PhD Proposal by Yizheng Chen

Event Details
  • Date/Time:
    • Tuesday June 13, 2017
      2:00 pm - 4:00 pm
  • Location: Klaus 3126
  • Phone:
  • URL:
  • Email:
  • Fee(s):
    N/A
  • Extras:
Contact
No contact information submitted.
Summaries

Summary Sentence: : Solving Evolving Security Problems with Long-Term DNS data

Full Summary: No summary paragraph submitted.

Title: Solving Evolving Security Problems with Long-Term DNS data

 

Yizheng Chen

Ph.D. student

School of Computer Science

College of Computing

Georgia Institute of Technology

 

Date: Tuesday, June 13th, 2017

Time: 2 PM - 4 PM (ET)

Location: Klaus 3126

 

Committee:

------------------------

Dr. Emmanouil Antonakakis (Co-advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology) Dr. Wenke Lee (Co-advisor, School of Computer Science, Georgia Institute of Technology) Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology) Dr. Raheem Beyah (School of Electrical and Computer Engineering, Georgia Institute of Technology) Dr. Roberto Perdisci (Dept. of Computer Science, University of Georgia and School of Computer Science, Georgia Tech)

 

Abstract

------------------------

 

DNS data are commonly used to build domain name reputation systems, identify critical criminal infrastructure, help take-down efforts, detect DGAs (Domain Generation Algorithms), facilitate the detection of malware downloading and social engineering, etc. We can also use long-term DNS data to address security problems that evolve over time. We apply machine learning techniques to study the evolution of disposable domains, analyze long-term financial damages caused by a botnet’s impression fraud, and track malvertising campaigns.

 

Unfortunately, these machine learning systems themselves are not secure and prone to be attacked. Most existing work in adversarial learning has focused on problems in the classifier, where the features can be directly computed from the spam email, PDF binary, phishing page, image, network attack packet, and exploit kit. These security applications classify an object based on local features extracted from only that object and its behavior. Our work highlights areas in adversarial machine learning that have not yet been addressed, specifically: graph-based clustering techniques, and a global feature space where realistic attackers without perfect knowledge must be considered by the defenders. We design and evaluate two novel graph attacks against a state-of-the-art network-level, graph-based detection system. Even less informed attackers can evade graph clustering with low cost, however, we show practical defenses exist.

Additional Information

In Campus Calendar
No
Groups

Graduate Studies

Invited Audience
Faculty/Staff, Public, Undergraduate students
Categories
Other/Miscellaneous
Keywords
Phd proposal
Status
  • Created By: Tatianna Richardson
  • Workflow Status: Published
  • Created On: Jun 12, 2017 - 2:01pm
  • Last Updated: Jun 12, 2017 - 2:01pm