CS Colloquium on Wednesday, Nov 19 at 11AM Title: Behavioral Authentication for Computer Security Speaker: Carla E. Brodley School of Electrical and Computer Engineering Purdue University MCS 135, 111 Cummington Street Abstract: Understanding the nature of the information flowing into and out of a system or network is fundamental to determining if there is adherence to a usage policy or whether the security of the system has been compromised. In this talk I will describe how behavioral authentication can be used to detect anomalies in the expected behavior of both processes and users. The first application, classifying server traffic, addresses the problem that traditional methods of determining traffic type rely on the port label carried in the packet header to indicate the type of service (e.g., HTTP, Telnet, SSH, etc). This method can fail, however, in the presence of proxy servers that re-map port numbers or host services that have been compromised to act as back doors or covert channels. I will present an approach to classifying server traffic based on models of server stream behavior. The models are learned during a training phase from traffic described using a set of features we designed to capture the behavior of TCP services. In the second application, user-reauthentication, I will describe methods for learning a profile of the valid user and illustrate how this profile can be used to monitor current behavior to detect anomalies, which in turn may indicate either misuse or an intrusion. Bio of the Speaker: Carla E. Brodley is an associate professor in the School of Electrical and Computer Engineering at Purdue University. She received her bachelors degree in Mathematics from McGill University in 1985 and her MS and PhD in computer science from the University of Massachusetts at Amherst in 1991 and 1994. Prof. Brodley's research interests include machine learning, knowledge discovery in databases and computer security. She has worked in the areas of intrusion detection, hardware support for security, classifier formation, unsupervised learning and applications of machine learning to remote sensing, computer security, and content-based image retrieval of medical images. She is the recipient of an NSF Career award. In 2001 she served as program co-chair for the International Conference on Machine Learning (ICML) and in 2004 she will serve as the general chair for ICML. Currently she is an associate editor of the Journal of Artificial Intelligence Research and serves on the editorial board of the Journal of Machine Learning Research. She is a member of the Computing Research Association's Committee on the Status of Women in Computing Research (CRA-W) and she is the editor of the ``Expanding the Pipeline'' column of the Computing Research News. Host: Azer Bestavros (http://www.cs.bu.edu/~best)