*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Solving Evolving Security Problems with Long-Term DNS data
Yizheng Chen
Ph.D. student
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Tuesday, June 13th, 2017
Time: 2 PM - 4 PM (ET)
Location: Klaus 3126
Committee:
------------------------
Dr. Emmanouil Antonakakis (Co-advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology) Dr. Wenke Lee (Co-advisor, School of Computer Science, Georgia Institute of Technology) Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology) Dr. Raheem Beyah (School of Electrical and Computer Engineering, Georgia Institute of Technology) Dr. Roberto Perdisci (Dept. of Computer Science, University of Georgia and School of Computer Science, Georgia Tech)
Abstract
------------------------
DNS data are commonly used to build domain name reputation systems, identify critical criminal infrastructure, help take-down efforts, detect DGAs (Domain Generation Algorithms), facilitate the detection of malware downloading and social engineering, etc. We can also use long-term DNS data to address security problems that evolve over time. We apply machine learning techniques to study the evolution of disposable domains, analyze long-term financial damages caused by a botnet’s impression fraud, and track malvertising campaigns.
Unfortunately, these machine learning systems themselves are not secure and prone to be attacked. Most existing work in adversarial learning has focused on problems in the classifier, where the features can be directly computed from the spam email, PDF binary, phishing page, image, network attack packet, and exploit kit. These security applications classify an object based on local features extracted from only that object and its behavior. Our work highlights areas in adversarial machine learning that have not yet been addressed, specifically: graph-based clustering techniques, and a global feature space where realistic attackers without perfect knowledge must be considered by the defenders. We design and evaluate two novel graph attacks against a state-of-the-art network-level, graph-based detection system. Even less informed attackers can evade graph clustering with low cost, however, we show practical defenses exist.
