanisms, as well as the potential impact of shutdowns and takedowns. The question we now face is whether we want to aggressively shut and take down hostile actors – how to develop judgments for doing so, and whether this is a path we want to take.
We never did figure out how users react to public holidays.
Bio:
Michael Collins is the chief scientist for RedJack, LLC., a Network
Security and Data Analysis company located in the Washington
D.C. area. Prior to his work at RedJack, Dr. Collins was a member of the technical staff at the CERT/Network Situational Awareness group at Carnegie Mellon University. His primary focus is on network instrumentation and traffic analysis, in particular on the analysis of large datasets and the impact of distributed attacks on Internet infrastructure.
Dr. Collins graduated with a PhD in Electrical Engineering from
Carnegie Mellon Univeristy in 2008, he holds Master’s and Bachelor’s Degrees from the same institution. In his spare time, he enjoys talking about himself in the third person.