[NRG] Colloquium Tues Oct 5: Evangelos Markatos, Polymorphic Attack Detection

Crovella, Mark E crovella at bu.edu
Thu Sep 30 13:35:56 EDT 2010

Computer Science Colloquium

Tuesday, Oct 5, 11 am
MCS 135

Speaker: Evangelos Markatos, FORTH-ICS and Univ.  of Crete

Title:  Real-world Polymorphic Attack Detection

As state-of-the-art attack detection technology becomes more prevalent,
 attackers have started to employ evasion techniques such as code
 obfuscation and polymorphism to defeat existing defenses. We have recently
 proposed network-level emulation, a heuristic detection method that scans
 network traffic to detect polymorphic attacks. Our approach uses a CPU
 emulator to dynamically analyze every potential instruction sequence in
 the inspected traffic, aiming to identify the execution behavior of
 certain malicious code classes, such as self-decrypting polymorphic
 shellcode. In this work, we present results and experiences from
 deployments of network-level emulation in production networks. After more
 than a year of continuous operation, our prototype implementation has
 captured more than a million attacks against real systems, while so far
 has not resulted to any false positives. The observed attacks employ a
 highly diverse set of exploits, often against less widely used vulnerable
 services, and in some cases, sophisticated obfuscation schemes.

 Prof. Evangelos Markatos received his diploma in Computer Engineering from
 the University of Patras in 1988, and the M.S and Ph.D. degrees in
 Computer Science from the University of Rochester, NY in 1990 and 1993
 respectively. Since 1992, he collaborates with the Institute of Computer
 Science of the Foundation for Research and Technology - Hellas (ICS-FORTH)
 where he is currently the founder and head of the Distributed Computing
 Systems Laboratory. He conducts research in several areas including
 distributed and parallel systems, the World-Wide Web, Internet Systems and
 Technologies, as well as Computer and Communication Systems Security.  He
 has been the project manager of the LOBSTER and NoAH projects, both funded
 in part by the European Union and focusing on developing novel approaches
 to network monitoring and network security. He is currently the project
 manager of the i-code and SysSec projects.
 Since 1992, he has also been affiliated with the Computer Science
 Department of the University of Crete, where he is currently a full

Host: Mark Crovella

More information about the NRG-L mailing list