IDS mailing list archives
RE: IDS PhD resarch query
From: "Stuart Staniford" <stuart () nevisnetworks com>
Date: Sat, 16 Apr 2005 10:15:52 +0530
Dear all, I am intending to pursue my PhD in computer security. Has anyone got any experience in what it takes to do a PhD?
I need to refine an area of research. There are so many areas and i don't want to pick an area that may get solved while i do my PhD and hence render my work useless. This will always be an issues i guess!
The choice of what to work on is the most critical choice a researcher makes. The bad news is that as a beginning graduate student you won't have enough knowledge of the field to make good judgements about this (independent of how smart or creative you are, you just won't have the knowledge base). If you try to pick a thesis topic entirely by yourself, or with advice off a mailing list, your chances of being successful are quite poor. It is your PhD advisor's task to help you. Your first step is to find the best advisor who will take you as a student. What you want is someone who has already proven their ability to make creative contributions to intrusion detection research, and who you personally like enough to feel like you can work with them for several years. A very crude metric that is easy to do is go to scholar.google.com and do a search on "intrusion detection". People who are authors on multiple papers with more than a handful of citations are possible candidates to be a decent advisor. Top people have many papers, some with hundreds of citations, but they will generally only take extremely bright and creative students (and their judgement of a student's potential is likely to be quite good). You'll have to be the judge of what your level is. Networking can help. Professors who you have a good relationship with may be able to suggest others they know. Your other main job as a beginning student is to learn the field. You need to read as much of the literature (both classic papers and recent trends) as you can. Try to read academic papers (scholar.google.com is again a guide to what has been influential) but also the output of the blackhat community (Phrack is a good place to start), and security researchers at vendors (eg the kinds of papers posted on SecurityFocus). They are three very different worlds but all of them need to be understood to have a realistic understanding of intrusion detection. Stuart. -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- IDS PhD resarch query secure knowledge (Apr 15)
- RE: IDS PhD resarch query Stuart Staniford (Apr 19)