Stefan Savage, born in 1969, is an American computer science researcher. He is currently a professor in the Systems and Networking Group at the University of California, San Diego. At the university, he holds the Irwin and Joan Jacobs Chair in Information and Computer Science. Savage is often mentioned in computer security research, especially in topics such as email spam, network worms and malware spread, methods to stop distributed denial of service (DDOS) attacks, tracking the source of such attacks, automotive hacking, and wireless security. He earned his undergraduate degree from Carnegie Mellon University and his Ph.D. from the University of Washington in 2002.

Career

In 1999, Savage's research team published a paper titled TCP Congestion Control with a Misbehaving Receiver, which found problems in the TCP protocol that carries most Internet traffic. By using these problems, Savage showed how attackers could avoid congestion control rules, allowing them to take control of busy network connections that are usually shared by many users. This was the first paper to treat congestion control evasion as a security risk, not just a theoretical issue. That same year, Savage published a paper and tool called Sting, which described a method to use unusual features in the TCP protocol to help one party learn about packet loss in both directions, an important contribution to measuring network traffic.

In 2000, Savage's team published Practical Network Support for IP Traceback, which suggested a simple random method for Internet routers to help track traffic back to its source. IP traceback is a major research challenge with important effects on stopping denial-of-service (DDOS) attacks. If traffic can be traced, Internet service providers can find and stop DDOS attacks. Savage later co-founded Asta Networks, a company that created tools to solve these issues.

In 2001, Savage and colleagues at UCSD and CAIDA published Inferring Internet Denial-of-Service Activity, which introduced the idea of a network telescope and provided real-world data about DDOS attacks. Later research helped understand how network worms, such as Code Red II and SQL Slammer, spread.

In 2003, John Bellardo and Savage published 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions, which described attacks on weaknesses in the 802.11 wireless protocol that could force legitimate users off wireless networks. The paper is also an example of applied reverse engineering in academic research. Bellardo and Savage studied the Intersil wireless chipset and found a hidden mode that allowed them to inject harmful packets directly into a network.

In 2004, Savage and George Varghese led a team that published Automated Worm Fingerprinting, which introduced a new method to create unique codes that help network operators monitor traffic and identify unusual patterns spreading quickly across networks. These patterns are strong signs of network worm outbreaks, an important problem in network security. Varghese later co-founded Netsift to use this research; Cisco bought Netsift in 2005.

In 2005, Ishwar Ramani and Stefan Savage developed the Syncscan algorithm, which reduces the time needed to switch between Wi-Fi access points.

In 2004, Savage received a Sloan Research Fellowship. In 2010, he was named a Fellow of the Association for Computing Machinery. In 2013, he received the ACM SIGOPS Mark Weiser Award.

In 2015, he received the ACM Prize in Computing for innovative research in network security, privacy, and reliability that helped people see attacks and attackers as parts of a larger system involving technology, society, and economics.

In 2017, Savage was named a MacArthur Foundation Fellow (often called the "genius grant") for his work. In 2021, he was elected a Fellow of the American Academy of Arts and Sciences and received the Golden Goose Award from the American Association for the Advancement of Science. In 2022, he was elected to the National Academy of Engineering. In 2023, he joined the Healthcare Ransomware Resiliency and Response Program (H-R3P) at the University of California San Diego School of Medicine to help protect healthcare systems from cyber threats, working with Christian Dameff and Jeff Tully.