Michael Collins

Intrusion Detection and Response: We're Not Jack Bauer

DateWednesday, September 3, 2014

6pm - London | 1pm - New York | Thu, Sep 4th at 3am - Sydney | Thu, Sep 4th at 2am - Tokyo | Thu, Sep 4th at 1am - Beijing | 10:30pm - Mumbai

Presented by: Michael Collins

Duration: Approximately 60 minutes.

Cost: Free

In this webcast, Michael Collins will give you an amazing piece of technology: a real-time intrusion detection system which, if you're monitoring a /16 or larger, has a 100% true positive rate. Are you ready? You will be scanned on ports 22, 25, 80, 135 and 443.

Intrusion detection systems are very good at providing a large stream of useless information. Built in an era when attackers built hand-crafted exploits in the backyard woodshed and tested them on systems over slow and extensive periods, they were never really built to handle an Internet where attackers effectively harvest networks for hosts.

Michael will discuss building actionable notifications out of intrusion detection systems, the base-rate fallacy, the core statistical problem that limits all intrusion detection, the game between attacker and defender, and methods for modifying signature and anomaly-based detection systems to provide more effective detection and analysis.

About Michael Collins

Michael Collins is the chief scientist for RedJack, LLC., a Network Security and Data Analysis company located in the Washington D.C. area. Prior to his work at RedJack, Dr. Collins was a member of the technical staff at the CERT/Network Situational Awareness group at Carnegie Mellon University. His primary focus is on network instrumentation and traffic analysis, in particular on the analysis of large traffic datasets. Dr. Collins graduated with a PhD in Electrical Engineering from Carnegie Mellon University in 2008, he holds Master's and Bachelor's Degrees from the same institution.

Questions? Please send email to