Toronto Networking Seminar
Organized by Department of Computer Science and Department of Electrical and Computer Engineering, University of Toronto
The Evolution of Internet Threats: A Case for Security in the Network Cloud
Farnam Jahanian
Department of Electrical and Computer Engineering
University of Michigan
Date: Friday, March 14, 2pm
Location: BA 1220
Abstract:
Threats to the availability and security of the Internet have undergone a rapid
and dramatic evolution over the past few years. Highly visible attacks against
Internet users and infrastructure began only a few short years ago with the
emergence of Internet Denial of Service (DoS) attacks and highly virulent
Internet worms. Today, we are in the middle of a fundamental shift from DoS
attacks and worms that primarily target infrastructure to attacks against the
actual enterprises and residential users of the Internet. Spurred by financial
rewards, attackers have become proficient at hiding themselves using
compromised machines as proxies, amplifying the power of their attacks using
distributed software, and targeting their attacks against specific classes of
vulnerable systems and users. The result has been a rapid increase in spam,
phishing scams, and identity theft that are enabled by vast numbers of
compromised computers, or bots, sitting in homes, schools, businesses, and
government networks around the world.
These challenges illustrate how we are at the limits of existing detection and
mitigation technologies. In this talk I will introduce a new security model
for networked environments inspired by successful detect and mitigation
solutions in the service provider environment. The key insight is the use of
multi-resolution distributed sensors and an in-cloud service that can integrate
data from different perspectives and reason about the security of the network
as a whole. To illustrate the utility of this model, we show results from two
experimental projects that enable security as a service in the network cloud:
the Dark Oracle and CloudAV. The Dark Oracle uses distributed darknet sensors
to provide visibility into self- propagating threats at Layer 3/4 such as worms
and botnets, and CloudAV uses distributed light-weight host agents to implement
services traditionally provided by antivirus software as an in-cloud service.
Bio:
Farnam Jahanian is a professor of Electrical Engineering and Computer Science
at the University of Michigan and co-founder of Arbor Networks, Inc. Prior to
joining academia in 1993, he was a Research Staff Member at the IBM T.J. Watson
Research Center. His research interests include distributed computing, network
security, and network protocols and architectures. In the late 90’s, Farnam
led a research effort aimed at developing a flow-based system for detecting,
backtracing and resolving network-wide anomalies such as DDoS attacks and
routing exploits. This research project has formed the basis of a commercial
technology that has been widely deployed by more than 200 Internet service
providers and mission-critical networks, protecting over 70% of Internet
transit traffic today. Farnam holds a master's degree and a Ph.D. in Computer
Science from the University of Texas at Austin.
Host of the talk
Stefan Saroiu (stefan@cs.toronto.edu)
|