About
14
Publications
15,784
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,132
Citations
Publications
Publications (14)
Search result poisoning attacks may be automatically detected by identifying groups of suspicious uniform resource locators (URLs) containing multiple keywords and exhibiting patterns that deviate from other URLs in the same domain without crawling and evaluating the actual contents of each web page. Suspicious websites are identified and lexical f...
Many malicious activities on the Web today make use of compromised Web servers, because these servers often have high pageranks and provide free resources. Attackers are therefore constantly searching for vulnerable servers. In this work, we aim to understand how attackers find, compromise, and misuse vulnerable servers. Specifically, we present he...
This paper presents Keypad, an auditing file system for theft-prone devices, such as laptops and USB sticks. Keypad provides two important properties. First, Keypad supports fine-grained file auditing: a user can obtain explicit evidence that no files have been accessed after a device's loss. Second, a user can disable future file access after a de...
We perform an in-depth study of SEO attacks that spread malware by poisoning search results for popular queries. Such attacks, although recent, appear to be both widespread and effective. They compromise legitimate Web sites and generate a large number of fake pages targeting trendy keywords. We first dissect one exam-ple attack that affects over 5...
Search engines not only assist normal users, but also pro- vide information that hackers and other malicious enti- ties can exploit in their nefarious activities. With care- fully crafted search queries, attackers can gather infor- mation such as email addresses and misconfigured or even vulnerable servers. We present SearchAudit, a framework that...
In this paper we present Botlab, a platform that con- tinually monitors and analyzes the behavior of spam- oriented botnets. Botlab gathers multiple real-time streams of information about botnets taken from distinct perspectives. By combining and analyzing these streams, Botlab can produce accurate, timely, and comprehensive data about spam botnet...
Internet routing protocols (BGP, OSPF, RIP) have traditionally favored responsiveness over consistency. A router applies a received update immediately to its forwarding table before propagating the update to other routers, including those that potentially depend upon the outcome of the update. Responsiveness comes at the cost of routing loops and b...
We present Hubble, a system that operates continuously to find Internet reachability problems in which routes exist to a destination but packets are unable to reach the destination. Hubble monitors at a 15 minute granularity the data-path to prefixes that cover 89% of the Internet's edge address space. Key enabling techniques include a hybrid passi...
Ad hoc wireless networks with their widespread deployment, now need to support applications that generate multimedia and real-time traffic. Video, audio, real-time voice over IP, and other multimedia applications require the network to provide guarantees on the Quality of Service (QoS) of the connection. The 802.11e Medium Access Control (MAC) prot...
Distributed hash tables (DHTs) provide scalable, key-based lookup of objects in dynamic network environments. Al- though DHTs have been studied extensively from an an- alytical perspective, only recently have wide deployments enabled empirical examination. This paper reports mea- surements of the Azureus BitTorrent client's DHT, which is in active...
We present Topology-based Geolocation (TBG), a novel approach to estimating the geographic location of arbitrary Internet hosts. We motivate our work by showing that 1) existing approaches, based on end-to-end delay measurements from a set of landmarks, fail to outperform much simpler techniques, and 2) the error of these approaches is strongly det...
Important benefits of virtual machines have led to extensive research on using virtual machines over the networks to provide certain services, such as seamless computing. One solution to remotely access VMs is to use network file systems to store the VM image. In this context, knowing how VMs perform on network file systems is extremely relevant. W...