New Approaches to Network Security
Overview
Our approach to network security is simple; find new ways to solve well known problems to create solutions that are flexible, diverse, and easy to deploy.
We focus on three primary areas related to network security: improving email spam detection, accommodating mini-flash crowds, and improving malware detection. In the area of spam, we focus on evaluating how effective current spam filters are and developing new ways to improve them. A key component to our work is the idea of examining whitelists and ham email to help us with our classification instead of only focusing on spam email. We also expanded the use of TCP fingerprints to help identify spam that usually is not classified as spam by traditional mechanisms. In the area of mini-flash crowds, we present an initial design of a light-weight wide-area profiling service that reveals resource bottlenecks
in Web-server infrastructures, including access bandwidth, processing resources, and back-end data management. In malware evolution, we analyze a large corpus of malcode meta data to understand how
malcode has evolved over the years, and in particular, how different instances of malcode relate to one another
Our data
- For our spam work, we utilize nearly two years worth of email data. Our collection points include UW-Madison Department of Information Technology, a medium size corporation in Japan, Waseda
University in Japan, a leaf site of the scientific research network GEMnet2 and publicly available data published by the MAWI WG of the WIDE project. From each of these sites we collection one or two data sets. One which is tcpdump of incoming traffic to the SMTP servers and the other being the actual SMTP logs for each email attempted to be received by the destination.
- For our Mini-Flash Crowd work, we utilized 50 PlanetLab nodes to construct a test bed. These nodes then generate HTTP requests of different sizes as characterized in the paper to form the workload on the web server. We then profile the web server to collect various statistics.
- For our Malware Evolution work, we utilized the McAfee Avert Labs Threat Library
Papers
- Understanding Large-Scale Spamming Botnets From Internet Edge Sites [pdf]
Holly Esquivel, Tatsuya Mori and Aditya Akella.
Conference on E-Mail and Anti-Spam (CEAS) 2010, Seattle, WA.
- On the Effectiveness of IP reputation for Spam Filtering [pdf]
Holly Esquivel, Tatsuya Mori and Aditya Akella.
COMSNETS 2010, Bangalore,India. Best Paper Award
- Router-Level Spam Filtering Using TCP Fingerprints: Architecture and Measurement-Based Evaluation [pdf]
Holly Esquivel, Tatsuya Mori and Aditya Akella.
Conference on E-Mail and Anti-Spam (CEAS) 2009, Mountain View, CA.
- Remote Profiling of Resource Constraints of Web Servers Using Mini-Flash Crowds [pdf]
Pratap Ramamurthy, Vyas Sekar, Aditya Akella, Balachander Krishnamurthy, and Anees Shaikh.
USENIX 2008, Boston, Masachusetts.
- Using Mini-Flash Crowds to Infer Resource Constraints in Remote Web Servers [pdf]
Pratap Ramamurthy, Vyas Sekar, Aditya Akella, Balachander Krishnamurthy and Anees Shaikh.
SIGCOMM Workshop on Internet Network Management (INM) 2007, Kyoto, Japan.
- An Empirical Study of Malware Evolution [pdf]
Archit Gupta, Pavan Kuppili, Aditya Akella and Paul Barford.
COMSNETS 2009, Bangalore,India. Best Paper Award
People
Graduate students: Holly Esquivel.
Alumni: Archit Gupta (Masters, May 08), Pratap Ramamurthy (Masters, Dec 08), Pavan Kuppili (Masters, May 08)
Collaborators: Tatsuya Mori, Vyas Sekar, Paul Barford, Balachander Krishnamurthy and Anees Shaikh.