Using DNS to Study Internet Abuse with Dr. Antonakakis (Georgia Tech)

Abstract:

The Domain Name System (DNS) is a critical component of the Internet.
The critical nature of DNS often makes it the target of direct
cyber-attacks and other forms of abuse. Cyber-criminals rely heavily
upon the reliability and scalability of the DNS protocol to serve as
an agile platform for their illicit network operations. For example,
modern malware and Internet fraud techniques rely upon the DNS to
locate their remote command-and-control (C&C) servers through which
new commands from the attacker are issued, serve as exfiltration
points for the information stolen from the victim's computer and to
manage subsequent updates to their malicious toolset.

In this talk I will discuss how we can reason about Internet abuse
using DNS. First, I will provide a high level overview of methods able
to quantify reputation aspects of DNS. Then, I will dive deeper in
methods we can use to reliably and systematically detect Internet
abuse facilitated by Domain Name Generation Algorithms (DGAs). At that
point we will focus on a fairly new DNS attack vector, where the
residual trust from expired domains can be used from illicit users as
a mechanism that evades existing defenses. Finally, I will conclude my
talk by discussing the Active DNS project, and how researchers can use
these open datasets in security and privacy research.
Bio:

Dr. Manos Antonakakis (PhD’12) is an Assistant Professor in the School
of Electrical and Computer Engineering (ECE), and adjunct faculty in
the College of Computing (CoC), at the Georgia Institute of
Technology. He is responsible for the Astrolavos Lab, where students
conduct research in the areas of Attack Attribution, Network Security
and Privacy, Intrusion Detection, and Data Mining. In May 2012, he
received his Ph.D. in Computer Science from the Georgia Institute of
Technology. Before joining the Georgia Tech ECE faculty ranks, Dr.
Antonakakis held the Chief Scientist role at Damballa, where he was
responsible for advanced research projects, university collaborations,
and technology transfer efforts. He currently serves as the co-chair
of the Academic Committee for the Messaging Anti-Abuse Working Group
(MAAWG). In his three years of tenure at Georgia Tech, Dr. Antonakakis
raised more than $19M in research funding as Primary Investigator from
government agencies and the private sector. Dr. Antonakakis is the
author of several U.S. patents and more than 20 academic publications
in top academic conferences. He has served as an external reviewer or
a program committee member for all top tier security conferences. Dr.
Antonakakis is a proud member of the Georgia Tech Information Security
Center (GTISC) and Institute for Information Security & Privacy (IISP)
at Georgia Tech.