Watch the Recorded Webinar
The mature signature-based intrusion detection technology has been the first line of defense in the cyberspace. However, due to the perpetual cat-and-mouse game and asymmetry natures of cybersecurity, high-risk assets susceptible to advanced persistent threats need to be equipped with proactive defense mechanisms, beyond the conventional reactive signature-based scanning. A more sophisticated cyber-defense technique is program anomaly detection, which builds models to represent properties of normal executions of programs and detect behavior deviations during execution. The advantage of anomaly detection techniques is their potential to detect new attacks. However, existing demonstrations are limited to lab environments. Multiple challenges need to be addressed, before such tools can be widely deployed in production systems.
This webinar will highlight recent success in demonstrating substantial improvements in the accuracy under control-flow and data-oriented attacks in Linux, including malicious code reuse, security bypass, and service abuse. One of our technical enablers is the in-depth integration of static program analysis with dynamic learning methods (e.g., HMM) on system-, library-, and function-call traces. The webinar will also describe exciting future research directions on hardware-assisted fast tracing, anomaly-detection as a service, supporting domain experts for inter-disciplinary anomaly discovery, and standardizing evaluation.
Daphne Yao is an associate professor of computer science at Virginia Tech. In the past decade, she has been working on designing and developing data-driven anomaly detection techniques for securing networked systems against stealthy exploits and attacks. Her expertise also includes mobile security. Dr. Yao received her Ph.D. in Computer Science from Brown University. Dr. Yao is an Elizabeth and James E. Turner Jr. '56 Faculty Fellow and L-3 Faculty Fellow. She received the NSF CAREER Award in 2010 for her work on human-behavior driven malware detection and the ARO Young Investigator Award for her semantic reasoning for mission-oriented security work in 2014. She has several Best Paper Awards (e.g., ICNP '12, CollaborateCom '09, and ICICS '06) and Best Poster Awards (e.g., ACM CODASPY '15). She was given the Award for Technological Innovation from Brown University in 2006. She held multiple U.S. patents for her anomaly detection technologies. Dr. Yao is an associate editor of IEEE Transactions on Dependable and Secure Computing (TDSC). She serves as PC members in numerous computer security conferences, including ACM CCS. She has over 75 peer-reviewed publications in major security and privacy conferences and journals. Daphne is an active member of the security research community. She is currently running for Secretary/Treasurer at ACM Special Interest Group on Security, Audit and Control (SIGSAC) in the 2017 election.