Proactively Removing the Botnet Threat
Description
Self-propagating, self-organizing, malicious software is growing more prevalent and more capable of disrupting network-based activity, not only in the open Internet but even within enterprises that strive for coherent and secure network management. The security community's current defenses against the botnet threat, which include monitoring honeypots and dark IP spaces, then reactively deploying patches and filters, are unlikely to work against next-generation botnets. It is our thesis that a new, principled approach is needed - one that integrates new network architectures, new algorithms, and data analysis.
We will formulate precise statements of the threats posed by botnets, precise security requirements, and precise ways to quantify the effectiveness of defensive techniques. Our anticipated outcomes include precise problem formulation, algorithmic and statistical design and analysis, network-architectural design that makes use of our algorithms and analyses, and experimental prototypes. We will test our solutions on the best available data, e.g., through our collaboration with a tier-1 ISP and the ONR Global network. Progress on our agenda will move the DoD away from the current ad-hoc approach to botnet defense toward a principled and proactive approach. It will produce technologies that protect critical DoD IT infrastructure in peacetime and defend the Global Information Grid in wartime.
This project is supported by ONR grant N00014-09-10757.
People
- Joan Feigenbaum (PI, Yale Univ.)
- Amittai Aviram (PhD student, Yale Univ.)
- Steve Bellovin (co-PI, Columbia Univ.)
- Sambuddo Chakravarty (PhD student, Columbia Univ.)
- Bill Cheswick (industrial collaborator, AT&T)
- Ang Cui (PhD student, Columbia Univ.)
- Bryan Ford (co-PI, Yale Univ.)
- Angelos Keromytis (co-PI, Columbia Univ.)
- Joshua Leners (PhD student, UT Austin)
- Michael Fitzgerald Nowlan (PhD student, Yale Univ.)
- Arun Seehra (PhD student, UT Austin)
- Srinath Setty (PhD student, Sept. – Oct. 2009, UT Austin)
- Vitaly Shmatikov (co-PI, UT Austin)
- Salvatore Stolfo (co-PI, Columbia Univ.)
- Michael Walfish (co-PI, UT Austin)
- Xintong Zhou (Sept. – Dec. 2009, Columbia Univ.)
Meetings
- Project meeting, February 2010.
Papers
Srinath Setty, Andrew J. Blumberg, and Michael Walfish. Toward practical and unconditional verification of remote computations. 13th Workshop on Hot Topics in Operating Systems (HotOS), Napa, CA, May 2011.
Lon Ingram, Ivo Popov, Srinath Setty, and Michael Walfish. Repair from a chair: Computer repair as an untrusted cloud service. 13th Workshop on Hot Topics in Operating Systems (HotOS), Napa, CA, May 2011.
Joan Feigenbaum, Vijay Ramachandran, and Michael Schapira. Incentive-Compatible Interdomain Routing. Distributed Computing, Vol. 23, Nos. 5-6, pp. 301-319, 2011.
Ang Cui and Salvatore J. Stolfo. A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan. Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2010. Best paper award.
Amittai Aviram, Shu-Chun Weng, Sen Hu, and Bryan Ford. Efficient System-Enforced Deterministic Parallelism. Proceedings of the USENIX Conference on Operating System Design and Implementation (OSDI), Vancouver, BC, Canada, October 2010. Jay Lepreau Best Paper Award.
Prince Mahajan, Srinath Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Mike Dahlin, and Michael Walfish. Depot: Cloud Storage with Minimal Trust. Proceedings of the USENIX Conference on Operating System Design and Implementation (OSDI), Vancouver, BC, Canada, October 2010.
Amittai Aviram, Sen Hu, Bryan Ford, and Ramakrishna Gummadi. Determinating Timing Channels in Compute Clouds. Proceedings of the ACM Cloud Computing Security Workshop (CCSW), Chicago, IL, USA, October 2010.
Sambuddho Chakravarty, Angelos Stavrou and Angelos D. Keromytis. Traffic analysis against low-latency anonymity networks using available bandwidth estimation. Proceedings of ESORICS 2010, Athens, Greece, September 2010.
S. Son, V. Shmatikov. The Hitchhiker's Guide to DNS Cache Poisoning. Proceedings of SecureComm, Singapore, September 2010.
Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker. DDoS Defense by Offense. ACM Transactions on Computer Systems, Volume 28, Number 1, Article 3, March, 2010.
Ang Cui, Yingbo Song, Pratap V. Prabhu and Salvatore J. Stolfo. Brave New World: Pervasive Insecurity of Embedded Network Devices. Poster paper presented at the 2009 International Symposium on Recent Advances in Intrusion Detection. [media: Wired]
Mansoor Alicherry, Angelos Stavrou, and Angelos D. Keromytis. Evaluating a Collaborative Defense Architecture for MANETs. IEEE Workshop on Collaborative Security Technologies (CoSec), Bangalore, India, December 2009.
Arun Seehra, Jad Naous, Michael Walfish, David Mazières, Antonio Nicolosi and Scott Shenker. A policy framework for the future Internet. ACM Workshop on Hot Topics in Networks (HotNets), New York, NY, October 2009. [talk slides (ppt)]
Mansoor Alicherry, Angelos D. Keromytis and Angelos Stavrou. Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks. Short paper in Proceedings of Securecomm 2009, Athens, Greece, September 2009. [talk slides (ppt)]
Jad Naous, Arun Seehra, Michael Walfish, David Mazières, Antonio Nicolosi and Scott Shenker. Defining and enforcing transit policies in a future Internet. Technical Report TR-10-07, Department of Computer Science, The University of Texas at Austin, Februrary 2010.
Jad Naous, Arun Seehra, Michael Walfish, David Mazières, Antonio Nicolosi and Scott Shenker. The design and implementation of a policy framework for the future Internet. Technical Report TR-09-28, Department of Computer Science, The University of Texas at Austin, September 2009.
Jad Naous, Michael Walfish, David Mazières, Antonio Nicolosi and Arun Seehra. Network Security Via Explicit Consent. Technical Report TR-09-12, Department of Computer Science, The University of Texas at Austin, March 2009.