CS Department Seminar: Prof. Stefano Zanero, Politecnico di Milano
November 19, 2013
Title: Tracking and Characterizing Botnets Using Automatically Generated Domains Speaker: Prof. Stefano Zanero, Politecnico di Milano Date/time: Tuesday, November 19, 12:00pm-1:00pm Location: Babbio Center 221 Host: Georgios Portokalidis
Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control infrastructures that are difficult to track or deactivate. Considerable attention has been given to recognizing automatically generated domains (AGDs) from DNS traffic, in order to identify previously unknown AGDs, which helps in the task of disrupting botnets’ communication capabilities. Unfortunately, until now such approaches would require to deploy low-level DNS sensors to access data whose collection poses practical and privacy issues, making their adoption problematic. Instead, we propose a system, that exploits publicly available and privacy-preserving databases of historical recursive-level DNS traffic. Analyzing such data through linguistic-based models of suspicious domains, we are able to identify automatically generated domain names, characterize their DGAs, isolate logical groups of domains that represent the respective botnets, enrich those groups with new previously unknown automatically generated domain names, and produce novel knowledge about the evolving behavior of each tracked botnet. We evaluated our approach on millions of real-world domains, and showed that it correctly isolates families of automatically generated domains that belong to distinct DGAs, and distinguishes automatically generated from non-automatically generated domains in 94.8 percent of the cases. We will show several case studies of our system at work. This research is joint work between Politecnico di Milano and Royal Holloway University of London.
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an assistant professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on mobile malware, malware analysis, and systems security. Besides teaching “Computer Security” at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 50 scientific papers and books. He is an associate editor for the “Journal in computer virology and hacking techniques”. He's a Senior Member of the IEEE (covering volunteer positions at national and regional level), the IEEE Computer Society (for which he is a member of the Board of Governors), and a lifetime senior member of the ACM. Stefano co-founded the Italian chapter of ISSA (Information System Security Association), of which he is a senior member. He sits in the International Board of Directors of the same association. A long time op-ed writer for magazines (among which “Computer World”), Stefano is also a co-founder and chairman of Secure Network S.r.l., a leading Italian information security consulting firm, and a co-founder of 18Months, a cloud-based ticketing solutions provider.