<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><br class="Apple-interchange-newline"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">Sania Sadhvani &lt;<a href="mailto:sadhvani@Princeton.EDU" class="">sadhvani@Princeton.EDU</a>&gt;<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">EE Seminar - April 28, 2016, 11:00 am, E-Quad B205 - Dr. Zhichun Li</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">April 25, 2016 at 2:54:21 PM EDT<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><a href="mailto:ee-seminar@Princeton.EDU" class="">ee-seminar@Princeton.EDU</a><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Reply-To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">Sania Sadhvani &lt;<a href="mailto:sadhvani@Princeton.EDU" class="">sadhvani@Princeton.EDU</a>&gt;<br class=""></span></div><br class=""><div class="">

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" class="">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)" class="">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style class=""><!--
/* Font Definitions */
@font-face
        {font-family:Cambria;
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Aharoni;
        panose-1:2 1 8 3 2 1 4 3 2 3;}
@font-face
        {font-family:Georgia;
        panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
        {font-family:NewCenturySchlbk;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1027" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->

<div lang="EN-US" link="blue" vlink="purple" class="">
<div class="WordSection1"><p class="MsoNormal" align="center" style="text-align:center"><b class=""><span style="font-size:22.0pt;font-family:NewCenturySchlbk" class="">&nbsp;</span></b></p><p class="MsoNormal" align="center" style="text-align:center"><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
<v:stroke joinstyle="miter" />
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0" />
<v:f eqn="sum @0 1 0" />
<v:f eqn="sum 0 0 @1" />
<v:f eqn="prod @2 1 2" />
<v:f eqn="prod @3 21600 pixelWidth" />
<v:f eqn="prod @3 21600 pixelHeight" />
<v:f eqn="sum @0 0 1" />
<v:f eqn="prod @6 1 2" />
<v:f eqn="prod @7 21600 pixelWidth" />
<v:f eqn="sum @8 21600 0" />
<v:f eqn="prod @7 21600 pixelHeight" />
<v:f eqn="sum @10 21600 0" />
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect" />
<o:lock v:ext="edit" aspectratio="t" />
</v:shapetype><v:shape id="Picture_x0020_2" o:spid="_x0000_s1026" type="#_x0000_t75" alt="shieldor" style='position:absolute;left:0;text-align:left;margin-left:44.25pt;margin-top:2.45pt;width:96.8pt;height:88.9pt;z-index:-251658240;visibility:visible;mso-wrap-style:square;mso-width-percent:0;mso-height-percent:0;mso-wrap-distance-left:9pt;mso-wrap-distance-top:0;mso-wrap-distance-right:9pt;mso-wrap-distance-bottom:0;mso-position-horizontal:absolute;mso-position-horizontal-relative:text;mso-position-vertical:absolute;mso-position-vertical-relative:text;mso-width-percent:0;mso-height-percent:0;mso-width-relative:page;mso-height-relative:page'>
<v:imagedata src="cid:image001.png@01D19F02.593854F0" o:title="shieldor" />
<w:wrap type="tight"/>
</v:shape><![endif]--><!--[if !vml]--><img width="129" height="119" align="left" hspace="12" alt="shieldor" v:shapes="Picture_x0020_2" class="" apple-inline="yes" id="25F0CEE5-B6EE-41FB-B2C0-16FBA3AAE0E1" apple-width="yes" apple-height="yes" src="cid:image002.jpg@01D19F02.593854F0"><!--[endif]--><b class=""><span style="font-size:22.0pt;font-family:NewCenturySchlbk" class="">DEPARTMENT
 OF <o:p class=""></o:p></span></b></p><p class="MsoNormal" align="center" style="text-align:center"><b class=""><span style="font-size:22.0pt;font-family:NewCenturySchlbk" class="">ELECTRICAL ENGINEERING SEMINAR SERIES
</span></b><o:p class=""></o:p></p><p class="MsoNormal" style="margin-left:.5in;text-autospace:none"><b class=""><span style="font-family:NewCenturySchlbk" class="">&nbsp;</span></b></p><p class="MsoNormal" style="margin-left:.5in;text-autospace:none"><b class=""><span style="font-family:NewCenturySchlbk" class="">&nbsp;</span></b></p><p class="MsoNormal" style="text-indent:.5in;text-autospace:none"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></b></p><p class="MsoNormal" style="text-indent:.5in;text-autospace:none"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></b></p><p class="MsoNormal" style="text-indent:.5in;text-autospace:none"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Speaker:&nbsp;&nbsp; Zhichun Li<o:p class=""></o:p></span></b></p><p class="MsoNormal" style="text-indent:.5in;text-autospace:none"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<b class="">NEC Research Labs</b><o:p class=""></o:p></span></p><p class="MsoNormal" style="text-indent:.5in;text-autospace:none"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Title:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Counter Advanced Persistent Threat through Big-Data Enabled Security
<o:p class=""></o:p></span></b></p><p class="MsoNormal" style="text-indent:.5in;text-autospace:none"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Intelligence<o:p class=""></o:p></span></b></p><p class="MsoNormal" style="text-indent:.5in;text-autospace:none"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; April 28, 2016<o:p class=""></o:p></span></b></p><p class="MsoNormal" style="text-indent:.5in"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Time:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 11:00 a.m.</span></b><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">
<b class=""><o:p class=""></o:p></b></span></p><p class="MsoNormal" style="text-indent:.5in"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Room:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; B205 Engineering Quadrangle</span></b><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class=""><o:p class=""></o:p></span></p><p class="MsoNormal" style="text-indent:.5in"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Host:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Prof. Prateek Mittal<o:p class=""></o:p></span></b></p><p class="MsoNormal" style="text-indent:.5in"><b class=""><span style="font-size:11.0pt;font-family:NewCenturySchlbk" class="">&nbsp;</span></b></p><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Abstract:&nbsp;&nbsp;</span></b><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Today serious security incidents keep appearing in mainstream media. Cyber-attack is no longer
 just for fun but has grown up and become a large dark industry. Data breaches from Target, Home Depot, JP Morgan Chase, Sony, eBay, <a href="http://OPM.gov" class="">OPM.gov</a> etc., not only cause severe impact to the business or government agency, but also affect millions of people. The attacks
 behind the scene are so call Advanced Persistent Threats (APTs). In this talk, I will introduce what is an APT, and what characteristics those attacks have by going through a case study on how Target got hacked. Then, I will examine why APT is hard to detect
 by existing industry security solutions, and potentially how we can do better. To fight against APT, we started the Automated Security Intelligence (ASI) project in 2012, and later found DARPA Transparent Computing (TC) program BAA in 2014 shared the same
 vision, which is “connecting the dots” across multiple activities that are individually not suspicious enough, but collectively indicate malice or abnormal behavior.&nbsp; The ASI project achieves ubiquitous monitoring inside enterprises with Windows, Linux and
 Mac agents, includes a big-data middleware to handle the massive events collected, and provides a platform that supports various security applications. In particular, in this talk, I will highlight research progress from two early efforts on “connecting the
 dots”:&nbsp; temporal behavior query language, which enables a search tool for security analysts to quickly explore the potential linkage among events, and activity backtracking, which is a semi-automatic tool on answering “how this happens”.
</span><span style="font-size:14.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D" class=""><o:p class=""></o:p></span></p><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></b></p><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Biography:&nbsp;
</span></b><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">Zhichun (ZL) Li is a senior researcher at NEC Research Labs in Princeton, NJ. At NEC Labs, he manages the newly formed Computer Security Department. He has initiated and led the large-scale
 interdisciplinary research project called Automated Security Intelligence involving 15 researchers from Princeton and Tokyo. He has broad research interests in the areas of security and systems with an emphasis on enterprise security with big-data, smartphone
 security, network security etc. Before joining NEC Labs, he received his Ph.D. on Dec 2009 from Northwestern University.&nbsp; He earned both M.S. and B.S. degrees from Tsinghua University in China.&nbsp; Previously, he has conducted research at Microsoft Research Redmond
 and International Computer Science Institute (ICSI) in UC Berkeley.</span><span style="font-size:14.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D" class=""><o:p class=""></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Cambria&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:11.0pt;font-family:&quot;Georgia&quot;,&quot;serif&quot;" class="">&nbsp;</span></p><p class="MsoNormal" style="margin-bottom:6.0pt;text-autospace:none"><b class=""><span style="font-size:11.0pt;font-family:NewCenturySchlbk" class="">&nbsp;</span></b></p><p class="MsoNormal"><o:p class="">&nbsp;</o:p></p>
</div>
</div>

</div></blockquote></div><br class=""></body></html>