Toronto
Networking Seminar
Scan
Detection and Analysis using Exposure Maps and Darkports
Paul Van
Oorschot
School of Computer Science
Carleton University
Date:
Friday, April 20, 2pm
Location: BA 4287 (Bahen Center)
Abstract:
We define darkports as unused ports on active Internet-accessible
systems, and are particularly interested when they transition to become
active. We make use of darkports for several defensive purposes: to
detect sophisticated scanning activity, to enable fine-grained
automated defense against automated malware attacks, and to detect
real-time changes in a network that may indicate a successful
compromise. We compare our technique with the popular Snort intrusion
detection tool, and also evaluate it using different network datasets
for an application we refer to as generating exposure profiles. This is
joint work with Dave Whyte and Evangelos Kranakis.
Bio:
Paul Van Oorschot (Ph.D. Waterloo, 1988) is a Professor in the School
of Computer Science at Carleton University, and Canada Research Chair
in Network and Software Security. He founded Carleton's
Digital Security Group, and directs Carleton's Computer Security Lab
(http://www.ccsl.carleton.ca/about/). Van Oorschot has worked
in R&D in network security and cryptography at Bell-Northern
Research, and Entrust Technologies (Ottawa) as VP, Chief Scientist, and
Chief Security Architect. He co-authored the standard Handbook of
Applied Cryptography, serves regularly on international conference
program committees, and will be program chair of USENIX Security 2008.
His research interests include authentication and identity management,
network security, software protection, usable security, and security
infrastructures. http:// www.scs.carleton.ca/~paulv/
|