Mercoledì 12 maggio 2010, ore 10
Dipartimento di Ingegneria Elettrica ed Elettronica
Sala riunioni del Padiglione B  
 
FROM ZERO-DAY ATTACK TO ZERO-DAY RESPONSE
 
Seminario del dott. PAVEL LASKOV (Università di Tuebingen) nell’ambito delle attività del gruppo di ricerca in Pattern Recognition
 
 
ABSTRACT  The rapid evolution of malicious software poses a major threat to modern information systems, especially in view of the fact that this development is driven by organized cybercrime. Utterly dangerous, as exemplified by recent incidents by Google and Co., are the so-called "zero-day" attacks for which exploits are observed in the wild before a security patch is available. There is a growing consensus in the security community that new mechanisms are needed for protection of both server and end-user systems against potentially unknown threats.
In this talk I will present the main concepts and several applications of a self-learning intrusion detection system ReMIND that is capable of identifying unknown attacks with high accuracy and low false-alarm rates. The underlying idea of ReMIND is efficient analysis of application payload coupled with unsupervised anomaly detection algorithms. A software implementation of our system has reached the performance of over 1 Gbps on a standard multicore hardware. The system can be coupled with response mechanisms either in form of packet filtering or via automatic signature generation. In the last part of the talk I will discuss potential attacks against self-learning systems and present a formal analysis of online anomaly detection in the presence of a poisoning attack.

BIO Pavel Laskov graduated from the Moscow Institute of Radio, Electronics and Automation (Russia) in 1994 with a diploma in computer engineering. He received a M.Sc. and a Ph.D. in computer science from the University of Delaware (Newark, DE, USA) in 1996 and 2001 respectively. In 1997 he spent 6 months at AT&T Research where he was involved in the pioneering work on kernel methods of machine learning headed by V. Vapnik, the inventor of Support Vector Machines. Since 2001 he is a senior researcher at the Fraunhofer Institute FIRST in Berlin. In 2004 he has initiated investigation of machine learning methods for intrusion detection and has lead the development of a self-learning intrusion detection system ReMIND. In 2009 he was awarded a Heisenberg Fellowship of the German Science Foundation and moved to the University of Tuebingen to focus on machine learning methods for adversarial environments. He published over 40 articles in the refereed journals and conference proceedings and has served in program committees of several international conference. 
 
INFO  Prof. Giorgio Giacinto
Dipartimento di Ingegneria Elettrica ed Elettronica
Piazza D’Armi - 09123 Cagliari - Tel: 070 675 5752 Fax: 070 675 5782
URL: http://www.diee.unica.it/giacinto/