• Home
• Events
• Current Events
• 2006-2007 Events
• Internship Program
• Research Projects
• Current Projects
• Past Projects
• Photo Gallery
• Apply to be a Mentor or Scholar
• About Us
• Participant Profiles
• Frequently Asked Questions
• Contact Us

Network and System Security

I'm interested in all aspects of network and system security. To solve practical security problems, I use networking and system techniques, as well as applied cryptography, machine learning, probability and statistics, information theory, etc. My current specific research interests include:

Intrusion Detection System (IDS): model, design, evaluation and optimization

• As a necessary component of defense-in-depth, intrusion detection system (IDS) is widely accepted to detect inappropriate, incorrect, unauthorized access of a computer or network system. As burglar alarms for computer and network systems, IDS will issue alarms and sometimes even take corrective action when an intruder or abuser is detected. Nowadays it is an important part of the layered network security mechanism and the key technique to achieve the dynamic protection. There are two categories of IDS, anomaly detection or misuse detection. Anomaly detectors look for behavior that deviates from normal system use. Misuse detectors look for signature that matches a known attack scenario. Currently, IDS, especially anomaly detection, is a hot research topic in computer security literature. My research will study many important aspects of intrusion detection, e.g., how do we model, design, evaluate, and optimize an intrusion detection system in both theory and practice.

Internet malware (Worm/Botnet) detection and defense

• In recent years, fast spreading worms have presented a major threat to the security of the Internet. Worm detection and response received renewed focus in both academia and industry. Even worse, attackers are increasingly using large networks of compromised machines to carry out further attacks (e.g., using botnets, or enormous groups of compromised hosts under the control of a single attacker). A botnet is best explained as a platform for distributed malicious computing. Thousands of victim computers make up the grid of this system. Spam, traditionally treated as a separate security problem, is just one application that runs on the botnet platform. Other applications running on the botnet platform include clickfraud, identity theft, denial of service, key cracking and copyright violations. Botnets are different from traditional discrete infections in that they act as a coordinated attacking group. Machines participating in a botnet frequently have numerous heterogeneous infections: viruses, worms, and trojans. The cloud of victims can be used to create redundant, highly resilient networks for attacks. The infection that we must address is not merely the numerous binaries, but the network of attackers itself. My research will study how to efficiently detect and defense worm and botnet activity.