Biography


Recent Press About My Work


From NEW YORK TIMES, 06 December 2008   
News Articles About My Work:  The Guardian/UK (February 2012),  The Atlantic (June 2010), Krebsonsecurity (February 2010), Technology Review (February 2010),  The Register (UK) (December 2009),  Ars Technia (December 2009),  PC World (October 2009, and CIO Magazine and MSN),  CNN.com (July 2009), Wired Magazine (July 2009), New Scientist Journal (June 2009), U.S. Whitehouse Cyber Policy Review (June 2009),  Scientific America (June 2009), PC World (4/25/2009), Network World (4/24/2009), Computer World (4/16/2009), Information Week (4/13/2009), Financial Times (4/10/2009), Information Week (4/2/2009), Network World (4/1/2009), OS News (3/31/2009), PC World (3/31/2009), Investors Business Daily (3/31/2009),  San Francisco Chronicle (3/31/2009), Computer World (3/30/2009), The Guardian (3/20/2009), InfoWorld (3/27/2009), Security Focus (3/27/2009), Wall Street Journal (3/26/2009), The Register [UK] (3/26/2009)  ABC News (3/25/2009), Information Week (3/25/2009), USA Today (3/24/3009), PC Magazine (Article 1, Article 2) (3/23/2009), Red Orbit (2/22/2009), Slashdot (3/21/2009), Bits.NYTimes.Com (3/19/2009),  NY Times (3/18/2009), The Tech Herald (3/13/2009),  Security Focus (3/09/2009), PC Magazine (2/23/2009),  NY Time (2/23/2009),  PC World (2/20/2009), The Tech Herald (2/20/2009), PC World (2/19/2009),  Security Focus (2/13/2009),  Washington Post (2/13/2009),  PC World/Network World (1/23/2009), New York Times (1/23/2009),  MIT Technology Review (1/23/2009),  ZDNet Asia (12/30/2008),  USA Today Tech (12/09/2008), SearchSecurity.com (12/22/2008), New York Times (12/06/2008), The Tech Harold (12/05/2008), Federal News Radio [Segment1.mp3, Segment2.mp3] (12/04/2006),  Information Week (11/26/2008), IEEE Computer Magazine (11/2008), SecurityFocus (11/25/2008),  SC Magazine (11/25/2008),  Heise Security [in English] (11/05/2008),  Windows Online Magazine DE (11/05/2008), Wiener Zeitung AT (11/06/2008), San Francisco Chronicle (10/08/2007), Microsoft Certified Professional Magazine (09/2007), ComputerWorld (09/28/2007), ZDNet (07/23/2008), SecurityFocus (07/2008), Silicon.com (07/2008), Arc Technica (07/2008), TechTarget (07/2008),  Security Focus [quoted] (04/2008)., MSNBC (04/10/2008), Information Security Magazine (3/2002), KTVU Channel 2 News [Video - WMV] (10/08/2007), KGO Radio Interview [Audio - MP3] (10/10/2007).
Top 10 Wicked Cool Algorithms!  November 2008 - This article includes a round-up of interesting algorithms and looks at how they impact the community. Number nine on the list is "Highly Predictive Blacklisting,"  which I jointly developed with Prof. Jian Zhang:

See  Network World  November 2008, and PC World   and TechWorld.com
Research Interests:
Intrusion detection, high assurance computing, security evaluation, network management and alarm correlation, privacy-preserving collaborative systems, formal malware analysis, network security, openflow and software defined networks, malware defense, and mobile security.

Publications, Patents, and Major reports

Intrusion Detection

High Assurance Computing

Network Management and Alarm Correlation

Privacy-Preserving Collaborative Systems

Formal Analyses

Network Security

Human Computer Interfaces

Virtualization Security

Malware Defense

Mobile and Wireless Security


Significant Published Technical Reports
  • [pdf] J. Huang, V. Yegneswaran, P.A. Porras, and G. Gu, " On the Privacy and Integrity Risks of Contact-Tracing Applications," CoRR, November 2020. https://arxiv.org/abs/2012.03283

  • [pdf] P.A. Porras, H. Saidi, and V. Yegneswaran, "An Analysis of Conficker's Logic and Rendezvous Points," SRI Technical Report, November 2009 [more than 250,000 downloads of this report to datehttp://mtc.sri.com/Conficker].

  • [pdf] P.A Porras, H. Saidi, V. Yegneswaran. A multi-perspective analysis of the Storm (Peacomm) Worm. SRI Technical Report, November 2007 [approx. 10K  downloads to date.  http://www.cyber-ta.org/pubs/StormWorm/].

  • [pdf] L. Briesemeister, P.A. Porras, and A. Tiwari. Model Checking of Worm Quarantine and Counter-Quarantine under a Group Defense. Technical Report SRI-CSL-05-03, SRI International, Computer Science Laboratory, October 2005.

  • [pdf] P.A. Porras, Differentiating Features for the 2005 Enterprise WLAN Security Market. SRI Technical Report, March 2005.

  • [pdf] P.A. Porras, Security Features and Architectural Enhancements for Enterprise-Class WLAN Infrastructure Products. SRI Technical Report, March 2005.

  • [pdf] P.A. Porras, An Analysis of 802.11 Wireless Intrusion Detection - Capabilities, Limitations, and Current Directions.   SRI Technical Report, January 2004.

Patents

Intellectual property from my research has been licensed by MANY of the top companies that lead the INFOSEC and Network industries.

  • 33.   US Patent 11,586,521 - Methods, Apparatuses and Systems for Providing Forensics To Manage Contrainers, February 21, 2023
  • 32.   US Patent 11,314,614 - Security for container networks, April 26, 2022
  • 31.   US Patent 11,206,276 - Cyber security using host agent(s), a network flow correlator, and dynamic policy enforcement, 21 December 2021
  • 30.   US Patent 10,333,988 - Security mediation for dynamically programmable network, 25 June 2019
  • 29.   US Patent 10,291,653 - Visually intuitive interactive network management, 14 May 2019
  • 28.   US Patent 10,270,803 - Method and apparatus for detecting malware infection Natural language dialog-based security help agent for the network administrator, 23 April 2019
  • 27.   US Patent 10,205,641 - Natural language dialog-based security help agent for the network administrator, 2 April 2019
  • 26.   US Patent 10,205,637 - Impact analyzer for a computer network, 12 February 2019
  • 25.   US Patent 10,116,696 - Network privilege manager for a dynamically programmable computer network, 30 October 2018
  • 24.   US Patent 10,050,868 - Multimodal help agent for network administrator, 14 August 2018
  • 23.   US Patent 9,973,473 - Methods, systems, and computer readable media for rapid filtering of opaque data traffic, 15 May 2018
  • 22.   US Patent 9,917,860 - Visually intuitive interactive network cyber defense, 13 March 2018
  • 21.   US Patent 9,750,918 - Security mediation for dynamically programmable networks, 11 July 2017
  • 20.   US Patent 9,680,876 - Method and System for Protecting Data Flow at a Mobile Device, 13 June 2017
  • 19.   US Patent 9,571,523 - Security Actuator for a Dynamically Programmable Computer Network, 14 February 2017
  • 18.   US Patent 9,444,842 - Security Mediation for Dynamically Programmable Networks, 13 September 2016
  • 17.   US Patent 9,407,509 - Network Surveillance, 2 August 2016
  • 16.   US Patent 9,210,194 - Method and System for Protecting Data Flow at a Mobile Device, 8 December 2015
  • 15.   US Patent 9,083,712 - Method and Apparatus for Generating Highly Predictive Blacklists, 14 July 2015
  • 14.   US Patent 9,047,463 - Method and System for Protecting Data Flow at a Mobile Device, 2 June 2015
  • 13.   US Patent 8,955,122 - Method and Apparatus for Detecting Malware Infection, 15 February 2015
  • 12.   US Patent 8,249,028 - Method and Apparatus for Identifying Wireless Transmitters , 21 August 2012
  • 11.   US Patent 8,214,901 - Method and Apparatus for Combating Malicious Code, 3 July 2012
  • 10.   US Patent 7,724,717 - Method and Apparatus for Wireless Network Security, 25 May 2010
  • 09.   US Patent 7,694,115 - Network-based Alert Management Systems, 10 April 2010
  • 08.   US Patent 7,594,260 - Network Surveillance Using Long and Short-Term Statistical Profiles to Determine Suspicious Network Activity, 22 September 2009
  • 07.   US Patent 7,379,993 - Prioritizing Bayes Network Alerts, 27 May 2008
  • 06.   US Patent 7,143,444 - Application-layer Anomaly and Misuse Detection, 28 November 2006
  • 05.   US Patent 6,711,615 - Network Surveillanc, 23 March 2004
  • 04.   US Patent 6,708,212 - Network Surveillance, 16 March 2004
  • 03.   US Patent 6,704,874 - Network-based Alert Managemen, 9 March 2004
  • 02.   US Patent 6,484,203 - Hierarchical Event Monitoring and Analysis, 19 March 2004
  • 01.   US Patent 6,321,338 - Network Surveillance, 20 November 2001



Phillip Porras



Mark Bowden is a brilliant storyteller and just published a highly entertaining book, which tells the story of work that my friends and I did to combat the Conficker Worm.    I'm Chapter 1.
September 2011
Recent Research Results:
    I am a Co-Founder and Chief Scientist at Accuknox Inc., Program Director of the Internet Security Research in SRI International's Computer Science Laboratory, and an SRI Fellow.   I am an established and active researcher in the field of Computer and Network Security, including intrusion detection, alarm correlation, malware analysis, darkweb and social media analysis, cloud security, active and software-defined networks, 5G security, and wireless security. I have strong alliances with the whitehat community, and maintain ongoing collaborations with the top INFOSEC researchers in academia and the private sector. I have led multi-organizational large-scale projects with mixed academic and commercial collaborators, and have been a Principal Investigator for many projects sponsored by DARPA, DoD, DHS, NSF, NSA, commercial customers, and others. I have spun out network-based anti-malware technologies to two separate startup security companies, and have provided substantial commercial technology licenses of advanced security correlation technologies to several top-tier INFOSEC companies such as Symantec, Cisco, and IBM, resulting in approximately $100 Million in licensing revenue. Previously, I was a manager in the Trusted Computer Systems Department of the Aerospace Corporation, where I was also an experienced trusted product evaluator for NSA (which includes security testing, risk assessment, and penetration testing of systems and networks). I have participated on numerous program committees and editorial boards, and on multiple commercial company technical advisory boards. I have published more than 95 peer-reviewed INFOSEC publications, hold 33 U.S. patents involving INFOSEC technologies, and have been honored 3 times with Best Paper awards in academic symposiums.

Recent Coverage of My Work:
Giving a talk at the White House on Botnet Threats and Detection




March 2012:  SDNCentra Seminar - Insecurity in OpenFlow
The evening event with Phil Porras had an outstanding turnout, filling the Vitrine meeting room at the St. Regis Hotel, and giving Phil an attentive and appreciative audience for his unveiling of SRI International's FortNOX and FRESCO projects. Phil demonstrated how SDN and OpenFlow, if not properly secured, open up new forms of insidious attacks and vulnerabilities within the network layer. With a recorded screen-capture that showed a concrete example of one such attack, along with how FortNOX could put a stop to it, Phil's impressive demonstration had the audience applauding loudly as he wrapped up.

Hobbies: fun stuff!
Describing FortNOX and Fresco at the SDN Seminar on Security, San Francisco, 2012
Oh No!   I just heard Scholastic is going to stop publishing Weekly Reader Magazine (remember grade school?).  Well, at least I made a contribution:  Worm Infestation