News Archives

RSS Feed

[Colloquium] Detecting malware: traffic classification, botnets, and Facebook scams

February 9, 2012

Watch Colloquium: 

M4V file (787 MB)

  • Date: Thursday, February 9, 2012 
  • Time: 11:00 am — 12:15 pm 
  • Place: Mechanical Engineering 218

Michalis Faloutsos
University of California, Riverside

In this talk, we highlight two topics on security from our lab. First, we address the problem of Internet traffic classification (e.g. web, filesharing, or botnet?). We present a fundamentally different approach to classifying traffic that studies the network wide behavior by modeling the interactions of users as a graph. By contrast, most previous approaches use statistics such as packet sizes and inter-packet delays. We show how our approach gives rise to novel and powerful ways to: (a) visualize the traffic, (b) model the behavior of applications, and (c) detect abnormalities and attacks. Extending this approach, we develop ENTELECHEIA, a botnet-detection method. Tests with real data suggests that our graph-based approach is very promising.

Second, we present, MyPageKeeper, a security Facebook app, with 13K downloads, which we deployed to: (a) quantify the presence of malware on Facebook, and (b) protect end-users. We designed MyPageKeeper in a way that strikes the balance between accuracy and scalability. Our initial results are scary and interesting: (a) malware is widespread, with 49% of our users are exposed to at least one malicious post from a friend, and (b) roughly 74% of all malicious posts contain links that point back to Facebook, and thus would evade any of the current web-based filtering approaches.

 

Bio: Michalis Faloutsos is a faculty member at the Computer Science Dept. at the University of California, Riverside. He got his bachelor’s degree at the National Technical University of Athens and his M.Sc and Ph.D. at the University of Toronto. His interests include, Internet protocols and measurements, peer-to-peer networks, network security, BGP routing, and ad-hoc networks. With his two brothers, he co-authored the paper on power-laws of the Internet topology, which received the ACM SIGCOMM Test of Time award. His work has been supported by many NSF and military grants, for a cumulative total of more than $6 million. Several recent works have been widely cited in popular printed and electronic press such as slashdot, ACM Electronic News, USA Today, and Wired. Most recently he has focused on the classification of traffic and web-security, and co-founded a cyber-security company founded in 2008, offering services as www.stopthehacker.com, which received two SBIR grants from the National Science Foundation, and institutional funding in Dec 2011.