|
|
Dr. Klaus Julisch |
Phone: ++41-1-724 8608 Fax: ++41-1-724 8953 Mail: kju |
|
Short Bio: |
Klaus is a Research Staff Member in the Global Security Analysis
Laboratory at the IBM Zurich
Research Laboratory,
Klaus holds a Ph.D. in Computer Science from the University of Dortmund,
|
|
- IT
Security Risks (2004 – Present): Recent regulations such as Sarbenes-Oxley and Basel II have made compliance and
operational risk management a top business priority. IT security risks
– the focus of this project – are an important subclass of
operational risks. As a result, I am working on developing quantitative
measures of IT security risks and countermeasure effectiveness.
- IReS (2003 – Present): Due to the speed and ferocity of worms, hackers and viruses, the need for automated response
mechanisms has become urgent. However, many of today’s automated
response mechanisms are still lacking with respect to their safety,
effectiveness, and/or timeliness. In this project, I am developing and
prototyping new technologies that attempt to overcome these limitations.
- ALAC
(2003 – Present): In this project, we are developing intelligent
software agents that observe the human intrusion detection operator and
thereby learn how to respond to intrusion detection alarms. As the agents
become “smarter”, they gradually take over and handle alarms
on behalf of the human operator, hence reducing the operator’s
workload.
- MAFTIA
(2000 – 2003): Sponsored under the European Union's 5th
Framework Program, MAFTIA was the
world's first project to investigate a comprehensive approach to
tolerating and surviving both accidental and malicious faults in
large-scale distributed systems such as the Internet. In collaboration
with my colleagues at IBM Zurich, I contributed to the development of an
intrusion-tolerant intrusion detection system.
- CLARAty (1999 – 2003): CLARAty
is a novel data mining algorithm that I developed to address the problem
of false positives in intrusion detection. The CLARAty
algorithm brings about significant cost savings by automating the processing
of 75% of false positives. Given this success, CLARAty
has been transferred to Tivoli
and IBM`s Managed Security Services where it is being
integrated into client solutions.
|
Selected Publications |
Journal and
Conference Papers
1. Klaus
Julisch, , “Intrusion Detection Alarm
Clustering”, to appear in Mark Maloof, editor, Machine
Learning and Data Mining for Computer Security: Methods and Applications,
Springer Verlag, 2004.
2. Klaus
Julisch, "Clustering Intrusion Detection Alarms to Support Root Cause
Analysis", in ACM Transactions on Information and System Security 6(4),
November 2003 [PDF].
3. Klaus
Julisch and Marc Dacier, "Mining Intrusion
Detection Alarms for Actionable Knowledge", in Proceedings of the
8th ACM International Conference on Knowledge Discovery and Data Mining,
Edmonton, July 2002 [PDF].
4. Klaus
Julisch, "Data Mining for Intrusion Detection: A Critical Review",
in D. Barbará and S. Jajodia,
editors, Applications of Data Mining in Computer Security, Kluwer
Academic Publisher, Boston, 2002 [PDF read an excerpt].
5. Klaus
Julisch, "Mining Alarm Clusters to Improve Alarm Handling
Efficiency", in Proceedings of the 17th ACSAC,
1.
Klaus
Julisch, “Using Root Cause Analysis to
Handle Intrusion Detection Alarms”, PhD Thesis, University of Dortmund,
Germany, 2003 [PS,
PDF].
2.
Klaus Julisch, "Extensibility and Efficiency of Top-Down Query
Optimizers", Masters Thesis,
|
|
IBM doesn't necessarily share my personal opinions stated on this page.
[ Home | Order
| Search | Contact IBM | Privacy | Legal ]