CRIME Meeting 8 June 2004, 10-Noon, @ Zoo Conf Rooms

From: George Heuston (GeorgeH@private)
Date: Mon May 24 2004 - 09:03:54 PDT

  • Next message: Kuo, Jimmy: "CRIME FW: Oregon State Police Office of Public Safety & Security: Meeti ng Notice"

    Subject:  "Network Locality, and Anomaly Detection in the Ourmon Network
    
    		Monitoring System" (The same talk Jim gave to CERT
    recently)
    
    Speaker: Professor Jim Binkley, CS Dept, Portland State University
    
    Jim's Topic Overview:
    In this talk I am going to first introduce the open-source ourmon
    network monitoring system, which is somewhat similar to a traditional
    SNMP rmon probe, but instead uses the Berkeley Packet Filter, and
    port-mirroring on Ethernet switches.  Then I will present two recent
    research efforts, first including a large section on TCP and UDP worm
    detection and a shorter discussion of a measurement project aimed at
    learning what happens when network monitoring equipment is attacked by
    gigabit-sized flows.  The worm detection discussion will present the
    thesis that looking at the local network-based control plane including
    TCP control packets, ICMP errors, and second-order information like flow
    counts is useful in anomaly detection.  The gigabit flow measurement
    research was motivated by the slammer attacks in early 2003.  We will
    present our measurement results and security concerns in reference to
    network monitoring of maximum MTU and minimum-sized Ethernet packets on
    a Gigabit Ethernet channel.
    
    Jim's Bio:
    Professor Binkley (http://www.cs.pdx.edu/~jrb) is a teacher, network
    engineer and researcher at Portland State University.  He has a M.S.
    degree in Computer Science from Washington State University and a B.S.
    in Chinese Literature.  Jim has about two decades worth of experience in
    local industry as a senior network engineer and network consultant
    working with TCP/IP networking, UNIX and real-time operating systems
    (VxWorks).  He currently teaches a graduate sequence of networking
    courses at Portland State including network security and Linux or
    FreeBSD o.s. internals classes.  His research interests include network
    security, wireless mobile networking, and network management.  In the
    recent past, Jim has acted as a principle investigator, along with John
    McHugh in the DARPA-funded Secure Mobile Networks project.  Jim is
    currently working on a number of projects including turning his ourmon
    network monitoring system into an anomaly detection system.  Jim suffers
    from being the director of the NSA certified PSU Center of Academic
    Excellence in Information Assurance.
    



    This archive was generated by hypermail 2b30 : Mon May 24 2004 - 09:59:42 PDT