Kolloq. Dr. Pavel Laskov, topic: Detection of Advanced Persistent Threats
10.11.2014, 14:00, FMI 00.12.019 (MI-Building, Campus Garching). This talk will be held in English
Many recent high-profile security incidents have been categorized as "Advanced Persistent Threats" (APT). Their characteristic features include exploitation of previously unknown vulnerabilities and sophisticated social engineering carefully tailored to a specific recipient. To mitigate the growing risk of APT attacks arising from the economic and political motivation, novel detection methodology must be developed to complement the traditional signature-based techniques. In this talk, I will review the key features of APT and discuss the technical challenges arising in their detection. In particular, I will focus on methods for retrospective identification of 0-day attacks and evasion-resistant detection of malicious PDF documents commonly used for delivery of APT attacks. As an outlook, I will discuss potential architectures for security products which should provide adequate protection against APT.
Pavel Laskov graduated from the Moscow Institute of Radio, Electronics and Automation (Russia) in 1994 with a diploma in computer engineering. He received a M.Sc. and a Ph.D. in computer science from the University of Delaware (Newark, DE, USA) in 1996 and 2001 respectively. From 2001 to 2010 he was a senior researcher at the Fraunhofer Institute FIRST in Berlin. In 2004 he started investigation of machine learning methods for intrusion detection and has lead the development of a self-learning intrusion detection system ReMIND. From 2009 to 2014 he was a Heisenberg Fellow of the German Science Foundation at the University of Tuebingen. In September 2014 he joined Huawei's European Research Center in Munich as the head of the Security Product Innovation Team responsible for advanced architectural and technological design of security products. His research interests span intrusion detection, static and dynamic malware analysis, applications of machine learning and big data to security and many other related topics.
Assoc. Prof. Dr. Ralph Holz