 |
Thank you for dropping by. My name is Daniel Bilar. I enjoy poking my nose everywhere and trying novel ways to solve problems. My specialized research areas revolve around highly evolved malicious software, as well as quantitative risk analysis of networks.
Fall 2009, I am teaching CSCI 6130, a graduate level course on Cryptology, with emphasis on applied cryptography and protocol analysis. I am also teaching CSCI 4621/G, a junior/senior course on Computer Security, with a balanced mix of security theory and historical and current practice.
Spring 2009, I am teaching CSCI 1205 "Introduction to C++ (for Engineering students)". Learning goals for non-CS majors are different - less theory, more best-of-breed practices to further fault-tolerant/resillient, readable, expandable design in general, as well as use of appropriate C++ language idioms for the problem domain at hand.
Fall 2008, I am teaching CSCI 2450 "Machine Architecture and Assembly Language". Assembly is the last step between you and the machine. After that, you may as well coax them circuits with a cattle prod ;)
I hope to teach a Quantum Computing course some day when I am smart enough (15 min intro here)
My area of interest is information security (specifically network security), which is a fascinating, young field spanning different dimensions such as people, technology, computer science, operations research, law, sociology and economics) with plenty of opportunities to make contributions.
The questions I am trying to answer are (in order of results, preliminary results, bleeding edge):
My 2003 PhD thesis addressed the technical risk opacity of software running on computer networks, for which Dartmouth filed a provisional patent.
I developed a methodology to systematically assess the vulnerabilities introduced by the software on a network, propose a configurable, granular risk calculation framework with which to rank these vulnerabilities and associated risks and to transparently present specific management options with which to mitigate these risks. This approach focused on the vulnerabilities present in 'good' software. However, the 'people' side of the problem, as well as multi-stage attacks are not addressed in a satisfactory way, so there is much room for improvement.
Malware is 'bad' software like worms, viruses and trojans. Anti-virus software
uses signature matching and checksums to detect them, this tends to be too
rigid because variations just change some lines of code. A more comprehensive
approach, with heuristics and emulation may take too long a time, with worms
you have a small time window measured in minutes.
One approach for metamorphic malware is to find a sweet
spot: Find structural classifiers (‘structural fingerprints’) that are statistical in nature, ‘fuzzier’ metrics
between static signatures and dynamic emulation and heuristics. I investigated opcode distribution, Win32 system call sequences and structural callgraph properties.
Even more worrisome is k-ary malware. K-ary malware partition functionality into k distinct parts, with
each part containing merely an innocuous subset of the total instructions. In serial or parallel combination, they release their noxiousness. Current AV models seem unable to detect (or disinfect when detected) this threat, also due to theoretical model limitations.
In light of the new metamorphic and k-ary threats, I am moving towards new dynamic
detection and containment techniques. This may entail (horribile dictu!)
moving beyond Turing machine models premised on the (strong) Church-Turing thesis
(computation-as-functions) towards interactive computations, foreshadowed already
by Turing in his 1936 paper with
his choice "c-machine" (as opposed to the standard automatic 'a-machine').
Over the summer, I read Into The Cool: Energy Flow, Thermodynamics and: Life (U. Chicago Press) and was immediately taken by the "Second Law" approach to systems theory: How energy flow and gradient reduction imperatives create and maintain non-equilibrium thermodynamic systems (NETs).
His argument is that in order to degrade gradients in the most efficient manner possible, complex systems will emerge. Increased complexity enhance the system's dissipative properties, hence such open systems tend to grow as long as a gradient is present. The book mentions several examples of NET: Bernard cells, Taylor vortices, hurricanes, life itself, larger ecosystems.
I trying to figure out whether this approach can be fruitfully applied to the
analysis of complex software systems. Does software behave like other NET systems?
What gradients, if any are, reduced by software systems? How do the concepts
of exergy, energy dissemination and entropy production
map to software systems? Is there a link between increased software structure
complexity and more effective energy dissipation? And how can we use this in
the domain of information security?
Three years later, I believe I know how.
Note at 2am : There is so much beauty in the world
Bilar D. Gender-Aware Pedagogy For Introductory CS Classes. In preparation: ACM Journal on Educational Resources in Computing (ACM Press, NYC)
Bilar D. On N-th order Attacks. In: The Virtual Battlefield: Perspectives on Cyber Warfare (Cryptology and Information Security Series). Vol. 3 (IOS Press, Amsterdam). Dec 2009
Bilar D. Known Knowns, Known Unknowns and Unknown Unknowns: Anti-virus issues, malicious software and Internet attacks for non-technical audiencesIn: Digital Evidence and Electronic Signature Law Review. Vol.6 (Pario, London). Nov 2009.
Bilar D. Sensitivity Analysis on Bio-op Errors in DNA Computing. In: Proceedings of the 10th ACIS (IEEE Computer Press, NY). May 2009
Bilar D. and Filiol E. (Editors). On Self-Replicating Computer Programs. In: Journal In Computer Virology 5:1 (Springer, Paris). February 2009
Bilar D. Noisy Defenses: Subverting malware's OODA loop. In: Proceedings of 2008 Cyber Security and Information Infrastructure Workshop (ACM Press, NY). June 2008
Bilar D. Callgraph structure of executables. AI Communications Special Issue on "Network Analysis in Natural Sciences and Engineering" 20:4 (IOS, Amsterdam). December 2007
Bilar D. Opcodes as predictor for malware.International Journal of Electronic Security and Digital Forensics 1:2 (Geneva, Switzerland). December 2007
Bilar D. Misleading modern malware. Under revision: Journal In Computer Virology
(Springer, Paris). October 2007
Bilar D. On callgraphs and generative mechanisms.
Journal In Computer Virology 3:4 (Springer, Paris). November 2007
Bilar D. Fingerprinting malicious code through statistical opcode analysis. Proceedings of the 3rd Iternational Conference on Global E-Security, (London, UK). April 2007
Cybenko G and Jiang G. and Bilar D. Machine Learning Applications in Grid Computing.Proceedings of the 37th Allerton Conference on Communication, Control, and Computing. September 1999
Malware:From Byte-Patterns to Control Flow Structures to Entropic Defenses given at DARPA BAA workshop on "Cyber Genome Project" (Arlington, VA). December 2009
On N-th Order Cyberwarfare given at NATO Cooperative Cyber Defence Centre of Excellence (Tallin, Estonia). June 2009
Algorithmic Design in Probabilistic Environments given at 10th ACIS SNPD 09 (Daegu, Republic of Korea). May 2009
Good for the Goose, Good for the gander: Entropic Defenses. BAE Systems (Arlington VA). June 2008
Subverting Malware's OODA loop. given at CIISRW 08 at Oak Ridge National Labs (Oak Ridge, TN). May 2008
Approaching Information-gain Adversarial Malware. BBN Technologies (Cambridge, MA) .November 2007
Back to the Future: From Dortmund to present and future malware challenges given at DAT '07 (Dortmund, Germany): Third Dortmunder Alumni Tag an der Universitaet Dortmund . October 2007
Flying below the Radar: What modern malware tells us given at Horst Görtz Institut für Sicherheit in der Informationstechnik (Bochum, Germany): Seminar an der Ruhr-Universitaet Bochum (October 2007)
Looking ahead towards metamorphic, k-ary malware and modern models given at DIMVA '07 (Lucerne, Switzerland): GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (July 2007)
Malware Analysis as Science: A Primer given at IPICS '07 (Wales, UK): Intensive Programme on Information and Communication Security (July 2007)
Statistical Opcode Analysis given at ICGeS '07 (London, UK): International Conference on Global E-Security (April 2007)
Statistical Structures: Tolerant Fingerprinting for Classification and Analysis given at BH '06 (Las Vegas, NV): Blackhat Briefings USA (August 2006)
My CV
I came from Brown University (BA, Computer Science), Cornell University (MEng, Operations Research and Industrial Engineering) and Dartmouth College (PhD, Engineering Sciences).
At Dartmouth, I was a founding member of the Institute for Security and Technology Studies and worked on devising new methods to protect the nation's communication infrastructure. ISTS conducts counter-terrorism technology research, development, and assessment for the Department of Homeland Security.
My PhD thesis was "Quantitative Risk Analysis of Computer Networks". My thesis advisors included George Cybenko (Dorothy and Walter Gramm Professor at Dartmouth, my primary advisor), Robert Morris Sr (Former Chief Scientist of NSA's National Computer Security Center), Susan McGrath (Director, Emergency Readiness and Response Research Center, ISTS at Dartmouth) and Robert Gray (BAE Systems, Arlington (VA))
I transitioned to UNO via Wellesley College, as the first Norma Wilentz Hess Fellow in Computer Science. Greetz to my WC posse!
Page navigation
Useful (external) links
| |
|
Daniel Bilar, Computer Science Department, University of New Orleans
Last modified: May 2009 Template gratefully aknowledged from Jesper Rasmussen, DTU, Denmark |
|
