Recent Press About My Work

From NEW YORK TIMES, 06 December 2008   
News Articles About My Work:  The Guardian/UK (February 2012),  The Atlantic (June 2010), Krebsonsecurity (February 2010), Technology Review (February 2010),  The Register (UK) (December 2009),  Ars Technia (December 2009),  PC World (October 2009, and CIO Magazine and MSN), (July 2009), Wired Magazine (July 2009), New Scientist Journal (June 2009), U.S. Whitehouse Cyber Policy Review (June 2009),  Scientific America (June 2009), PC World (4/25/2009), Network World (4/24/2009), Computer World (4/16/2009), Information Week (4/13/2009), Financial Times (4/10/2009), Information Week (4/2/2009), Network World (4/1/2009), OS News (3/31/2009), PC World (3/31/2009), Investors Business Daily (3/31/2009),  San Francisco Chronicle (3/31/2009), Computer World (3/30/2009), The Guardian (3/20/2009), InfoWorld (3/27/2009), Security Focus (3/27/2009), Wall Street Journal (3/26/2009), The Register [UK] (3/26/2009)  ABC News (3/25/2009), Information Week (3/25/2009), USA Today (3/24/3009), PC Magazine (Article 1, Article 2) (3/23/2009), Red Orbit (2/22/2009), Slashdot (3/21/2009), Bits.NYTimes.Com (3/19/2009),  NY Times (3/18/2009), The Tech Herald (3/13/2009),  Security Focus (3/09/2009), PC Magazine (2/23/2009),  NY Time (2/23/2009),  PC World (2/20/2009), The Tech Herald (2/20/2009), PC World (2/19/2009),  Security Focus (2/13/2009),  Washington Post (2/13/2009),  PC World/Network World (1/23/2009), New York Times (1/23/2009),  MIT Technology Review (1/23/2009),  ZDNet Asia (12/30/2008),  USA Today Tech (12/09/2008), (12/22/2008), New York Times (12/06/2008), The Tech Harold (12/05/2008), Federal News Radio [Segment1.mp3, Segment2.mp3] (12/04/2006),  Information Week (11/26/2008), IEEE Computer Magazine (11/2008), SecurityFocus (11/25/2008),  SC Magazine (11/25/2008),  Heise Security [in English] (11/05/2008),  Windows Online Magazine DE (11/05/2008), Wiener Zeitung AT (11/06/2008), San Francisco Chronicle (10/08/2007), Microsoft Certified Professional Magazine (09/2007), ComputerWorld (09/28/2007), ZDNet (07/23/2008), SecurityFocus (07/2008), (07/2008), Arc Technica (07/2008), TechTarget (07/2008),  Security Focus [quoted] (04/2008)., MSNBC (04/10/2008), Information Security Magazine (3/2002), KTVU Channel 2 News [Video - WMV] (10/08/2007), KGO Radio Interview [Audio - MP3] (10/10/2007).
Top 10 Wicked Cool Algorithms!  November 2008 - This article includes a round-up of interesting algorithms and looks at how they impact the community. Number nine on the list is "Highly Predictive Blacklisting,"  which I jointly developed with Prof. Jian Zhang:

See  Network World  November 2008, and PC World   and
Research Interests:
Intrusion detection, high assurance computing, security evaluation, network management and alarm correlation, privacy-preserving collaborative systems, formal malware analysis, network security, openflow and software defined networks, malware defense, and mobile security.

Publications, Patents, and Major reports

Intrusion Detection

High Assurance Computing

Network Management and Alarm Correlation

Privacy-Preserving Collaborative Systems

Formal Analyses

Network Security

Human Computer Interfaces

Malware Defense

Mobile and Wireless Security

Other Published Reports


Intellectual property from my research has been licensed by MANY of the top companies that lead the INFOSEC and Network industries.

  • 28.   US Patent 10,270,803 - Method and apparatus for detecting malware infection Natural language dialog-based security help agent for the network administrator, 23 April 2019
  • 27.   US Patent 10,205,641 - Natural language dialog-based security help agent for the network administrator, 2 April 2019
  • 26.   US Patent 10,205,637 - Impact analyzer for a computer network, 12 February 2019
  • 25.   US Patent 10,116,696 - Network privilege manager for a dynamically programmable computer network, 30 October 2018
  • 24.   US Patent 10,050,868 - Multimodal help agent for network administrator, 14 August 2018
  • 23.   US Patent 9,973,473 - Methods, systems, and computer readable media for rapid filtering of opaque data traffic, 15 May 2018
  • 22.   US Patent 9,917,860 - Visually intuitive interactive network cyber defense, 13 March 2018
  • 21.   US Patent 9,750,918 - Security mediation for dynamically programmable networks, 11 July 2017
  • 20.   US Patent 9,680,876 - Method and System for Protecting Data Flow at a Mobile Device, 13 June 2017
  • 19.   US Patent 9,571,523 - Security Actuator for a Dynamically Programmable Computer Network, 14 February 2017
  • 18.   US Patent 9,444,842 - Security Mediation for Dynamically Programmable Networks, 13 September 2016
  • 17.   US Patent 9,407,509 - Network Surveillance, 2 August 2016
  • 16.   US Patent 9,210,194 - Method and System for Protecting Data Flow at a Mobile Device, 8 December 2015
  • 15.   US Patent 9,083,712 - Method and Apparatus for Generating Highly Predictive Blacklists, 14 July 2015
  • 14.   US Patent 9,047,463 - Method and System for Protecting Data Flow at a Mobile Device, 2 June 2015
  • 13.   US Patent 8,955,122 - Method and Apparatus for Detecting Malware Infection, 15 February 2015
  • 12.   US Patent 8,249,028 - Method and Apparatus for Identifying Wireless Transmitters , 21 August 2012
  • 11.   US Patent 8,214,901 - Method and Apparatus for Combating Malicious Code, 3 July 2012
  • 10.   US Patent 7,724,717 - Method and Apparatus for Wireless Network Security, 25 May 2010
  • 09.   US Patent 7,694,115 - Network-based Alert Management Systems, 10 April 2010
  • 08.   US Patent 7,594,260 - Network Surveillance Using Long and Short-Term Statistical Profiles to Determine Suspicious Network Activity, 22 September 2009
  • 07.   US Patent 7,379,993 - Prioritizing Bayes Network Alerts, 27 May 2008
  • 06.   US Patent 7,143,444 - Application-layer Anomaly and Misuse Detection, 28 November 2006
  • 05.   US Patent 6,711,615 - Network Surveillanc, 23 March 2004
  • 04.   US Patent 6,708,212 - Network Surveillance, 16 March 2004
  • 03.   US Patent 6,704,874 - Network-based Alert Managemen, 9 March 2004
  • 02.   US Patent 6,484,203 - Hierarchical Event Monitoring and Analysis, 19 March 2004
  • 01.   US Patent 6,321,338 - Network Surveillance, 20 November 2001

Phillip Porras

Mark Bowden is a brilliant storyteller and just published a highly entertaining book, which tells the story of work that my friends and I did to combat the Conficker Worm.    I'm Chapter 1.
September 2011
Most Recent Publications:
    I am a Program Director, an SRI Fellow, and leader of SRI's Internet Security Group in the Computer Science Laboratory at SRI International.  We are established leaders in live Internet malware binary harvesting, malware binary static and dynamic analyses, and network-based malware infection analysis. My group has strong alliances with the whitehat community, and maintains ongoing collaborations with the top INFOSEC researchers in academia and the private sector. I have been a Principal Investigator for many research projects sponsored by DARPA, DoD, DHS, NSF, NSA, commercial customers, and others.  I have led multi-organizational large-scale projects with mixed academic and commercial collaborators, led many advanced research projects, and have been highly productive in acquiring goverment, military, and commercial projects involving Cyber Security R&D.  I am an active researcher, publishing and conducting technology development in intrusion detection, alarm correlation, malware analysis, network security, darkweb analytics, active and software-defined networks, and wireless security. Previously, I was a manager in the Trusted Computer Systems Department of the Aerospace Corporation, where I was also an experienced trusted product evaluator for NSA (which includes security testing, risk assessment, and penetration testing of systems and networks). I've participated on numerous program committees, and editorial boards, and on multiple commercial company technical advisory boards.  My research technologies have transitioned as lead products in multiple companies, I hold twenty eight (28) U.S. patents involving INFOSEC technologies, and have been awarded Best Paper honors in 1995, 1999, and 2008.
Recent Coverage of My Work:
Infected America Videos:
Example Project Videos:
Giving a talk at the White House on Botnet Threats and Detection

March 2012:  SDNCentra Seminar - Insecurity in OpenFlow
The evening event with Phil Porras had an outstanding turnout, filling the Vitrine meeting room at the St. Regis Hotel, and giving Phil an attentive and appreciative audience for his unveiling of SRI International's FortNOX and FRESCO projects. Phil demonstrated how SDN and OpenFlow, if not properly secured, open up new forms of insidious attacks and vulnerabilities within the network layer. With a recorded screen-capture that showed a concrete example of one such attack, along with how FortNOX could put a stop to it, Phil's impressive demonstration had the audience applauding loudly as he wrapped up.

Hobbies: fun stuff!
Describing FortNOX and Fresco at the SDN Seminar on Security, San Francisco, 2012
Oh No!   I just heard Scholastic is going to stop publishing Weekly Reader Magazine (remember grade school?).  Well, at least I made a contribution:  Worm Infestation