Salvatore J. Stolfo

PROFESSOR OF COMPUTER SCIENCE

606  CEPSR 
Mail Code 0401

Tel(212) 939-7080
Fax(212) 666-0140

Research Interests

Computer security, machine learning applied to intrusion detection, insider threat and advanced persistent threat mitigation, security of embedded devices, active defense, behavioral analytics, deception, authentication, and Internet privacy.

Stolfo is regarded as creating the area of machine learning applied to intrusion detection and has created several anomaly-detection algorithms and systems addressing some of the hardest problems in securing computer systems. Of particular note is his interest in detecting zero-day attacks and credential theft. Stolfo is also co-inventor of a novel technology that automatically injects intrusion detection functionality into arbitrary special-purpose embedded devices. Stolfo has been granted over 60 patents.

Stolfo received a BS in Computational Information Sciences from Brooklyn College, CUNY, in 1975 and a PhD in Computer Science from Courant Institute, New York University, in 1979. 

PROFESSIONAL EXPERIENCE

  • Professor of computer science, Columbia University, 1997-
  • Chair of computer science, Columbia University, 1986-1987
  • Tenured associate professor of computer science, Columbia University, 1987-1997
  • Associate professor of computer science, Columbia University, 1984-1987
  • Assistant professor of computer science, Columbia University, 1979–1984

HONORS & AWARDS

  • Popular Science Award of “What Best of what’s new”, 2016.
  • IBM Faculty Career Development Award
  • Numerous best paper awards and IEEE Security & Privacy “most influential” paper. 

SELECTED PUBLICATIONS

  • Adrian Tang, Simha Sethumadhavan and Salvatore J Stolfo,  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management, , Usenix Security, 2017.
  • Jonathan Voris, Malek Ben Salem, Yingbo Song and Salvatore J Stolfo, You are what you use: An Initial Study of Authenticating Mobile Users via Application Usage, , 8th EAI Int Conference on Mobile Computing, Applications and Service, Mobicase 2016.
  • Adrian Tang, Simha Sethumadhavan and Salvatore J Stolfo, Heisenbyte, Thwarting Memory Disclosure Attacks using Destructive Code Reads, ACM CCS 2015. 
  • Jonathan Voris, Angelos Keromytis, and Salvatore J Stolfo, Bait and Snitch: Defending Computer Systems with Decoys, (T.Saadawi, L. Jordan, editors), Cyber Infrastructure Protection, Volume 3, SSI, January 2014.
  • Ang Cui, and Salvatore J. Stolfo, Symbiotes and Defensive Mutualism: Moving Target Defense, in Moving Target Defense, Creating Asymmetric Uncertainty for Cyber Threats, (Jajodia, Ed.), ISBN: 978-1-4614-0976-2,Springer, 2011.
  • Brian Bowen, Malek Ben Salem and Salvatore J Stolfo, Insider Threats, in Encyclopedia of Cryptography and Security (2nd Ed.), (Jajodia, Editor), Springer, 2011.
  • Brian Bowen, R Devaragan and Salvatore J Stolfo, Measuring the Human Factor of Cyber Security, Proc. IEEE Homeland Security Technology Conference, IEEE HST, 2011.(Best Paper award)
  • Malek Ben Salem and Salvatore J. Stolfo, Detecting Masqueraders: A Comparison of One-Class Bag-of-Words User Behavior Modeling Techniques",  Insider Threat Workshop MIST 2010. (Best Paper Award)
  • Ang Cui and Salvatore J Stolfo, A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan, Ang Cui and Salvatore J. Stolfo, Annual Computer Security Applications Conference, ACSAC, 2010. (Best Paper Award)
  • Ke Wang, Janek Parekh, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack, Proc. Int. Conf. on Recent Advanced in Intrusion Detection, RAID06, 2006
  • S Gupta, Gail Kaiser, and Salvtore J Stolfo, Extracting Context To Improve Accuracy For HTML Content Extraction, Int. World Wide Web Conference, WWW 2005. (Best student paper award.)
  • Ke Wang and Salvatore J Stolfo, Anomalous Payload-based Network Intrusion Detection, Recent Advances in Intrusion Detection, RAID-2004, France, 2004.
  • Matthew Schultz, Eleazar Eskin and Salvatore J Stolfo, MEF, Malicious Email Filter, A Unix Mail Filter that Detects Malicious Windows Executables, USENIX Technical Symposium FREENIX Track, 2001, (Best Student Paper Award).
  • Wenke Lee, Kui Mok and Salvatore J Stolfo, A Data Mining Framework for Building Intrusion Detection Models, IEEE Symposium on Security and Privacy, 1999. 
  • Wenke Lee, Kui Mok and Salvatore J Stolfo, Mining in a Dataflow Environment: Experience in Network Intrusion Detection, (In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD ‘99), San Diego, CA, August, 1999. Best Paper Award in Applied Research Category), 1999.
  • Andreas Prodromidis, Shelley Tselepsis, Wenke Lee, Wei Fan, Philip Chan and Salvatore J Stolfo, JAM: Java Agents for Meta-Learning for Distributed Data Mining, Int. Conf. On Knowledge Discovery in Databases and Data Mining KDD97, (Runner Up Best Paper Award KDD-97), 1997.
  • Mark Lerner, Gerald Maguire and Salvatore J Stolfo, An Overview of the DADO Parallel Computer Proc. 1985 National Computer Conference, Chicago, IL, 1985, (Invited article), 1985.