[Colloq] UPDATED: Real-world Polymorphic Attack Detection at 2:00pm on 7/20/11
Nicole Bekerian
nicoleb at ccs.neu.edu
Thu Jul 14 15:06:48 EDT 2011
The College of Computer and Information Science Presents:
Speaker: Evangelos Markatos, FORTH-ICS and Univ. of Crete
Title: Real-world Polymorphic Attack Detection
Date: Wednesday July 20, 2011
Time: 2:00 pm
Location: 366 WVH
Real-world Polymorphic Attack Detection
Abstract:
As state-of-the-art attack detection technology becomes more prevalent,
attackers have started to employ evasion techniques such as code
obfuscation and polymorphism to defeat existing defenses. We have recently
proposed network-level emulation, a heuristic detection method that scans
network traffic to detect polymorphic attacks. Our approach uses a CPU
emulator to dynamically analyze every potential instruction sequence in
the inspected traffic, aiming to identify the execution behavior of
certain malicious code classes, such as self-decrypting polymorphic
shellcode. In this work, we present results and experiences from
deployments of network-level emulation in production networks. After more
than a year of continuous operation, our prototype implementation has
captured more than a million attacks against real systems, while so far
has not resulted to any false positives. The observed attacks employ a
highly diverse set of exploits, often against less widely used vulnerable
services, and in some cases, sophisticated obfuscation schemes.
Bio:
Prof. Evangelos Markatos received his diploma in Computer Engineering from
the University of Patras in 1988, and the M.S and Ph.D. degrees in
Computer Science from the University of Rochester, NY in 1990 and 1993
respectively. Since 1992, he collaborates with the Institute of Computer
Science of the Foundation for Research and Technology - Hellas (ICS-FORTH)
where he is currently the founder and head of the Distributed Computing
Systems Laboratory. He conducts research in several areas including
distributed and parallel systems, the World-Wide Web, Internet Systems and
Technologies, as well as Computer and Communication Systems Security. He
has been the project manager of the LOBSTER and NoAH projects, both funded
in part by the European Union and focusing on developing novel approaches
to network monitoring and network security. He is currently the project
manager of the i-code and SysSec projects.
Since 1992, he has also been affiliated with the Computer Science
Department of the University of Crete, where he is currently a full
Professor.
Host: Engin Kirda
--
Nicole Bekerian
Administrative Assistant
Northeastern University
College of Computer and Information Science
360 Huntington Ave.
202 West Village H
Boston, MA 02115
Phone: 617.373.2462
Fax: 617.373.5121
More information about the Colloq
mailing list