Better Architectures and New Security Applications for Coarse Network Monitoring

Busy networks today cannot afford to log all traffic traversing them, and consequently many network-monitoring applications make due with coarse traffic summaries. In this talk, we will describe an approach we have developed to improve the fidelity of these traffic summaries, by coordinating the monitoring performed by the network's routers so as to achieve network-wide monitoring goals while respecting each router's processing constraints. We also will describe our use of traffic summaries to detect a variety of stealthy network abuses (e.g., file-sharing traffic masquerading on other application ports, "hit-list" scans and malware propagation, data exfiltration by spyware, and botnet command-and-control) and even to identify the origin of epidemic malware spreads.
Michael Reiter is the Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill (UNC). He received the B.S. degree in mathematical sciences from UNC in 1989, and the M.S. and Ph.D. degrees in Computer Science from Cornell University in 1991 and 1993, respectively. He joined AT&T Bell Labs in 1993 and became a founding member of AT&T Labs – Research when NCR and Lucent Technologies (including Bell Labs) were split away from AT&T in 1996. He then returned to Bell Labs in 1998 as Director of Secure Systems Research. In 2001, he joined Carnegie Mellon University as a Professor of Electrical & Computer Engineering and Computer Science, where he was also the founding Technical Director of CyLab. He joined the faculty at UNC in 2007. Dr. Reiter's research interests include all areas of computer and communications security and distributed computing. He regularly publishes and serves on conference organizing committees in these fields, and has served as program chair for the flagship computer security conferences of the IEEE, the ACM, and the Internet Society. He presently serves on the editorial board of Communications of the ACM, and he has previously served as Editor-in-Chief of ACM Transactions on Information and System Security and on the editorial boards of IEEE Transactions on Software Engineering, IEEE Transactions on Dependable and Secure Computing, and the International Journal of Information Security. He presently serves on the Emerging Technology and Research Advisory Committee for the United States Department of Commerce. Dr. Reiter was named an ACM Fellow in 2008.