Michael Collins

Intrusion Detection and Response: We’re Not Jack Bauer

Date: This event took place live on September 03 2014

Presented by: Michael Collins

Duration: Approximately 60 minutes.

Cost: Free

Questions? Please send email to


In this webcast, Michael Collins will give you an amazing piece of technology: a real-time intrusion detection system which, if you're monitoring a /16 or larger, has a 100% true positive rate. Are you ready? You will be scanned on ports 22, 25, 80, 135 and 443.

Intrusion detection systems are very good at providing a large stream of useless information. Built in an era when attackers built hand-crafted exploits in the backyard woodshed and tested them on systems over slow and extensive periods, they were never really built to handle an Internet where attackers effectively harvest networks for hosts.

Michael will discuss building actionable notifications out of intrusion detection systems, the base-rate fallacy, the core statistical problem that limits all intrusion detection, the game between attacker and defender, and methods for modifying signature and anomaly-based detection systems to provide more effective detection and analysis.

About Michael Collins

Michael Collins is the chief scientist for RedJack, LLC., a Network Security and Data Analysis company located in the Washington D.C. area. Prior to his work at RedJack, Dr. Collins was a member of the technical staff at the CERT/Network Situational Awareness group at Carnegie Mellon University. His primary focus is on network instrumentation and traffic analysis, in particular on the analysis of large traffic datasets. Dr. Collins graduated with a PhD in Electrical Engineering from Carnegie Mellon University in 2008, he holds Master's and Bachelor's Degrees from the same institution.