Online-Service Security and Intelligence
Online-Service Security and Intelligence

We take a data-driven approach to enhancing the security and other aspects of large-scale online services, including for instance email services, search engines, and advertising systems. We explore network-host properties (e.g., the use of proxy servers and dynamically assigned IP addresses), service-level topologies, and user social connectivity. We correlate all this fine-grained information with application-specific traces, for attack defense and for improving services.

 

Links:  | Publications | People |

Research Themes:

Overview:

An IP-Intelligence Framework

We explore host network-level properties, in particular, host IP address properties, to derive the rich contexts of a communication between a client and a service. Examples of such properties include whether the host is set up with a dynamically allocated IP address, whether the host is from a large proxy server with many users behind it, or whether the host has been associated with already identified malicious activites. Such information can be used to improve service security and to help service providers better understand user requirements. Finally, we derive these properties automatically from large service logs.

Social Graphs for Online Service Security

Large-scale online services such as email and instant messaging are popular targets for attackers, who sign up for new accounts and compromise legitimate user accounts in order to propagate spam emails, phishing links, or malware. To counter such attacks, this project focuses on exploring social connections among users that are difficult for attackers to mimic. The research explores a wide range of graph properties to differentiate legitimate human users from tens of millions of maliciously created accounts and hijacked accounts.

 

A sampled user email-connectivity graph

Publications