Stuart Staniford-Chen, PhD

Stuart Staniford-Chen, PhD Assistant Adjunct Professor Department of Computer Science, University of California at Davis, Davis, CA 95616 stanifor@cs.ucdavis.edu In Arcata: (707) 825-0836 In Davis: (530) 752-5076

About my Work	About Me
Teaching	Outside Interests
Publications	Links to my Affiliations
Brief Curriculum Vitae	Links to the Rest of the Web
Research Interests	Favourite Quotes

About my Work

I work as an assistant adjunct professor in the Computer Security Group at UC Davis. The focus of my work is in Intrusion Detection. Intrusion Detection is a subfield of Computer Security which is concerned with automatically detecting, diagnosing, and responding to break-ins to vulnerable computers and networks. It is not concerned with fixing the vulnerabilities, but rather with how to cope given that all widely deployed computer systems contain some vulnerabilities.

I'm involved with several efforts at present.

IDWG: I cochair, with Mike Erlinger (mike@cs.hmc.edu), this IETF working group: The Intrusion Detection Exchange Format Working Group (IDWG).
CIDF: The DARPA Common Intrusion Detection Framework (CIDF) is a research effort to develop common application programming interfaces so that IDS systems can interoperate and be reusable. This was undertaken at the behest of Teresa Lunt at the Information Technology Office (ITO) of the Defense Advanced Research Projects Agency (DARPA). I was initially responsible for co-ordinating this effort, but when I became responsible for IDWG, I passed the CIDF mantle to Brian Witten (witten@rl.af.gov) and Brian Tung (brian@isi.edu. I'm still an active technical participant in CIDF.
GrIDS: The Graph-based Intrusion Detection System (GrIDS) was developed at UC Davis and focussed on detecting automated attacks in large networks. It did so by building graphs of related network activity and analyzing them for suspicious patterns. I started this effort, and led it for the first year or so. It has gone on to be incorporated into the Boeing IDIP project. My involvement now is limited to cleaning up the documentation and finishing publications - active maintenance of GrIDS is being done by Jeff Rowe (rowe@cs.ucdavis.edu).

Back to the Table of Contents.

Teaching

Last quarter (Fall Quarter '97), I taught. ECS 150 (Operating Systems and Systems Programming). I am not teaching at present.

About Me

These days, I'm pioneering the post-industrial lifestyle. I live in Arcata, in Humboldt County on the very beautiful north coast of California. I came here to accomodate my wife's career. I telecommute to my job in Davis most of the time, but make the five hour drive (each way) down to Davis on alternate weeks to attend meetings. Some of my best thinking is done while driving up and down Highway 101 through the redwoods.

I was born Stuart Staniford, and grew up in Wallasey (near Liverpool) in England. I went to Oxford University (Pembroke College), but was deservedly sent down (kicked out) after one year because I did no work at all. Sadder and wiser, I then went to Sussex University, where I got a first class honours degree in Mathematical Physics.

During that time, I met Lynnette Chen, an American woman studying for a year in England. We fell in love and are now married (and hyphenated too). That is why I applied to graduate school in the US. I came to the University of California at Davis , where I obtained a Master's and PhD in Physics. I specialized in algorithms and analysis techniques for computer simulations of very hot quark-gluon plasmas.

However, I decided physics was an unhealthy place to try and make a career when married and so jumped ship looking for something more likely to lead to steady employment - hence computer security. Basically, I enjoy designing things or solving technical problems regardless of what domain the problems originate in.

I am now 32 years old, and am a British citizen. I have been vegetarian for the last twelve years.

Back to the Table of Contents.

Brief Curriculum Vitae

Education

B.Sc. (Mathematical Physics): June 1988. University of Sussex, England. First Class Honours.
M.S. (Physics): June 1990. University of California at Davis. GRE scores in the 90+ percentiles.
Ph.D. (Physics): June 1993. University of California at Davis. Graduate GPA 3.94. Awarded fellowships for three years consecutively.
M.S. (Computer Science): March 1995. University of California at Davis. Finished in 5 quarters despite no prior CS background. Advisor: Prof. Karl Levitt

Work Experience

Assistant Adjunct Professor. UC Davis. 1997 - present: Co-ordinated the development of the Common Intrusion Detection Framework. This involved working with a team of over fifty researchers and developers from a wide variety of companies and organizations. Continued research into GrIDS prototype. Taught classes in computer operating systems.
Post Graduate Researcher. UC Davis. 1995 - 1997: Led team of ten researchers and students building a large, distributed, intrusion-detection system (GrIDS). GrIDS is the first system in the world to use hierarchical processing to handle very rapid attacks in large scale networks. Introduced the use of formal consensus, structured software process, and source control to the group. Coded a large part of the system in Perl. Also performed system administration duties for a network of Unix workstations. Developed and maintained HTML pages and CGI scripts.
Research Assistant. UC Davis. 1994 - 1995: Performed research in new statistical techniques to help in tracing intruders across the Internet. Presented work at conferences and to funding agencies. Implemented the system in about 10000 lines of C++. This work is now being developed by the United States Air Force to help their internal security. Wrote successful funding proposals and published papers on work.
Research Assistant. UC Davis. 1989 - 1993: Performed research in innovative algorithms and statistical techniques for simulation and analysis of particle physics. Collaborated with other scientists, wrote papers and reports on research, wrote proposals for further work, and orally marketed research to funding agencies. Implemented simulation and analysis software in C, Objective C, and C++. Administered Unix systems.

Consulting Experience

Oddysey Research Associates. 1997 - present: Assisted in the design of a set of Security APIs
Terrapin Corporation. 1991: Analysis and forecasting of time-series data.

Back to the Table of Contents.

Publications

Computer Security

Cheung, S. et al The Design of GrIDS: A Graph-Based Intrusion Detection System. UCD Technical Report CSE-99-2, January, 1999.
Staniford-Chen, S. et al GrIDS: A Graph-Based Intrusion Detection System for Large Networks. Proceedings of the 19th National Information Systems Security Conference, Baltimore, 1996.
Staniford-Chen, S. Distributed Tracing of Intruders. Master's Thesis, University of California at Davis. 1995.
Staniford-Chen, S. and Heberlein, L.T. Holding Intruders Accountable on the Internet. Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA. 1995.

Physics

Staniford-Chen, S. Finite Size Scaling and the Universality Class of SU(2) Lattice Gauge Theory. PhD Thesis, University of California at Davis. 1993.

Staniford-Chen, S. Finite Size Scaling of Probability Distributions in SU(2) Lattice Gauge Theory and Phi^4 Field Theory. Preprint UCD-92-17, University of California at Davis. 1992.

Kiskis, J. and Staniford-Chen, S. Universal Amplitude Ratios and Functions for the SU(2), Finite-Temperature Phase Transition. In Axen, D., Bryman, D., and Comyn, N. (eds) Vancouver Meeting. Particles and Fields '91. p 821. World Scientific. 1992.

Back to the Table of Contents.

Research Interests

My interests include intrusion detection systems (IDSs), tracing intruders within networks, and the use of consensus process in software engineering. Most of my work to date has focussed on detecting intrusions in large networks (with the GrIDS project). The interesting problem here is how to deduce that apparently unrelated activity is actually part of a larger causal pattern.

The research direction I am most interested in moving towards in the future is the application of modern AI techniques to Intrusion Detection, particularly knowledge based multi-agent systems. I am also interested in how large-scale information warfare attacks could be engineered, with a view to understanding what, realistically, a large-scale intrusion detection system must be prepared to face.

More detail is available on my research projects in progress, but access is restricted to my group.

Back to the Table of Contents.

Outside Interests

The hobby I'm most passionate about is woodwork. So much so that when I lived in an apartment, I used to build furniture with handtools in the bedroom. The neighbours were not happy, and the sawdust in the bed was a nuisance. These days, I have a decent woodshop in my garage.

I also spend a lot of time gardening. My wife and I have a division of labour where I make most of the large sweeping changes to the garden (which would overwhelm her), and she does most of the maintenance (which I am unreliable about). That should tell you a lot about my strengths and
weaknesses.

For a number of years, I lived in the N Street Cohousing Community which is part of the wider Cohousing movement in the U.S. I used to be the chief webweaver for the Cohousing Network, which is a non-profit organization to promote cohousing. Cohousing communities usually make decisions by consensus, and I have become very interested in consensus process and spend a lot of time facilitating meetings. Currently, I'm periphally involved with Marsh Commons Cohousing which is near my home.

I usually spend my vacations either visiting my family in England, or backpacking in the wilderness areas of Northern California.

Back to the Table of Contents.

Links to my Affiliations

Links to things I am involved with.

The Computer Security Research Laboratory.: The research group I work in.
UC Davis Department of Computer Science..: My department.
The University of California at Davis.: The university which employs me.
The Defense Advanced Research Projects Agency.: The folks who supply the grant my salary comes out of.
The Graph-based Intrusion Detection System.: A project I started and led for a year or so.
The DARPA Common Intrusion Detection Framework.: A standards effort which I co-ordinate.
The Cohousing Network Home Page.: Information about all aspects of Cohousing. Maintained primarily by me.
N St Cohousing.: The cohousing community where I used to live. I still stay there during my regular visits to Davis.
Marsh Commons Cohousing.: The cohousing group in Arcata - I attend their meetings and help with facilitation.

Back to the Table of Contents.

Links to the Rest of the Web

A somewhat random sampling from my bookmarks.

Introduction to HTML documentation.: A helpful guide to creating HTML - the language web pages are written in.
The Humboldt Online Guide.: A guide to life, business, events in Humboldt County, the region where I live.
Spaf's Security Hotlist.: A large set of links on computer security topics. Maintained by Gene Spafford, a well known security researcher.
The News and Observer.: Where I generally get news online.
The Telecommuting Advisory Council.: A non-profit group existing to promote telecommuting.
Surfin' Strawbale.: Links having to do with Strawbale building, a fascinating development in building houses more sustainably.

Back to the Table of Contents.

Favourite Quotes

When you consider something like death, after which (there being no news flash to the contrary) we may well go out like a candle flame, then it probably doesn't matter if we try too hard, are awkward sometimes, care for one another too deeply, are excessively curious about nature, are too open to experience, enjoy a nonstop expense of the senses in an effort to know life intimately and lovingly. It probably doesn't matter if, while trying to be modest and eager watchers of life's many spectacles, we sometimes look clumsy or get dirty or ask stupid questions or reveal our ignorance or say the wrong thing or light up with wonder like the children we all are. Ir probably doesn't matter if a passerby sees us dipping a finger into the moist pouches of dozens of lady's slippers to find out what bugs tend to fall into them, and thinks us a bit eccentric. Or a neighbor, fetching her mail, sees us standing in the cold with our own letters in one hand and a seismically red autumn leaf in the other, its color hitting our sense like a blow from a stun gun, as we stand with a huge grin, too paralyzed by the intricately veined gaudiness of the leaf to move.
Diane Ackerman in A Natural History of the Senses

Back to the Table of Contents.

Developed and maintained by Stuart Staniford-Chen 1/26/99