|
 |
I am a staff researcher in the networking group at the International Computer Science Institute, Berkeley, CA. I am also a member of the Advanced Computing for Science Department at the Lawrence Berkeley National Laboratory, and I work with the Lab's cyber security team. Before coming out to Berkeley, I was a Ph.D. student in Anja Feldmann's group at TU München, Germany (now at Deutsche Telekom Laboratories). Before that, I got a diploma in Computer Science from University of Paderborn, Germany.
(Complete CV.)
My primary research focus is the network security area, with a particular emphasis on high-performance network monitoring in operational settings. More generally, I'm interested in understanding the capabilities and limitations of network technology as well as the characteristics of real-world Internet traffic.
Some projects I am involved with have their own web sites:
The Bro network intrusion detection system.
The Time Machine, a high-performance packet bulk recorder.
There is a list of my publications as well as a selection of slides I used for talks.
From time to time I also contribute to the blog of ICSI's networking group.
Steering Committee DIMVA
Program Co-Chair RAID 2010
Program Chair DIMVA 2007
Program Committee DIMVA 2010, 2009, 2008, 2006, 2005
Program Committee EC2ND 2010
Program Committee Networking 2010, 2009
Program Committee SAC 2010 - INFSEC Track
Program Committee CoNGN 2008
Program Committee ICISS 2008
Program Committee IEEE MCN 2008
Program Committee CRITIS 2007
A Python module providing bindings for Broccoli, Bro's client communication library.
A Python script, trace-summary, which generates summaries of network traffic from either libpcap traces or Bro connection logs.
The Python module PySubnetTree provides an efficient data structure for doing longest-prefix CIDR lookups.
A small tool called capstats to collect real-time statistics from a network interface.
A little patch and some scripts for using abook with mutt.
Some add-ons for flow-tools.
A Linux kernel patch for capturing network packets by non-roots.
A patch which adds two-dimensional workspace selection to DesktopManager (for Mac OS X).
A dict.leo.org mode for the JED editor.