The Evolution of Internet Threats: A Case for Security in the Network Cloud
Threats to the availability and security of the Internet have undergone a rapid and dramatic evolution over the past few years. Highly visible attacks against Internet users and infrastructure began only a few short years ago with the emergence of Internet Denial of Service (DoS) attacks and highly virulent Internet worms. Today, we are in the middle of a fundamental shift from attacks that primarily target infrastructures to coordinated attacks launched from a malicious service platform (botnet) that harvest the resources of infected hosts (bots). Spurred by financial gains, attackers have become proficient at hiding themselves using compromised hosts as proxies and amplifying the power of their attacks using distributed software. The result is vast numbers of compromised computers, or bots, sitting in homes, schools, businesses, and government networks around the world enabling a rapid increase in spam, phishing, and identity theft. These challenges illustrate how we are at the limits of existing detection and mitigation technologies.
In this talk, Farnam will introduce a new security model for networked environments inspired by successful detection and mitigation solutions in the service provider environment. The key insight is use of multi-resolution distributed sensors deployed inside the network and on end hosts that integrate data from different perspectives to reason about the security of the network as a whole. To illustrate the utility of this model, we will discuss results from two experimental projects that enable security as a service in the network cloud: the Dark Oracle and CloudAV.
Farnam Jahanian is Professor and Chair of Computer Science and Engineering at the University of Michigan and co-founder of Arbor Networks, Inc. Prior to joining academia in 1993, he was a Research Staff Member at the IBM T.J. Watson Research Center. His research interests include distributed computing, network security, and network protocols and architectures. In the late 90’s, Farnam led a research effort aimed at developing a flow-based system for detecting, back-tracing and resolving network-wide anomalies such as DDoS attacks and routing exploits. This research project has formed the basis of a commercial technology that has been widely deployed by more than 300 Internet service providers and mission-critical networks, protecting over 70% of Internet transit traffic today. Farnam holds a master's degree and a Ph.D. in Computer Science from the University of Texas at Austin.
University of Michigan, Computer Science and Engineering