[svlug] on network security

Karen Shaeffer shaeffer at neuralscape.com
Wed Nov 19 16:38:23 PST 2014


Hi folks,
If you are interested in the latest research on network security, then this
free event might be for you. I am posting the details here, because this special
event does not actually appear on the ComSoc SCV webpage. I'd like to attend this
one, if I can find the time. Low probability, if recent history persists...

Sponsor:
IEEE Communications Society
Santa Clara Valley Chapter (ComSoc SCV <http://www.comsocscv.org>)


*** IEEE ComSoc Distinguished Lecture Talk (DLT)

*Event:*  Traffic Forensics: Capture, Replay, Classification, Detection,
and Analysis

*Date:* Friday, December 5, 2014
*Time:* 10:00 AM to 12:00 PM (PDT)

*Location:*
ENGR337,
San Jose State University Engineering building
San Jose State University

*Session Abstract:*
If computer forensics is to identify, preserve, recover, and analyze who
did what on a computer, network forensics is to do the same on a network.
Compared to network forensics, which has wider forensics targets on devices
(e.g., switches, routers, access points, firewalls, gateways) and packets
between them, traffic forensics focuses on packets alone. When these
devices are black boxes and do not have storage to record what happened,
which are often true, traffic forensics then approximates network
forensics. In this talk, we present a series of technologies and tools we
developed to capture, replay, classify, detect, and analyze traffic. From
the architectures of a beta site embedded into an operational campus
network with live traffic, to replay captured traffic with stateless or
stateful replayers in wired or wireless environments, we build the basic
infrastructure and tools to play with real traffic. A case study is
reported to see how effective the accumulated packet traces are in
triggering bugs in products under development.

Then we present another class of techniques leveraging the domain knowledge
of existing products to classify traffic into various applications or
malicious intrusions and malware. A classified PCAP library, associated
techniques, and their evaluation are illustrated. With these integrated, a
case study is reported to redefine security criteria with functionality,
robustness, performance, and stability testing, in order to complement
existing criteria such as Common Criteria, ICSA, and NSS. As sources of
intrusions are often malware carried in application payloads, collect,
analyze, and detect malware are the essential ways to build the defense
lines. Thus, we present the mechanisms to collect and analyze active and
passive malware through honeypot and P2P, respectively. At the end, we
present detection mechanisms for traditional malware, Android malware, and
Advanced Persistent Threat (APT).

*Speaker:*
Ying-Dar Lin, IEEE Fellow, IEEE Distinguished Lecturer, ONF Research
Associate
Distinguished Professor of National Chiao Tung University,
Hsinchu, Taiwan

*Cost:*
Free. No registration required.

enjoy,
Karen
-- 
Karen Shaeffer                 Be aware: If you see an obstacle in your path,
Neuralscape Services           that obstacle is your path.        Zen proverb




More information about the svlug mailing list