Dec. 6 - Using DNS to Study Internet Abuse

 

All are welcome to join the Department of Computer Science for a faculty colloquium on Dec. 6 featuring Dr. Manos Antonakakis (Georgia Tech). Antonakakis will present, Using DNS to Study Internet Abuse, at 1:30p in Room 120 in the New Computer Science building. 

 

Using DNS to Study Internet Abuse

 

Abstract:

The Domain Name System (DNS) is a critical component of the Internet. The critical nature of DNS often makes it the target of direct cyber-attacks and other forms of abuse. Cyber-criminals rely heavily upon the reliability and scalability of the DNS protocol to serve as an agile platform for their illicit network operations. For example, modern malware and Internet fraud techniques rely upon the DNS to locate their remote command-and-control (C&C) servers through which new commands from the attacker are issued, serve as exfiltration points for the information stolen from the victim's computer and to manage subsequent updates to their malicious toolset. In this talk I will discuss how we can reason about Internet abuse using DNS. First, I will provide a high level overview of methods able to quantify reputation aspects of DNS. Then, I will dive deeper in methods we can use to reliably and systematically detect Internet abuse facilitated by Domain Name Generation Algorithms (DGAs). At that point we will focus on a fairly new DNS attack vector, where the residual trust from expired domains can be used from illicit users as a mechanism that evades existing defenses. Finally, I will conclude my talk by discussing the Active DNS project, and how researchers can use these open datasets in security and privacy research.

Bio:

Dr. Manos Antonakakis (PhD’12) is an Assistant Professor in the School of Electrical and Computer Engineering (ECE), and adjunct faculty in the College of Computing (CoC), at the Georgia Institute of Technology. He is responsible for the Astrolavos Lab, where students conduct research in the areas of Attack Attribution, Network Security and Privacy, Intrusion Detection, and Data Mining. In May 2012, he received his Ph.D. in Computer Science from the Georgia Institute of Technology. Before joining the Georgia Tech ECE faculty ranks, Dr. Antonakakis held the Chief Scientist role at Damballa, where he was responsible for advanced research projects, university collaborations, and technology transfer efforts. He currently serves as the co-chair of the Academic Committee for the Messaging Anti-Abuse Working Group (MAAWG). In his three years of tenure at Georgia Tech, Dr. Antonakakis raised more than $19M in research funding as Primary Investigator from government agencies and the private sector. Dr. Antonakakis is the author of several U.S. patents and more than 20 academic publications in top academic conferences. He has served as an external reviewer or a program committee member for all top tier security conferences. Dr. Antonakakis is a proud member of the Georgia Tech Information Security Center (GTISC) and Institute for Information Security & Privacy (IISP) at Georgia Tech.