Podcasts about intrusion detection

In this episode of ELI, we speak with Eric Fonseca, Co-Founder of IndoAI, a startup building AI-powered edge cameras and computer vision solutions. Inspired by platforms like iOS, Android, and cloud giants such as Azure and AWS, IndoAI is creating an open ecosystem where third-party developers can innovate and contribute their own AI models and applications. The company aims to revolutionize the way enterprises handle attendance, visitor management, security, and more—right at the edge, ensuring data privacy and real-time responsiveness. Eric shares insights into IndoAI's journey, how the COVID-19 pandemic led them to pivot toward advanced face recognition and AI-driven attendance systems, and how they're scaling up to address various use cases like fire detection, intrusion alerts, and vehicle identification. He also discusses the importance of fostering a developer community, the challenges of changing customer mindsets about AI-based solutions, and the path to building a sustainable AI startup. Timestamps/Chapters: 00:00 Introduction 00:03 Meet Eric Fonseca & Genesis of IndoAI 01:22 Transitioning from Face Recognition to a Full AI Camera Platform 02:10 Early Collaboration with Government & Pandemic Pivot 03:33 Edge AI Cameras Explained: On-Device Processing & Data Privacy 05:31 Emphasis on Real-Time Analytics & On-Premise Data Handling 07:32 Use Cases: Visitor Management, Intrusion Detection & Smart Locks 09:16 Evolving from Attendance Apps to AI-Driven Cameras 10:52 The Concept of “Appization”: AI Model Marketplace for Cameras 12:57 Multiple AI Models: Face Recognition, Intrusion, Fire/Smoke Detection 14:23 Market Strategy: B2G, Societies, Corporates, & Channel Partners 16:56 Building a Developer Ecosystem & Revenue Sharing Model 18:16 Enhancing & Improving Models via Hackathons & Collaborations 19:32 Global Trends: Environmental Monitoring & Gesture Recognition in Pharma 21:43 Future Outlook: Starting in India, Expanding Beyond Borders 22:28 Entrepreneurial Lessons: Overcoming Mindset Barriers & Team Alignment 24:26 Defining Entrepreneurship: Persistence, Consistency & Building Legacy

Network security is undeniably essential for modern cloud-based applications. Given the abundance of available security tools and devices, selecting the most suitable protection for a specific scenario can be a complex task. Take, for example, Azure Firewall and Azure Network Security Groups (NSGs) in the Azure cloud environment; although both are prevalent security measures, they serve distinctly different purposes. What is Azure Firewall? Azure Firewall is a cloud-native, fully-managed firewall service that offers advanced threat protection across OSI layers 3 to 7. It is an intelligent network security tool that extends beyond traditional IP, port, and protocol-based filtering, leveraging threat intelligence and signature-based Intrusion Detection and Prevention Systems (IDPS) to analyze network traffic for potential threats. This comprehensive service is Microsoft's flagship for securing Azure Cloud workloads. View More: Azure Firewall vs. Azure Network Security Groups (NSGs)

Guests: Jules Okafor, BISO and CEO and Founder of RevolutionCyberOn LinkedIn | https://www.linkedin.com/in/julesmgmt/David Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedInOn LinkedIn | https://www.linkedin.com/in/david-meece-cybertech-dave/Jay Jay Davey, Global Security Operations Centre Lead, Marks and SpencerOn LinkedIn | https://www.linkedin.com/in/secopsjay/?originalSubdomain=uk____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesHello to all our listeners out there! Marco and Sean here, and we are thrilled to bring you a special episode today. For the third consecutive year, we've been invited to host a panel for an event that's become a cornerstone for the infosec community. And guess what? We've been involved right from its inception. That's right! We are talking about the SOC Analyst Appreciation Day™, a day designed to shed light on the unsung heroes of the cybersecurity world.Now, for those new to this, let us dive a bit deeper. The life of a SOC analyst isn't always glamorous. They often find themselves caught in the whirlwind of immense workload, sometimes feeling like the weight of the entire digital universe rests on their shoulders. Overworked and, sadly, often underappreciated, these analysts face challenges that can lead to burnout and, ultimately, a high turnover rate.Enter Devo, the brilliant minds behind the establishment of the SOC Analyst Appreciation Day™. Their mission? To offer a hearty shoutout to these hardworking individuals and to prompt organizations globally to step up, recognizing the importance of their analysts' satisfaction and mental well-being.If you've been following the event, you know that this year was jam-packed with on-demand content that was nothing short of enlightening. With presentations from some of the most influential thought leaders in the infosec community, topics ranged from real-life use cases to the intricacies of SOC automation and the critical importance of managing mental well-being in such high-pressure roles.But, listeners, we have a treat for you. Today, we're going to dive deep into one of the event's highlights. We had the privilege of moderating a panel that, trust us, you won't want to miss. So, whether you're a budding SOC analyst, a seasoned pro, or just someone with a keen interest in the world of infosec, sit back, relax, and let's delve into some insightful discussions.This panel will take a look at the ins and outs of SOC life. From the tier one analyst role to leadership positions to everything in between, the day-to-day in each type of SOC can look very different — and this panel will cover all perspectives. Moderated by Sean Martin and Marco Ciappelli from ITSP MagazineJules Okafor, BISO and CEO and Founder of RevolutionCyberDavid Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedInJay Jay Davey, Global Security Operations Centre Lead, Marks and SpencerThanks for tuning in to this special episode. Let's get started!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guests: Jules Okafor, BISO and CEO and Founder of RevolutionCyberOn LinkedIn | https://www.linkedin.com/in/julesmgmt/David Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedInOn LinkedIn | https://www.linkedin.com/in/david-meece-cybertech-dave/Jay Jay Davey, Global Security Operations Centre Lead, Marks and SpencerOn LinkedIn | https://www.linkedin.com/in/secopsjay/?originalSubdomain=uk____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesHello to all our listeners out there! Marco and Sean here, and we are thrilled to bring you a special episode today. For the third consecutive year, we've been invited to host a panel for an event that's become a cornerstone for the infosec community. And guess what? We've been involved right from its inception. That's right! We are talking about the SOC Analyst Appreciation Day™, a day designed to shed light on the unsung heroes of the cybersecurity world.Now, for those new to this, let us dive a bit deeper. The life of a SOC analyst isn't always glamorous. They often find themselves caught in the whirlwind of immense workload, sometimes feeling like the weight of the entire digital universe rests on their shoulders. Overworked and, sadly, often underappreciated, these analysts face challenges that can lead to burnout and, ultimately, a high turnover rate.Enter Devo, the brilliant minds behind the establishment of the SOC Analyst Appreciation Day™. Their mission? To offer a hearty shoutout to these hardworking individuals and to prompt organizations globally to step up, recognizing the importance of their analysts' satisfaction and mental well-being.If you've been following the event, you know that this year was jam-packed with on-demand content that was nothing short of enlightening. With presentations from some of the most influential thought leaders in the infosec community, topics ranged from real-life use cases to the intricacies of SOC automation and the critical importance of managing mental well-being in such high-pressure roles.But, listeners, we have a treat for you. Today, we're going to dive deep into one of the event's highlights. We had the privilege of moderating a panel that, trust us, you won't want to miss. So, whether you're a budding SOC analyst, a seasoned pro, or just someone with a keen interest in the world of infosec, sit back, relax, and let's delve into some insightful discussions.This panel will take a look at the ins and outs of SOC life. From the tier one analyst role to leadership positions to everything in between, the day-to-day in each type of SOC can look very different — and this panel will cover all perspectives. Moderated by Sean Martin and Marco Ciappelli from ITSP MagazineJules Okafor, BISO and CEO and Founder of RevolutionCyberDavid Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedInJay Jay Davey, Global Security Operations Centre Lead, Marks and SpencerThanks for tuning in to this special episode. Let's get started!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

The recent report by Mozilla, shedding light on the privacy concerns around modern vehicles, struck a chord. Notably, every car brand reviewed, including behemoths like Ford, Volkswagen, and Toyota, flunked the privacy test. This revelation steered a fascinating conversation with Chris Pierson and Ingrid Gliottone from BlackCloak during a brand story recording for the Redefining Society podcast. Our focus veered towards the lurking privacy and security issues tied to the modern, tech-savvy vehicles we so casually entrust with our data.The modern car is no longer just a mode of transport—it's a smart gadget, a data hub on wheels. But as the wheels spin, so does the reel of our personal information, weaving into the vast web of data, ready for harvest by not just the car makers, but a string of 'they' – the infotainment system providers, app developers, network providers, and possibly cyber rogues. The conversation took a deeper dive as Chris, the CEO of BlackCloak, elucidated the firm's mission—shielding corporate executives and key personnel from personal cyber threats that could ricochet back to the corporations.The Mozilla report is an alarm bell, underscoring the high time to separate the wheat from the chaff in terms of what data is essential for functionality and what merely serves as a gold mine for advertisers or a hunting ground for cyber-attackers. This blend of privacy and security, or the lack thereof, is a cocktail we are forced to sip, as Ingrid pointed out the lack of clarity presented to buyers at the point of sale concerning the privacy policies tied to these vehicles.The promise of tech advancements in vehicles is dazzling—better shocks for off-roaders, safety features to prevent accidents during a sudden snooze, and so on. Yet, as Chris highlighted, there's a dark side. Some policies mentioned collecting data about one's sex life and genetic information— a far cry from the basic expectations of privacy.As the conversation with BlackCloak unrolled, the blend of excitement and concern was palpable. The question now is not about halting the march of technology but steering it towards a path where privacy and security are not the passengers but co-drivers.The findings from the Mozilla report and insights from BlackCloak are not just food for thought, but a call to action. It is crucial to reckon with the reality of the modern-day vehicles doubling as data hubs and to steer the conversation towards a road where transparency, consent, and security are the landmarks. I urge you to dive into BlackCloak's offerings to explore how they are redefining the security landscape, ensuring the privacy and security of your personal digital realm, including that computer on wheels parked in your driveway. Visit BlackCloak to discover what they offer in shielding the modern-day knights from the unseen arrows of the digital world.Guests:Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonIngrid Gliottone, Chief Experience Officer of BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ingridgliottone/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The recent report by Mozilla, shedding light on the privacy concerns around modern vehicles, struck a chord. Notably, every car brand reviewed, including behemoths like Ford, Volkswagen, and Toyota, flunked the privacy test. This revelation steered a fascinating conversation with Chris Pierson and Ingrid Gliottone from BlackCloak during a brand story recording for the Redefining Society podcast. Our focus veered towards the lurking privacy and security issues tied to the modern, tech-savvy vehicles we so casually entrust with our data.The modern car is no longer just a mode of transport—it's a smart gadget, a data hub on wheels. But as the wheels spin, so does the reel of our personal information, weaving into the vast web of data, ready for harvest by not just the car makers, but a string of 'they' – the infotainment system providers, app developers, network providers, and possibly cyber rogues. The conversation took a deeper dive as Chris, the CEO of BlackCloak, elucidated the firm's mission—shielding corporate executives and key personnel from personal cyber threats that could ricochet back to the corporations.The Mozilla report is an alarm bell, underscoring the high time to separate the wheat from the chaff in terms of what data is essential for functionality and what merely serves as a gold mine for advertisers or a hunting ground for cyber-attackers. This blend of privacy and security, or the lack thereof, is a cocktail we are forced to sip, as Ingrid pointed out the lack of clarity presented to buyers at the point of sale concerning the privacy policies tied to these vehicles.The promise of tech advancements in vehicles is dazzling—better shocks for off-roaders, safety features to prevent accidents during a sudden snooze, and so on. Yet, as Chris highlighted, there's a dark side. Some policies mentioned collecting data about one's sex life and genetic information— a far cry from the basic expectations of privacy.As the conversation with BlackCloak unrolled, the blend of excitement and concern was palpable. The question now is not about halting the march of technology but steering it towards a path where privacy and security are not the passengers but co-drivers.The findings from the Mozilla report and insights from BlackCloak are not just food for thought, but a call to action. It is crucial to reckon with the reality of the modern-day vehicles doubling as data hubs and to steer the conversation towards a road where transparency, consent, and security are the landmarks. I urge you to dive into BlackCloak's offerings to explore how they are redefining the security landscape, ensuring the privacy and security of your personal digital realm, including that computer on wheels parked in your driveway. Visit BlackCloak to discover what they offer in shielding the modern-day knights from the unseen arrows of the digital world.Guests:Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonIngrid Gliottone, Chief Experience Officer of BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ingridgliottone/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Dr. Ryan Ko, Professor of Cybersecurity, University of Queensland [@UQ_News]On Twitter | https://twitter.com/ryan_kl_koOn LinkedIn |https://www.linkedin.com/in/ryan-ko-38894824/________________________________Host: Mansi ThakarOn ITSPmagazine  

Guests: Matthew Canham, CEO, Beyond Layer Seven, LLCOn Linkedin | https://www.linkedin.com/in/matthew-c-971855100/Website | https://drmatthewcanham.com/Ben Sawyer, Professor, University of Central Florida [@UCF]On Linkedin | https://www.linkedin.com/in/bendsawyer/On Twitter | https://twitter.com/bendsawyerWebsite | https://www.bendsawyer.com/____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesWelcome to a fascinating new episode where we delve deep into the confluence of cybersecurity, psychology, and philosophy in the realm of artificial intelligence. In anticipation of their insightful presentation at Black Hat Las Vegas 2023, our hosts Marco and Sean had an engaging conversation with Ben and Matthew, shedding light on the astonishingly rapid developments of AI and the accompanying cybersecurity implications.Within the last few months, the GPT-4 and ChatGPT language models have captivated the world. There is a growing perception that the line between AI and sentience is becoming increasingly blurred, nudging us into uncharted territories. However, one must question if this is genuinely the case, or merely what we want or are predisposed to perceive.Ben and Matthew's research outlines the fundamental "cognitive levers" available to manipulate human users, a threat vector that is more nuanced and insidious than we ever imagined.In their upcoming Black Hat talk, they aim to reveal how AI can exploit our cognitive biases and vulnerabilities, reshaping our perceptions and potentially causing harm. From social engineering to perceptual limitations, our digital realities are at a risk we have never seen before.Listen in as Marco and Sean explore a captivating debate around the nature of reality in the context of our interaction with AI. What we think is real, may not be real after all. How does that affect us as we continue to interact with increasingly sophisticated AI? In a world that often feels like a simulation, are we falling prey to AI's exploitation of our human cognitive operating rules?Marco and Sean also introduce us to the masterminds behind this groundbreaking research, Ben Sawyer, with his background in Applied Experimental Psychology and Industrial Engineering, and Matthew Canham, whose work spans cognitive neuroscience and human interface design. Their combined expertise results in a comprehensive exploration of the intersection between humans and machines, particularly in the current digital age where AI's ability to emulate human-like interactions has advanced dramatically.This thought-provoking episode is a must-listen for anyone interested in the philosophical, psychological, and cybersecurity implications of AI's evolution. The hosts challenge you to think about the consequences of human cognition manipulation by AI, encouraging you to contemplate this deep topic beyond the immediate conversation.Don't miss out on this thrilling journey into the unexplored depths of human-AI interaction.Subscribe to our podcast, share it with your network, and join us in pondering the questions this conversation raises. Be part of the ongoing dialogue around this pressing issue, and we invite you to stay tuned for further discussions in the future.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____ResourcesMe and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants: https://www.blackhat.com/us-23/briefings/schedule/index.html#me-and-my-evil-digital-twin-the-psychology-of-human-exploitation-by-ai-assistants-32661For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:

Guests: Matthew Canham, CEO, Beyond Layer Seven, LLCOn Linkedin | https://www.linkedin.com/in/matthew-c-971855100/Website | https://drmatthewcanham.com/Ben Sawyer, Professor, University of Central Florida [@UCF]On Linkedin | https://www.linkedin.com/in/bendsawyer/On Twitter | https://twitter.com/bendsawyerWebsite | https://www.bendsawyer.com/____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesWelcome to a fascinating new episode where we delve deep into the confluence of cybersecurity, psychology, and philosophy in the realm of artificial intelligence. In anticipation of their insightful presentation at Black Hat Las Vegas 2023, our hosts Marco and Sean had an engaging conversation with Ben and Matthew, shedding light on the astonishingly rapid developments of AI and the accompanying cybersecurity implications.Within the last few months, the GPT-4 and ChatGPT language models have captivated the world. There is a growing perception that the line between AI and sentience is becoming increasingly blurred, nudging us into uncharted territories. However, one must question if this is genuinely the case, or merely what we want or are predisposed to perceive.Ben and Matthew's research outlines the fundamental "cognitive levers" available to manipulate human users, a threat vector that is more nuanced and insidious than we ever imagined.In their upcoming Black Hat talk, they aim to reveal how AI can exploit our cognitive biases and vulnerabilities, reshaping our perceptions and potentially causing harm. From social engineering to perceptual limitations, our digital realities are at a risk we have never seen before.Listen in as Marco and Sean explore a captivating debate around the nature of reality in the context of our interaction with AI. What we think is real, may not be real after all. How does that affect us as we continue to interact with increasingly sophisticated AI? In a world that often feels like a simulation, are we falling prey to AI's exploitation of our human cognitive operating rules?Marco and Sean also introduce us to the masterminds behind this groundbreaking research, Ben Sawyer, with his background in Applied Experimental Psychology and Industrial Engineering, and Matthew Canham, whose work spans cognitive neuroscience and human interface design. Their combined expertise results in a comprehensive exploration of the intersection between humans and machines, particularly in the current digital age where AI's ability to emulate human-like interactions has advanced dramatically.This thought-provoking episode is a must-listen for anyone interested in the philosophical, psychological, and cybersecurity implications of AI's evolution. The hosts challenge you to think about the consequences of human cognition manipulation by AI, encouraging you to contemplate this deep topic beyond the immediate conversation.Don't miss out on this thrilling journey into the unexplored depths of human-AI interaction.Subscribe to our podcast, share it with your network, and join us in pondering the questions this conversation raises. Be part of the ongoing dialogue around this pressing issue, and we invite you to stay tuned for further discussions in the future.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____ResourcesMe and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants: https://www.blackhat.com/us-23/briefings/schedule/index.html#me-and-my-evil-digital-twin-the-psychology-of-human-exploitation-by-ai-assistants-32661For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:

Dopo aver parlato di Antimalware ed EDR è il momento di approfondire la tematica network defence parlando di Intrusion Detection System (IDS)L'episodio sarà fruibile a tutti, e spiegherà la differenza tra i vari tipi di IDS come il signature o anomaly based system.Immancabilmente, anche in questo episodio scopriremo assieme come eludere questo particolare sistema di sicurezza!Seguitemi su Spotify, Itunes, Linkedin ed instagram "@nick.soc" per restare aggiornati sulle nuove pubblicazioni!

Enterprises are building and delivering containers and Kubernetes-based applications to their customers. With a distributed architecture, microservices are communicating with each other and 3rd party APIs to enable information exchange and present it to the customers. Such communication via the internet makes these applications vulnerable to external network-based attacks. In this podcast, we will discuss how traditional runtime threat defense solutions fall short of preventing attacks, and a new approach is required that provides: Workload-based Intrusion Detection and Prevention Systems (IDS/IPS)Deep Packet Inspection (DPI) and application-level visibility for containerized workloadsContainer runtime security with malware protection and zero-day attack protection

A system that monitors for malicious or unwanted activity, and either raises alerts when such activity is detected or blocks the traffic from passing to the target. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-detection-system Audio reference link: “Network Intrusion Detection and Prevention - CompTIA Security+ SY0-501 - 2.1,” Professor Messer, uploaded 16 November, 2017

A system that monitors for malicious or unwanted activity, and either raises alerts when such activity is detected or blocks the traffic from passing to the target. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-detection-system Audio reference link: “Network Intrusion Detection and Prevention - CompTIA Security+ SY0-501 - 2.1,” Professor Messer, uploaded 16 November, 2017

On The Cloud Pod this week, the team discusses Jonathan's penance for his failures. Plus: Microsoft makes moves on non-competes, NDAs, salary disclosures, and a civil rights audit; AWS modernizes mainframe applications for cloud deployment; and AWS CEO Adam Selipsky chooses to be intentionally paranoid. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights

What began as a supposed accounting error landed Cliff Stoll in the midst of database intrusions, government organizations, and the beginnings of a newer threat—cyber-espionage. This led the eclectic astronomer-cum-systems administrator to create what we know today as intrusion detection. And it all began at a time when people didn't understand the importance of cybersecurity. This is a story that many in the infosec community have already heard, but the lessons from Stoll's journey are still relevant. Katie Hafner gives us the background on this unbelievable story. Richard Bejtlich outlines the “honey pot” that finally cracked open the international case. And Don Cavender discusses the impact of Stoll's work, and how it has inspired generations of security professionals.If you want to read up on some of our research on ransomware, you can check out all our bonus material over at redhat.com/commandlineheroes. Follow along with the episode transcript.  

Maybe you know the joke about the guy who sells smart home security systems: if nobody's home, he leaves the brochure on the kitchen table! That sounds creepy, right? Call Welch Security LLC (352-209-6011) or check it out at https://www.welchsecurity.com (https://www.welchsecurity.com)

In this episode we are going to look at Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS) Characteristics.We will be discussing Zero-Day Attacks, Monitor for Attacks, Intrusion Prevention and Detection Devices, and finally Advantages and Disadvantages of IDS and IPS.Thank you so much for listening to this episode of my series on Network Security.Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.com-------------------------------------------------------Network Security v1Episode 11 - IPS TechnologiesPart A - IDS and IPS CharacteristicsPodcast Number: 43-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment 

Paul Rivera, Founder of Def-Logix, was interviewed by Adam Torres on Mission Matters Business Podcast. Paul Rivera says he believes cybersecurity must be updated to meet the ever-advancing threat of cyber-attacks. The Def-Logix founder has two decades of experience in cyber security; specializing in computer and network security. He began his career creating network and host-based Intrusion Detection and Prevention Systems (IDS/IPS). Now his company focuses on building red and blue team technologies and has also partnered with Cyber Ops Training Academy with a mission to upskill the cyber security workforce.Follow Adam on Instagram at https://www.instagram.com/askadamtorres/ for up to date information on book releases and tour schedule.Apply to be interviewed by Adam on our podcast:https://missionmatters.lpages.co/podcastguest/Visit our website:https://missionmatters.com/

Paul Rivera, Founder of Def-Logix, was interviewed by Adam Torres on Mission Matters Innovation Podcast. Paul Rivera says he believes cybersecurity must be updated to meet the ever-advancing threat of cyber-attacks. The Def-Logix founder has two decades of experience in cyber security; specializing in computer and network security. He began his career creating network and host-based Intrusion Detection and Prevention Systems (IDS/IPS). Now his company focuses on building red and blue team technologies and has also partnered with Cyber Ops Training Academy with a mission to upskill the cyber security workforce.Follow Adam on Instagram at https://www.instagram.com/askadamtorres/ for up to date information on book releases and tour schedule.Apply to be interviewed by Adam on our podcast:https://missionmatters.lpages.co/podcastguest/Visit our website:https://missionmatters.com/

It's easy to get sucked into the world of technology, often forgetting that there are humans behind the keyboards creating the technology. There's a program out of Texas changing this reality by using a book on deception and honeypots to study cyber attacker behavior.When I saw this post (https://twitter.com/Dr_Cybercrime/status/1462506991012786190/), I knew immediately I wanted to learn more about how a practitioner's book could be used  to change how we teach the next generation of cybersecurity practitioners - blue teams, red teams, and purple teams alike.During this conversation we get to hear from a practitioner/author, a professor, and a student. We look back to ancient Egyptian tomb-protection practices and work our way to a future where we keep a close eye on the humans with technology. Yes, even though we continue to throw all sorts of technology at the problems we face (yep, the same ones we humans have created), the human is still at the center of these scenarios.As with most things, there's no single easy answer to a problem. This remains true here in this conversation as we ended up talking about the ethical lines drawn around how and where we can study the how/when/why people (bad actors) act when presented with a a variety of opportunities to take advantage of a situation. Is it OK to track bad actors and their behavior? How far can that be taken? Can we do like the ancient Egyptians and lock someone in our cyber tomb if we catch them in a place they shouldn't be?Regardless of your position on this matter, we bring this episode to you "em hotep."____________________________GuestsC. Jordan HowellOn LinkedIn | https://www.linkedin.com/in/c-jordan-howell-39ba4718b/On Twitter | https://twitter.com/Dr_CybercrimeChris SandersOn LinkedIn | https://www.linkedin.com/in/chrissanders88/On Twitter | https://twitter.com/chrissanders88William PalafoxOn LinkedIn | https://www.linkedin.com/in/williamjpalafox/On Twitter | https://twitter.com/wpalafox91____________________________This Episode's SponsorsHITRUST: https://itspm.ag/itsphitwebImperva: https://itspm.ag/rsaarchweb____________________________ResourcesBook | Intrusion Detection Honeypots: Detection through Deception: https://www.amazon.com/dp/1735188301/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-securityAre you interested in sponsoring an ITSPmagazine Channel?

Matthias Fey is the creator of the Pytorch Geometric library and a postdoctoral researcher in deep learning at TU Dortmund Germany. He is a core contributor to the Open Graph Benchmark dataset initiative in collaboration with Stanford University Professor Jure Leskovec. 00:00 Intro 00:50 Pytorch Geometric Inception 02:57 Graph NNs vs CNNs, Transformers, RNNs 05:00 Implementation of GNNs as an extension of other ANNs 08:15 Image Synthesis from Textual Inputs as GNNs 10:48 Image classification Implementations on augmented Data in GNNs 13:40 Multimodal Data implementation in GNNs 16:25 Computational complexity of GNN Models 18:55 GNNAuto Scale Paper, Big Data Scalability 24:39 Open Graph Benchmark Dataset Initiative with Stanford, Jure Leskovec and Large Networks 30:14 PyG in production, Biology, Chemistry and Fraud Detection 33:10 Solving Cold Start Problem in Recommender Systems using GNNs 38:21 German Football League, Bundesliga & Playing in Best team of Worst League 41:54 Pytorch Geometric in ICLR and NeurIPS and rise in GNN-based papers 43:27 Intrusion Detection, Anomaly Detection, and Social Network Monitoring as GNN implementation 46:10 Raw data conversion to Graph format as Input in PyG 50:00 Boilerplate templates for PyG for Citizen Data Scientists 53:37 GUI for beginners and Get Started Wizards 56:43 AutoML for PyG and timeline for Tensorflow Version 01:02:40 Explainability concerns in PyG and GNNs in general 01:04:40 CSV files in PyG and Structured Data Explainability 01:06:32 Playing Bass, Octoberfest & 99 Red Balloons 01:09:50 Collaboration with Stanford, OGB & Core Team 01:15:25 Leaderboards on Benchmark Datasets at OGB Website, Arvix Dataset 01:17:11 Datasets from outside Stanford, Harvard, Facebook etc 01:19:00 Kaggle vs Self-owned Competition Platform 01:20:00 Deploying Arvix Model for Recommendation of Papers 01:22:40 Future Directions of Research 01:26:00 Collaborations, Jurgen Schmidthuber & Combined Research 01:27:30 Sharing Office with a Dog, 2 Rabbits and How to train Cats

Anthony Eisenman is a blackbelt salesperson. Overcoming adversity as a child, Anthony knew that he wasn't going to live life by society's expectations. While initially struggling with how to make it in the world and create opportunities for himself, Anthony was able to generate significant income by following a path that he created for himself. He is at the top of the game and his field. He is a National Account Manager for NAVCO where he specializes in IP Video, Cloud Access, and Intrusion Detection as well as a top 1% salesperson, generating over $300,000,000 in revenue for several Fortune 500 companies. He is additionally a coach for up-and-coming salespeople as well as the host of his own podcast The Anthony Eisenman Show. We speak with Anthony about the value and versatility of sales skills and experience, and the many different options of fields in which salespeople can work. We speak about the different industries that exist as well as the importance of finding a company that works for your specific interests and values. We additionally discuss the importance of self-reflection, as well as the true value of setting goals and expectations for yourself as a way of honing your craft and being your best possible self. Anthony goes into depth into techniques for entering the salesforce and how to succeed in any field that you enter. What You Will Learn How to become a blackbelt salesperson Techniques for overcoming negative thought patterns How to learn more about the salesforce Different paths within the sales industry Importance of goal setting Value of honing your craft

What is a Smart Contract and NFTs? Crypto Assets Explained Part 7 Welcome to the CEO of Destiny PodcastPart 7 of our interview with our guest Mr. Jake Ryan where he shares about:What is a Smart Contract?What you need to know about NFTs?Non Fungible Tokens (NFTs) are:-Unique items-Show ownership or guarantee of an item-Works really well with digital assetsBlockchains can be used to eliminate fraudWhat is Web 3.0?About Jake Ryan:He is the founder and CIO of Tradecraft Capital, which runs a macro/thesis driven crypto fund. He brings 20 years of expertise in software development to the world of crypto asset investing. Jake is also an advisor to several venture-backed startups, a mentor at Mucker Capital, an advisor at Hypothesis Ventures and a strategic advisor at Diversis Capital, a private equity firm.Jake earned a BS in computer science from the University of Texas at Austin. He is a 1st author of published work in the field of applying artificial intelligence to network security, “Intrusion Detection with Neural Networks”, which has over 700 Google Scholar Citations.Jake's book, Crypto Asset Investing in the Age of Autonomy, is published by Wiley. He lives in Austin with his wife and young son.Connect with Jake:Twitter: @tradecraftjakeInstagram: @tradecraftjakeLinkedIn: jakeryanBook: https://ageofautonomy.com/Crypto Firm: https://www.tradecraft.capital/Thanks for listening!Let me know your thoughts and leave a note on the comment section below.Don't forget to subscribe to iTunes!Leave a review on iTunes. Your rate and review will be a great help and I read each one. SUBSCRIBE to my YouTube Channel! What is a Smart contract and NFTs? FREE download: 11 Secret's about your Destiny Connect with me: @ceoofdestiny

How to Invest in Crypto Assets I Crypto Assets ExplainedPart 6 Welcome to the CEO of Destiny Podcast with our guest Mr. Jake Ryan.This exciting episode where he shares about:-Sound Money as Investment-Autonomous protocols and platforms (Ethereum & Solana)-Governance Tokens ex. Compound-Technology-Wallets and ExchangesAbout Jake Ryan:He is the founder and CIO of Tradecraft Capital, which runs a macro/thesis driven crypto fund. He brings 20 years of expertise in software development to the world of crypto asset investing. Jake is also an advisor to several venture-backed startups, a mentor at Mucker Capital, an advisor at Hypothesis Ventures and a strategic advisor at Diversis Capital, a private equity firm.Jake earned a BS in computer science from the University of Texas at Austin. He is a 1st author of published work in the field of applying artificial intelligence to network security, “Intrusion Detection with Neural Networks”, which has over 700 Google Scholar Citations.Jake's book, Crypto Asset Investing in the Age of Autonomy, is published by Wiley. He lives in Austin with his wife and young son.Connect with Jake:Twitter: @tradecraftjakeInstagram: @tradecraftjakeLinkedIn: jakeryanBook: https://ageofautonomy.com/Crypto Firm: https://www.tradecraft.capital/Thanks for listening!Let me know your thoughts and leave a note on the comment section below.Don't forget to subscribe to iTunes!Leave a review on iTunes. Your rate and review will be a great help and I read each one. SUBSCRIBE to my YouTube Channel! INVESTING IN CRYPTO ASSETS FREE download: 11 Secret's about your Destiny Connect with me: @ceoofdestiny

“The Best Crypto Resources” Crypto Assets ExplainedPart 5 This exciting episode where our guest Mr. Jake Ryan shares the best resources on crypto such as:BOOKS:- Crypto Assets- Age of Cryptocurrency- The Bitcoin Standard- Technological Revolution on Financial CapitalPODCASTS:- The Quiet Master of Cryptocurrency- Unconfirmed & Unchained Podcast- Blockchain and Cryptocurrency OTHER RESOURCES:- Telegraph- RedditAbout Jake Ryan:He is the founder and CIO of Tradecraft Capital, which runs a macro/thesis driven crypto fund. He brings 20 years of expertise in software development to the world of crypto asset investing. Jake is also an advisor to several venture-backed startups, a mentor at Mucker Capital, an advisor at Hypothesis Ventures and a strategic advisor at Diversis Capital, a private equity firm.Jake earned a BS in computer science from the University of Texas at Austin. He is a 1st author of published work in the field of applying artificial intelligence to network security, “Intrusion Detection with Neural Networks”, which has over 700 Google Scholar Citations.Jake's book, Crypto Asset Investing in the Age of Autonomy, is published by Wiley. He lives in Austin with his wife and young son.Connect with Jake:Twitter: @tradecraftjakeInstagram: @tradecraftjakeLinkedIn: jakeryanBook: https://ageofautonomy.com/Crypto Firm: https://www.tradecraft.capital/Thanks for listening!Let me know your thoughts and leave a note on the comment section below.Don't forget to subscribe to iTunes!Leave a review on iTunes. Your rate and review will be a great help and I read each one. SUBSCRIBE to my YouTube Channel! THE BEST CRYPTO RESOURCES FREE download: 11 Secret's about your Destiny Connect with me: @ceoofdestiny

“Long-Wave Economic Cycles” Crypto Assets ExplainedPart 4 This episode is Part 4 of the CEO of Destiny Podcast where we interview our guest Mr. Jake Ryan and he talks about Long-Wave Economic Cycles. You'll learn:- What is Long Wave Economic Cycles - Crypto Assets Explained? - What is Unfunded liability? - How they can select investments? - What is the difference of just working a job and just putting your money in the bank? - What is the importance of evaluating investment class? - What is blockchain?About Jake Ryan:He is the founder and CIO of Tradecraft Capital, which runs a macro/thesis driven crypto fund. He brings 20 years of expertise in software development to the world of crypto asset investing. Jake is also an advisor to several venture-backed startups, a mentor at Mucker Capital, an advisor at Hypothesis Ventures and a strategic advisor at Diversis Capital, a private equity firm.Jake earned a BS in computer science from the University of Texas at Austin. He is a 1st author of published work in the field of applying artificial intelligence to network security, “Intrusion Detection with Neural Networks”, which has over 700 Google Scholar Citations.Jake's book, Crypto Asset Investing in the Age of Autonomy, is published by Wiley. He lives in Austin with his wife and young son.Connect with Jake:Twitter: @tradecraftjakeInstagram: @tradecraftjakeLinkedIn: jakeryanBook: https://ageofautonomy.com/Crypto Firm: https://www.tradecraft.capital/Thanks for listening!Let me know your thoughts and leave a note on the comment section below.Don't forget to subscribe to iTunes!Leave a review on iTunes. Your rate and review will be a great help and I read each one. SUBSCRIBE to my YouTube Channel! LONG-WAVE ECONOMIC CYCLES FREE download: 11 Secret's about your Destiny Connect with me: @ceoofdestiny

Part 3 of this exciting episode with our guest Jake Ryan where he shares: Knowledge Doubling Curve Learning and Unlearning Why saving is the most unsafe and risky thing to do? Why it's too big to pay back debt? About Jake Ryan: He is the founder and CIO of Tradecraft Capital, which runs a macro/thesis driven crypto fund. He brings 20 years of expertise in software development to the world of crypto asset investing. Jake is also an advisor to several venture-backed startups, a mentor at Mucker Capital, an advisor at Hypothesis Ventures and a strategic advisor at Diversis Capital, a private equity firm. Jake earned a BS in computer science from the University of Texas at Austin. He is a 1st author of published work in the field of applying artificial intelligence to network security, “Intrusion Detection with Neural Networks”, which has over 700 Google Scholar Citations. Jake's book, Crypto Asset Investing in the Age of Autonomy, is published by Wiley. He lives in Austin with his wife and young son.

“What is a Double Coincidence of Wants?” Crypto Assets ExplainedPart 2 Part 2 of this exciting episode with our guest Jake Ryan where he shares:What is a Double Coincidence of Wants?What is money?Function of Money? How money is created ?About Jake Ryan:He is the founder and CIO of Tradecraft Capital, which runs a macro/thesis driven crypto fund. He brings 20 years of expertise in software development to the world of crypto asset investing. Jake is also an advisor to several venture-backed startups, a mentor at Mucker Capital, an advisor at Hypothesis Ventures and a strategic advisor at Diversis Capital, a private equity firm.Jake earned a BS in computer science from the University of Texas at Austin. He is a 1st author of published work in the field of applying artificial intelligence to network security, “Intrusion Detection with Neural Networks”, which has over 700 Google Scholar Citations.Jake's book, Crypto Asset Investing in the Age of Autonomy, is published by Wiley. He lives in Austin with his wife and young son.Connect with Jake:Twitter: @tradecraftjakeInstagram: @tradecraftjakeLinkedIn: https://www.linkedin.com/in/jakeryanBook: https://ageofautonomy.com/Crypto Firm: https://www.tradecraft.capital/Thanks for listening!Let me know your thoughts and leave a note on the comment section below.Don't forget to subscribe to iTunes!Leave a review on iTunes. Your rate and review will be a great help and I read each one. SUBSCRIBE to my YouTube Channel! What is a Double Coincidence of Wants? FREE download: 11 Secret's about your Destiny Connect with me: @ceoofdestiny

What is a hedge fund? In this episode we get a little of Jake's origin story in investing as well as define what is a hedge fund? About Jake Ryan: He is the founder and CIO of Tradecraft Capital, which runs a macro/thesis driven crypto fund. He brings 20 years of expertise in software development to the world of crypto asset investing. Jake is also an advisor to several venture-backed startups, a mentor at Mucker Capital, an advisor at Hypothesis Ventures and a strategic advisor at Diversis Capital, a private equity firm. Jake earned a BS in computer science from the University of Texas at Austin. He is a 1st author of published work in the field of applying artificial intelligence to network security, “Intrusion Detection with Neural Networks”, which has over 700 Google Scholar Citations. Jake's book, Crypto Asset Investing in the Age of Autonomy, is published by Wiley. He lives in Austin with his wife and young son.

Learn the skills that employers are looking for in a growing industry with RITx. More details here https://tidd.ly/3mq2V3e (https://tidd.ly/3mq2V3e)

In this interview we speak with Tim Jones, Managing Director and Stefan Prandl, Chief Technology Officer of Hyprfire. Hyprfire is an Australian cybersecurity start-up which has innovated the application of Power Law Statistical Distributions and Behavioural Analytics to achieve effective, real-time network anomaly detection. Get a copy of the Firebug Whitepaper here www.hyprfire.com/whitepaper #cybersecurity #networkdetection #IDS To view the MySec.TV interview - visit https://youtu.be/JEg8z0ndtWI

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 14 today we are discussing about What is an IDS?Well, an IDS stands for the Intrusion Detection System.This is a device or a piece of software that's installed on a system or a network,and it will analyze all of the data that passes through it.It does this so that it can try to identify any incidents or attacks.Intrusion Detection Systems come in two different varieties,the host-based Intrusion Detection System and the network-based Intrusion Detection System.The first one we're going to talk about is a host-based Intrusion Detection System,also called an H-I-D-S.This usually takes the form as a piece of software that's installed on your computer or on a server and it will protect it.Now, the host-based Intrusion Detection System will sit there and log everything that it thinks is suspicious.We'll talk about what might be suspicious in just a moment.The second type is what's known as a network-based Intrusion Detection System,or a NIDS, N-I-D-S.This is a piece of hardware that's installed on your network.And all the traffic goes through that switch,and then it will get a copy of that sent down to the Network Intrusion Detection System.If it's suspicious, it'll log it and it'll alert on it.Now, how do we know what these systems will alert on?Well, they're going to use one of three different methods.They're either going to use signature-based,policy-based, or anomaly-based detection.Signature-based detection is where the system is looking for a specific string of bytes that'll trigger the alert.This works like any other signature-based product.This computer is going to continually search over and over for a known specific key.And any time it sees that combination of letters or bytes,it knows that it's malicious.It'll flag it and it will alert on it.The next type is what's known as policy-based detection.This is going to rely on a specific declaration of the security policy.For example, if your company has a policy that no one is allowed to use Telnet,any time this system sees somebody trying to connect on port 23, which is the port for Telnet,it's going to flag it,log it, and alert on it The third type is statistical anomaly-based detection. Often, this is referred to as just anomaly-based detection or statistical-based detection.This is going to analyze all of the current traffic patterns against an established baseline,and anytime it sees something that goes outside the statistical norm,it's going to alert on it.So if I've been watching your network for a while and I know what normal looks like,and everybody always works from nine in the morning until five in the afternoon,and now I start seeing somebody downloading large amounts of data around two o'clock in the morning,that's outside our normal baseline and we would flag that and alert on that.Now, speaking of alerts,let's talk about what these alerts me There are four different types of alerts.They're either true positive, true negative,false positive, or false negative.Now, a true positive means something bad happened and the system flagged it and alerted on it.That's good because it means our system is tuned properly.A true negative means something good or normal happened and the system didn't flag it.Again, that's good,because our system's working like it should.But when we get into something like false positives,this is where some legitimate activity is being as identified as an attack.For example, if you log on the computer and you start up Microsoft Word, that's authorized.But if the system thought that was malicious and flagged it and alerted on it,that's considered a false positive.Now, next we have what's called a false negative.This is when something bad happens but it's identified as legitimate activity.In other words, it isn't flagged and it wasn't alerted on.

SHOW: Season 1, Show 4OVERVIEW: From the creators of the Internet's #1 Cloud Computing podcast, The Cloudcast, Aaron Delp (@aarondelp) and Brian Gracely (@bgracely) introduce this new podcast,  Cloudcast Basics.  What does security mean in the cloud? Data Protection (Encryption), Key Management, Firewalls, Intrusion Detection, IAM (Authentication, SSO, etc.), Monitoring/Threat-DetectionHow is security allocated? “Defense-in-Depth”, many layers of protecting the network, protecting data, protecting APIs, preventing service denials, managing users/accountsHow was security allocated before cloud computing? What does the cloud computing provider do with a security offering (responsibilities vs. customer responsibilities? Lots of variety, depending on the serviceWhy are there so many variations of security? (the entire stack needs to be secured, from infrastructure to applications to user interactions)Does it matter where the security is located? How do clouds organize the security (availability zones, regions, etc.)?How much does security cost in the cloud? What are the various ways you can buy security? Native services vs. 3rd-party services.Examples:AWS - https://aws.amazon.com/products/security/Azure - https://azure.microsoft.com/en-us/product-categories/security/Google Cloud - https://cloud.google.com/securityOracle Cloud - https://www.oracle.com/security/IBM Cloud - https://www.ibm.com/cloud/securitySUBSCRIBE: Please subscribe anywhere you get podcasts (Apple Podcasts, Google Podcasts, Spotify, Stitcher, Amazon Music, Pandora, etc.).CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwLEARNING CLOUD COMPUTING:Here are some great places to begin your cloud journey, if you're interested in getting hands-on experience with the technology, or you'd like to build your skills towards a certification. CBT Nuggets - Training and CertificationsA Cloud Guru - Training and CertificationsCloud Academy - Training and CertificationsKatakoda - Self-Paced, Interactive LearningGitHub - Code Samples and CollaborationFEEDBACK?Web: Cloudcast Basics Email: show at cloudcastbasics dot netTwitter: @cloudcastbasics

Intrusion Detection Honeypots are fake services, data, and tokens placed inside the network to lure attackers into interacting with them to give away their presence. If you can control what the attacker sees and thinks, you can control what the attacker does.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw668

Intrusion Detection Honeypots are fake services, data, and tokens placed inside the network to lure attackers into interacting with them to give away their presence. If you can control what the attacker sees and thinks, you can control what the attacker does.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw668

Using semi-supervised learning, I propose an anomaly-based network intrusion detection system (NIDS) to detect and classify anomalous and/or malicious traffic. With this proposed machine learning approach, we detect botnet traffic and distinguish it from the normal and background traffic in the IPv4 flow datasets. I evaluate the prediction performance results for the flow-based NIDS algorithms. I show an improvement in detection accuracy and reduction in error rates, when compared with signature-based NIDS and previous studies. About the speaker: Dr. Nandi Leslie is an Engineering Fellow at Raytheon Technologies, serving as an Applied Mathematician and Principal Investigator at the U.S. Combat Capabilities Development Command/Army Research Laboratory (ARL)customer, since 2015. She supports the Raytheon Intelligence and Space business area and ARL on research and development projects related to machine learning, and cyber and electromagnetic activities. Dr. Leslie has published over 40papers in journal, conference proceedings, magazines, and government technical reports on machine learning,cybersecurity, network resilience, submarine security, and mathematical biology with over 375 citations. She has given over 30 research talks at national and international conferences in both unclassified and classified settingsBefore joining Raytheon, Dr. Leslie led and contributed to multi-target tracking projects at Systems Planning and Analysis, Inc. from 2007 to 2015. In this role, she served as Program Manager and Senior Operations Research Analyst, and she developed modeling approaches for the U.S. Navy Submarine Security Program, Office of the Secretary of Defense (OSD), and Joint Program Offices, using stochastic processes, to understand various tactical problems in different domains; such as submarine search and detection in oceanographic and atmospheric environmental conditions for the Navy, and damage assessments and remediation of cyber attacks to the Defense Industrial Base for OSD. In addition, she spent two years as a Lecturer and Postdoctoral Researcher at the University of Maryland, College Park in Department of Mathematics from 2005 to 2007. She earned her Ph.D. in Applied and Computational Mathematics from Princeton University in 2005, where her research focused on developing and analyzingspatially-explicit stochastic models of deforestation in forest ecosystems of the Neotropics.

Using semi-supervised learning, I propose an anomaly-based network intrusion detection system (NIDS) to detect and classify anomalous and/or malicious traffic. With this proposed machine learning approach, we detect botnet traffic and distinguish it from the normal and background traffic in the IPv4 flow datasets. I evaluate the prediction performance results for the flow-based NIDS algorithms. I show an improvement in detection accuracy and reduction in error rates, when compared with signature-based NIDS and previous studies.

https://www.matrickz.de In this short snippet with Hasain Alshakarti, a seasoned cybersecurity expert. He talks about how an intrusion detection system should work with a car. Watch the whole episode here: https://youtu.be/lUKl0Xm6AOA #automotive #selfdriving #softwaredevelopment #matrickz #AUTOSAR #automotiveindustry #matrickztv #autonomous #safety #security #intrusion #detection

In this episode, Chris and Ron learn about the impressive background of Kris Harms. Kris has a decorated career and extensive experience in Intrusion Detection, Incident Response, and Threat Hunting. He's been an early member at both Mandiant and Cylance which resulted in successful acquisitions.

Containers like Docker offer new automation awesomeness, portability and predictability. But traditional security tools and ops are only the start of reducing your risks. John Morello from Twistlock, Alfredo Hickman from Rackspace and Kellman Meghu from Sycomp pull the container stack apart to reveal security gaps.Please read NIST Application Container Security Guide co-authored by John Morellohttps://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-190.pdfAnd read Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux by Alfredo Hickmanhttps://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245

Ransomware As a Service https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/ libcurl Vulnerability http://seclists.org/oss-sec/2018/q1/94 Hide 'N Seek IoT Botnet https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/ Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245

Ransomware As a Service https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/ libcurl Vulnerability http://seclists.org/oss-sec/2018/q1/94 Hide 'N Seek IoT Botnet https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/ Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245

Für fast jedes Unternehmen kommt der Tag, an dem es zu spät ist: Leute und Programme, die da eindeutig nicht hingehören, haben sich im Firmennetz breitgemacht. Doch was nun? Stecker ziehen? Glasfaser durchschneiden? Wie merkt man eigentlich, dass noch ein paar Augenpaare mehr Einsicht in die eigenen Daten haben? Und wie sieht der Alltag von Leuten aus, die Firmen beruflich bei solchen Problemen begleiten? Das alles und wie man Eindringlinge erkennt, wie man auf sie reagiert und ob auch ein Hobby-Admin Maßnahmen ergreifen kann bespricht Marcus Richter mit Experten aus dem Chaos-Dunstkreis.

vSphere Data Protection Known SSH Key http://www.vmware.com/security/advisories/VMSA-2016-0024.html nmap Update https://nmap.org/download.html SCCM Software Metering https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html CryptXXX Version 3 Decryptor Available https://noransom.kaspersky.com Airline Inflight Entertainment System Hack http://blog.ioactive.com/2016/12/in-flight-hacking-system.html SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017 https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth

vSphere Data Protection Known SSH Key http://www.vmware.com/security/advisories/VMSA-2016-0024.html nmap Update https://nmap.org/download.html SCCM Software Metering https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html CryptXXX Version 3 Decryptor Available https://noransom.kaspersky.com Airline Inflight Entertainment System Hack http://blog.ioactive.com/2016/12/in-flight-hacking-system.html SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017 https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth

When Google's DeepMind won against one of the best modern Go champions, is used multiple AI approaches and exposed gaps in some individual strategies. This even has shed more light on AI, but also on the utility in combining approaches to AI for individual problems. Data security is one of these problem areas where multiple AI approaches is being used to make our information safer. Dr. Sal Stolfo has been a professor at Columbia in Computer Science since 1972 and is now also the CEO of Allure Security, with a focus on engineering network intrusion detection solutions using AI applications. In this episode, Stolfo talks about the various styles of AI and statical methods that have been and are being used to detect malicious activity, as well as how he believes the future of security is going to have to adapt as increasing amounts of data become available.

In this show we will learn how to detect and keep the bad guys out of your network. We will also be talking about the importance of watching your internal network. To learn all about install to administration of Windows Server 2008 R2, Windows 2012 R2 and VMWare ESXi. Check out my online courses at: http://classroom.jackstechcorner.com Don’t let the low cost full you! I have been training server personal for years and I can teach you also. Sign up today! Please check out out web site at: http://www.tipsfromtheserverroom.com. Thanks for tuning into the show. Our voice number: 724-701-0550

Chigula — a framework for Wi-Fi Intrusion Detection and Forensics Vivek Ramachandran, Founder, SecurityTube.net and Pentester Academy Most of Wi-Fi Intrusion Detection & Forensics is done today using million dollar products or spending hours applying filters in Wireshark :) Chigula aims to solve this by providing a comprehensive, extensible and scriptable framework for Wi-Fi intrusion detection and forensics. A non-exhaustive list of attacks which will be detected using this framework include: Attack tool detection - Aireplay-NG, Airbase-NG, Mdk3 etc. Honeypot, Evil Twin and Multipot attacks Rogue devices Vulnerable clients based on Probed SSIDs Hosted network based backdoors MAC spoofing Deauthentication attacks Disassociation attacks Channel Jamming attacks using duration field Vivek Ramachandran discovered the Caffe Latte attack, broke WEP Cloaking and publicly demonstrated enterprise Wi-Fi backdoors. He is the author of "Backtrack 5: Wireless Penetration Testing" which has sold over 13,000+ copies worldwide. He is the founder of SecurityTube.net and runs SecurityTube Training & Pentester Academy which has trained professionals from 90 countries. He has spoken/trained at DEF CON, Blackhat USA/Europe/Abu Dhabi, Brucon, Hacktivity etc. conferences. Twitter: @securitytube Facebook: https://www.facebook.com/pagesectube

It was once said that the last time one had full control of their software was right before they released it. This is ever more important as organizations move applications and services into a public cloud to support a mobile lifestyle. Clouds have been described as "a safe and secure private cloud", "a semi-trusted partner cloud", or "a wild wild west full and open public cloud". It's typically toward the latter in which the industry has been moving. Because of this, one must understand their Attack Surface and threat environment to ensure that they have focused on "building security in" to their application. About the speaker: Randall Brooks, Engineering Fellow, Raytheon, has more than 15 years of experience in Cybersecurity with expertise in Software Assurance (SwA) and secure development life cycles (SDLC). He has been awarded three US patents on Intrusion Detection and Prevention, and three US andone UK patent(s) on Cross Domain solutions. He is also a CISSP, CSSLP, ISSEP, ISSAP and an ISSMP. He is a graduate of Purdue University with a Bachelors of Science from the School of Computer Science. He represents Raytheon within the U.S. International Committee for Information Technology Standards Cyber Security 1 (CS1). E-mail: brooks@raytheon.com

The Facebook security team will share how we approach the securitychallenges involved in protecting the identities of over a billion userson our site. This talk is partly about our culture, and partly on how wetake a practical, risk-based approach to security. In the first part ofthe talk Mark Crosbie will give an overview of our culture, how we thinkabout security and what makes Facebook unique in the industry in thisregard. Then Tim Tickel and Four Flynn will give an in-depth look atFacebook's easy to use internal multi-factor authentication deployment.We will discuss our motivations, how our solution works, technical andsecurity trade-offs, deployment problems, and outstanding issues. About the speaker: Mark Crosbie is head of information security for Facebook EMEA. His focusis on the areas of data protection, privacy, controlling access toinformation and intelligently managing risk for user data. He works withFacebook security, legal, policy and user operation teams worldwide onaddressing security challenges. Mark has 20 years experience ininformation security in multiple domains. Prior to joining Facebook Markled development of security policy for the IBM CIO where he also led ateam of ethical hackers who specialised in software penetration testing.Before joining IBM Mark was a member of the corporate security programoffice at Hewlett-Packard where he led a global program to delivere-Passport and national identity systems. Mark has done extensive work inthe areas of biometrics and intrusion detection, and holds numerouspatents on key security innovations. Mark graduated with an MsC fromPurdue University computer science under Prof. Gene Spafford in 1995, anda bachelors from Trinity College Dublin in 1993. Mark lives in Irelandwith his family and a very large pile of Lego.Tim Tickel is a security engineer specializing in enterprise securityand large-scale linux infrastructure. He currently works at Facebookwhere he spends much of his time solving auth problems at scale. Priorto Facebook, Tim worked as a security engineer at Google. Tim holds aMasters in Computer Science and Information Assurance from GeorgeWashington University and a Bachelors in Computer Science from PurdueUniversity.John "Four" Flynn is an expert in Information Security with over 10 yearsof experience in the field. At Google, he was the founder and leadarchitect of Google's innovative Intrusion Detection group which led tothe successful detection of the Aurora attack in December 2009. Four alsoled Google's Security Operations team where he pioneered innovativeapproaches to Enterprise IT Security. He is a technical advisor to both aprominent political campaign and a top tier Venture Capital firm. Fourholds a Masters in Computer Science and Information Assurance from GeorgeWashington University as well as a Bachelors in Computer Engineering fromthe University of Minnesota. Currently he works as a Security Engineer atFacebook.

The ongoing convergence of Industrial Control Systems (ICSs) with the Internet introduces many challenges from security perspective. Particularly, the smart energy grid as large ICS and critical infrastructure, requires especial protection as the consequences of its failure can be severe. However, even a careful system design cannot prevent all attacks in advance. For this reason, the smart grid requires an additional line of defence that can be provided by a Collaborative Intrusion Detection System (CIDS) to detect unknown and ongoing attacks. In this paper, we describe the requirements to a CIDS for deployment in the smart grid. Furthermore, we discuss the design choices for such a system and summarize the arising challenges in the deployment of CIDSs in smart grids as well as present initial ideas to address them.

SCADA (Supervisory Control And Data Acquisition) systems have always been susceptible to cyber-attacks. Different types of cyber-attacks could occur depending on the architecture and configurations used in the SCADA system. To protect cyber infrastructure from above attacks a growing collaborative effort between cyber security professionals and researchers from private and academia has involved in designing variety of intelligent intrusion detection systems. This paper introduces a new European Framework-7 project CockpitCI and roles of intelligent machine learning methods to prevent SCADA systems from cyber-attacks.

There is a long history of supply chain management, from which many related policies, practices, processes, and enabling artifacts have been developed and employed by those business enterprises that acquire hardware and software components from a third party. Traditionally, Supply Chain Risk Management (SCRM) has been the focal point of supply chain practices and has focused on business and contractual issues, although recent efforts have increasingly included engineering expertise for product quality evaluations.This presentation advocates the introduction of a security assurance dimension to the SCRM process. It does not, however, propose the addition of an independent, parallel track of SCRM process for security assurance evaluation, but rather practical steps for augmenting those SCRM processes that already exist.Just as is the case in legacy SCRM, the cyber dimension of SCRM is based on assessing and balancing risk vs. cost. The goal is to minimize the added costs associated with improved information assurance by efficiently incorporating relevant practices industry, government, and academia to provide a security assurance dimension into the supply chain process.SCRM-relevant industry and government practices will be presented in this paper in such a way that supply chain staff can easily make use of them, even without a background in information security. Also, it will be clearly noted when subcontract management, information assurance engineering, or other business or technical expertise may be needed to complement traditional supply chain activities in the pursuit of cyber-based SCRM.Points of discussion common to both hardware and to software component acquisition will include:1. Acquirer business risk2. End customer mission criticality and mission assurance3. Subcontract management4. Supplier secure development assessment5. Supplier management practices for their suppliers6. Supplier business assessment7. Product assessmentPoints of discussion peculiar to hardware component acquisition will include:1. Quality vs. counterfeiting vs. malicious alteration2. ASICS, FPGAs, and microprocessors3. Information storage in volatile memory4. Information storage in non-volatile memory and permanent disk storagePoints of discussion peculiar to software component acquisition will include:1. COTS, contracted software, open source, and freeware2. Software pedigree and provenance3. License management of open source About the speaker: Mr. Brooks, a twelve year Raytheon employee, is an Engineering Fellow in the Cyber Defense Solutions business area in Largo, FL. He is a recipient of the Raytheon Excellence in Technology Meritorious and Distinguished Awards. He has developed and submitted 4 patents on Intrusion Detection and Prevention design and implementation with 3 Patents awarded. He is also a Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), Information Systems Security Engineering Professional (ISSEP), Information Systems Security Architecture Professional (ISSAP), and an Information Systems Security Management Professional (ISSMP). He is a graduate of Purdue University with a Bachelors of Science from the School of Computer Science.

Brian talks with Rand Wacker (@randwacker), VP of Products at CloudPassage, to talk about trends in Cloud Security, changing deployment models, new threats and why their holistic approach may make it easier for customer to enable new cloud services for their business.

Regular expression (RegEx) matching is a core component of deep packet inspection in modern networking and security devices. Prior RegEx matching algorithms are either software-based or FPGA-based. Software-based solutions have to be implemented in customized ASIC chips to achieve high-speed, the limitations of which include high deployment cost and being hard-wired to a specific solution and thus limited ability to adapt to new RegEx matching solutions. Although FPGA-based solutions can be modified, resynthesizing and updating FPGA circuitry in a deployed system to handle RegEx updates is slow and difficult. In this talk, we present the first hardware-based RegEx matching solution that uses Ternary Content Addressable Memories (TCAMs), which are off-the-shelf chips and have been widely deployed in modern networking devices for packet classification. There are three main reasons why TCAM-based RegEx matching works well. First, a small TCAM is capable of encoding a large Deterministic Finite Automata (DFA) with carefully designed algorithms leveraging the ternary nature and first-match semantics of TCAMs. Second, TCAMs facilitate high-speed RegEx matching because TCAMs are essentially high-performance parallel lookup systems: any lookup takes constant time (i.e, a few CPU cycles) regardless of the number of occupied entries. Third, because TCAMs are off-the-shelf chips that are widely deployed in modern networking devices, it is easy to design networking devices that include our TCAM based RegEx matching solution. About the speaker: Alex X. Liu is currently an assistant professor in the Department of Computer Science and Engineering at Michigan State University. He received his Ph.D. degree in Computer Science from The University of Texas at Austin in 2006. He received the IEEE & IFIP William C. Carter Award in 2004 and the National Science Foundation CAREER Award in 2009. His special research interests are in networking, security, and privacy. His general research interests include computer systems, distributed computing, and dependable systems.

Regular expression (RegEx) matching is a core component of deep packet inspection in modern networking and security devices. Prior RegEx matching algorithms are either software-based or FPGA-based. Software-based solutions have to be implemented in customized ASIC chips to achieve high-speed, the limitations of which include high deployment cost and being hard-wired to a specific solution and thus limited ability to adapt to new RegEx matching solutions. Although FPGA-based solutions can be modified, resynthesizing and updating FPGA circuitry in a deployed system to handle RegEx updates is slow and difficult. In this talk, we present the first hardware-based RegEx matching solution that uses Ternary Content Addressable Memories (TCAMs), which are off-the-shelf chips and have been widely deployed in modern networking devices for packet classification. There are three main reasons why TCAM-based RegEx matching works well. First, a small TCAM is capable of encoding a large Deterministic Finite Automata (DFA) with carefully designed algorithms leveraging the ternary nature and first-match semantics of TCAMs. Second, TCAMs facilitate high-speed RegEx matching because TCAMs are essentially high-performance parallel lookup systems: any lookup takes constant time (i.e, a few CPU cycles) regardless of the number of occupied entries. Third, because TCAMs are off-the-shelf chips that are widely deployed in modern networking devices, it is easy to design networking devices that include our TCAM based RegEx matching solution.

Code injection attacks, in their various forms, have been in existence and been an area of consistent research for a number of years. A code injection attack is a method whereby an attacker inserts malicious code into a running computing system and transfers execution to his malicious code. In this way he can gain control of a running process or operating system due to the fact that his injected code will run at the same privilege level as the entity being attacked. At the user-level, these attacks can be used to gain access to a system through an application bug. At the kernel-level, they are commonly used to install kernel rootkits and hide an attacker's presence on a machine.In this talk I will discuss code injection with regards to the memory architecture of modern computer systems. I will compare two common memory architectures, von Neumann and Harvard, with respect to their susceptibility to code injection attacks and the advantages and disadvantages of each in practice. Based on this, I will present a third memory architecture which is immune to code injection attacks and describe implementations of it that are able to stop code injection at the user and kernel levels. My experimental results show that this architecture is able to effectively and efficiently prevent code injection attacks against unmodified operating systems and applications running on standard x86 hardware. About the speaker: Ryan Riley is a doctoral candidate and research assistant at Purdue University in West Lafayette, IN. His research interests include Operating System and Network Security, Intrusion Detection and Prevention, Virtualization Technology, Distributed Systems, and Cloud Computing . He received a bachelor's in Computer Engineering in 2004 and a master's in Computer Science in 2006. He is preparing to graduate with his Ph.D. In Computer Science in August 2009 and is hoping to enter academia.

Wed, 17 Dec 2008 12:00:00 +0100 https://edoc.ub.uni-muenchen.de/9506/ https://edoc.ub.uni-muenchen.de/9506/1/Otto_vor_dem_gentschen_Felde_Nils.pdf Otto vor dem gentschen Felde, Nils ddc:500, ddc:510, Fakultät für Mathematik, Informatik und Statistik

Abstract 1:Real-time logic (RTL) is useful for the verification of a safety assertion with respect to the specification of a real-time system. Since the satisfiability problem for RTL is undecidable, the systematic debugging of a real-time system appears impossible. With RTL, each propositional formula corresponds to a verification condition. The number of truth assignments of a propositional formula can help us determine the specific constraints which should be added or modified to derive the expected solutions. This talk describes this debugging approach and how it can be embedded into autonomous systems. We have implemented a tool called ADRTL for automatic debugging of RTL specifications. The confidence of our approach is high as we have effectively evaluated ADRTL on several existing industrial applications, including the NASA X-38 Crew Return Vehicle avionics.Abstract 2:Embedded systems are becoming ubiquitous and are increasingly interconnected or networked, making them more vulnerable to security attacks. A large class of these systems such as SCADA and PCS has real-time and safety constraints. Therefore, in addition to satisfying these requirements, achieving system security emerges as a critical challenge to ensure that users can trust these embedded systems to perform correct operations. One objective in a secure system is to identify attacks by detecting anomalous system behaviors. This part of the talk describes the challenges in the design and implementation of such intrusion detection system (IDS), addressing (1) accuracy: the IDS identifies no or as few false positives as the resource (time, space, power, etc.) and/or policy constraints allow, and no or as few false negatives as the resource and/or policy constraints allow; (2) efficiency/timeliness: the IDS does not violate the host embedded system's application deadlines and has a reasonable space overhead; (3) scalability: the IDS can scale to work with large embedded systems; and (4) power-awareness: the IDS does not significantly reduce the operational period of battery-powered embedded systems. We conclude with an outline of one of several promising embedded IDS approaches under investigation. This approach is based on automatic rule-base generation and semantic analysis. About the speaker: Albert M. K. Cheng received the B.A. with Highest Honors in Computer Science, graduating Phi Beta Kappa, the M.S. in Computer Science with a minor in Electrical Engineering, and the Ph.D. in Computer Science, all from The University of Texas at Austin, where he held a GTE Foundation Doctoral Fellowship. Dr. Cheng is currently a tenured Associate Professor in the Department of Computer Science at the University of Houston, where he is the founding Director of the Real-Time Systems Laboratory. He has served as a technical consultant for several organizations, including IBM, and was also a visiting faculty in the Departments of Computer Science at Rice University (2000) and at the City University of Hong Kong (1995).Dr. Cheng is the author/co-author of over 100 refereed publications in real-time/embedded systems and related areas, and has received numerous awards, including the U.S. National Science Foundation Research Initiation Award (now known as the NSF CAREER award). His recent paper titled ``Automatic Debugging of Real-Time Systems Based on Incremental Satisfiability Counting'' in the July 2006 issue of the IEEE Transactions on Computers has been selected as its Featured Article. He has been invited to present seminars, tutorials, and panel positions at over 30 conferences, has given invited seminars/keynotes at over 30 universities and organizations. He is and has been on the technical program committees of over 100 conferences, symposia, workshops, and editorial boards (including the IEEE Transactions on Software Engineering, 1998-2003). Currently, he is on the TPC of RTSS, RTAS, RTCSA, ESO, EC, ICEIS, ICINCO, SE, SEA, AIA, CNIS, CCN, ISC, and PDCN, and is the Program Chair of the 10th International Conference on SOFTWARE ENGINEERING AND APPLICATIONS (SEA), November 2006, Dallas, Texas. He is a Senior Member of the IEEE. Dr. Cheng is the author of the new senior/graduate-level textbook entitled Real-Time Systems: Scheduling, Analysis, and Verification (John Wiley & Sons), 2nd printing with updates, 2005.

Abstract 1: Real-time logic (RTL) is useful for the verification of a safety assertion with respect to the specification of a real-time system. Since the satisfiability problem for RTL is undecidable, the systematic debugging of a real-time system appears impossible. With RTL, each propositional formula corresponds to a verification condition. The number of truth assignments of a propositional formula can help us determine the specific constraints which should be added or modified to derive the expected solutions. This talk describes this debugging approach and how it can be embedded into autonomous systems. We have implemented a tool called ADRTL for automatic debugging of RTL specifications. The confidence of our approach is high as we have effectively evaluated ADRTL on several existing industrial applications, including the NASA X-38 Crew Return Vehicle avionics. Abstract 2: Embedded systems are becoming ubiquitous and are increasingly interconnected or networked, making them more vulnerable to security attacks. A large class of these systems such as SCADA and PCS has real-time and safety constraints. Therefore, in addition to satisfying these requirements, achieving system security emerges as a critical challenge to ensure that users can trust these embedded systems to perform correct operations. One objective in a secure system is to identify attacks by detecting anomalous system behaviors. This part of the talk describes the challenges in the design and implementation of such intrusion detection system (IDS), addressing (1) accuracy: the IDS identifies no or as few false positives as the resource (time, space, power, etc.) and/or policy constraints allow, and no or as few false negatives as the resource and/or policy constraints allow; (2) efficiency/timeliness: the IDS does not violate the host embedded system's application deadlines and has a reasonable space overhead; (3) scalability: the IDS can scale to work with large embedded systems; and (4) power-awareness: the IDS does not significantly reduce the operational period of battery-powered embedded systems. We conclude with an outline of one of several promising embedded IDS approaches under investigation. This approach is based on automatic rule-base generation and semantic analysis.

Over the years intrusion detection technology has improved to the point that it is highly useful to both the commercial and non-commercial sector. This technology is, however, by no means anything close to perfect. Even the best intrusion detection systems miss a fairly large proportion of attacks that occur; they also tend to yield unacceptably high false alarm rates. Correlating the output of multiple systems and devices is a promising solution for the limitations in today's intrusion detection systems. There have been numerous advances in intrusion detection event correlation, yet this technology lags behind intrusion detection technology. How events are correlated makes a big difference concerning the value of event correlation. This talk will cover the various approaches to event correlation as well as their advantages and disadvantages. About the speaker: Eugene Schultz, Ph.D., CISM, CISSP, is the Chief Technology Officer and Chief Information Security Officer at High Tower Software, a company that develops security event management software. He is the author/ co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 110 published papers. Gene is the Editor-in-Chief of _Computers and Security_ and is an associate editor of _Network Security_ and _Information Security Bulletin_. He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update and is on the technical advisory board of three companies. He has been professor of computer science at various universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Over the years intrusion detection technology has improved to the point that it is highly useful to both the commercial and non-commercial sector. This technology is, however, by no means anything close to perfect. Even the best intrusion detection systems miss a fairly large proportion of attacks that occur; they also tend to yield unacceptably high false alarm rates. Correlating the output of multiple systems and devices is a promising solution for the limitations in today's intrusion detection systems. There have been numerous advances in intrusion detection event correlation, yet this technology lags behind intrusion detection technology. How events are correlated makes a big difference concerning the value of event correlation. This talk will cover the various approaches to event correlation as well as their advantages and disadvantages.

This topic will present the proposal/idea/work from the author's master graduate project about effective detection of SQL Injection exploits while lowering the number of false positives. It gives detail analysis example of how database auditing could help this case, and also presents the challenge with anomaly detection for this attack and how the author tried to solve them. Finally a correlation between the two will be presented. Yuan Fan, CISSP, has worked in the network security area for more than 7 years. He currently works for ArcSight as a Software Engineer. He holds a Master of Computer Engineering degree from San Jose State University. The tool he is writing for master graduate research project related to this topic is a Java-based, multilayer anomaly intrusion detection system.

This topic will present the proposal/idea/work from the author's master graduate project about effective detection of SQL Injection exploits while lowering the number of false positives. It gives detail analysis example of how database auditing could help this case, and also presents the challenge with anomaly detection for this attack and how the author tried to solve them. Finally a correlation between the two will be presented. Yuan Fan, CISSP, has worked in the network security area for more than 7 years. He currently works for ArcSight as a Software Engineer. He holds a Master of Computer Engineering degree from San Jose State University. The tool he is writing for master graduate research project related to this topic is a Java-based, multilayer anomaly intrusion detection system.

"The Achilles' heel of network IDSs lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS to raise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets to produce false alerts, thereby lowering the defences of the IT infrastructure. Our thesis is that one of the main reasons why NIDSs show a high false positive rate is that they do not correlate input with output traffic: by observing the output determined by the alert-raising input traffic, one is capable of reducing the number of false positives in an effective manner. To demonstrate this, we have developed APHRODITE (Architecture for false Positives Reduction): an innovative architecture for reducing the false positive rate of any NIDS (be it signature-based or anomaly-based). APHRODITE consists of an Output Anomaly Detector (OAD) and a correlation engine; in addition, APHRODITE assumes the presence of a NIDS on the input of the system. For the OAD we developed POSEIDON (Payl Over Som for Intrusion DetectiON): a two-tier network intrusion detection architecture. Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the two systems. APHRODITE is able to reduce the rate of false alarms from 50% to 100% (improving accuracy) without reducing the NIDS ability to detect attacks (completeness). Emmanuele Zambon pursued an MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for an year at Information Risk Management division in KPMG Italy. He is author and researcher of the POSEIDON paper. Damiano Bolzoni pursued a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebIT and many security conferences in Netherlands. Presently, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management."

The Achilles' heel of network IDSs lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS to raise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets to produce false alerts, thereby lowering the defences of the IT infrastructure. Our thesis is that one of the main reasons why NIDSs show a high false positive rate is that they do not correlate input with output traffic: by observing the output determined by the alert-raising input traffic, one is capable of reducing the number of false positives in an effective manner. To demonstrate this, we have developed APHRODITE (Architecture for false Positives Reduction): an innovative architecture for reducing the false positive rate of any NIDS (be it signature-based or anomaly-based). APHRODITE consists of an Output Anomaly Detector (OAD) and a correlation engine; in addition, APHRODITE assumes the presence of a NIDS on the input of the system. For the OAD we developed POSEIDON (Payl Over Som for Intrusion DetectiON): a two-tier network intrusion detection architecture. Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the two systems. APHRODITE is able to reduce the rate of false alarms from 50% to 100% (improving accuracy) without reducing the NIDS ability to detect attacks (completeness). Emmanuele Zambon pursued an MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for an year at Information Risk Management division in KPMG Italy. He is author and researcher of the POSEIDON paper. Damiano Bolzoni pursued a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebIT and many security conferences in Netherlands. Presently, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management."

"The Achilles' heel of network IDSes lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS traise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets tproduce false alerts, thereby lowering the defences of the IT infrastructure. Our thesis is that one of the main reasons why NIDSs show a high false positive rate is that they dnot correlate input with output traffic: by observing the output determined by the alert-raising input traffic, one is capable of reducing the number of false positives in an effective manner. Tdemonstrate this, we have developed APHRODITE (Architecture for false Positives Reduction): an innovative architecture for reducing the false positive rate of any NIDS (be it signature-based or anomaly-based). APHRODITE consists of an Output Anomaly Detector (OAD) and a correlation engine; in addition, APHRODITE assumes the presence of a NIDS on the input of the system. For the OAD we developed POSEIDON (Payl Over Som for Intrusion DetectiON): a two-tier network intrusion detection architecture. Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the twsystems. APHRODITE is able treduce the rate of false alarms from 50% t100% (improving accuracy) without reducing the NIDS ability tdetect attacks (completeness)." DamianBolzoni received a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebbIT and many security conferences in Netherlands. At the moment, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management.

"n this talk, after briefly reviewing why we should build a good anomaly-based intrusion detection system, we will briefly present twIDS prototypes developed at the Politecnicdi Milanfor network and host based intrusion detection through unsupervised algorithms. We will then use them as a case study for presenting the difficulties in integrating anomaly based IDS systems (as if integrating usual misuse based IDS system was not complex enough...). We will then present our ideas, based on fuzzy aggregation and causality analysis, for extracting meaningful attack scenarios from alert streams, building the core of the first 360 anomaly based IDS. Also, we will introduce some brand new ideas for correlation based on statistical fitting tests." Andrew Walenstein is a Research Scientist at the Center for Advanced Computer Studies at the University of Louisiana at Lafayette. He is currently studying methods for malware analysis, and brings in experience from the area of reverse engineering and human-computer interaction. He received his Ph.D. from Simon Fraser University in 2002.

We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of each parameter inside user requests and applies the most suitable model to detect attacks. We define 3 basic types: numerical, short and long texts. The idea behind this is that, e.g., if we observe only integer values and later some text, that is likely to be an attack (e.g. SQL Injection or XSS). For numerical parameters, a type checker is applied. For short texts (text with fixed length or slight variations), Sphinx uses a grammar checker: grammars are built observing the parameter content (during the training phase) and then used to check the similarity of new content during detection. Long texts are typically e-mail/forum messages, which change often their length and would produce infeasible grammars. For this kind of content we use a modified version of our NIDS POSEIDON, using n-gram analysis. Furthermore, Sphinx can actively support the deployment of WAFs like ModSecurity: e.g. if we are deploying an ad hoc web application, most probably we need to spend a lot of time on writing signatures (or when 3rd parties? software is used). Once Sphinx accomplishes the training phase, it can automatically generates ModSecurity-style signatures for numerical and (some) short-text parameters, making the deployment much easier.

We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of each parameter inside user requests and applies the most suitable model to detect attacks. We define 3 basic types: numerical, short and long texts. The idea behind this is that, e.g., if we observe only integer values and later some text, that is likely to be an attack (e.g. SQL Injection or XSS). For numerical parameters, a type checker is applied. For short texts (text with fixed length or slight variations), Sphinx uses a grammar checker: grammars are built observing the parameter content (during the training phase) and then used to check the similarity of new content during detection. Long texts are typically e-mail/forum messages, which change often their length and would produce infeasible grammars. For this kind of content we use a modified version of our NIDS POSEIDON, using n-gram analysis. Furthermore, Sphinx can actively support the deployment of WAFs like ModSecurity: e.g. if we are deploying an ad hoc web application, most probably we need to spend a lot of time on writing signatures (or when 3rd parties? software is used). Once Sphinx accomplishes the training phase, it can automatically generates ModSecurity-style signatures for numerical and (some) short-text parameters, making the deployment much easier.

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs. In the first half of the talk, I will describe our data mining framework for constructing ID models. This framework mines activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records, which are processed according to the feature definitions, to generate intrusion detection rules. This framework is a "toolkit" (rather than a "replacement") for the IDS developers. I will discuss the design and implementation issues in utilizing expert domain knowledge in our framework. In the second half of the talk, I will give an overview of our current research efforts, which include: cost-sensitive analysis and modeling techniques for intrusion detection; information-theoretic approaches for anomaly detection; and correlation analysis techniques for understanding attack scenarios and early detection of intrusions. About the speaker: Wenke Lee is an Assistant Professor in the Computer Science Department at North Carolina State University. He received his Ph.D. in Computer Science from Columbia University and B.S. in Computer Science from Zhongshan University, China. His research interests include network security, data mining, and workflow management. He is a Principle Investigator (PI) for research projects in intrusion detection and network management, with funding from DARPA, North Carolina Network Initiatives, Aprisma Management Technologies, and HRL Laboratories. He received a Best Paper Award (applied research category) at the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-99), and Honorable Mention (runner-up) for Best Paper Award (applied research category) at both KDD-98 and KDD-97. He is a member of ACM and IEEE.

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs. In the first half of the talk, I will describe our data mining framework for constructing ID models. This framework mines activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records, which are processed according to the feature definitions, to generate intrusion detection rules. This framework is a "toolkit" (rather than a "replacement") for the IDS developers. I will discuss the design and implementation issues in utilizing expert domain knowledge in our framework. In the second half of the talk, I will give an overview of our current research efforts, which include: cost-sensitive analysis and modeling techniques for intrusion detection; information-theoretic approaches for anomaly detection; and correlation analysis techniques for understanding attack scenarios and early detection of intrusions.