Scott Campbell
Biographical Sketch
Scott began working at LBNL/NERSC in April of 2002 on network security. Scott works on the Bro intrusion detection systems and incident response. Prior to LBNL, Scott has worked extensively in industry in the areas of Unix and network administration. Scott holds a bachelor of science degree in Physics from San Francisco State University.
Conference Papers
Scott Campbell, Jason Lee, “Prototyping a 100G Monitoring System”, 20th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2012), February 12, 2012,
The finalization of the 100 Gbps Ethernet Specification has been a tremendous increase in these rates arriving into data centers creating the need to perform security monitoring at 100 Gbps no longer simply an academic exercise. We show that by leveraging the ‘heavy tail flow effect’ on the IDS infrastructure, it is possible to perform security analysis at such speeds within the HPC environment. Additionally, we examine the nature of current traffic characteristics, how to scale an IDS infrastructure to 100Gbps.
Scott Campbell, Jason Lee, “Intrusion Detection at 100G”, The International Conference for High Performance Computing, Networking, Storage, and Analysis, November 14, 2011,
Driven by the growing data transfer needs of the scientific community and the standardization of the 100 Gbps Ethernet Specification, 100 Gbps is now becoming a reality for many HPC sites. This tenfold increase in bandwidth creates a number of significant technical challenges. We show that by using the heavy tail flow effect as a filter, it should be possible to perform active IDS analysis at this traffic rate using a cluster of commodity systems driven by a dedicated load balancing mechanism. Additionally, we examine the nature of current network traffic characteristics applying them to 100Gpbs speeds
Lavanya Ramakrishnan, Piotr T. Zbiegel, Scott Campbell, Rick Bradshaw, Richard Shane Canon, Susan Coghlan, Iwona Sakrejda, Narayan Desai, Tina Declerck, Anping Liu, “Magellan: Experiences from a Science Cloud”, Proceedings of the 2nd International Workshop on Scientific Cloud Computing, ACM ScienceCloud '11, Boulder, Colorado, and New York, NY, 2011, 49 - 58,
- Download File: P1871.pdf (pdf: 318 KB)
Scott Campbell, Steve Chan and Jason Lee, “Detection of Fast Flux Service Networks”, Australasian Information Security Conference 2011, January 17, 2011,
Fast Flux Service Networks (FFSN) utilize high availability server techniques for malware distribution. FFSNs are similar to commercial content distribution networks (CDN), such as Akamai, in terms of size, scope, and business model, serving as an outsourced content delivery service for clients. Using an analysis of DNS traffic, we derive a sequential hypothesis testing algorithm based entirely on traffic characteristics and dynamic white listing to provide real time detection of FFDNs in live traffic. We improve on existing work, providing faster and more accurate detection of FFSNs. We also identify a category of hosts not addressed in previous detectors - Open Content Distribution Networks (OCDN) that share many of the characteristics of FFSNs
Reports
E. Wes Bethel, Scott Campbell, Eli Dart, Jason Lee, Steven A. Smith, Kurt Stockinger, Brian Tierney, Kesheng Wu, “Interactive Analysis of Large Network Data Collections Using Query-Driven Visualization”, DOE Report, September 26, 2006, LBNL 59166
Realizing operational analytics solutions where large and complex data must be analyzed in a time-critical fashion entails integrating many different types of technology. Considering the extreme scale of contemporary datasets, one significant challenge is to reduce the duty cycle in the analytics discourse process. This paper focuses on an interdisciplinary combination of scientific data management and visualization/analysistechnologies targeted at reducing the duty cycle in hypothesis testing and knowledge discovery. We present an application of such a combination in the problem domain of network traffic dataanalysis. Our performance experiment results, including both serial and parallel scalability tests, show that the combination can dramatically decrease the analytics duty cycle for this particular application. The combination is effectively applied to the analysis of network traffic data to detect slow and distributed scans, which is a difficult-to-detect form of cyberattack. Our approach is sufficiently general to be applied to a diverse set of data understanding problems as well as used in conjunction with a diverse set of analysis and visualization tools
