Salvatore J. Stolfo | |
---|---|
Born | |
Alma mater | Brooklyn College (B.Sc.), NYU Courant Institute (Ph.D.) |
Awards | IEEE Fellow (2018), ACM Fellow (2019) |
Scientific career | |
Institutions | Columbia University |
Salvatore J. Stolfo is an academic and professor of computer science at Columbia University, specializing in computer security.
Born in Brooklyn, New York, Stolfo received a Bachelor of Science degree in Computer Science and Mathematics from Brooklyn College in 1974. He received his Ph.D. from NYU Courant Institute in 1979 and has been on the faculty of Columbia ever since, [1] where he's taught courses in Artificial Intelligence, Intrusion and Anomaly Detection Systems, Introduction to Programming, Fundamental Algorithms, Data Structures, and Knowledge-Based Expert Systems. [2]
While at Columbia, Stolfo has received close to $50M in funding [3] for research that has broadly focused on Security, Intrusion Detection, Anomaly Detection, Machine Learning and includes early work in parallel computing and artificial intelligence. [4] He has published or co-authored over 250 papers and has over 46,000 citations with an H-index of 102. [5] In 1996 he proposed a project with DARPA that applies machine learning to behavioral patterns to detect fraud or intrusion in networks. [6]
DADO, developed by in part by Stolfo, introduced the parallel computing primitive: “Broadcast, Resolve, Report”, a hardwire implemented mechanism that today is called MapReduce. [7] [8]
Among his earliest work, Stolfo along with colleague Greg Vesonder of Bell Labs, developed a large-scale expert data analysis system, called ACE (Automated Cable Expertise) for the nation's phone system. AT&T Bell Labs distributed ACE to a number of telephone wire centers to improve the management and scheduling of repairs in the local loop. [9]
Stolfo coined the term FOG computing (not to be confused with fog computing) where technology is used “to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from fake worthless data.” [10]
In 2005 Stolfo received funding from the Army Research Office to conduct a workshop to bring together a group of researchers to help identify a research program to focus on insider threats. [11]
He was elevated to IEEE Fellow in 2018 "for his contributions to machine learning based cybersecurity." [12]
He was elected as an ACM Fellow in 2019 "for contributions to machine-learning-based cybersecurity and parallel hardware for database inference systems". [13]
Founded in 2011, Red Balloon Security (or RBS) is a cyber security company founded by Dr Sal Stolfo and Dr Ang Cui. A spinout from the IDS lab, RBS developed a symbiote technology called FRAK as a host defense for embedded systems under the sponsorship of DARPA's Cyber Fast Track program. [14]
Created based on their IDS lab research for the DARPA Active Authentication and the Anomaly Detection at Multiple Scales program, Dr Sal Stolfo and Dr. Angelos Keromytis founded Allure Security Technologies. Using active behavioral authentication and decoy technology Stolfo pioneered and patented in 1996. [15] [16] [17] [18] [19]
Founded in 2009, Allure Security Technology was created based on work done under DARPA sponsorship in Columbia's IDS lab based on DARPA prompts to research how to detect hackers once they are inside an organization's perimeter and how to continuously authenticate a user without a password.
Stolfo's company Electronic Digital Documents produced a “DataBlade” technology, which Informix marketed during their strategy of acquisition and development in the mid 80's. [20] Stolfo's patented merge/purge technology called EDD DataCleanser DataBlade was licensed by Informix. [21] [22] Since its acquisition by IBM in 2005, IBM Informix is one of the world's most widely used database servers, with users ranging from the world's largest corporations to startups.
System Detection was one of the companies founded by Prof. Stolfo to commercialize the Anomaly Detection technology developed in the IDS lab. The company ultimately reorganized and was rebranded as Trusted Computer Solutions. That company was recently acquired by Raytheon. [23] [24]
Recently a jury awarded Columbia University $185 million for patent infringement for one of Prof. Stolfo's inventions, the Application Communities technology. https://news.columbia.edu/news/columbia-university-awarded-185-million-patent-infringement-nortonlifelock-inc. The final order from the judge applied nearly treble damages: https://www.reuters.com/legal/litigation/gen-digital-owes-columbia-481-mln-us-patent-fight-judge-says-2023-10-02/
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.
IDS may refer to:
SRI International (SRI) is a nonprofit scientific research institute and organization headquartered in Menlo Park, California, United States. It was established in 1946 by trustees of Stanford University to serve as a center of innovation to support economic development in the region.
Computer science and engineering (CSE) or Computer Science (CS) also integrated as Electrical engineering and Computer Science (EECS) in some universities, is an academic program at many universities which comprises approaches of computer science and computer engineering. There is no clear division in computing between science and engineering, just like in the field of materials science and engineering. However, some classes are historically more related to computer science, and other to computer engineering. CSE is also a term often used in Europe to translate the name of technical or engineering informatics academic programs. It is offered in both undergraduate as well postgraduate with specializations.
Honeytokens are fictitious words or records that are added to legitimate databases. They allow administrators to track data in situations they wouldn't normally be able to track, such as cloud-based networks. If data is stolen, honey tokens allow administrators to identify who it was stolen from or how it was leaked. If there are three locations for medical records, different honey tokens in the form of fake medical records could be added to each location. Different honeytokens would be in each set of records.
An anomaly-based intrusion detection system, is an intrusion detection system for detecting both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. This is as opposed to signature-based systems, which can only detect attacks for which a signature has previously been created.
Dorothy Elizabeth Denning is a US-American information security researcher known for lattice-based access control (LBAC), intrusion detection systems (IDS), and other cyber security innovations. She published four books and over 200 articles. Inducted into the National Cyber Security Hall of Fame in 2012, she is now Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate School.
Carnegie Mellon Silicon Valley is a degree-granting branch campus of Carnegie Mellon University located in Mountain View, California. It was established in 2002 at the NASA Ames Research Center in Moffett Field.
In data analysis, anomaly detection is generally understood to be the identification of rare items, events or observations which deviate significantly from the majority of the data and do not conform to a well defined notion of normal behavior. Such examples may arouse suspicions of being generated by a different mechanism, or appear inconsistent with the remainder of that set of data.
Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.
Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.
PRODIGAL is a computer system for predicting anomalous behavior among humans, by data mining network traffic such as emails, text messages and server log entries. It is part of DARPA's Anomaly Detection at Multiple Scales (ADAMS) project. The initial schedule is for two years and the budget $9 million.
Anomaly Detection at Multiple Scales, or ADAMS was a $35 million DARPA project designed to identify patterns and anomalies in very large data sets. It is under DARPA's Information Innovation office and began in 2011 and ended in August 2014
Cyber Insider Threat, or CINDER, is a digital threat method. In 2010, DARPA initiated a program under the same name to develop novel approaches to the detection of activities within military-interest networks that are consistent with the activities of cyber espionage.
Stephanie Forrest is an American computer scientist and director of the Biodesign Center for Biocomputing, Security and Society at the Biodesign Institute at Arizona State University. She was previously Distinguished Professor of Computer Science at the University of New Mexico in Albuquerque. She is best known for her work in adaptive systems, including genetic algorithms, computational immunology, biological modeling, automated software repair, and computer security.
Yuval Elovici is a computer scientist. He is a professor in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev (BGU), where he is the incumbent of the Davide and Irene Sala Chair in Homeland Security Research. He is the director of the Cyber Security Research Center at BGU and the founder and director of the Telekom Innovation Laboratories at Ben-Gurion University. In addition to his roles at BGU, he also serves as the lab director of Singapore University of Technology and Design’s (SUTD) ST Electronics-SUTD Cyber Security Laboratory, as well as the research director of iTrust. In 2014 he co-founded Morphisec, a start-up company, that develops cyber security mechanisms related to moving target defense.
Ang Cui is an American cybersecurity researcher and entrepreneur. He is the founder and CEO of Red Balloon Security in New York City, a cybersecurity firm that develops new technologies to defend embedded systems against exploitation.
Lauren G. Wilcox is an American professor and researcher in responsible AI, human–computer interaction, and health informatics, known for research on enabling community participation in technology design and development and her prior contributions to health informatics systems.
Ali Dehghantanha is an academic-entrepreneur in cybersecurity and cyber threat intelligence. He is a Professor of Cybersecurity and a Canada Research Chair in Cybersecurity and Threat Intelligence.
The Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) is a physical computing platform developed by the MIT Lincoln Laboratory as a testbed for network security applications. Use of the platform is restricted to the United States military, though some academic organizations can also use the platform under certain conditions.
{{cite journal}}
: Cite journal requires |journal=
(help){{cite web}}
: CS1 maint: archived copy as title (link)