[linuxkernelnewbies] Networking and Security Research Group - Professor Farnam Jahanian

[Peter Teoh]

http://www.eecs.umich.edu/fjgroup/ Networking and Security Research Group Professor Farnam Jahanian University of Michigan Software Systems Laboratory (SSL) Our research group investigates... Projects: CloudAV: N-Version Antivirus in the Network Cloud - This project advocates and explores the deployment of malware detection functionality as an in-cloud service in contrast to the traditional host-based deployment model. Detecting and Dismantling Botnet Command and Control Infrastructure using Behavioral Profilers and Bot Informants - In this project we seek to develop tools and techniques for identifying bots and botnets and for mitigating botnet attacks. PREDICT - The Virtual Center for Network and Security Data is a unique effort to organize, structure, and combine the efforts of the network security researcher community with the efforts of the data measurement and collection community. Under the umbrella of the Protected Repository for the Defense of Infrastructure against Cyber Threats (PREDICT) our virtual center provides a common framework for managing datasets from various data providers. Topology-Aware Internet Threat Detection Using Pervasive Darknets - This project seeks to increase the visibility and effectiveness of Internet threat detection systems by developing methods to automatically discover network topology and use that knowledge to deploy pervasive network sensors that enable new Internet threat detection capabilities. Internet Motion Sensor - The Internet Motion Sensor (IMS) is a globally-scoped threat monitoring system whose goal is to measure, characterize, and track emerging threats such as worms, denial of service attacks and network scanning activities. The IMS utilizes a large collection of distributed sensors that monitor blocks of globally routable unused address space. Recent Publications: CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, and Farnam Jahanian Proc. of the 17th USENIX Security Symposium, July 2008. [pdf] [bibtex] Virtualized In-Cloud Security Services for Mobile Devices Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, and Farnam Jahanian Workshop on Virtualization in Mobile Computing (MobiVirt'08), June 2008. [pdf] [bibtex] Exploiting Live Virtual Machine Migration Jon Oberheide, Evan Cooke, and Farnam Jahanian Black Hat DC 2008 Briefings, February 2008. [pdf] [bibtex] Automated Classification and Analysis of Internet Malware Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian, and Jose Nazario Proc. of Recent Advances in Intrusion Detection (RAID'07), September 2007. [pdf] [bibtex] Rethinking Antivirus: Executable Analysis in the Network Cloud Jon Oberheide, Evan Cooke, and Farnam Jahanian USENIX Workshop on Hot Topics in Security (HotSec'07), August 2007. [pdf] [bibtex] Characterizing Dark DNS Behavior Jon Oberheide, Manish Karir, Z. Morley Mao, and Farnam Jahanian Proc. of the Fourth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'07), July 2007. [pdf] [bibtex] Shedding Light on the Configuration of Dark Addresses Sushant Sinha, Michael Bailey, and Farnam Jahanian Proc. of Network and Distributed System Security (NDSS'07), February 2007. [pdf] [bibtex] WIND: Workload-aware INtrusion Detection Sushant Sinha, Farnam Jahanian, and Jignesh M. Patel Proc. of Recent Advances In Intrusion Detection (RAID'06), September 2006. [pdf] [bibtex] Resource-Aware Multi-Format Network Security Data Storage Evan Cooke, Andrew Myrick, David Rusek, Farnam Jahanian Proc. of the SIGCOMM Workshop on Large Scale Attack Defense (LSAD'06), September 2006. [pdf] [bibtex] Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware Evan Cooke, Z. Morley Mao, and Farnam Jahanian Proc. of the International Conference on Dependable Systems and Networks (DSN'06), June 2006. [pdf] [bibtex] The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery Evan Cooke, Michael Bailey, Farnam Jahanian, and Richard Mortier Proc. of the 3rd ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI'06), May 2006. [pdf] [bibtex] Practical Darknet Measurement Michael Bailey, Evan Cooke, Farnam Jahanian, Andrew Myrick, and Sushant Sinha Conference on Information Sciences and Systems (CISS'06), March 2006. [pdf] [bibtex] Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson Proc. of Internet Measurement Conference (IMC'05), October 2005. [pdf] [bibtex] The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets Evan Cooke, Farnam Jahanian, and Danny McPherson Proc. of Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'05), July 2005. [pdf] [bibtex] The Blaster Worm: Then and Now Michael Bailey, Evan Cooke, David Watson, Farnam Jahanian, and Jose Nazario IEEE Security & Privacy Magazine, Volume: 3, Issue: 4, pages: 26-31, July-August 2005 [pdf] [bibtex] The Internet Motion Sensor: A distributed blackhole monitoring system Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson Proc. of Network and Distributed System Security Symposium (NDSS'05), February 2005. [pdf] [bibtex] Toward Understanding Distributed Blackhole Placement Evan Cooke, Michael Bailey, David Watson, Farnam Jahanian, and Danny McPherson Proc. of ACM CCS Workshop on Rapid Malcode (WORM'04), October 2004. [pdf] [bibtex] Measuring, Characterizing, and Tracking Internet Threat Dynamics Michael Bailey, Farnam Jahanian, G. Robert Malan, Jose Nazario, Dug Song and Robert Stone. OpenSig 2003 Workshop [pdf] [bibtex] Older Publications...