#  Mike Collins: "It's The Hackers' World, and We Just Live Here: The Pragmatics of Network Defense" 

 



####  calendar\_today Date and Time 

 **April 15, 2009** 

 12:00PM - 01:30PM EDT 

####  pin\_drop Location 

 **Maxwell Dworkin 119**  



 

 



 

**CRCS Privacy and Security Lunch Seminar**

Date: Wednesday, April 15, 2009  
Time: 12:00pm-1:30 pm  
Place: Maxwell Dworkin 119

Speaker: Mike Collins

Title: Its The Hackers’ World, and We Just Live Here: The Pragmatics of Network Defense

Abstract: In 2002, several colleagues and I wanted to get a couple weeks of network traffic traces in order to study user behaviors in react to public holidays. That research effort led to the CENTAUR capability, used by the DoD to monitor its internal networks to this day.

Intrusion detection systems historically have relied on an implicit  
assumption that attacks are rare and targeted specifically at  
high-value targets. In this talk, I intend to discuss how those  
assumptions hold up against the data collected from watching a very large network for the past five years over 150 million+ IP addresses.

On the whole, the results are not heartening: several protocols have been effectively abandoned due to worm traffic, and anomaly detection technology is drowned in a constant flood of garbage data and failed attacks. The constant stream of garbage traffic and the ease with which new attacks are injected into the system bring up serious questions about the viability of endpoint defenses. Conversely, evidence exists to suggest that bad actors appear persistently in specific locations, the most notable recent example being the McColo  
shutdown.

In my talk, I will discuss the impact of attacks on the training, use and application of anomaly detection mechanisms, as well as the potential impact of shutdowns and takedowns. The question we now face is whether we want to aggressively shut and take down hostile actors – how to develop judgments for doing so, and whether this is a path we want to take.

We never did figure out how users react to public holidays.

Bio:  
Michael Collins is the chief scientist for RedJack, LLC., a Network  
Security and Data Analysis company located in the Washington  
D.C. area. Prior to his work at RedJack, Dr. Collins was a member of the technical staff at the CERT/Network Situational Awareness group at Carnegie Mellon University. His primary focus is on network instrumentation and traffic analysis, in particular on the analysis of large datasets and the impact of distributed attacks on Internet infrastructure.

Dr. Collins graduated with a PhD in Electrical Engineering from  
Carnegie Mellon Univeristy in 2008, he holds Master’s and Bachelor’s Degrees from the same institution. In his spare time, he enjoys talking about himself in the third person.



 

 



 

 See also:- [ CRCS Lunch Seminar ](/events/crcs-lunch-seminar)
 
 

 Share on:- [     Facebook ](#)
- [     Twitter ](#)
- [     Linkedin ](#)
 


 Save: [ Add to calendar calendar\_today ](https://crcs.seas.harvard.edu/node/72901/event-feed.ics)  Copy link link