Methods and Systems for Understanding Large-Scale Internet Threats

05 Apr
Add to Calendar
Thursday, 04/05/2018 4:00pm to 5:00pm
Computer Science Building, Room 151
Speaker: Paul Pearce
Abstract: The value and power mediated by the global, interconnected systems of today's Internet attract adversaries who seek to exploit these systems for economic, political or social gain.  Yet, the underlying complexity of Internet infrastructure, the layering of its services, and the indirect nature of its business relationships can make it challenging to identify even the existence of adversaries manipulating systems for their benefit.


  In this talk I present systems and methods to uncover and explore two such large-scale adversarial activities, Internet-wide cybercrime and censorship.  I begin with an in-depth exploration of ZeroAccess, a complex peer-to-peer botnet which served as a delivery platform for advertising abuse malware for more than four years and impacted millions of users. I identify innovative attacks and fraudulent business relationships within the advertising ecosystem stemming from complex multi-hop ad reseller chains, resulting in millions of dollars in fraud per month. These relationships and explorations were used as a focal point for fraud remediation and a takedown of the botnet.


  Next I present Augur, a measurement technique and accompanying system that uses highly noisy TCP/IP side channels to measure reachability between two Internet locations without access to the endpoints or the path between them. Augur uses sequential hypothesis testing to provide statistical confidence in the face of network and side channel noise. I then use Augur to perform a global censorship measurement study of the blocking practices of more than 180 countries.


  Bio: Paul Pearce is a PhD Candidate at UC Berkeley advised by Vern Paxson and a member of the Center for Evidence-based Security Research (CESR). By developing Internet-scale measurement platforms and new empirical methods, his research brings grounding and understanding to the study of large-scale, hidden Internet security problems. His work spans the areas of cybercrime, censorship, and "advanced persistent threats" (APTs). His work has been distinguished at the IEEE Symposium on Security and Privacy, and he has been recognized as an EECS Distinguished Graduate Student Instructor.


There will be a reception for attendees at 3:30 p.m. in CS 150

Faculty Host