Yan Chen - Northwestern University
Feb 22, 2006
Due to recording problems, video of this seminar will NOT be made available.
In this talk, we will first briefly introduce the High-Performance Network Anomaly/Intrusion Detection and Mitigation (HPNAIDM) system that is currently being developed in the Northwestern Lab of Internet and Security Technology (LIST) (http://list.cs.northwestern.edu), and then focus on one of its components, Hamsa, as described below. The paper on Hamsa will appear in the IEEE Syposium of Security and Privacy this year.
Zero-day polymorphic worms pose a serious potential threat to the security of Internet infrastructure. Given their exponentially increased propagation speed, it is crucial to detect them at routers/gateways in the early stages of infection. Most existing approaches for automatic signature generation are host-based and are not applicable for deploying on high-speed routers. In this talk, we propose Hamsa, a network-based automated signature generation system for polymorphic worms which is fast, noise tolerant, attack resilient, and capable of detecting multiple worm in a single
application protocol. Essentially, we propose a realistic model to analyze the invariant content of polymorphic worms which allows us to make analytical attack resilience guarantees for the signature generation algorithm. Evaluation based on a range of polymorphic worms and polymorphic engines demonstrates that Hamsa significantly outperforms recent work in terms of efficiency, accuracy, and attack resilience.
About the Speaker
Dr. Yan Chen is an Assistant Professor in the Department of Electrical Engineering & Computer Science at Northwestern
University, Evanston, IL. He got his Ph.D. in Computer Science at University of California at Berkeley in 2003. His research interests include network security, network measurement, P2P systems and wireless and ad hoc networks. He won the DOE Early CAREER award in 2005 and the Microsoft Trustworthy Computing Awards in 2004 and 2005.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...