[Busec] [busec] interesting talk in ECE: Engin Kirda (Friday 3pm)

Sharon Goldberg goldbe at cs.bu.edu
Tue Feb 4 22:30:16 EST 2014

This talk in the ECE department looks very interesting.

Detecting Malicious Activity Through Large-Scale Data Analysis
Engin Kirda
Northeastern University

Friday, February 7, 2014 at 3:00 PM to 4:00 PM
8 St. Mary's Street, Room 210
Refreshments served at 2:45.

Malicious software (or malware) is one of the most pressing and major
security threats facing the Internet today. In this talk, I will describe
two systems that we recently built: EXPOSURE and DISCLOSURE.

EXPOSURE is a system that employs large-scale, passive DNS analysis
techniques to detect domains that are involved in malicious activity. We
use 15 features that we extract from the DNS traffic that allow us to
characterize different properties of DNS names and the ways that they are
queried. Our experiments with a large, real-world data set consisting of
100 billion DNS requests, and real-life deployment for over two years show
that our approach is scalable and that we are able to automatically
identify known malicious domains that are misused in a variety of malicious
activity (such as for botnet command and control, spamming, and phishing).

DISCLOSURE is a follow-up system that we built that is a large-scale,
wide-area botnet detection system that incorporates a combination of novel
techniques to overcome the challenges imposed by the use of NetFlow data.
In particular, we identify several groups of features that allow DISCLOSURE
to reliably distinguish C&C channels from benign traffic using NetFlow
records (i.e., flow sizes, client access patterns, and temporal behavior).
To reduce DISCLOSURE's false positive rate, we incorporate a number of
external reputation scores into our system's detection procedure.
DISCLOSURE is able to perform real-time detection of botnet C&C channels
over datasets on the order of billions of flows per day.

Engin Kirda is the Sy and Laurie Sternberg Associate Professor of
Information Assurance at the Northeastern University in Boston and the
director of the Northeastern Information Assurance Institute. He is also a
co-founder and Chief Architect at Lastline, Inc. Before moving to the US,
he has held faculty positions at Institute Eurecom in the French Riviera
and the Technical University of Vienna where he co-founded the Secure
Systems Lab that is now distributed over five institutions in Europe and
US. Engin's recent research has focused on malware analysis (e.g., Anubis,
Exposure, Fire) and detection, web application security, and practical
aspects of social networking security. He co-authored more than 100
peer-reviewed scholarly publications and served on program committees of
numerous international conferences and workshops. In 2009, Engin was the
Program Chair of the International Symposium on Recent Advances in
Intrusion Detection (RAID), in 2010/11, Program Chair of the Europ ean
Workshop on Systems Security (Eurosec), and in 2012 the Program Chair of
the USENIX Workshop on Large Scale Exploits and Emergent Threats. He is
currently the program co-chair of NDSS, and will be chairing it in 2015.

Faculty Host: David Starobinski
Student Host: Sepideh Pourazarm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20140204/25ec7afa/attachment.html>

More information about the Busec mailing list