Abstract:
Worm attacks have posed a threat to Internet security and have caused massive disruptions and severe damage worldwide. Research on modeling attacks, and designing defenses against them, has become vital to the field of computer and network security. In this talk, I will present a framework to systematically study two classes of countermeasures against worm attacks, known as traffic-based countermeasures and non-traffic based countermeasures. Traffic-based countermeasures are those whose means are limited to monitoring, collecting, and analyzing the traffic. Non-traffic based countermeasures do not have such limitations.

For the traffic-based countermeasures, we will first consider the worm attack that dynamically manipulates its traffic patterns to circumvent the detection; we will also present a novel scheme which utilizes the attack-target distribution and robust statistical features to achieve highly effective detection performance against such attacks. We will then study worm attacks that perform probing traffic in a stealthy manner to obtain the location infrastructure of a worm defense system, and develop corresponding countermeasures. We will also introduce approaches for the non-traffic based countermeasures, by identifying some non-traffic related features, including programs' dynamic signatures, attackers' contradicted objectives, and defenders' reputations.

This research has a broad impact on Internet worm research, and its significance will be three-fold. First, the work is fundamental. We use analytical tools, including pattern recognition, information theory, and game theory to carry out a thorough study on approaches of countermeasures. Second, our work is practical, the countermeasures we propose are compatible with the existing Internet worm defense infrastructure, are based on real-world worm programs, hence, can be used for real-world systems. Third, our methodology is general. The framework we introduce can be used to understand key features of new worm attacks and develop countermeasures against them.

Biography:
Wei Yu is currently a doctoral student in the Department of Computer Science at Texas A&M University. He received his B.S. degree in Electrical Engineering from Nanjing University of Technology and his M.S. degree in Electrical Engineering from Tongji University. Since May 2001, he has also worked as a network software engineer for Cisco Systems, Inc. His research interests are in the areas of computer/ network security, information assurance, networking technologies, and distributed systems.