********************************************************************


                                                     Seminar

             Department of Systems Engineering and Engineering Management
                                  The Chinese University of Hong Kong

------------------------------------------------------------------------------------------

 

 

 

Title

:

User Session Modeling for Effective Application Intrusion Detection

 

 

 

Speaker

:

Prof. Ramamohanarao Kotagiri

 

 

Department of Computer Science and Software Engineering

 

 

The University of Melbourne

 

 

 

Date

:

January 9th, 2009 (Friday)

 

 

 

Time

:

4:30 p.m. - 5:30 p.m.

 

 

 

Venue

:

Room 513

 

 

William M.W. Mong Engineering Building

 

 

(Engineering Building Complex Phase 2)

 

 

CUHK

 

 

 

------------------------------------------------------------------------------------------

Abstract:
 

With the number of data breaches on a rise, effective and efficient
detection of anomalous activities in applications which manages data
is critical. We introduce a novel approach to improve attack
detection at application layer by modeling user sessions as a sequence
of events instead of analyzing every single event in isolation. We
show that combining application access logs and the corresponding data
access logs to generate unified logs eliminates the need to analyze
them separately thereby resulting in an efficient and accurate
system. We evaluate various methods such as conditional random fields,
support vector machines, decision trees and naive Bayes, and
experimental results show that our approach based on conditional
random fields is effective and can detect attacks at an early stage
even when they are disguised within normal events.


-------------------------------------------------------------------------------------------

Biography:
 

Professor Ramamohanarao (Rao) Kotagiri received his degrees BE at
Andhra University, ME at the Indian Institute of Science, Bangalore
and PhD at Monash University. He was awarded the Alexander von
Humboldt Fellowship in 1983. He has been at the University Melbourne
since 1980 and was appointed a professor in computer science in
1989. Rao held several senior positions including Head of Computer
Science and Software Engineering, Head of the School of Electrical
Engineering and Computer Science at the University of Melbourne,
Deputy Director of Centre for Ultra Broadband Information Networks,
Co-Director of the Key Centre for Knowledge-Based Systems, and
Research Director for the Cooperative Research Centre for Intelligent
Decision Systems. He served as a member of the Australian Research
Council Information Technology Panel. He served on the Prime
Minister\'s Science, Engineering and Innovation Council working party
on Data for Scientists. He also served on the Editorial Boards of the
Computer Journal. At present he is on the Editorial Boards for
Universal Computer Science, the Journal of Knowledge and Information
Systems, IEEE TKDE (Transactions on Knowledge and Data Engineering),
Journal of Statistical Analysis and Data Mining and VLDB (Very Large
Data Bases) Journal. He served as a program committee member of
several International conferences including SIGMOD, IEEE ICDM, VLDB,
ICLP and ICDE. He was the program Co-Chair for VLDB, PAKDD, DASFAA and
DOOD conferences. He is a steering committee member of IEEE ICDM,
PAKDD and DASFAA. Rao is a Fellow of the Institute of Engineers
Australia, Australian Academy Technological Sciences and Engineering
and Australian Academy of Science. Rao has research interests in the
areas of Database Systems, Logic Based Systems, Agent Oriented
Systems, Information Retrieval, Data Mining, Intrusion Detection and
Machine Learning.


************************* ALL ARE WELCOME ************************

 

 

 

Host

:

Prof. Jeffrey Xu Yu

Tel

:

(852) 2609-8309

Email

:

yu@se.cuhk.edu.hk

 

 

 

Enquiries

:

Prof. Nan Chen or Prof. Sean X. Zhou

 

:

Department of Systems Engineering and Engineering Management

 

 

CUHK

Website

:

http://www.se.cuhk.edu.hk/~seg5810

Email

:

seg5810@se.cuhk.edu.hk

 

 

 

********************************************************************