Keynote Speakers

Prof. Salvatore J. Stolfo

Prof. Salvatore J. Stolfo

Professor of Computer Science at Columbia University, USA


Polymorphic Shellcode: The Demise of Signature-based Detection

Recent work on the analysis of polymorphic shellcode engines suggests that modern obfuscation methods would soon eliminate the usefulness of signature-based network intrusion detection methods and supports growing views that the new generation of shellcode cannot be accurately and efficiently represented by the string signatures which current IDS and AV scanners rely upon. We expand on this area of study by demonstrating several concepts in advanced shellcode polymorphism with a proof-of-concept engine which we call Hydra. Hydra distinguishes itself by integrating an array of obfuscation techniques, such as recursive NOP sleds and multi-layer ciphering into one system while offering multiple improvements upon existing strategies. In total, Hydra simultaneously attacks signature, statistical, disassembly, behavioral and emulation-based sensors, as well as frustrates offline forensics. This engine was developed to present an updated view of the frontier of modern polymorphic shellcode and provide an effective tool for evaluation of IDS systems, Cyber test ranges and other related security technologies.

Biography

Salvatore J. Stolfo received his Ph.D. from NYU Courant Institute in 1979 and has been on the faculty of Columbia ever since. He has published extensively in the areas of parallel computing, AI knowledge-based systems, data mining and most recently computer security and intrusion detection systems (see www.cs.columbia.edu/ids). His research has been supported by DARPA, NSF, ONR, NSA, CIA, IARPA, DHS and numerous companies and state agencies over the years while at Columbia. His IDS lab, established in 1996 and sponsored by DARPA, pioneered the use of data analysis and machine learning techniques for the adaptive generation of novel sensors and anomaly detectors for a variety of tasks in computer security. Professor Stolfo has graduated over 25 PhD students and many dozens of Master's students. The Columbia IDS lab has produced over a dozen patent applications filed by Columbia University for security and privacy technologies some of which have been licensed to commercial enterprises. Professor Stolfo serves as a consultant to DARPA and other federal agencies. Presently he is a member of the National Academy's Naval Study Board Committee on IA for Naval Centric Forces.

Dr. Bart Preneel

Prof. Ir. Bart Preneel

Katholieke Universiteit Leuven, Dept. Elektrotechniek-ESAT /COSIC

Upgrading cryptographic algorithms for network security

Biography

Prof. Ir. Bart Preneel is a full professor (gewoon hoogleraar) in the research group COSIC of the Electrical Engineering Department of the Katholieke Universiteit Leuven in Belgium. His main research area is information security. His research focuses on cryptographic algorithms and protocols as well as their applications to computer and network security and mobile communications. His favourite research topics are hash functions, MAC algorithms, stream ciphers and block ciphers.

He is teaching cryptology, network security, coding theory, and discrete applied algebra at the K.U.Leuven. He has been visiting professor at the Technical University Denmark, the Ruhr Universitaet Bochum (Germany), the Graz University of Technology (Austria), the University of Bergen (Norway), and the Universiteit Gent (Belgium). In '93-'94, he was a research fellow at the University of California at Berkeley.