Valdes receives RAID 2012 Most Influential Paper Award

by Elise King, CSL Communications

ITI researcher Alfonso Valdes, managing director of smart grid technologies, has received the RAID 2012 Most Influential Paper Award. This is the first time that the International Symposium on Research in Attacks, Intrusions and Defenses (RAID) has had such an award, and it was given to Valdes for having one of the most influential papers during the first five years of the RAID conference.

Valdes co-wrote the paper with software engineer Keith Skinner while the two worked at SRI International, a non-profit research institute in Menlo Park, Calif. His paper, titled “Probabilistic Alert Correlation,” focused on managing the flood of alerts from computer intrusion detection systems. When the paper was first written in the early 2000s, an increasing amount of people were deploying intrusion detection systems that would alert them when a potential attack was taking place. However, it was difficult to correlate a potentially large number of alerts from heterogeneous sensors.

“The idea was to take potentially many thousands of alerts … and reduce them to something that makes sense and would be actionable for a network operator,” Valdes said. Previously heuristic, or rule-based, methods had been used to solve this kind of proble. However, “Our work was different because we used probabilistic approach,” Valdes said. Their method correlated attacks over time, multiple attack steps and reports from heterogeneous sensors.

Since the paper was published, the concepts in the paper have been widely adopted in SIEM, or security information event management, and similar products, Valdes said.
Valdes had been involved with the RAID conference since publishing the paper. He served as program chair in 2005 and general chair in 2011.

Valdes attended the RAID 2012 conference earlier in September, where he briefly discussed the paper and its impact, and received his award for having the most influential paper.