The Department of Computer Science at PSU's Maseeh College of Engineering and Computer Science presents as part of the Computer Science Colloquium Series, Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event.
Title: "Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event"
Speaker: Vern Paxson, Ph.D., International Computer Science Institute, Berkeley, CA
Date: March 6, 2006
Time: 12:00 - 1:00 p.m.
Location: Room 10, Fourth Avenue Building, 1900 SW Fourth Avenue, Portland, Oregon 97201 (map)
This series is free and open to the public. For further information, contact the Department of Computer Science, (503) 725-2416 or firstname.lastname@example.org.
Network "telescopes" that record packets sent to unused blocks of Internet address space have emerged as important tools for observing Internet-scale events such as the spreading of worms, probing by botnets, and backscatter from distant flooding attacks. Current telescope analyses produce detailed tabulations of packet rates, victim population, and evolution over time. While such cataloging is a crucial first step in studying the telescope observations, incorporating an understanding of the underlying processes generating the observations allows us to construct detailed information about the broader "universe" in which the Internet-scale activity occurs, greatly enriching and deepening the analysis in the process.
In this talk I will discuss an application of such an analysis to the propagation of "Witty", a malicious and well-engineered worm that when released in March 2004 infected more than 12,000 hosts worldwide in 75 minutes. We find that by exploiting the worm's underlying structure, from limited and imperfect telescope data we can, with high fidelity, draw a remarkable range of inferences.
Dr. Vern Paxson is a senior scientist at the International Computer Science Institute (ICSI) in Berkeley, California, USA, as well as a staff scientist with the Lawrence Berkeley National Laboratory. His main active research projects are network intrusion detection in the context of Bro, a high-performance network intrusion detection system he developed; large-scale network measurement and analysis; and Internet-scale attacks, particularly rapidly-propagating network "worms." This latter is realized as part of CCIED, the US NSF-sponsored Collaborative Center for Internet Epidemiology and Defenses, which he codirects with Prof. Stefan Savage of the University of California, San Diego. Some of his other professional activities include: vice-chair of ACM SIGCOMM, program co-chair for the 2005 and 2006 IEEE Symposia on Security & Privacy, and co-founder of the ACM Internet Measurement Conference.