|
 |
I am a staff researcher in the networking group at the International Computer Science Institute, Berkeley, CA. I am also a member of the Advanced Computing for Science Department at the Lawrence Berkeley National Laboratory, and I work with the Lab's cyber security team. Before coming out to Berkeley, I was a Ph.D. student in Anja Feldmann's group at TU München, Germany (now at Deutsche Telekom Laboratories). Before that, I got a diploma in Computer Science from University of Paderborn, Germany.
(Complete CV.)
My primary research focus is the network security field, with a particular emphasis on high-performance network intrusion detection in operational settings. More generally, I'm interested in understanding the capabilities and limitations of network technology as well as the characteristics of real-world network traffic.
Some projects I am involved with have their own web sites:
The Bro network intrusion detection system.
The Time Machine, a high-performance packet bulk recorder.
There is a list of my publications as well as a selection of slides I used for talks.
From time to time I also contribute to the blog of ICSI's networking group.
Steering Committee DIMVA
Program Committee Networking 2009
Program Committee CoNGN 2008
Program Committee DIMVA 2008, 2006, 2005
Program Committee ICISS 2008
Program Committee IEEE MCN 2008
Program Chair DIMVA 2007
Program Committee CRITIS 2007
A Python module providing bindings for Broccoli, Bro's client communication library.
A Python script, trace-summary, which generates summaries of network traffic from either libpcap traces or Bro connection logs.
The Python module PySubnetTree provides an efficient data structure for doing longest-prefix CIDR lookups.
A small tool called capstats to collect real-time statistics from a network interface.
A little patch and some scripts for using abook with mutt.
Some add-ons for flow-tools.
A Linux kernel patch for capturing network packets by non-roots.
A patch which adds two-dimensional workspace selection to DesktopManager (for Mac OS X).
A dict.leo.org mode for the JED editor.