Business Intelligence SIG: Distributed Bayesian Worm Detection
The Monthly Meeting of the Business Intelligence SIG
Topic: When Gossip is Good: A Distributed Bayesian Approach to Worm Detection
Analytic techniques are an important component of advanced computer security applications. In this work, Bayesian inference and other machine learning methods demonstrate that, by distributing both the detection and inference, collaborating hosts can improve the accuracy and quality of day-zero worm detection in comparison to stand-alone detectors. In this talk we explain our simulation results that reveal the benefits of marrying machine learning with efficient epidemic-style messaging. http://www.intel.com/technology/techresearch/people/bios/agosta_jm.htm
We will also present how further improvements can be made to improve anomaly detection and decrease the "gap" in which worms can hide when a classifier trained as a traffic predictor is used to customize the host's worm detection threshold as a function of time and detect worms hiding deep within normal traffic. These results are under consideration as features to be added to Intel's hardware in upcoming "Active Management Technology" (AMT) release.
John Mark Agosta develops diagnostic, optimization and statistical models to improve Intel products and processes. Previously he developed automation for customer relationship management software while working at Edify Corporation. Most notably he incorporated statistical language methods into the product for automated response to customer inquiries. From 1998-2000 he was chief technical officer for Knowledge Industries, where he built Bayes networks for medical, avionics and automobile clients. From 1992 to 1998 he worked as a research engineer at SRI International where he served as the technical lead to create several automated reasoning software tools. He built models for electric utility generator alarm filtering and computer network intrusion detection. He also worked in automated planning for emergency response and USAF air campaign planning. Agosta received his Ph. D. in the Engineering-Economic Systems Department (now Management Science and Engineering) of Stanford University in 1991. His thesis topic was on an application of Bayes networks to visual recognition. At Stanford he participated in the early development of Bayes networks methods. While in graduate school he consulted for Apple Computer, Grainger, (now DSC), Opcom (now Lucent) and IBM. He lives in Palo Alto with his wife, Margaret, and their twins, Alex and Isabella.
Cubberley Community Center
4000 Middlefield Road, Room H-1
Palo Alto, CA
6:30 - 7:00 p.m. Registration / Networking / Refreshments (please arrive before 7:00 p.m.)
7:00 - 8:30 p.m. Presentation and Discussion
$15 at the door for non-SDForum members
No charge for SDForum members
No registration required
More on the Business Intelligence SIG....