CyLab

Reasoning about Internet abuse through the eyes of DNS

March 06, 2017

12:00 p.m. - 1:00 p.m. ET

CIC Building, DEC

Dr. Manos Antonakakis
Assistant Professor
School of Electrical and Computer Engineering
Georgia Institute of Technology

Abstract

The Domain Name System (DNS) is a critical component of the Internet. The critical nature of DNS often makes it the target of direct cyber-attacks and other forms of abuse. Cyber-criminals rely heavily upon the reliability and scalability of the DNS protocol to serve as an agile platform for their illicit network operations. For example, modern malware and Internet fraud techniques rely upon the DNS to locate their remote command-and-control (C&C) servers through which new commands from the attacker are issued, serve as exfiltration points for the information stolen from the victim's computer and to manage subsequent updates to their malicious toolset.

In this talk I will discuss how we can reason about Internet abuse using DNS. First I will argue why the algorithmic quantification of DNS reputation and trust is fundamental for understanding the security of our Internet communications. Then, I will examine how DNS traffic relates to malware communications. Among other things, we will reason about data-driven methods that can be used to reliably detect malware communications that employ Domain Name Generation Algorithms (DGAs) --- even in the complete absence of the malware sample. Finally, I will conclude my talk by proving a five year overview of malware network communications. Through this study we will see that (as network security researchers and practitioners) we are still approaching the very simple detection problems fundamentally in the wrong way.

Bio

Dr. Manos Antonakakis (PhD’12) is an Assistant Professor in the School of Electrical and Computer Engineering (ECE), and adjunct faculty in the College of Computing (CoC), at the Georgia Institute of Technology. He is responsible for the Astrolavos Lab, where students conduct research in the areas of Attack Attribution, Network Security and Privacy, Intrusion Detection, and Data Mining. In May 2012, he received his Ph.D. in Computer Science from the Georgia Institute of Technology. Before joining the Georgia Tech ECE faculty ranks, Dr. Antonakakis held the Chief Scientist role at Damballa, where he was responsible for advanced research projects, university collaborations, and technology transfer efforts. He currently serves as the co-chair of the Academic Committee for the Messaging Anti-Abuse Working Group (MAAWG). Since he joined Georgia Tech in 2014, Dr. Antonakakis raised more than $20M in research funding as Primary Investigator from government agencies and the private sector. Dr. Antonakakis is the author of several U.S. patents and academic publications in top academic conferences.

Upcoming Events