Methods and Systems for Understanding Large-Scale Internet Threats

Thursday, February 22, 2018 -
4:00pm to 5:00pm
CS 1240

Speaker Name: 

Paul Pearce

Speaker Institution: 

UC-Berkeley

Cookies: 

Yes

Cookies Location: 

CS 1240

Description: 

Abstract:

The value and power mediated by the global, interconnected systems of today’s
Internet attract adversaries who seek to exploit these systems for economic,
political or social gain. Yet, the underlying complexity of Internet
infrastructure, the layering of its services, and the indirect nature of its
business relationships can make it challenging to identify even the existence
of adversaries manipulating systems for their benefit.

In this talk I present systems and methods to uncover and explore two such
large-scale adversarial activities, Internet-wide cybercrime and censorship. I
begin with an in-depth exploration of ZeroAccess, a complex peer-to-peer botnet
which served as a delivery platform for advertising abuse malware for more than
four years and impacted millions of users. I identify innovative attacks and
fraudulent business relationships within the advertising ecosystem stemming from
complex multi-hop ad reseller chains, resulting in millions of dollars in fraud
per month. These relationships and explorations were used as a focal point for
fraud remediation and a takedown of the botnet.

Next I present Augur, a measurement technique and accompanying system that uses
highly noisy TCP/IP side channels to measure reachability between two Internet
locations without access to the endpoints or the path between them. Augur uses
sequential hypothesis testing to provide statistical confidence in the face of
network and side channel noise. I then use Augur to perform a global censorship
measurement study of the blocking practices of more than 180 countries.

Bio:

Paul Pearce is a PhD Candidate at UC Berkeley advised by Vern Paxson and a
member of the Center for Evidence-based Security Research (CESR). By developing
Internet-scale measurement platforms and new empirical methods, his research
brings grounding and understanding to the study of large-scale, hidden Internet
security problems. His work spans the areas of cybercrime, censorship, and
"advanced persistent threats" (APTs). His work has been distinguished at the
IEEE Symposium on Security and Privacy, and he has been recognized as an EECS
Distinguished Graduate Student Instructor.