Ph.D. Proposal Oral Exam - Jonathan Fuller

*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************

Event Details
  • Date/Time:
    • Monday October 4, 2021
      9:30 am - 11:30 am
  • Location: CODA C1008 (Bolton)
  • Phone:
  • URL:
  • Email:
  • Fee(s):
    N/A
  • Extras:
Contact
No contact information submitted.
Summaries

Summary Sentence: Towards Large-Scale Monitoring of C&C Infrastructures via Over-Permissioned Malware Practices

Full Summary: No summary paragraph submitted.

Title:  Towards Large-Scale Monitoring of C&C Infrastructures via Over-Permissioned Malware Practices

Committee: 

Dr. Saltaformaggio, Advisor    

Dr. Frank Li, Chair

Dr. Ahamad

Abstract: The objective of the proposed research is to investigate commonly used standard protocols and web services in malware towards covert C&C infrastructure monitoring, a fundamental enabler of botnet disruptions and takedowns. Current techniques to monitor botnets are likely to result in inaccurate data gathered about the botnet or be detected by C&C orchestrators. To provide a comprehensive analysis, this work will evaluate a large corpus of malware and conduct a temporal analysis over the last two decades. Preliminary results show that of 200k malware captured since 2006 revealed 62,202 bots (nearly 1 in3) that contain over-permissioned protocols with a steady increase of over-permissioned protocol use over the last 15 years and 443,905 C&C monitoring capabilities. Due to their ubiquity, we conclude that even though over-permissioned protocols allow for C&C server infiltration and monitoring, the efficiency and ease of use they provide continue to make them prevalent in the malware operational landscape. Based on these findings, we move to study the prevalence of malware using web services to hide C&C server rendezvous points. Specifically, we will study the types of web services abused by malware, the means and mode of their abuse, and develop techniques to trace bot orchestrators’ migration of C&C servers through web service updates towards covert C&C infrastructure monitoring.

Additional Information

In Campus Calendar
No
Groups

ECE Ph.D. Proposal Oral Exams

Invited Audience
Public
Categories
Other/Miscellaneous
Keywords
Phd proposal, graduate students
Status
  • Created By: Daniela Staiculescu
  • Workflow Status: Published
  • Created On: Sep 23, 2021 - 1:29pm
  • Last Updated: Sep 23, 2021 - 1:29pm