We take a data-driven approach to enhancing the security and other aspects of large-scale online services, including for instance email services, search engines, and advertising systems. We explore network-host properties (e.g., the use of proxy servers and dynamically assigned IP addresses), service-level topologies, and user social connectivity. We correlate all this fine-grained information with application-specific traces, for attack defense and for improving services.
Links: | Publications | People |
Research Themes:
-
An IP-intelligence framework
-
Social graphs for online service security
-
Uncovering the malicious use of search engines and online advertising
Overview:
An IP-Intelligence Framework
We explore host network-level properties, in particular, host IP address properties, to derive the rich contexts of a communication between a client and a service. Examples of such properties include whether the host is set up with a dynamically allocated IP address, whether the host is from a large proxy server with many users behind it, or whether the host has been associated with already identified malicious activites. Such information can be used to improve service security and to help service providers better understand user requirements. Finally, we derive these properties automatically from large service logs.
Social Graphs for Online Service Security
Large-scale online services such as email and instant messaging are popular targets for attackers, who sign up for new accounts and compromise legitimate user accounts in order to propagate spam emails, phishing links, or malware. To counter such attacks, this project focuses on exploring social connections among users that are difficult for attackers to mimic. The research explores a wide range of graph properties to differentiate legitimate human users from tens of millions of maliciously created accounts and hijacked accounts.
A sampled user email-connectivity graph
- Zhou Li, Sumayah Alrwais, Yinglian Xie, Fang Yu, and Xiaofeng Wang, Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures, in IEEE Symposium on Security and Privacy, 2013, to appear, IEEE, 19 May 2013
- Junxian Huang, Yinglian Xie, Fang Yu, Qifa Ke, Martin Abadi, Eliot Gillum, and Z. Morley Mao, SocialWatch: Detection of Online Service Abuse via Large-Scale Social Graphs, in 8th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), to appear, ACM, 7 May 2013
- Junjie Zhang, Yinglian Xie, Fang Yu, David Soukal, and Wenke Lee, Intention and Origination: An Inside Look at Large-Scale Bot Queries, in the 20th Annual Network and Distributed System Security Symposium (NDSS) 2013, to appear, Internet Society, 26 February 2013
- Junxian Huang, Yinglian Xie, Fang Yu, Qifa Ke, Martin Abadi, Eliot Gillum, and Z. Morley Mao, SocialWatch: Detection of Online Service Abuse via Large-Scale Social Graphs, no. MSR-TR-2013-24, 20 February 2013
- Yinglian Xie, Fang Yu, Qifa Ke, Martin Abadi, Eliot Gillum, Krish Vitaldevaria, Jason Walter, Junxian Huang, and Z. Morley Mao, Innocent by Association: Early Recognition of Legitimate Users, in ACM Conference on Computer and Communications Security (CCS), ACM, October 2012
- Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, and Xiaofeng Wang, Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising, in ACM Conference on Computer and Communications Security (CCS), ACM, October 2012
- Chi-Yao Hong, Fang Yu, and Yinglian Xie, Populated IP Addresses: Classification and Applications, in ACM Conference on Computer and Communications Security (CCS), ACM, October 2012
- John P John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi, deSEO: Combating Search-Result Poisoning, in Usenix Security Symposium, USENIX, August 2011
- John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi, Heat-seeking Honeypots: Design and Experience, WWW 2011, March 2011
- Andreas Pitsillidis, Yinglian Xie, Fang Yu, Martin Abadi, Geofferey M. Voelker, and Stefan Savage, How to Tell an Airport from a Home: Techniques and Applications, in HotNets 2010, Association for Computing Machinery, Inc., October 2010
- John P. John, Fang Yu, Yinglian Xie, Martin Abadi, and Arvind Krishnamurthy, Searching the Searchers with SearchAudit, in USENIX Security Symposium, USENIX, August 2010
- Zhiyun Qian, Zhuoqing Morley Mao, Yinglian Xie, and Fang Yu, Investigation of Triangular Spamming: a Stealthy and Efficient Spamming Technique , in IEEE Symposium on Security and Privacy (Oakland) 2010, May 2010
- Fang Yu, Yinglian Xie, and Qifa Ke, SBotMiner: Large Scale Search Bot Detection, in ACM International Conference on Web Search and Data Mining (WSDM), February 2010
- Zhiyun Qian, Zhuoqing Mao, Yinglian Xie, and Fang Yu, On Network-level Clusters for Spam Detection, in The 17th Annual Network and Distributed System Security Symposium (NDSS) 2010, February 2010
- Yinglian Xie, Fang Yu, and Martin Abadi, De-anonymizing the Internet Using Unreliable IDs, in ACM SIGCOMM, August 2009
- Yao Zhao, Yinglian Xie, Fang Yu, Qifa Ke, Yuan Yu, Yan Chen, and Eliot Gillum, BotGraph: Large Scale Spamming Botnet Detection, in The 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI '09), USENIX, April 2009
- Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov, Spamming Botnet: Signatures and Characteristics, in ACM SIGCOMM 2008, Seattle, WA, August 2008
- Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moisés Goldszmidt, and Ted Wobber, How Dynamic are IP Addresses, in Proceedings of the ACM SIGCOMM Conference, Association for Computing Machinery, Inc., Kyoto, Japan, August 2007