Cybersecurity Lecture Series with Maria Konte
Meet academic and industry leaders for intimate discussions about new cyber threats, trends and technologies.
The weekly Cybersecurity Lecture Series is a free, open-to-the-public lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from private companies, government agencies, start-up incubators as well as Georgia Tech faculty and students presenting their research.
Held weekly each Friday at Noon through Dec. 2, lectures are open to all -- students, faculty, industry, government, or simply the curious. Students may register for credit under seminar course CS-8001-INF.
Complimentary lunch provided for registered guests. Please bring your own beverage.
Featuring Maria Konte on Nov. 18
"ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes"
ABSTRACT | Bulletproof hosting Autonomous Systems (ASes)—malicious ASes fully dedicated to supporting cybercrime—provide freedom and resources for a cyber-criminal to operate. Their services include hosting a wide range of illegal content, botnet C&C servers, and other malicious resources. Thousands of new ASes are registered every year, many of which are often used exclusively to facilitate cybercrime. A natural approach to squelching bulletproof hosting ASes is to develop a reputation system that can identify them for takedown by law enforcement and as input to other attack detection systems (e.g., spam filters, botnet detection systems). Unfortunately, current AS reputation systems rely primarily on data-plane monitoring of malicious activity from IP addresses (and thus can only detect malicious ASes after attacks are underway), and are not able to distinguish between malicious and legitimate but abused ASes. As a complement to these systems, in this paper, we explore a fundamentally different approach to establishing AS reputation. We present ASwatch, a system that identifies malicious ASes using exclusively the control-plane (i.e., routing) behavior of ASes. ASwatch’s design is based on the intuition that, in an attempt to evade possible detection and remediation efforts, malicious ASes exhibit “agile” control plane behavior (e.g., short-lived routes, aggressive re-wiring). We evaluate our system on known malicious ASes; our results show that ASwatch detects up to 93% of malicious ASes with a 5% false positive rate, which is reasonable to effectively complement existing defense systems.
BIO | Maria Konte is a research scientist at School of Computer Science at Georgia Tech, and affiliated with the Institute for Information Security & Privacy. Her research is on network security with a focus on network monitoring and routing security. She received her Ph.D. in Computer Science, from Georgia Tech in 2015. Her work on Autonomous System reputation appeared at ACM SIGCOMM15, and NANOG62 Research Track. She received the Passive and Active Measurement Conference Best Paper Award 2009 for her work on hosting infrastructures for bad domains. She holds an M.S. degree in Systems Engineering from Boston University, and a Diploma in Eng. from the Industrial Engineering and Management Dept. at Technical University of Crete, Greece. She has interned at Damballa and Verisign Labs.
Supported by Jackson National Life Insurance Company
Tara La Bouff