Robert Cunningham - MIT Lincoln Laboratory, Information Systems Technology
Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.
Detecting Computer Attackers: Recognizing Patterns of Malicious, Stealthy Behavior
Nov 29, 2000
PDFAbstract
In the United States today, computer systems are used as repositories of information critical to the success of businesses and the smooth functioning of our nation. As we rely more heavily on these systems, they become increasingly valuable targets for computer attackers. While some attackers are merely experimenting with others' computers, others are intentionally attempting to damage infrastructure or adversely impact military readiness. We have developed model-based techniques to detect several classes of attacks both before and after they are launched. For this presentation, I will describe techniques for detecting attacks that allow a normal user to acquire the privileges of the super-user. The first technique detects user-to-super-user attack before that software is used, while the second technique (Bottleneck Verification) detects attacks after they have been launched. Each has a high detection rate at a low false alarm rate, but neither is perfect, so both are useful for protecting a computer system.About the Speaker
Robert K. Cunningham received the Sc.B. degree in computer engineering from Brown University in 1985, the M.S. degree in electrical engineering from Boston University in 1988, and the Ph.D. degree in cognitive and neural systems from Boston University in 1998. From 1985 to 1987 he worked at Raytheon, designing and developing a parallel and distributed operating system for the next generation weather radar system. After completing his masters degree in 1988, he became a staff member of the Machine Intelligence Group at MIT Lincoln Laboratory, where his research focused on digital image processing and image understanding, including parallel implementations of algorithms for enhanced visualization and image region classification. As part of that work, he contributed to early drafts of the real-time message passing interface (MPI/RT) specification. In early 1998 he moved to the Information Systems Technology Group, where his research has focused on developing intrusion detection systems that do not require advance knowledge of the method of attack. He was appointed Assistant Leader of the group in August 2000. He is a member of Sigma Xi and a senior member of the IEEE.