A Perspective-Aware Approach to Internet Security in the Botnet Era

Farnam Jahanian

Threats to the availability and security of the Internet have undergone a rapid and dramatic evolution over the past few years. Highly visible attacks against Internet users and infrastructure began only a few short years ago with the emergence of Internet Denial of Service (DoS) attacks and highly virulent Internet worms. Today, we are in the middle of a fundamental shift from DoS attacks and worms that primarily target infrastructure to attacks against the actual enterprises and residential users of the Internet. Spurred by financial rewards, attackers have become proficient at hiding themselves using compromised machines as proxies, amplifying the power of their attacks using distributed software, and targeting their attacks against specific classes of vulnerable systems and users. The result has been a rapid increase in spam, phishing scams, and identity theft that are enabled by vast numbers of compromised computers, or bots, sitting in homes, schools, businesses, and government networks around the world. This presentation discusses the changing Internet ecology and the evolution of zero-day threats. The talk highlights results from the Internet Motion Sensor (IMS) project, a collaborative research project aimed at observing and characterizing security threats on a global scale through the deployment of a set of topology-aware, dark IP network sensors across the Internet. The current IMS deployment has been expanded to 25 organizations in 3 continents, monitoring over 17 million unique IP addresses corresponding to more than 1.25% of all routed IPv4 space. I will also present a new framework for enhancing our ability to detect and mitigate the threat of botnets and other modern attacks. The idea is to leverage knowledge about the physical topology, vulnerability, and exploit spaces of our own networks to construct perspective-aware Internet detection and mitigation systems.

Speaker Biography

Farnam Jahanian is a Professor of Electrical Engineering and Computer Science at the University of Michigan and co-founder of Arbor Networks, Inc. Prior to joining academia in 1993, he was a Research Staff Member at the IBM T.J. Watson Research Center. His research interests include distributed computing, network security, and network protocols and architectures. In the late 90’s, Farnam led a research effort aimed at developing a flow-based system for detecting, backtracing and resolving network-wide anomalies such as DDoS attacks and routing exploits. This research project has formed the basis of a commercial technology that has been widely deployed by more than 100 Internet service providers and numerous mission-critical networks throughout the world. Farnam holds a master’s degree and a Ph.D. in Computer Science from the University of Texas at Austin.