*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Temporal Insights From Cross-Platform Internet Abuse at Scale
Chaz Lever
Ph.D. student
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Thursday, August 31st, 2017
Time: 10 AM - 12 PM (ET)
Location: Klaus 3402
Committee:
------------------------
Dr. Emmanouil Antonakakis (Advisor, School of Electrical and Computer Engineering, Georgia Institute of Technology)
Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology)
Dr. Douglas Blough (School of Electrical and Computer Engineering, Georgia Institute of Technology)
Dr. Roberto Perdisci (Dept. of Computer Science, University of Georgia and School of Computer Science, Georgia Tech)
Dr. Fabian Monrose (Dept. of Computer Science, University of North Carolina, Chapel Hill)
Abstract
------------------------
The security landscape is constantly evolving. Therefore, in order to build
better defenses, it is critical to evaluate emerging and existing threats to
better understand how and where to prioritize future security efforts.
Ideally, such evaluation of threats should be based on real world data, but
this introduces a number of challenges. For example, real world data must be
collected, parsed, and cleaned before any sort of analysis can proceed. These
tasks are frequently complicated as the scale of that data grows—--requiring
considerable work in order to derive useful insights.
The work in this thesis provides empirical analysis of numerous existing or
emerging threats using real world data at scale. As such, it provides the first
real world study on the prevalence of mobile malware by studying network
traffic from almost 25M devices—--showing that security practices on popular
mobile device platforms appear to be fairly effective. In addition, it studies
the unintended security consequences of hundreds of millions of domain
expirations over several years and shows that malware is increasingly using
expired domains for abuse—--as well as providing a lightweight algorithm for
detecting such expirations. Next, it studies the evolution of 27M malware
samples collected over almost half a decade—--confirming some existing findings
at scale and identifying several shortcomings of the current state of the art.
Finally, it studies nearly 35 consumer oriented IoT devices to provide a
insights into trends of insecurity across devices---linking these findings to
growth trends from real world network traffic. This study suggests that many of
the problems related to IoT devices are due to a failure to learn from decades
of prior security experience.
