Five-College Speaker Series on Information Assurance
|
Carla Brodley |
 |
Understanding the nature of the information flowing into and out of a system or network is fundamental to determining if there is adherence to a usage policy or whether the security of the system has been compromised. In this talk I will describe how behavioral authentication can be used to detect anomalies in the expected behavior of processes, flows and users. The first application, classifying server traffic, addresses the problem that traditional methods of determining traffic type rely on the port label carried in the packet header to indicate the type of service (e.g., HTTP, Telnet, SSH, etc). This method can fail, however, in the presence of proxy servers that re-map port numbers or host services that have been compromised to act as back doors or covert channels. I will present an approach to classifying server traffic based on models of server stream behavior. The models are learned during a training phase from traffic described using a set of features we designed to capture the behavior of TCP services. In the second application, detection of covert timing channels in IP, I will describe how we can detect their presence by comparing statistics of traffic to learned models of normal traffic behavior. In the third application, user-reauthentication, I will describe methods for learning a profile of the valid user's normal behavior and illustrate how this profile can be used to monitor current behavior to detect anomalies, which in turn may indicate either misuse or an intrusion. Biography: Carla E. Brodley is a professor in the Department of Computer Science at Tufts University. She received her PhD in computer science from the University of Massachusetts, at Amherst in 1994. From 1994-2004, she was on the faculty of the School of Electrical Engineering at Purdue University, West Lafayette, Indiana. Professor Brodley's research interests include computer security, machine learning and knowledge discovery in databases. She has worked in the areas of intrusion detection, anomaly detection in networks, hardware support for security, classifier formation, unsupervised learning and applications of machine learning to remote sensing, computer security, and content-based image retrieval of medical images.Professor Brodley is a member of the 2004/2005 Defense Science Study Group sponsored by DARPA and IDA. In 2001 she served as program co-chair for the International Conference on Machine Learning (ICML) and in 2004, she served as the general chair for ICML. Currently she is an associate editor of the Journal of Artificial Intelligence Research and the Machine Learning Journal. She is a member of the Computing Research Association's Committee on the Status of Women in Computing Research (CRA-W) and she is the editor of the ``Expanding the Pipeline'' column of the Computing Research News. |
|