*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Automated Forensic Techniques for Advanced Website-Targeting Cyber Attacks
Committee:
Dr. Saltaformaggio, Advisor
Dr. Frank Li, Chair
Dr. Wenke Lee
Abstract: The objective of the proposed research is to develop an automated forensic investigation technique to analyze website compromises using web server backups alone. Despite the rapid spread of advanced web attacks, an equally speedy investigation and takedown has remained an unattainable goal. This is a consequence of relying on signature-based detection techniques (e.g., AVs). To combat this problem, top security vendors employ experts to manually reverse engineer modern web malware and investigate the root cause of the compromise. Unfortunately, manual investigation remains an unscalable approach that cannot keep with automated and evolving attack techniques resulting in long-lived web-attacks that persist for months to years. Worse still, this real-world problem is challenging to solve due to the range of stakeholders in the CMS ecosystem. Each has different motivations and visibilities into this malicious CMS problem. While website owners have full visibility over the webserver activity, the majority of these website owners are less-technical and rely on simple indicators such as popularity, ratings, and reviews when installing various CMS add-ons on their websites. Hosting providers have no visibility into the individual elements on the website but need to ensure that their hosting platform remains malware-free. CMS marketplaces have visibility over the code they host but need a scalable and efficient measurement of the malicious add-ons being sold on their marketplaces. These concerns are shared by over half a billion websites online today that are built on CMSs. This research develops a scalable investigation approach that (1) ensures ease of use, (2) can precisely reason about modern malware tactics, and (3) remains agnostic to malware evolution.
