UCSB COMPUTER SCIENCE DEPARTMENT PRESENTS:
MONDAY, OCTOBER 20, 2008
3:30 – 4:30
Computer Science Conference Room, Harold Frank Hall Rm. 1132
HOST: GIOVANNI VIGNA
SPEAKER: CHRISTOPHER KRUEGEL
Faculty, UCSB Computer Science
Title: Mitigating Malicious Activity on the Internet
In recent years, criminals have increasingly recognized the Internet’s
potential to make fast profits. This has lead to a thriving underground
economy with complex interactions and different kinds of participants.
In this talk, we will provide an overview of our techniques to
understand and mitigate malicious activity on the Internet.
Specifically, we will discuss in more detail two systems that address
the malware threat and software vulnerabilities.
The first system, called Anubis, targets the problem of understanding
and defending against malicious code. Anubis is a dynamic malware
analysis platform that executes unknown programs and records their
activity. This observed activity is used to distinguish between
different types of malware, to recognize malware samples that behave
similarly, and to automatically generate malware detection models. In
particular, we will present techniques to generate stateful,
network-based models to identify bot-infected hosts.
The second system, called Pixy, focuses on the detection of software
vulnerabilities that are exploited by cyber-criminals to distribute
malware and to launch attacks against Internet users. Pixy is a precise
and scalable source code analysis tool for PHP code. The goal is to
detect input validation vulnerabilities in web applications. To this
end, Pixy employs flow-sensitive and inter-procedural data flow
analysis. Moreover, the system tracks the content of string variables,
which is important to discover incorrect validation routines.
Christopher Kruegel is an assistant professor in the Computer Science
Department of the University of California, Santa Barbara and the holder
of the Eugene Aas Chair in Computer Science. His research interests are
computer and communication security, with an emphasis on malicious code
analysis, web security, and intrusion detection.