Toronto Networking Seminar

Organized by Department of Computer Science and Department of Electrical and Computer Engineering, University of Toronto


The Evolution of Internet Threats: A Case for Security in the Network Cloud


Farnam Jahanian
Department of Electrical and Computer Engineering
University of Michigan

Date:  Friday, March  14,  2pm
Location: BA 1220 

Abstract:

Threats to the availability and security of the Internet have undergone a rapid and dramatic evolution over the past few years. Highly visible attacks against Internet users and infrastructure began only a few short years ago with the emergence of Internet Denial of Service (DoS) attacks and highly virulent Internet worms. Today, we are in the middle of a fundamental shift from DoS attacks and worms that primarily target infrastructure to attacks against the actual enterprises and residential users of the Internet. Spurred by financial rewards, attackers have become proficient at hiding themselves using compromised machines as proxies, amplifying the power of their attacks using distributed software, and targeting their attacks against specific classes of vulnerable systems and users. The result has been a rapid increase in spam, phishing scams, and identity theft that are enabled by vast numbers of compromised computers, or bots, sitting in homes, schools, businesses, and government networks around the world.
These challenges illustrate how we are at the limits of existing detection and mitigation technologies. In this talk I will introduce a new security model for networked environments inspired by successful detect and mitigation solutions in the service provider environment. The key insight is the use of multi-resolution distributed sensors and an in-cloud service that can integrate data from different perspectives and reason about the security of the network as a whole. To illustrate the utility of this model, we show results from two experimental projects that enable security as a service in the network cloud: the Dark Oracle and CloudAV. The Dark Oracle uses distributed darknet sensors to provide visibility into self- propagating threats at Layer 3/4 such as worms and botnets, and CloudAV uses distributed light-weight host agents to implement services traditionally provided by antivirus software as an in-cloud service.

Bio:

Farnam Jahanian is a professor of Electrical Engineering and Computer Science at the University of Michigan and co-founder of Arbor Networks, Inc. Prior to joining academia in 1993, he was a Research Staff Member at the IBM T.J. Watson Research Center. His research interests include distributed computing, network security, and network protocols and architectures. In the late 90’s, Farnam led a research effort aimed at developing a flow-based system for detecting, backtracing and resolving network-wide anomalies such as DDoS attacks and routing exploits. This research project has formed the basis of a commercial technology that has been widely deployed by more than 200 Internet service providers and mission-critical networks, protecting over 70% of Internet transit traffic today. Farnam holds a master's degree and a Ph.D. in Computer Science from the University of Texas at Austin.

Host of the talk

Stefan Saroiu (stefan@cs.toronto.edu)