Nina Taft
Intel Research Berkeley
2150 Shattuck Ave, Suite 1300
Berkeley, CA 94704-1347 USA
T +1-510-495-3082
F +1-510-495-3049
nina.taft@intel.com

Biography

Nina Taft is a senior research scientist at Intel Research Berkeley. Nina is interested in making the Internet a safer place, and thus works on security solutions both at the networking level and for end-hosts, such as laptops and desktops. She is interested in improving security through the smart use of measurement and inference technologies. In addition, she has worked in the areas of end-host profiling for reliability purposes, the application of diversity paradigms to security solutions, protection against data poisoning, overlay networks, and energy-aware proxies to reduce laptop energy consumption. Prior to joining Intel, Nina worked at Sprint Labs for 5 years. There, she worked on ISP traffic engineering problems such as traffic matrix estimation, routing, backbone traffic characterization and capacity planning. Prior to Sprint, she worked at SRI International in Menlo Park, CA, and conducted research on congestion control and QoS routing. Nina received her PhD from UC Berkeley.

Research

I work on the PROTEUS project that aims to provide protection from botnets by tackling the problem from two vantage points: the end user and the centralized enterprise network control center. Some of the solutions we are developing are intended to live on laptops and desktops; while other solutions are targeted to help IT departments manage network security more effectively within their enterprise. PROTEUS' general approach to botnet mitigation is based upon collecting lots of data about the user and the network, and building underlying models of normal behavior from this data. Our approach often relies on the application of data mining techniques to detect anomalous activities.

For end-host solutions, we build rich, user specific, location dependent behavioral profiles. These are composed by collecting a variety of data including network traffic patterns, location context, web browsing habits, user presence indicators, to name a few. Our behavioral-based detectors can successfully uncover covert botnet communication (when a PC communicates with the attack command and control center), and can identify attack activity in progress. A big focus in PROTEUS is that of reducing the number of false alarms that are generated, which are the bane of existing mitigation mechanisms in prevalence today.
For enterprise IT solutions, we are designing techniques that can rapidly differentiate a piece of malware as truly new (never seen before) from those malwares that are polymorphic variants of existing malware. Because IT departments can observe a few thousands of new malwares each day, this greatly helps human operators to sort out which malware requires manual inspection and which ones don't. A tool based on our malware classifier thus speeds up the productivity and effectiveness that IT security operators can provide to their enterprises.

There are various barriers to adoption for the use of data mining techniques in the field of security. I work with many colleagues to tackle some of these problems. For example, our research addresses questions such as:

1) How can we protect anomaly detection algorithms from data poisoning? A key challenge in designing data driven mechanisms is protecting against adversaries that can inject erroneous data into the measurement infrastructure, which leads to an inaccurate estimation of the normal behavior. If an algorithm learns the wrong model, the corresponding detector will behave poorly. To provide protection from data poisoning, we design algorithms that draw on methods from robust statistics to guard against such adversaries.
2) How can we reduce the amount of data needed by anomaly detectors to make them more scalable? Some data mining algorithms collect 'too much' data to do their job; that is, too much either in terms of the bandwidth wasted moving the data around, or in terms of excessive computation time. We are researching methods to achieve data reduction for anomaly detection methods that allow downsizing of the data collected without sacrificing the detection capabilities. We have focused on PCA-based techniques and spectral clustering ones.
3) How can we mine user data for botnet protection without violating a user's privacy? We are studying privacy-preserving anomaly detection methods and evaluating the tradeoffs between privacy protection and detection accuracy.

Service

Executive Committees, Editorial

ACM SIGCOMM PC co-chair 2007
Internet Measurement Conference - Steering Committee; 2005 - 2008.
Associate Editor for IEEE/ACM Transactions on Networking 2004-2007.
IEEE ICNP 2005 - Tutorial Co-Chair
First Internet Traffic Matrices Workshop 2003 - Steering Committee
IEEE Infocom 2000 - Financial Chair

Program Committees

ACM SIGCOMM 2009
Sigcomm Workshop on Enterprise Networks (WREN) 2009
2nd International Workshop on Green Communications at Globecom 2009
ACM SIGCOMM 2008
Asian Internet Engineering Conference (AINTEC) 2008
Hot Topics in Networks (Hot Nets) 2007
ACM CoNeXt 2006
ACM Sigmetrics 2006
Passive and Active Measurement Conference (PAM) 2006
ICNP Workshop on Secure Network Protocols (NPSec) 2005
ACM Sigcomm 2004
IEEE Infocom 2004
ACM International Measurement Conference (IMC) 2003
ACM Sigmetrics 2003
IEEE Infocom 2002
Hot Interconnects 2002
IEEE Infocom 2001
Hot Interconnects 2001
IEEE International Workshop on Quality-of-Service (IWQoS) 1999
IFIP Multimedia 1999

Publications

2009

Exploiting Temporal Persistence to Detect Covert Botnet Channels

F. Giroire, J. Chandrashekar, N. Taft, E. Schooler and K. Papagiannaki. Recent Advances in Intrusion Detection (RAID). September 2009.

Impact of IT Monoculture on Behavioral End Host Intrusion Detection

D. Barman, J. Chandrashekar, N. Taft, M. Faloutsos, L. Huang and F. Giroire. ACM SIGCOMM Workshop on Research on Enterprise Networks (WREN). August 2009. [PDF]

Stealthy Poisoning Attacks on PCA-based Anomaly Detectors

B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S. Lau, S. Rao, N. Taft and D. Tyger. ACM Sigmetrics. Extended Abstract. June 2009.[PDF]

Skilled in the Art of Being Idle: Reducing Energy Wasted in Networked Systems

S. Nedevschi, J. Chandrashekar, J. Liu, B. Nordman, S. Ratnasamy, and N. Taft. Networked Systems Design and Implementation (NSDI). April 2009. [PDF]

2008

Spectral Clustering with Perturbed Data

L. Huang, D. Yan, M. Jordan, and N. Taft. Neural Information Processing Systems (NIPS). December, 2008. [PDF]

How Healthy are Today's Enterprise Networks?

S. Guha, J. Chandrashekar, N. Taft and D. Papagiannaki. Internet Measurement Conference (IMC), Greece. October, 2008. [PDF]

Evading Anomaly Detection Through Variance Injection Attacks on PCA

B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S. Lau, N. Taft and D. Tyger. Recent Advances in Intrusion Detection (RAID). (Extended Abstract). Best Poster Award. September, 2008. [PDF]

The Cubicle Vs. The Coffee Shop: Behavioral Modes in Enterprise End-Users

F. Giroire, J. Chandrashekar, G. Iannaccone, K. Papagiannaki, E. Schooler and N. Taft. Passive and Active Measurement Workshop (PAM). April, 2008. [PDF]

Race Conditions in Coexisting Overlay Networks

R. Keralapura, C.-N. Chuah, N. Taft and G. Iannaccone. IEEE/ACM Transactions on Networking. February, 2008. [PDF]

2007

Approximate Decision Making in Large-Scale Distributed Systems

L. Huang, A. Joseph, M. Garofalakis and N. Taft. NIPS Workshop: Statistical Learning Techniques for Solving Systems Problems (MLSys). (Extended Abstract). December, 2007. [PDF]

IGP Link Weight Assignment for Operational Tier-1 Backbones

A. Nucci, S. Bhattacharyya, N. Taft and C. Diot. IEEE/ACM Transactions on Networking. August, 2007. [PDF]

Estimating Dynamic Traffic Matrices by using Viable Routing Changes

A. Soule, A. Nucci, R. Cruz, E. Leonardi and N. Taft. IEEE/ACM Transactions on Networking. June, 2007 [PDF]

Communication-Efficient Tracking of Distributed Cumulative Triggers

L. Huang, M. Garofalakis, A. Joseph and N. Taft. International Conference on Distributed Computing Systems (ICDCS). Toronto, Canada. June, 2007.

Communication-Efficient Online Detection of Network-Wide Anomalies.

L. Huang, X. Nguyen, M. Garofalakis, J. Hellerstein, M. Jordan, M. Joseph, and N. Taft. IEEE Infocom . Alaska. May, 2007. [PDF]

Profiling the End Host

T. Karagiannis, K. Papagiannaki, N. Taft and M. Faloutsos. Passive and Active Measurement Workshop (PAM) . Belgium. April, 2007. [PDF]

Public Health for the Internet: Towards A New Grand Challenge for Information Management

J. Hellerstein, T. Condie, M. Garofalakis, B.T. Loo, P. Maniatis, T. Roscoe, and N. Taft. Conference on Innovative Data Systems Research (CIDR). January, 2007.[PDF]

2006

In-Network PCA and Anomaly Detection

L Huang, X. Nguyen, M. Garofalakis, M. Jordon, A. Joseph and N. Taft. Neural Information Processing Systems (NIPS). December, 2006. [PDF]

An Independent Connection Model for Traffic Matrices.

V, Erramilli, M. Crovella and N. Taft. In ACM Internet Measurement Conference (IMC). Rio de Janeiro, Brazil. October, 2006. [PDF]

Toward Sophisticated Detection With Distributed Triggers

L. Huang, M. Garofalakis, J. Hellerstein, A. Joseph, and N. Taft. Workshop on Mining Network Data (MineNet), co-located at ACM SIGCOMM. September, 2006. [PDF]

A Fast Lightweight Approach to Origin-Destination IP Traffic Estimation Using Partial Measurements

G. Liang, N. Taft and B. Yu. Special joint issue of IEEE Transaction on Networking and IEEE Transactions on Information Theory. June, 2006. [PDF]

Sleeping Coordination for Comprehensive Sensing Using Isotonic Regression and Domatic Partitions

F. Koushanfar, N. Taft and M. Potkonjak. IEEE Infocom. Barcelona, Spain. March, 2006. [PDF]

2005

Traffic Matrix Tracking Using Kalman Filters

A. Soule, K. Salamatian, A. Nucci and N. Taft.ACM SIGMETRICS Performance Evaluation Review (PER) Vol. 33, Issue 3. Special issue on the First ACM Sigmetrics Workshop on Large Scale Networks Inference (LSNI). December, 2005. [PDF]

Can Coexisting Overlays Inadvertently Step on Each Other?

R. Keralapura, C.N. Chuah, N. Taft and G. Iannaconne. IEEE Proceedings of International Conference of Network Protocols (ICNP). November 2005. [PDF]

Combining Filtering and Statistical Methods for Anomaly Detection

A. Soule, K. Salamatian and N. Taft. In ACM/Sigcomm Internet Measurement Conference (IMC). Berkeley, CA. October, 2005. [PDF]

Long-Term Forecasting of Internet Backbone Traffic

K. Papagiannaki, N. Taft, Z.-L. Zhang and C. Diot. IEEE Transactions on Neural Networks, Vol. 15. No. 5. September, 2005.[PDF] An earlier conference version of this paper appeared in Proceedings of IEEE Infocom. San Francisco. April, 2003.[PDF] [PS]

The Problem of Synthetically Generating IP Traffic Matrices: Initial Recommendations

A. Nucci, A. Sridharan and N. Taft. ACM Computer Communications Review (CCR). July, 2005.[PDF]

Traffic Matrices: Balancing Measurements, Inference and Modeling

A. Soule, A. Lakhina, N. Taft, K. Papagiannaki, K. Salamatian, A. Nucci, M. Crovella and C. Diot. ACM Sigmetrics. June, 2005. [PDF]

Increasing Link Utilization in IP over WDM Networks Using Availability as QoS

A. Nucci, N. Taft, P. Thiran, H. Zhang and C. Diot. Photonic Network Communications Journal (special issue on Mesh Restoration). Kluwer Academic Publishers. Vol 9.1, pp 55-75. January, 2005. [PDF] [PS]

2004

Controlled Use of Excess Backbone Bandwidth for Providing New Services in IP-over-WDM Networks

A. Nucci, N. Taft, C. Barakat, and P. Thiran. IEEE Journal on Selected Areas in Communications (JSAC). November 2004 [PDF]

Can ISP's Take the Heat from Overlay Networks?

R. Keralapura, N. Taft, C.N. Chuah, and G. Iannaconne. ACM HotNets Workshop. November, 2004. San Diego. [PDF]

Can ISPs and Overlay Networks form a Synergistic Co-existance?

R. Keralapura, N. Taft, G. Iannaconne, and C.-N. Chuah. IFIP/IEEE Distributed Systems: Operations and Management (DSOM). (extended abstract) November 2004 [PDF]

A Distributed Approach to Measure IP Traffic Matrices

K. Papagiannaki, N. Taft and A. Lakhina. ACM Internet Measurement Conference (IMC). October 2004. [PDF]

Maximum Entropy Models: Convergence Rates and Applications in Dynamic System Monitoring

G. Liang, B. Yu and N. Taft. IEEE International Symposium on Information Theory (ISIT). June 2004. Extended abstract version [PDF], Short paper version [PDF].

How to Identify and Estimate the Largest Traffic Matrix Elements in a Dynamic Environment

A. Soule, A. Nucci, E. Leonardi, R. Cruz, and N. Taft. ACM Sigmetrics. June 2004. [PDF]

Structural Analysis of Network Traffic Flows.

A. Lakhina, K. Papagiannaki, M. Crovella, C. Diot, E. Kolacyzk, and N. Taft. ; ACM Sigmetrics. June 2004. [PDF]

Flow Classification Using Histograms or How To Go on Safari on the Internet

A. Soule, K. Salamatian, N. Taft, R. Emilion and K. Papagiannaki. ACM Sigmetrics. June 2004. [PDF]

Design of IGP Link Weights for Estimation of Traffic Matrices

A. Nucci, R. Cruz, N. Taft and C. Diot. Proceedings of IEEE Infocom. Hong Kong. March, 2004. [PDF]

Impact of Flow Dynamics on Traffic Engineering Principles

K. Papagiannaki, N. Taft and C. Diot. Proceedings of IEEE Infocom. Hong Kong. March, 2004. [PDF]

2003

IGP Link Weight Assignment for Transient Link Failures

A. Nucci, B. Schroeder, S. Bhattacharyya, N. Taft and C. Diot. International Teletraffic Congress (ITC). September 2003.[PDF] [PS]

Network Availability Based Service Differentiations

M. Durvy, C. Diot, N. Taft and P. Thiran. Proceedings of International Workshop on Quality-of-Service (IWQoS). June 2003. [PDF]

An Approach to Alleviate Link Overload as Observed on an IP Backbone

S. Iyer, S. Bhattacharyya, N. Taft and C. Diot. Proceedings of IEEE Infocom. April, 2003. [PDF]

Increasing the Robustness of IP Backbones in the Absence of Optical Level Protection

F. Giroire, A. Nucci, N. Taft and C. Diot. Proceedings of IEEE Infocom. April, 2003. [PDF]

2002

Traffic Matrix Estimation: Existing Techniques and New Directions

A. Medina, N. Taft, K. Salamatian, S. Bhattacharyya, C. Diot. ACM SIGCOMM. August 2002. [PS]

A Taxonomy of IP Traffic Matrices

A. Medina, C. Fraleigh, N. Taft, S. Bhattacharyya and C. Diot. SPIE ITCOM: Scalability and Traffic Control in IP Networks II. August 2002. [PS]

Increasing Link Utilization without Penalty in IP over WDM Networks

A. Nucci, N. Taft, P. Thiran, H. Zhang, C. Diot. SPIE Opticomm. August 2002. [PDF]

A Pragmatic Definition of Elephants in Internet Backbone Traffic

K. Papagiannaki, N. Taft, S. Bhattacharyya, P. Thiran, K. Salamatian and C. Diot. ACM Sigcomm Internet Measurement Workshop (IMW) (extended abstract). May 2002. [PDF]

Geographical and Temporal Characteristics of Inter-POP Flows: View from a Single POP

S. Bhattacharyya, C. Diot, J. Jetcheva and N. Taft. European Transactions on Telecommunications. February 2002. [PS]

Tutorial

The Basics of BGP Routing and It's Performance in Today's Internet

Nina Taft. Presented at RHDM (Reseaux Haut Debit et Multimedia) High Speed Multimedia Networks. French National Summer School. Corsica, France. May 2001. [PPT]

Book Chapter

Neural Network Methods for Call Admission Control

Richard Ogier and Nina Taft-Plotkin. Computational Intelligence in Telecommunications Networks. Chapter 2. Editor: Witold Pedrycz. CRC Press. 2001. [PS]