CERIAS Weekly Security Seminar - Purdue University

Using semi-supervised learning, I propose an anomaly-based network intrusion detection system (NIDS) to detect and classify anomalous and/or malicious traffic. With this proposed machine learning approach, we detect botnet traffic and distinguish it from the normal and background traffic in the IPv4 flow datasets. I evaluate the prediction performance results for the flow-based NIDS algorithms. I show an improvement in detection accuracy and reduction in error rates, when compared with signature-based NIDS and previous studies.

Using semi-supervised learning, I propose an anomaly-based network intrusion detection system (NIDS) to detect and classify anomalous and/or malicious traffic. With this proposed machine learning approach, we detect botnet traffic and distinguish it from the normal and background traffic in the IPv4 flow datasets. I evaluate the prediction performance results for the flow-based NIDS algorithms. I show an improvement in detection accuracy and reduction in error rates, when compared with signature-based NIDS and previous studies. About the speaker: Dr. Nandi Leslie is an Engineering Fellow at Raytheon Technologies, serving as an Applied Mathematician and Principal Investigator at the U.S. Combat Capabilities Development Command/Army Research Laboratory (ARL)customer, since 2015. She supports the Raytheon Intelligence and Space business area and ARL on research and development projects related to machine learning, and cyber and electromagnetic activities. Dr. Leslie has published over 40papers in journal, conference proceedings, magazines, and government technical reports on machine learning,cybersecurity, network resilience, submarine security, and mathematical biology with over 375 citations. She has given over 30 research talks at national and international conferences in both unclassified and classified settingsBefore joining Raytheon, Dr. Leslie led and contributed to multi-target tracking projects at Systems Planning and Analysis, Inc. from 2007 to 2015. In this role, she served as Program Manager and Senior Operations Research Analyst, and she developed modeling approaches for the U.S. Navy Submarine Security Program, Office of the Secretary of Defense (OSD), and Joint Program Offices, using stochastic processes, to understand various tactical problems in different domains; such as submarine search and detection in oceanographic and atmospheric environmental conditions for the Navy, and damage assessments and remediation of cyber attacks to the Defense Industrial Base for OSD. In addition, she spent two years as a Lecturer and Postdoctoral Researcher at the University of Maryland, College Park in Department of Mathematics from 2005 to 2007. She earned her Ph.D. in Applied and Computational Mathematics from Princeton University in 2005, where her research focused on developing and analyzingspatially-explicit stochastic models of deforestation in forest ecosystems of the Neotropics.

Cyberattacks are increasing in frequency, severity, and sophistication. Target systems are becoming increasingly complex with a multitude of subtle dependencies. Designs and implementations continue to exhibit flaws that could be avoided with well-known computer-science and engineering techniques. Cybersecurity technology is advancing, but too slowly to keep pace with the threat. In short, cybersecurity is losing the escalation battle with cyberattack. The results include mounting damages in the hundreds of billions of dollars, erosion of trust in conducting business and collaboration in cyberspace, and risk of a series of catastrophic events that could cause crippling damage to companies and even entire countries. Cyberspace is unsafe and is becoming less safe every day. The cybersecurity discipline has created useful technology against aspects of the expansive space of possible cyberattacks. Through many real-life engagements between cyber-attackers and defenders, both sides have learned a great deal about how to design attacks and defenses. It is now time to begin abstracting and codifying this knowledge into principles of cybersecurity engineering. Such principles offer an opportunity to multiply the effectiveness of existing technology and mature the discipline so that new knowledge has a solid foundation on which to build. * * Based on "Engineering Trustworthy Systems: A Principled Approach to Cybersecurity, CACM, June 2019.

Cyberattacks are increasing in frequency, severity, and sophistication. Target systems are becoming increasingly complex with a multitude of subtle dependencies. Designs and implementations continue to exhibit flaws that could be avoided with well-known computer-science and engineering techniques. Cybersecurity technology is advancing, but too slowly to keep pace with the threat. In short, cybersecurity is losing the escalation battle with cyberattack. The results include mounting damages in the hundreds of billions of dollars, erosion of trust in conducting business and collaboration in cyberspace, and risk of a series of catastrophic events that could cause crippling damage to companies and even entire countries. Cyberspace is unsafe and is becoming less safe every day. The cybersecurity discipline has created useful technology against aspects of the expansive space of possible cyberattacks. Through many real-life engagements between cyber-attackers and defenders, both sides have learned a great deal about how to design attacks and defenses. It is now time to begin abstracting and codifying this knowledge into principles of cybersecurity engineering. Such principles offer an opportunity to multiply the effectiveness of existing technology and mature the discipline so that new knowledge has a solid foundation on which to build. ** Based on "Engineering Trustworthy Systems: A Principled Approach to Cybersecurity, CACM, June 2019. About the speaker: Sami is a senior security architect with over three decades of experience in every stage of cybersecurity including software development,  deployments, operations, design, systems engineering, national policy, advanced research, and program management.  He has been a thought leader at institutions such as the Defense Advanced Research Projects Agency and the National Security Agency.  As a consultant, he guides a wide-variety of leadership in the national security community, federal government, and critical infrastructure providers in industry. He teaches Cybersecurity Engineering at Johns Hopkins University.

Cyber security resources remain limited. Organizations that attempt to broadly protect their data from all cyber threats tend to inefficiently invest these resources, making them slower to adapt to the changing trends and techniques of cyber threats. – Carnegie Mellon.  This talk will discuss some of the basic principles of Cyber threat intelligence, and how proactive collection of information can enable an enterprise to protect its most critical assets. We will then dive into the main focus of this talk, operationalizing data in order to understand cyber criminals motivation and capabilities in order to tailor preventive controls meant to address threats your organization faces.    “If you know the enemy and yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” - Sun Tzu Know yourself: Learn your environment (people, processes, technology). Know your adversary: Learn your adversaries motivations (motive and targeted data) and capabilities (attack methods, TTP’S and resources). Prioritize protection of your most critical assets and operations.  

Cyber security resources remain limited. Organizations that attempt to broadly protect their data from all cyber threats tend to inefficiently invest these resources, making them slower to adapt to the changing trends and techniques of cyber threats. – Carnegie Mellon. This talk will discuss some of the basic principles of Cyber threat intelligence, and how proactive collection of information can enable an enterprise to protect its most critical assets. We will then dive into the main focus of this talk, operationalizing data in order to understand cyber criminals motivation and capabilities in order to tailor preventive controls meant to address threats your organization faces.   "If you know the enemy and yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." - Sun TzuKnow yourself: Learn your environment (people, processes, technology).Know your adversary: Learn your adversaries motivations (motive and targeted data) and capabilities (attack methods, TTP'S and resources).Prioritize protection of your most critical assets and operations.  About the speaker: Corey currently acts as an Advisor-Threat Intelligence and Detection for Eli Lilly and Company.  In this role he is responsible for developing and maturing Lilly's Information Security Cyber Threat Intelligence program and driving the creation of better threat detection capabilities.Prior to joining Lilly, Corey served twelve years in the Army as an All Source Threat Analyst where he performed a variety of intelligence functions including collection management, threat/intelligence analysis, and operational assignments to support operations abroad. Corey has specialties in threat entity targeting, open source intelligence collection, and intelligence support to counter terrorism, weapons of mass destruction, geo-political tensions, and cyber based threats.

Work in the public sector differs from that in the private sector in ways that on the one hand present challenges unique to public sector work but also sometimes produce unexpected rewards also unique to public sector work.  Mr. Coffing will share some of his experiences gained over the last eighteen months leading cybersecurity for the nation’s third largest municipality as well as over the course of a 25+ year career in information technology and cyber security.

Work in the public sector differs from that in the private sector in ways that on the one hand present challenges unique to public sector work but also sometimes produce unexpected rewards also unique to public sector work.  Mr. Coffing will share some of his experiences gained over the last eighteen months leading cybersecurity for the nation's third largest municipality as well as over the course of a 25+ year career in information technology and cyber security. About the speaker: Bruce Coffing is an information security professional with over twenty-five years industry experience in information technology and cyber security.  He is currently the Chief Information Security Officer for the City of Chicago.  Prior to joining the City of Chicago, Mr. Coffing held information security positions at Bank of America and at consulting firm Accenture.  Mr. Coffing holds the Certified Information Systems Security Professional (CISSP) certification.

As more Personally Identifiable Information is collected, stored or created, the specter of customer privacy issues are looming large. Privacy and Security methodologies are starting to be dictated by those in State houses, Congress and Supra-regional governments.  Enterprises need to take a long hard look at the information they are capturing and how they secure it to determine whether the potential value outweighs the potential risk.   - How do your current Security and Privacy practices match up against upcoming  laws in Europe, US other parts of the world?  - Are you prepared to deal with new laws with huge fines? What about Private Right of Action? - Are you anticipating what is coming down the road?  Takeaways: - Understand the implications of new laws are as well as your risks - Understand how to comply with upcoming laws - Understand how contracts and data flow will be impacted - Ways to drive your organization to implement - How can this be beneficial for you personally  

As more Personally Identifiable Information is collected, stored or created, the specter of customer privacy issues are looming large. Privacy and Security methodologies are starting to be dictated by those in State houses, Congress and Supra-regional governments. Enterprises need to take a long hard look at the information they are capturing and how they secure it to determine whether the potential value outweighs the potential risk. - How do your current Security and Privacy practices match up against upcoming  laws in Europe, US other parts of the world? - Are you prepared to deal with new laws with huge fines? What about Private Right of Action?- Are you anticipating what is coming down the road? Takeaways:- Understand the implications of new laws are as well as your risks- Understand how to comply with upcoming laws- Understand how contracts and data flow will be impacted- Ways to drive your organization to implement- How can this be beneficial for you personally  About the speaker: Leon Ravenna, CISO - KAR Auction Services - Leon has over 30 years' experience in  Healthcare, Financial Services and Technology companies. He leads Global Security Strategy, Execution, Privacy and Compliance services.Leon is currently CISO of a $2.5B multi-national company in the auto auction and financial services space. Providing Security, Privacy & Compliance expertise for over 15,000 employees. Leon has led nationwide support, Web & CRM development efforts, data center builds, heavy infrastructure for SaaS companies in the medical and financial space.Leon has extensive experience in Regulatory, Compliance & Privacy having managed ISO27001, HIPAA, SSAE-16, PCI and NIST system builds and audits. In addition to holding a PMP.  Leon holds a CISSP and PMP and is one of a very small group world-wide to hold 6 major Global Privacy certifications including CIPM, CIPP/ C and CIPP/ E, CIPP/ G, CIPP/ US and FIP.

In late 2016, the Mirai Botnet launched the largest DDoSattacks ever recorded. Learn about the teams of researchers racing the stop theattacks, and the criminal groups who were competing to launch ever largerattacks. The presenter will discuss roles played by educational institutions aswell as the impact to the IoT landscape.

In late 2016, the Mirai Botnet launched the largest DDoSattacks ever recorded. Learn about the teams of researchers racing the stop theattacks, and the criminal groups who were competing to launch ever largerattacks. The presenter will discuss roles played by educational institutions aswell as the impact to the IoT landscape. About the speaker: Elliott Peterson is a Special Agent assigned to the FBI'sAnchorage Field Office. A member of Anchorage's Computer Intrusion Squad, he isresponsible for investigating complex botnets, high dollar account takeoverfraud, and Distributed Denial of Service attacks. Prior to joining the FBI,Elliott worked in Higher Education and served as an officer in the UnitedStates Marine Corps. He holds a Bachelor's Degree in Computer Science fromDickinson College and a Master's Degree in Crime Analysis from TiffinUniversity.

Empirical digital forensics examines real-world digital storage media to develop theories about it.  We have built a library of real-world data from 4000 copies of secondary-storage devices including purchased ones.  One project looked at patterns of malware to determine where they were most likely to appear.  A recent project examined software versions, including malicious ones, and tried to distinguish normal software evolution from abnormal.  Other projects rated the value of files and artifacts using novel criteria to enable focusing of investigations.  They then used file and artifact similarities to build models of social networks from the data.

Empirical digital forensics examines real-world digital storage media to develop theories about it.  We have built a library of real-world data from 4000 copies of secondary-storage devices including purchased ones.  One project looked at patterns of malware to determine where they were most likely to appear.  A recent project examined software versions, including malicious ones, and tried to distinguish normal software evolution from abnormal.  Other projects rated the value of files and artifacts using novel criteria to enable focusing of investigations.  They then used file and artifact similarities to build models of social networks from the data. About the speaker: Neil C. Rowe is Professor of Computer Science at the U.S. Naval Postgraduate School where he has been since 1983.  He has a Ph.D. in Computer Science from Stanford University.  His main research interests are in data mining, digital forensics, modeling of deception, and cyberwarfare.  He has also worked on text processing, computational geometry, and intelligent tutoring systems.

How does an organization know which security controls, applications, or programs to implement, when everything is a threat and every system is vulnerable? Looking at cybersecurity through a risk management lens is one way of reducing the noise of the threat environment. This presentation will discuss why having a Cyber Risk Management (CRM) program is a critical piece to an effective cybersecurity program. This presentation discuss the various Cyber Risk Management frameworks, the building blocks of an effective CRM program, regulatory & standards bodies driving cyber-risk management, metrics, CRM life cycle, and finally, how CRM fits into the overall Enterprise Risk Management program. At the end of the presentation the attendees will have the building blocks to start building a Cyber Risk Management program in their organizations. Additionally, this presentation will look at a few case studies through the cyber risk lens and how a CRM program would have aided in identifying those issues and risks.