Title: Temporal Insights From Cross-Platform Internet Abuse at Scale

Chaz Lever
Ph.D. student
School of Computer Science
College of Computing
Georgia Institute of Technology

Date: Thursday, August 31st, 2017
Time: 10 AM - 12 PM (ET)
Location: Klaus 3402

Committee:
------------------------
Dr. Emmanouil Antonakakis (Advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology)
Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology)
Dr. Douglas Blough (School of Electrical and Computer Engineering, Georgia Institute of Technology)
Dr. Roberto Perdisci (Dept. of Computer Science, University of Georgia and School of Computer Science, Georgia Tech)

Dr. Fabian Monrose (Dept. of Computer Science, University of North Carolina, Chapel Hill)

Abstract
------------------------

The security landscape is constantly evolving. Therefore, in order to build

better defenses, it is critical to evaluate emerging and existing threats to

better understand how and where to prioritize future security efforts.

Ideally, such evaluation of threats should be based on real world data, but

this introduces a number of challenges. For example, real world data must be

collected, parsed, and cleaned before any sort of analysis can proceed.  These

tasks are frequently complicated as the scale of that data grows—--requiring

considerable work in order to derive useful insights.

The work in this thesis provides empirical analysis of numerous existing or

emerging threats using real world data at scale. As such, it provides the first

real world study on the prevalence of mobile malware by studying network

traffic from almost 25M devices—--showing that security practices on popular

mobile device platforms appear to be fairly effective. In addition, it studies

the unintended security consequences of hundreds of millions of domain

expirations over several years and shows that malware is increasingly using

expired domains for abuse—--as well as providing a lightweight algorithm for

detecting such expirations. Next, it studies the evolution of 27M malware

samples collected over almost half a decade—--confirming some existing findings

at scale and identifying several shortcomings of the current state of the art.

Finally, it studies nearly 35 consumer oriented IoT devices to provide a

insights into trends of insecurity across devices---linking these findings to

growth trends from real world network traffic. This study suggests that many of

the problems related to IoT devices are due to a failure to learn from decades

of prior security experience.