Biography


Recent Press About My Work


From NEW YORK TIMES, 06 December 2008   
News Articles About My Work:  The Guardian/UK (February 2012),  The Atlantic (June 2010), Krebsonsecurity (February 2010), Technology Review (February 2010),  The Register (UK) (December 2009),  Ars Technia (December 2009),  PC World (October 2009, and CIO Magazine and MSN),  CNN.com (July 2009), Wired Magazine (July 2009), New Scientist Journal (June 2009), U.S. Whitehouse Cyber Policy Review (June 2009),  Scientific America (June 2009), PC World (4/25/2009), Network World (4/24/2009), Computer World (4/16/2009), Information Week (4/13/2009), Financial Times (4/10/2009), Information Week (4/2/2009), Network World (4/1/2009), OS News (3/31/2009), PC World (3/31/2009), Investors Business Daily (3/31/2009),  San Francisco Chronicle (3/31/2009), Computer World (3/30/2009), The Guardian (3/20/2009), InfoWorld (3/27/2009), Security Focus (3/27/2009), Wall Street Journal (3/26/2009), The Register [UK] (3/26/2009)  ABC News (3/25/2009), Information Week (3/25/2009), USA Today (3/24/3009), PC Magazine (Article 1, Article 2) (3/23/2009), Red Orbit (2/22/2009), Slashdot (3/21/2009), Bits.NYTimes.Com (3/19/2009),  NY Times (3/18/2009), The Tech Herald (3/13/2009),  Security Focus (3/09/2009), PC Magazine (2/23/2009),  NY Time (2/23/2009),  PC World (2/20/2009), The Tech Herald (2/20/2009), PC World (2/19/2009),  Security Focus (2/13/2009),  Washington Post (2/13/2009),  PC World/Network World (1/23/2009), New York Times (1/23/2009),  MIT Technology Review (1/23/2009),  ZDNet Asia (12/30/2008),  USA Today Tech (12/09/2008), SearchSecurity.com (12/22/2008), New York Times (12/06/2008), The Tech Harold (12/05/2008), Federal News Radio [Segment1.mp3, Segment2.mp3] (12/04/2006),  Information Week (11/26/2008), IEEE Computer Magazine (11/2008), SecurityFocus (11/25/2008),  SC Magazine (11/25/2008),  Heise Security [in English] (11/05/2008),  Windows Online Magazine DE (11/05/2008), Wiener Zeitung AT (11/06/2008), San Francisco Chronicle (10/08/2007), Microsoft Certified Professional Magazine (09/2007), ComputerWorld (09/28/2007), ZDNet (07/23/2008), SecurityFocus (07/2008), Silicon.com (07/2008), Arc Technica (07/2008), TechTarget (07/2008),  Security Focus [quoted] (04/2008)., MSNBC (04/10/2008), Information Security Magazine (3/2002), KTVU Channel 2 News [Video - WMV] (10/08/2007), KGO Radio Interview [Audio - MP3] (10/10/2007).
Top 10 Wicked Cool Algorithms!  November 2008 - This article includes a round-up of interesting algorithms and looks at how they impact the community. Number nine on the list is "Highly Predictive Blacklisting,"  which I jointly developed with Prof. Jian Zhang:

See  Network World  November 2008, and PC World   and TechWorld.com
Research Interests:
Intrusion detection, high assurance computing, security evaluation, network management and alarm correlation, privacy-preserving collaborative systems, formal malware analysis, network security, openflow and software defined networks, malware defense, and mobile security.

Publications, Patents, and Major reports

Intrusion Detection

High Assurance Computing

Network Management and Alarm Correlation

Privacy-Preserving Collaborative Systems

Formal Analyses

Network Security

Human Computer Interfaces

Malware Defense

Mobile and Wireless Security


Other Published Reports

Patents

Intellectual property from my research has been licensed by MANY of the top companies that lead the INFOSEC and Network industries.

  • 30.   US Patent 10,333,988 - Security mediation for dynamically programmable network, 25 June 2019
  • 29.   US Patent 10,291,653 - Visually intuitive interactive network management, 14 May 2019
  • 28.   US Patent 10,270,803 - Method and apparatus for detecting malware infection Natural language dialog-based security help agent for the network administrator, 23 April 2019
  • 27.   US Patent 10,205,641 - Natural language dialog-based security help agent for the network administrator, 2 April 2019
  • 26.   US Patent 10,205,637 - Impact analyzer for a computer network, 12 February 2019
  • 25.   US Patent 10,116,696 - Network privilege manager for a dynamically programmable computer network, 30 October 2018
  • 24.   US Patent 10,050,868 - Multimodal help agent for network administrator, 14 August 2018
  • 23.   US Patent 9,973,473 - Methods, systems, and computer readable media for rapid filtering of opaque data traffic, 15 May 2018
  • 22.   US Patent 9,917,860 - Visually intuitive interactive network cyber defense, 13 March 2018
  • 21.   US Patent 9,750,918 - Security mediation for dynamically programmable networks, 11 July 2017
  • 20.   US Patent 9,680,876 - Method and System for Protecting Data Flow at a Mobile Device, 13 June 2017
  • 19.   US Patent 9,571,523 - Security Actuator for a Dynamically Programmable Computer Network, 14 February 2017
  • 18.   US Patent 9,444,842 - Security Mediation for Dynamically Programmable Networks, 13 September 2016
  • 17.   US Patent 9,407,509 - Network Surveillance, 2 August 2016
  • 16.   US Patent 9,210,194 - Method and System for Protecting Data Flow at a Mobile Device, 8 December 2015
  • 15.   US Patent 9,083,712 - Method and Apparatus for Generating Highly Predictive Blacklists, 14 July 2015
  • 14.   US Patent 9,047,463 - Method and System for Protecting Data Flow at a Mobile Device, 2 June 2015
  • 13.   US Patent 8,955,122 - Method and Apparatus for Detecting Malware Infection, 15 February 2015
  • 12.   US Patent 8,249,028 - Method and Apparatus for Identifying Wireless Transmitters , 21 August 2012
  • 11.   US Patent 8,214,901 - Method and Apparatus for Combating Malicious Code, 3 July 2012
  • 10.   US Patent 7,724,717 - Method and Apparatus for Wireless Network Security, 25 May 2010
  • 09.   US Patent 7,694,115 - Network-based Alert Management Systems, 10 April 2010
  • 08.   US Patent 7,594,260 - Network Surveillance Using Long and Short-Term Statistical Profiles to Determine Suspicious Network Activity, 22 September 2009
  • 07.   US Patent 7,379,993 - Prioritizing Bayes Network Alerts, 27 May 2008
  • 06.   US Patent 7,143,444 - Application-layer Anomaly and Misuse Detection, 28 November 2006
  • 05.   US Patent 6,711,615 - Network Surveillanc, 23 March 2004
  • 04.   US Patent 6,708,212 - Network Surveillance, 16 March 2004
  • 03.   US Patent 6,704,874 - Network-based Alert Managemen, 9 March 2004
  • 02.   US Patent 6,484,203 - Hierarchical Event Monitoring and Analysis, 19 March 2004
  • 01.   US Patent 6,321,338 - Network Surveillance, 20 November 2001



Phillip Porras



Mark Bowden is a brilliant storyteller and just published a highly entertaining book, which tells the story of work that my friends and I did to combat the Conficker Worm.    I'm Chapter 1.
September 2011
Recent Work:
    I am a Program Director, an SRI Fellow, and leader of SRI's Internet Security Group in the Computer Science Laboratory at SRI International.  I am an established and active researcher in the field of Computer and Network Security, including intrusion detection, alarm correlation, malware analysis, darkweb and social media analysis, active and software-defined networks, and wireless security. I have strong alliances with the whitehat community, and maintain ongoing collaborations with the top INFOSEC researchers in academia and the private sector. I have led multi-organizational large-scale projects with mixed academic and commercial collaborators, and have been a Principal Investigator for many projects sponsored by DARPA, DoD, DHS, NSF, NSA, commercial customers, and others. I have spun out network-based anti-malware technologies to two separate startup security companies, and have provided substantial commercial technology licenses of advanced security correlation technologies to several top-tier INFOSEC companies such as Symantec, Cisco, and IBM. Previously, I was a manager in the Trusted Computer Systems Department of the Aerospace Corporation, where I was also an experienced trusted product evaluator for NSA (which includes security testing, risk assessment, and penetration testing of systems and networks). I've participated on numerous program committees and editorial boards, and on multiple commercial company technical advisory boards. I have published more than 80 technical papers, hold thirty (30) U.S. patents involving INFOSEC technologies, and have been awarded Best Paper honors in 1995, 1999, and 2008.
Recent Coverage of My Work: Example Project Videos:
Giving a talk at the White House on Botnet Threats and Detection




March 2012:  SDNCentra Seminar - Insecurity in OpenFlow
The evening event with Phil Porras had an outstanding turnout, filling the Vitrine meeting room at the St. Regis Hotel, and giving Phil an attentive and appreciative audience for his unveiling of SRI International's FortNOX and FRESCO projects. Phil demonstrated how SDN and OpenFlow, if not properly secured, open up new forms of insidious attacks and vulnerabilities within the network layer. With a recorded screen-capture that showed a concrete example of one such attack, along with how FortNOX could put a stop to it, Phil's impressive demonstration had the audience applauding loudly as he wrapped up.

Hobbies: fun stuff!
Describing FortNOX and Fresco at the SDN Seminar on Security, San Francisco, 2012
Oh No!   I just heard Scholastic is going to stop publishing Weekly Reader Magazine (remember grade school?).  Well, at least I made a contribution:  Worm Infestation