*
Quick Links|Home|Worldwide
Microsoft*
Search for
Overview
Projects
Project Members
Publications

Search Quality & Cyber-Intelligence Lab (SQ-CIL)

Spam Double-Funnel: Connecting Web Spammers with Advertisers



Projects

  • Cybersecurity
    • Strider Gatekeeper Spyware Management
      • Proposed a characterization of spyware based on the concept of Auto-Start Extensibility Points (ASEPs) (see Nov. 2004 LISA paper)
      • This project helped jumpstart Microsoft anti-spyware product effort and the ASEP concept influenced the actual product.
    • Strider GhostBuster Rootkit Detection
      • Proposed a cross-view diff-based approach to rootkit detection (see June 2005 DSN paper & Dec. 2005 LISA paper)
      • Read Bruce Schneier's comments
      • This project helped jumpstart Microsoft anti-rootkit product effort. The GhostBuster tool was deployed on 200,000+ internal machines.
    • Strider HoneyMonkey Malicious Website Detection
      • Proposed a black-box, state-change-based, signature-free approach to detecting malicious websites that exploit known and zero-day browser vulnerabilities (see Feb. 2006 NDSS paper)
      • Read Bill Cheswick's comments
      • This technology was transferred to the Microsoft security unit, which now operates a production HoneyMonkey system.
    • Strider Typo-Patrol Cybersquatter Analysis
      • Proposed a traffic redirection-based analysis for detecting large-scale, systematic domain cybersquatters (see July 2006 SRUTI paper)
      • Read the WashingtonPost article by Leslie Walker and Brian Krebs
      • The tool was released here and has been used by many trademark domain owners to identify cybersquatters.
    • Strider Search Ranger Search-Spam Detection
      • Proposed a “Follow the Money” approach to detecting large-scale search spammers who are corrupting the Web with junk content and websites in order to promote their links to spam content into top search results (see Feb 2007 NDSS paper, May 2007 WWW paper, and June 2007 ICAC paper)
      • Read John Markoff's article on the New York Times
      • This technology has proven to be very effective in reducing spam in search results.


  • Systems Management
    • Strider Troubleshooter
    • Flight Data Recorder (FDR)
      • Highly efficient and highly compressed always-on tracing of persistent-state accesses for configuration monitoring (see 2006 OSDI paper and 2006 LISA paper)
      • FDR is now deployed on 1,000+ Microsoft production servers and 500+ desktop machines.
    • Patch Impact Analyzer
      • Intersecting always-on persistent-state access trace with patch manifest to predict potential stability impact due to patch installation (see May 2004 ICAC paper)
      • This tool was shipped as part of Windows Vista Application Compatibility Toolkit (ACT).
    • Strider Security Tracer
      • A black-box tracing technique that identifies the causes for least privilege incompatibilities (i.e., application dependencies on Admin privileges) (see Feb. 2005 NDSS paper)
      • This tool was shipped as part of Windows Vista Application Compatibility Toolkit (ACT).

 
Project Members

 
Interns

 
Publications

 

Talks

 




©2008 Microsoft Corporation. All rights reserved. Terms of Use |Trademarks |Privacy Statement