• Lane Thames
• 546 Columbus Dr.
• Savannah, GA 31405
• Home Phone: 912-691-2733
• Work Phone: 912-966-6783
• lane.thames '@' gtsav.gatech.edu

• PhD Electrical and Computer Enginnering, Georgia Institute of Technology
  Estimated Time of Completion: December 2008
  Advisor: Dr. Randal Abler



• MS Electrical and Computer Engineering, Georgia Institute of Technology, May 2006
  Advisor: Dr. Randal Abler


• BS Computer Engineering, Highest Honors, Georgia Institute of Technology, December 2003
  

• COMPUTER NETWORK SECURITY--Firewall Collaboration Framework (FCF)
  

  I am working on a system that I call a Firewall Collaboration Framework (FCF). This system is built with a "federation" of firewalls that collaborate with each other and share a "global" pool of information. The concept is as follows: Once a collaborating firewall in the federation classifies a network traffic flow as abnormal (such as a flow with malicious intentions), classification information is distributed to the other firewalls in the federation. The other firewalls can then update their firewall rules and this will prevent the malicious flows from ever entering their respective networks. The implications of this system are that worms, viruses, spam, etc. could, in some cases, be stopped at the source (assuming that the source must pass through a collaborating firewall). The results of this work were published in the proceedings of the IEEE Southeast Conference (IEEE SoutheastCon 2007), March 2007.



• COMPUTER NETWORK SECURITY--Generalized Network Security Collaboration Framework (GNSCF)
  

  The next step in my research will be to extend the concepts of my FCF to a more generalized network security collaboration framework. Actually, the FCF is a particular case of the GNSCF that only uses firewall network elements. However, the GNSCF will be a framework for any network element such as routers, switches, firewalls, and individual network hosts. The utility of this system will increase as the number of federation members increases. Each member acts like a sensor that detects malicious behavior and distributes this information to the federation. Hence, as more elements join the federation, the overall view of the network increases and the probability of detecting malicious behavior and distributing the behavioral profile increases as well. The framework will encompass ideas such as the following:

  • Federation Management
  • Trust Relationship Management
  • Policy Management
  • Information Management
  • Information Distribution
  • Network Traffic Classification
  • Resource Management
  An in-depth analysis will be made in each of these areas as they are vital for the framework to operate efficiently and reliably. Once complete, the framework could be used as a foundation to create an entire protocol suite in the network security field.



• COMPUTER NETWORK SECURITY--Hybrid Intelligent Systems for Network Security
  

  There has been much research in the area of Intrusion Detection Systems (IDS). However, the field is still in its infancy. My work in this area includes the use of Intelligent System Algorithms and their effectiveness in classifying computer network anomalies such as malicious user activity. I developed a hybrid intelligent system that used Self-Organizing Maps (SOM) and Bayesian Probabilistic Learning Networks. These algorithms were used to classify network and host-based data-flows. The classification resulted in a probabilistic prediction of the data-flows as being malicious (abnormal) or normal. The system could be used as a simple IDS where it would classify data-flows and either allow or deny incoming data-flows based on a probabilistic threshold. The results of this work were published in the proceedings of the ACM Southeast Conference (ACMSE06), March 2007.

• Computer Communications and Networking
• Computer Operating Systems
• Computer Architecture and Organization
• Embedded Computing Systems
• Intelligent Systems using Artificial Intelligence, Machine Learning, and Evolutionary Algorithms
• Software Engineering
• Information Technologies

• Systems Analyst III, Georgia Institute of Technology, December 2006 - Present
• Software Development Engineer II, VeriSign Communication Services, July 2005 - November 2006
• Graduate Research Assistant, Georgia Institute of Technology, January 2004 - August 2006
• Student Assistant (IT support, Lead Teaching Assistant), Georgia Institute of Technology, May 2001 - January 2004
• Other Experience: 14 years in the Trucking and Transportation Industry

• J. Lane Thames, Randal Abler: Mentoring Undergraduate Students Preparing for Graduate Study in Engineering-A CREATE Case Study
  Proceedings of the ASEE/IEEE Frontiers in Education Conference 2008 (FIE)
  To be Presented October 2008.
  (Conference attributes-3 reviews per paper with printed proceedings)
  (PAPER)
  


• J. Lane Thames, Randal Abler, David Keeling: A Distributed Active Response Architecture for Preventing SSH Dictionary Attacks
  Proceedings of the IEEE Southeast Conference 2008 (IEEE SoutheastCon 2008)
  Presented April 2008.
  (Conference attributes-2 reviews per paper with printed proceedings)
  (PAPER)
  


• J. Lane Thames, Randal Abler, David Keeling: A Distributed Firewall and Active Response Architecture Providing Preemptive Protection
  Proceedings of the ACM Southeast Conference 2008 (ACM SoutheastCon 2008)
  Presented March 2008.
  (Conference attributes-2 reviews per paper with printed proceedings)
  (PAPER)
  


• J. Lane Thames, Randal Abler: Implementing Distributed Internet Security using a Firewall Collaboration Framework
  Proceedings of the IEEE Southeast Conference 2007 (IEEE SoutheastCon 2007)
  Presented March 2007. Served as a conference session co-chair.
  (Conference attributes-2 reviews per paper with printed proceedings)
  (PAPER) and (PRESENTATION)
  


• J. Lane Thames, Randal Abler, Ashraf Saad: Hybrid Intelligent Systems for Network Security
  Proceedings of the ACM Southeast Conference 2006 (ACMSE06)
  Presented March 2006.
  (Conference attributes-4 reviews per paper with printed proceedings)
  (PAPER) and (PRESENTATION)
  

• Lane Thames, Resume
• Using Bayesian Networks for Detecting Computer Network Anomalies
• Using Genetic Algorithms for Parametric Optimization of Back-Propagation Neural Networks
• The Use of Self Organizing Maps for Intrusion Detection Systems
• Hybrid Intelligent Systems for Detecting Network Anomalies
• Embedded Computer Architectures for Wireless Sensor Nodes
• Content Addressable Memory-An Overview
• Compilers: A Generic Overview
• Computational Intelligence using Cognitive Information Processing
• ECE 8843-Network Security-Hacking Competition Report
• ECE 4951/4952 Undergrad Research--Final Report and Results

• Bayesian IDS
• Self-Organizing Map IDS
• Hybrid IDS
• Hybrid Intelligent Systems
• Network Security Lecture for Georgia Tech's ECE 4110 Internetwork Programming

• My abstract view of the Internet
• My Online Data Storage (Various collection of papers and ECE class materials). Feel free to BROWSE
• My Online Code Storage (Various code in C, C++, Java, Perl, and assembly). Feel free to BROWSE

A general note on the term "Hacking." The nomenclature in the Information Technology field is mixed when one speaks about computer attacks and other malicious computer activity. Some schools of thought refer to malicious computer behaviour as "hacking" and others refer to it as "cracking." Terms such as white-hat and black-hat are also used. Malicious users are normally labeled as black-hats, and computer security professionals are normally labeled as white-hats. Regarding hacker versus cracker, I prefer to use hacker as an equivalent to white-hat and cracker as an equivalent to black-hat. Therefore, I consider myself to be a HACKER. In order to be an expert in the art of hacking and defending against malicious activity, one must understand the behaviour of the opponent. One can't defeat his opponents without practice and knowledge of the game. This is where the principle of security via obscurity becomes a bit blurry. To this end, I justify publishing the information below. The links provided below are intended to only be used for white-hat security research purposes. There is a Russian Proverb that is used by security experts: "TRUST, BUT VERIFY". Some of the links below will point you to code that can be used in very malicious ways (DoS, gaining remote and/or local root access, worms, viruses, etc). So, "HACK, BUT DON'T CRACK" when you use these links!

• www.securityfocus.com
• www.sans.org
• www.cert.org
• www.blackhat.com
• www.defcon.org
• www.wormblog.com
• Internet Assigned Numbers Authority (IANA)
• www.cisecurity.org
• www.geektools.com
• www.securitynewsportal.com
• www.caida.org
• www.f-secure.com
• www.usenix.org
• www.metasploit.com
• www.insecure.org
• Internet Engineering Task Force (IETF)
• Computer Worms
• Computer Virus
• www.secureroot.com
• The Linux Documentation Project
• The National Vulnerability Database
• Free SWAN--Secure Wide Area Networking software
• Samba Exploit--Exploit to crack into a server running an unpatched version of Samba
• Code from the book: "Hacking-The Art of Exploitation"
• The NetCat Project--A useful networking tool
• The Original Netcat tool
• Using Netcat as a quick and dirty client-server application
• www.linux.com
• www.eeye.com
• Research@eeye
• Intel 64 and IA-32 Basic Architecture (From www.intel.com)
• Intel Instruction Set-A-M
• Intel Instruction Set-N-Z
• Intel Systems Programming-Volume 3a
• Intel Systems Programming-Volume 3b
• Intel Systems Optimization
• NASM--The Netwide Assembler
• Which ENDIAN do you prefer?