A5024587249- Spam and Phishing Detection
- Network Security and Intrusion Detection
- Advanced Malware Detection Techniques
- Internet Traffic Analysis and Secure E-voting
- Software-Defined Networks and 5G
- Cybercrime and Law Enforcement Studies
- Network Traffic and Congestion Control
- Software System Performance and Reliability
- Crime, Illicit Activities, and Governance
- Blockchain Technology Applications and Security
- Advanced Optical Network Technologies
- Radiation Effects in Electronics
- User Authentication and Security Systems
- Security and Verification in Computing
- Software Testing and Debugging Techniques
- Caching and Content Delivery
- Digital and Cyber Forensics
- Wireless Networks and Protocols
- Network Packet Processing and Optimization
- Image and Video Quality Assessment
- Advanced Data Storage Technologies
- Cloud Computing and Resource Management
- Complex Network Analysis Techniques
- Safety Systems Engineering in Autonomy
- Information and Cyber Security
University of Illinois Urbana-Champaign
2019-2024
University of Illinois System
2019
International University of the Caribbean
2019
Ukrainian Medical Stomatological Academy
2019
University of California, San Diego
2009-2018
UC San Diego Health System
2008-2018
New York University
2017
Carnegie Mellon University
2017
University of Michigan
2017
Berkeley College
2017
Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on combination of cryptographic protection and peer-to-peer protocol for witnessing settlements. Consequently, has the unintuitive property that while ownership money implicitly anonymous, its flow globally visible. In this paper we explore unique characteristic further, using heuristic clustering to group wallets based evidence shared authority, then...
The conversion rate of spam--the probability that an unsolicited e-mail will ultimately elicit a sale--underlies the entire spam value proposition. However, our understanding this critical behavior is quite limited, and literature lacks any quantitative study concerning its true value. In paper we present methodology for measuring spam. Using parasitic infiltration existing botnet's infrastructure, analyze two campaigns: one designed to propagate malware Trojan, other marketing on-line...
Underground forums, where participants exchange information on abusive tactics and engage in the sale of illegal goods services, are a form online social network (OSN). However, unlike traditional OSNs such as Facebook, underground forums pattern communications does not simply encode pre-existing relationships, but instead captures dynamic trust relationships forged between mutually distrustful parties. In this paper, we empirically characterize six different --- BlackHatWorld, Carders,...
Spam-based advertising is a business. While it has engendered both widespread antipathy and multi-billion dollar anti-spam industry, continues to exist because fuels profitable enterprise. We lack, however, solid understanding of this enterprise's full structure, thus most anti-Spam interventions focus on only one facet the overall spam value chain (e.g., filtering, URL blacklisting, site takedown).In paper we present holistic analysis that quantifies set resources employed monetize email --...
Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on combination of cryptographic protection and peer-to-peer protocol for witnessing settlements. Consequently, has the unintuitive property that while ownership money implicitly anonymous, its flow globally visible. In this paper we explore unique characteristic further, using heuristic clustering to group wallets based evidence shared authority, then...
Ransomware is a type of malware that encrypts the files infected hosts and demands payment, often in crypto-currency like Bitcoin. In this paper, we create measurement framework use to perform large-scale, two-year, end-to-end ransomware payments, victims, operators. By combining an array data sources, including binaries, seed ransom victim telemetry from infections, large database bitcoin addresses annotated with their owners, sketch outlines burgeoning ecosystem associated third-party...
Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from debugging and security analytics policy support. Traditionally, have relied on application adherence well established global port mapping: Web 80, mail 25 so on. However, factors - including firewall blocking, tunneling, dynamic allocation, bloom new distributed applications has weakened the value...
We investigate the emergence of exploit-as-a-service model for driveby browser compromise. In this regime, attackers pay an exploit kit or service to do "dirty work" exploiting a victim's browser, decoupling complexities and plugin vulnerabilities from challenges generating traffic website under attacker's control. Upon successful exploit, these kits load execute binary provided by attacker, effectively transferring control machine attacker.
Of the major factors affecting end-to-end service availability, network component failure is perhaps least well understood. How often do failures occur, how long they last, what are their causes, and impact customers? Traditionally, answering questions such as these has required dedicated (and expensive) instrumentation broadly deployed across a network.
Underground forums are widely used by criminals to buy and sell a host of stolen items, datasets, resources, criminal services. These contain important resources for understanding cybercrime. However, the number forums, their size, domain expertise required understand markets makes manual exploration these unscalable. In this work, we propose an automated, top-down approach analyzing underground forums. Our uses natural language processing machine learning automatically generate high-level...
At the current stratospheric value of Bitcoin, miners with access to significant computational horsepower are literally printing money.For example, first operator a USD $1,500 custom ASIC mining platform claims have recouped his investment in less than three weeks early February 2013, and bitcoin has more tripled since then.Not surprisingly, cybercriminals also been drawn this potentially lucrative endeavor, but instead leveraging resources available them: stolen CPU hours form botnets.We...
Email as we use it today makes no guarantees about message integrity, authenticity, or confidentiality. Users must explicitly encrypt and sign contents using tools like PGP if they wish to protect themselves against tampering, forgery, eavesdropping. However, few do, leaving the vast majority of users open such attacks. Fortunately, transport-layer security mechanisms (available extensions SMTP, IMAP, POP3) provide some degree protection network-based eavesdropping At same time, DKIM SPF...
Recent trends in software-defined networking have extended network programmability to the data plane through programming languages such as P4. Unfortunately, chance of introducing bugs also increases significantly this new context. Existing verification approaches are unable model P4 programs, or they present severe restrictions set properties that can be modeled. In paper, we introduce a program approach based on assertion checking and symbolic execution. Network programmers annotate...
Click fraud is a scam that hits criminal sweet spot by both tapping into the vast wealth of online advertising and exploiting ecosystem's complex structure to obfuscate flow money its perpetrators. In this work, we illuminate intricate nature activity through lens ZeroAccess--one largest click botnets in operation. Using broad range data sources, including peer-to-peer measurements, command-and-control telemetry, contemporaneous from one top ad networks, construct view scale complexity...
Modern vehicles are required to comply with a range of environmental regulations limiting the level emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test in controlled settings empirically measure their at tailpipe. However, black box nature this testing standardization its forms have created an opportunity evasion. Using modern electronic engine controllers, manufacturers can programmatically infer when car is undergoing emission alter...
Many network applications have stringent end-to-end latency requirements, including VoIP and interactive video conferencing, automated trading, high-performance computing---where even microsecond variations may be intolerable. The resulting fine-grain measurement demands cannot met effectively by existing technologies, such as SNMP, NetFlow, or active probing. We propose instrumenting routers with a hash-based primitive that we call Lossy Difference Aggregator (LDA) to measure latencies down...