Postdoctoral Fellowship Opening

The International Computer Science Institute (ICSI) invites applications for a Postdoctoral Fellow position in the area of applying modern compiler technology to the domain of high-performance network security monitoring.

The Fellow will be working with ICSI's Networking Group on designing, implementing, and evaluating novel approaches for efficient monitoring of large-scale network environments. The position's primary research focus is on developing strategies for compiling high-level analysis descriptions into highly optimized code for execution on current multi-core architectures.

Please see the full posting for more information.

Major NSF Funding for Bro Development

The Bro team is jazzed to announce that the National Science Foundation has awarded a grant of almost $3M to the International Computer Science Institute (ICSI) and the National Center for Supercomputing Applications (NCSA) for extensive Bro development.

The funded project aims specifically at addressing much of the feedback that we have received from Bro users over the years. It will enable us to refine many of the rough edges that the system has accumulated over time[*], improve Bro's performance significantly, and also make it much easier for the community to contribute to the project.

For further information, see the joint ICSI/NCSA press release.

Thanks to everybody who helped make this happen!

[*] Yes, that includes documentation!

Cybercasing the Joint

Earlier this month, we presented a paper on how geotagging can leave users vulnerable to what we termed "cybercasing":

Gerald Friedland, Robin Sommer
Cybercasing the Joint: On the Privacy Implications of Geo-Tagging
Proc. USENIX Workshop on Hot Topics in Security, 2010

This work was featured by the New York Times, ABC News, Toronto Star, and New Scientist.

Machine Learning For Network Intrusion Detection

At last week's IEEE Symposium on Security & Privacy, we presented some thoughts on using machine learning for intrusion detection:

Robin Sommer, Vern Paxson
Outside the Closed World: On Using Machine Learning For Network Intrusion Detection
Proc. IEEE Symposium on Security and Privacy, 2010

Slides are here.

LEET'10 paper on proactive domain blacklisting

At last week's LEET'10 workshop we presented our recent work on proactive domain blacklisting based on registration patterns of domain names used in scams.

• M. Felegyhazi, C. Kreibich, and V. Paxson. On the Potential of Proactive Domain Blacklisting. Third USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '10), 2010, San Jose, CA, USA. (bib)

TCP Performance in Enterprise Networks

Last week at INM/WREN Vern presented our paper (as a proxy for Boris who was stranded in Finland by volcanic ash) on TCP performance observed within the LBNL enterprise network. The paper is:

• Boris Nechaev, Mark Allman, Vern Paxson, Andrei Gurtov. A Preliminary Analysis of TCP Performance in an Enterprise Network. USENIX Internet Network Management Workshop/Workshop on Research on Enterprise Networking (INM/WREN), April 2010.

Early Retransmit

After many years our Early Retransmit specification is now an RFC.

• Mark Allman, Konstantin Avrachenkov, Urtzi Ayesta, Josh Blanton, Per Hurtig. Early Retransmit for TCP and SCTP, April 2010. RFC 5827.