PhD Defense by Maria Konte

Event Details
  • Date/Time:
    • Friday November 13, 2015 - Saturday November 14, 2015
      1:00 pm - 2:59 pm
  • Location: Klaus Room 3126 (GTISC War Room)
  • Phone:
  • URL:
  • Email:
  • Fee(s):
  • Extras:
No contact information submitted.

Summary Sentence: Understanding and Defending Against Internet Infrastructures Supporting Cybecrime Operations

Full Summary: No summary paragraph submitted.

Ph.D. Dissertation Defense Announcement

Title: Understanding and Defending Against Internet Infrastructures Supporting Cybecrime Operations


Maria Konte

School of Computer Science

College of Computing

Georgia Institute of Technology


Date: Friday, November 13, 2015

Time: 9:00 AM - 11:00 AM

Location : Klaus Room 3126 (GTISC War Room)




Prof. Nick Feamster, Advisor, Department of Computer Science, Princeton University

Prof. Roberto Perdisci, Department of Computer Science, University of Georgia
Prof. Wenke Lee, School of Computer Science, Georgia Institute of Technology
Prof. Ellen Zegura, School of Computer Science, Georgia Institute of Technology

Prof. Manos Antonakakis, School of Electrical and Computer Engineering, Georgia Institute of Technology

Allison Mankin, Director of Verisign Labs



Today's cybercriminals must carefully manage their network resources to evade detection and maintain profitable businesses. For example, a rogue online enterprise has to have multiple technical and business components in place, to provide the necessary infrastructure to keep the business available. Often, cybercriminals in their effort to protect and maintain their valuable network resources (infrastructures), they manipulate two fundamental Internet protocols; the Domain Name System (DNS) and the Border Gateway Protocol (BGP).    A popular countermeasure against cybercriminal infrastructures are Autonomous Systems (AS) reputation systems. Past research efforts have developed several AS reputation systems that monitor the traffic for illicit activities. Unfortunately, these systems have severe limitations; (1) they cannot distinguish between malicious and legitimate but abused ASes, and thus it is not clear how to use them in practice, (2) require direct observation of malicious activity, from many different vantage points and for an extended period of time, thus delaying detection.  This dissertation presents empirical studies and a system that help to counteract cybecriminal infrastructures. First, we perform empirical studies that help to advance our understanding, about how these infrastructures operate. We study two representative types of infrastructures: (1) fast-flux service networks which are infrastructures based on DNS manipulation, (b) malicious ASes (hubs of cybercriminal activities) which are infrastructures that are primarily based on BGP manipulation. Second, we build on our observations from these studies, and we design and implement, ASwatch; an AS reputation system that, unlike existing approaches, monitors exclusively the routing level behavior of ASes, to expose malicious ASes sooner. We build ASwatch based on the intuition that, in an attempt to evade possible detection and remediation efforts, malicious ASes exhibit agile routing behavior (e.g. short-lived routes, aggressive re-wiring). We evaluate ASwatch on known malicious ASes, and we compare its performance to a state of the art AS reputation system.


Additional Information

In Campus Calendar

Graduate Studies

Invited Audience
Phd Defense
  • Created By: Tatianna Richardson
  • Workflow Status: Published
  • Created On: Nov 11, 2015 - 9:37am
  • Last Updated: Oct 7, 2016 - 10:14pm