Biography: Dr. Weaver received his Ph.D. in Computer Science from the University of California at Berkeley in 2003. In 1995, he received his B.S degree in Astrophysics and Computer Science at the same school. Prior to becoming a researcher at the International Computer Science Institute, he worked in Lawrence Berkeley Labs and Silicon Defense. His current research focuses on high-speed worms and related threats. Dr. Weaver first grew interested in this field based on observing the possibility of a Warhol Worm, which could infect every potential host in 15 minutes. Similarly, he is interested in single points of ownership on the Internet as well as security implications of Brilliant Digital and automatic updaters.

Abstract: Academics are supposed to have a crystal ball which they have used to shape their research, in order to help solve tomorrow's problems today. As a researcher involved in developing intrusion detection systems, I believe the future is in system defense. This talk will begin with some speculation about attackers, what they have been leveraging, and what they will continue to leverage. The argument will be made that most sophisticated attackers, by hijacking user credentials and establishing network footholds, should effectively be considered insider threats and the problem will only get worse. The talk will finish with speculations for the future of intrusion detection, including fine-grained control and IDS in the LAN, parallel intrusion detection, improved authentication, and system recovery strategies.

Biography: Dr. Shambhu J. Upadhyaya is an Associate Professor of Computer Science and Engineering at the State University of New York at Buffalo where he directs the Center of Excellence in Information Systems Assurance Research and Education (CEISARE),designated by the National Security Agency. Prior to July 1998, he was a faculty member at the Electrical and Computer Engineering department. His research interests are information assurance, computer security, fault diagnosis, fault tolerant computing, and VLSI Testing. He has authored or coauthored more than 150 articles in refereed journals and conferences in these areas. His current projects involve insider threat modeling, intrusion detection, security in wireless networks, and protection against Internet attacks. His research has been supported by the National Science Foundation, Rome Laboratory, the U.S. Air Force Office of Scientific Research, National Security Agency, IBM, and Cisco.

Abstract: Secure computing practices today mandate the deployment of attack detection and mitigation tools such as firewalls, anti-virus software and intrusion detection sensors (IDS). Yet, with the expansion of the cyberspace, computer attacks have progressively become more sophisticated and harder to detect. One of the primary concerns today is the threat of organized cyber attacks that are aimed at disrupting the nation’s critical infrastructures and the national security. Consequently, researchers have shifted focus to event correlation and fusion techniques to identify coordinated attacks. However, the techniques so developed are useful primarily from the standpoint of forensic analysis and network hardening. Situation awareness of attacks in near real-time can provide the benefits of possible attack mitigation and containment. Validation of research prototypes with realistic data is also an important requirement.

The effective situation awareness of coordinated multistage attacks calls for a good understanding of the attack model, consideration of the suitable granularity levels of event data generated on the networks, attack semantics, and data dimensionality for effective comprehension and visualization. In this talk, we will review the current state-of-the-art in the disciplines, the inadequacy of current solutions to address the attacks that may be coming from within an organization, and some proposed solutions. We will end the talk by identifying the grand challenge problems in security and some predictions on the state of security looking forward several years.

I do not fear computers. I fear the lack of them.

- Isaac Asimov

Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active, part of the problem.

- Fred Langa

In theory, one can build provably secure systems. In theory, theory can be applied to practice, but in practice, it can’t.

- M. Dacier