NERSCPowering Scientific Discovery Since 1974

Scott Campbell

Scott Campbell
Security Team
Networking, Servers and Security Group
Phone: (510) 486-6986
Fax: (510) 486-6459
1 Cyclotron Road
Mailstop: 59R4010A
Berkeley, CA 94720 US

Biographical Sketch

Scott began working at LBNL/NERSC in April of 2002 on network security. Current job duties include:

  • Research and implementation of operational security tools for HPC and high performance networking.
  • Incident detection and response for NERSC.
  • Outreach to the larger Security Research community.

Prior to LBNL, Scott has worked extensively in industry in the areas of Unix and network administration. Scott holds a bachelor of science degree in Physics from San Francisco State University.

Conference Papers

Scott Campbell, "Open Science, Open Security", 9th International Workshop on Security and High Performance Computing Systems, July 22, 2014,


We propose that to address the growing problems with complexity and data volumes in HPC security wee need to refactor how we look at data by creating tools that not only select data, but analyze and represent it in a manner well suited for intuitive analysis. We propose a set of rules describing what this means, and provide a number of production quality tools that represent our current best effort in implementing these ideas.


Scott Campbell, Jason Lee, "Prototyping a 100G Monitoring System", 20th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2012), February 12, 2012,

The finalization of the 100 Gbps Ethernet Specification has been a tremendous increase in these rates arriving into data centers creating the need to perform security monitoring at 100 Gbps no longer simply an academic exercise. We show that by leveraging the ‘heavy tail flow effect’ on the IDS infrastructure, it is possible to perform security analysis at such speeds within the HPC environment. Additionally, we examine the nature of current traffic characteristics, how to scale an IDS infrastructure to 100Gbps.

Scott Campbell, Jason Lee, "Intrusion Detection at 100G", The International Conference for High Performance Computing, Networking, Storage, and Analysis, November 14, 2011,

Driven by the growing data transfer needs of the scientific community and the standardization of the 100 Gbps Ethernet Specification, 100 Gbps is now becoming a reality for many HPC sites. This tenfold increase in bandwidth creates a number of significant technical challenges. We show that by using the heavy tail flow effect as a filter, it should be possible to perform active IDS analysis at this traffic rate using a cluster of commodity systems driven by a dedicated load balancing mechanism. Additionally, we examine the nature of current network traffic characteristics applying them to 100Gpbs speeds

Lavanya Ramakrishnan, Piotr T. Zbiegel, Scott Campbell, Rick Bradshaw, Richard Shane Canon, Susan Coghlan, Iwona Sakrejda, Narayan Desai, Tina Declerck, Anping Liu, "Magellan: Experiences from a Science Cloud", Proceedings of the 2nd International Workshop on Scientific Cloud Computing, ACM ScienceCloud '11, Boulder, Colorado, and New York, NY, 2011, 49 - 58,

Scott Campbell, Steve Chan and Jason Lee, "Detection of Fast Flux Service Networks", Australasian Information Security Conference 2011, January 17, 2011,

Fast Flux Service Networks (FFSN) utilize high availability server techniques for malware distribution. FFSNs are similar to commercial content distribution networks (CDN), such as Akamai, in terms of size, scope, and business model, serving as an outsourced content delivery service for clients.  Using an analysis of DNS traffic, we derive a sequential hypothesis testing algorithm based entirely on traffic characteristics and dynamic white listing to provide real time detection of FFDNs in live traffic.  We improve on existing work, providing faster and more accurate detection of FFSNs. We also identify a category of hosts not addressed in previous detectors - Open Content Distribution Networks (OCDN) that share many of the characteristics of FFSNs

Scott Campbell, "Local System Security via SSHD Instrumentation", USENIX LISA, January 1, 2011,

Scott Campbell, Jim Mellander, "Experiences with Intrusion Detection in High Performance Computing", Conference CUG 2011, December 31, 1969,


Massimiliano Albanese, Michael Berry, David Brown, Scott Campbell, Stephen Crago, George Cybenko, Jon DeLapp, Christopher L. DeMarco, Jeff Draper, Manuel Egele, Stephan Eidenbenz, Tina Eliassi-Rad, Vergle Gipson, Ryan Goodfellow, Paul Hovland, Sushil Jajodia, Cliff Joslyn, Alex Kent, Sandy Landsberg, Larry Lanes, Carolyn Lauzon, Steven Lee, Sven Leyffer, Robert Lucas, David Manz, Celeste Matarazzo, Jackson R. Mayo, Anita Nikolich, Masood Parvania, Garrett Payer, Sean Peisert, Ali Pinar, Thomas Potok, Stacy Prowell, Eric Roman, David Sarmanian, Dylan Schmorrow, Chris Strasburg, V.S. Subrahmanian, Vipin Swarup, Brian Tierney, Von Welch, "ASCR Cybersecurity for Scientific Computing Integrity", DOE Workshop Report, January 7, 2015,

At the request of the U.S. Department of Energy’s (DOE) Advanced Scientific Computing Research (ASCR) program, a workshop was held January 7–9, 2015, in Rockville, Md., to examine computer security research gaps and approaches for assuring scientific computing integrity specific to the mission of the DOE Office of Science. Issues included research computation and simulation that takes place on ASCR computing facilities and networks, as well as network-connected scientific instruments, such as those run by other DOE Office of Science programs. Workshop participants included researchers and operational staff from DOE national laboratories, as well as academic researchers and industry experts. Participants were selected based on the prior submission of abstracts relating to the topic. Additional input came from previous DOE workshop reports [DOE08,BB09] relating to security. Several observers from DOE and the National Science Foundation also attended.

Michael Bailey, Scott Campbell, Michael Corn, Deborah A. Frincke, Ardoth Hassler, Craig Jackson, James A. Marsteller, Rodney J. Petersen, Mark Servilla, Von Welch, "Report of the 2013 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities Designing Cybersecurity Programs in Support of Science", February 5, 2014,

Gemmill, Jill, et al, "Security at the Cyberborder, Workshop Report", March 28, 2012,

Katherine Yelick, Susan Coghlan, Brent Draney, Richard Shane Canon, Lavanya Ramakrishnan, Adam Scovel, Iwona Sakrejda, Anping Liu, Scott Campbell, Piotr T. Zbiegiel, Tina Declerck, Paul Rich, "The Magellan Report on Cloud Computing for Science", U.S. Department of Energy Office of Science, Office of Advanced Scientific Computing Research (ASCR), December 2011,

E. Wes Bethel, Scott Campbell, Eli Dart, Jason Lee, Steven A. Smith, Kurt Stockinger, Brian Tierney, Kesheng Wu, "Interactive Analysis of Large Network Data Collections Using Query-Driven Visualization", DOE Report, September 26, 2006, LBNL 59166,

Realizing operational analytics solutions where large and complex data must be analyzed in a time-critical fashion entails integrating many different types of technology. Considering the extreme scale of contemporary datasets, one significant challenge is to reduce the duty cycle in the analytics discourse process. This paper focuses on an interdisciplinary combination of scientific data management and visualization/analysistechnologies targeted at reducing the duty cycle in hypothesis testing and knowledge discovery. We present an application of such a combination in the problem domain of network traffic dataanalysis. Our performance experiment results, including both serial and parallel scalability tests, show that the combination can dramatically decrease the analytics duty cycle for this particular application. The combination is effectively applied to the analysis of network traffic data to detect slow and distributed scans, which is a difficult-to-detect form of cyberattack. Our approach is sufficiently general to be applied to a diverse set of data understanding problems as well as used in conjunction with a diverse set of analysis and visualization tools


Scott Campbell, Defense against the cyber dark arts, netWorker, Pages: 40--ff 2009,

Scott Campbell, The Last Word-Defense Against the Cyber Dark Arts-Don t expect white or black hats or orderly distinction between legal and illegal intent in an attacker s motivation., netWorker: The Craft of Network Computing, Pages: 39 2009,

Juan Meza, Scott Campbell, David Bailey, Mathematical and Statistical Opportunities in Cyber Security, arXiv preprint arXiv:0904.1616, 2009,

Scott Campbell, How to think about security failures, Communications of the ACM, Pages: 37--39 2006,

Stephen Q Lau, Scott Campbell, William T Kramer, Brian L Tierney, Computing protection in open HPC environments, Proceedings of the 2006 ACM/IEEE conference on Supercomputing, Pages: 207 2006,

Kurt Stockinger, E Bethel, Scott Campbell, Eli Dart, Kesheng Wu, Detecting distributed scans using high-performance query-driven visualization, Proceedings of the 2006 ACM/IEEE conference on Supercomputing, Pages: 82 2006,

E Wes Bethel, Scott Campbell, Eli Dart, Kurt Stockinger, Kesheng Wu, Accelerating network traffic analytics using query-driven visualization, Visual Analytics Science And Technology, 2006 IEEE Symposium On, Pages: 115--122 2006,

E Bethel, Scott Campbell, Eli Dart, John Shalf, Kurt Stockinger, Kesheng Wu, High Performance Visualization Using Query-Driven Visualization and Analytics, 2006,

Kurt Stockinger, Kesheng Wu, Scott Campbell, Stephen Lau, Mike Fisk, Eugene Gavrilov, Alex Kent, Christopher E Davis, Rick Olinger, Rob Young, others, Network Traffic Analysis With Query Driven Visualization SC 2005 HPC Analytics Results, Proceedings of the 2005 ACM/IEEE conference on Supercomputing, Pages: 72 2005,