PaIRS/Bayesian IDS: Finding Bad Actors Without Looking at Content
PaIRS/Bayesian IDS: Finding Bad Actors Without Looking at Content
Tuesday, April 05 | 2:00PM–3:00PM | Bonham B/Third Level
Session Type:
Professional Development
The Columbia PaIRS (point of contact and incident response system) IDS was developed to facilitate the protection of the network from compromised machines, taking into account the totally decentralized nature of support and the policy against looking at any content on our network. These constraints present challenges in using standard intrusion detection systems that depend on packet inspection and the assumption that there is central ownership of computers on the network. PaIRS was built using Netflow data as the primary input, along with leveraging input from external organizations such as REN-ISAC and Shadowserver.
Presenters
Joel Rosenblatt
Director, Computer and Network Security, Columbia University