About
43
Publications
10,540
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,313
Citations
Citations since 2017
Publications
Publications (43)
A computer implemented method includes identifying a universal resource locator and characterizing a traffic pattern associated with the universal resource locator. The traffic pattern can include referrer information, referring information, advertising network relationship information, and any combination thereof. The method can further include cl...
We study carding shops that sell stolen credit and debit card information online. By bypassing the anti-scrapping mechanisms they use, we find that the prices of cards depend heavily on factors such as the issuing bank, country of origin, and whether the card can be used in brick-and-mortar stores or not. Almost 70% of cards sold by these outfits a...
Web spammers have taken note of the popularity of public forums such as blogs, wikis, webboards, and guestbooks. They are now exploiting them with the purpose of driving traffic to their malicious or fraudulent websites, such as those used for phishing, distributing malware, or selling counterfeit pharmaceuticals. A popular technique they use is to...
Advertisements simultaneously provide both economic support for most free web content and one of the largest annoyances to end users. Furthermore, the modern advertisement ecosystem is rife with tracking methods which violate user privacy. A natural reaction is for users to install ad blockers which prevent advertisers from tracking users or displa...
Fraudulent product promotion online, including online videos, is on the rise. In order to understand and defend against this ill, we engage in the fraudulent video economy for a popular video sharing website, YouTube, and collect a sample of over 3,300 fraudulently promoted videos and 500 bot profiles that promote them. We then characterize fraudul...
Methods for identifying wanted traffic on the Internet are provided. The methods include determining a traffic history for a user of the Internet; identifying wanted traffic in a stream of Internet traffic based on the determined traffic history; and prioritizing the identified wanted traffic such that unwanted traffic is assigned a lower priority...
FBI's Operation Ghost Click, the largest cybercriminal takedown in history, recently took down an ad fraud infrastructure that affected 4 million users and made its owners 14 million USD over a period of four years. The attackers hijacked clicks and ad impressions on victim machines infected by a DNS changer malware to earn ad revenue fraudulently....
Motivated by reasons related to privacy, obtrusiveness, and security, there is great interest in the prospect of blocking advertisements. Current approaches to this goal involve keeping sets of URL-based regular expressions, which are matched against every URL fetched on a web page. While generally effective, this approach is not scalable and requi...
Online social networks (OSNs) represent a significant portion of Web traffic today, comparable with search engines. Even though their primary purpose is different from that of search engines, OSNs are impacting how users navigate the Web and what types of websites they visit. This paper is motivated by the desire to understand the similarities and...
While many attacks are distributed across botnets, investigators and network operators have recently identified malicious networks through high profile autonomous system (AS) depeerings and network shutdowns. In this paper, we explore whether some ASs indeed are safe havens for malicious activity. We look for ISPs and ASs that exhibit disproportion...
The Domain Name System (DNS) is a critical component of the Internet. It maps domain names to IP addresses and serves as a distributed database for various other applications, including mail, Web, and spam filtering. This paper examines DNS zones in the Internet for diversity, adoption rates of new technologies, and prevalence of configuration issu...
Web boards, blogs, wikis, and guestbooks are forums fre-quented and contributed to by many Web users. Unfor-tunately, the utility of these forums is being diminished due to spamming, where miscreants post messages and links not intended to contribute to forums, but to adver-tise their websites. Many such links are malicious. In this paper we invest...
The growth of the Internet has brought about many challenges for its critical infrastructure. The DNS infrastructure, which translates mnemonic host names into IP addresses understood by the routers, is frequently the target of cache poisoning attacks. Internet routers are also experiencing alarming growth in their routing table sizes, which may so...
The move to a pervasive computing environment, with the increasing use of laptops, netbooks, smartphones and tablets, means that we are more reliant on wireless networking and batteries for our daily computational needs. Specifically, this includes applications which have sensitive data that must be securely communicated over VPNs. However, the use...
A DNS wildcard can be used to point arbitrary requests for host names within a domain to a specific host name or IP address.
Wildcards offer administrators the convenience of not having to change DNS entries when host names change. However, we are
not aware of any work that documents how wildcards are used in practice. Such a study is particularly...
Phishing has been easy and effective way for trickery and deception on the Internet. While solutions such as URL blacklisting have been effective to some degree, their reliance on exact match with the blacklisted entries makes it easy for attackers to evade. We start with the observation that attackers often employ simple modifications (e.g., chang...
While many attacks are distributed across botnets, investigators and network operators have recently targeted malicious networks through high profile autonomous system (AS) de-peerings and network shut-downs. In this paper, we explore whether some ASes indeed are safe havens for malicious activity. We look for ISPs and ASes that exhibit disproporti...
An orphan DNS server is a DNS server which has an address record in the DNS, even though the domain in which it resides has no DNS records itself and hence does not exist. For example, the DNS server ns.foo.com would be an orphan DNS server if it had an address record, but the domain foo.com did not exist. In this paper, we undertake the first syst...
Users are being tracked on the Internet more than ever before as Web sites and search engines gather pieces of information sufficient to identify and study their behavior. While many existing schemes provide strong anonymity, they are inappropriate when high bandwidth and low latency are required. In this work, we explore an anonymity scheme for en...
In order to execute Bloom, we need financial resources. The biggest resource required is personnel time to provision and maintain Bloom, offer data products, and collect feedback to improve the service. Further, even though Indiana University has committed much of the computing and storage infrastructure needed to realize it, access to those resour...
Fast flux aims to keep phishing and scam campaigns afloat by provisioning a fraudulent Web site's domain name system records to make the site resolve to numerous, short-lived IP addresses. Although fast flux hurts takedown efforts, it's possible to detect and defend against it.
To ensure the security of sensitive Web content, an organization must use TLS and do so correctly. However, little is known about how TLS is actually used on the Web. In this work, we perform large-scale Internet-wide measurements to determine if Web sites use TLS when needed and when they do, if they use it correctly. We find hundreds of thousands...
Communities of interest (COI) have been studied in the past to classify traffic within an enterprise network, and to mitigate denial-of-service (DoS) attacks. We investigate the use of Communities of Interest (COIs) to prioritize known good traffic on the Internet. Under our system, an ISP may construct a COI for each of its enterprise customers. T...
While a variety of mechanisms have been developed for securing individual intra-domain protocols, none address the issue in a holistic manner. We develop a unified framework to secure prominent networking protocols within a single domain. We begin with a secure version of the DHCP protocol, which has the additional feature of providing each host wi...
The rise of spam in the last decade has been staggering, with the rate of spam exceeding that of legitimate email. While conjectures exist on how spammers gain access to email ad-dresses to spam, most work in the area of spam containment has either focused on better spam filtering methodologies or on understanding the botnets commonly used to send...
Routers in the Internet do not perform any verification of the source IP address contained in the packets, leading to the possibility of IP spoofing. The lack of such verification opens the door for a variety of vulnerabilities, including denial-of-service (DoS) and man-in-the-middle attacks. Currently proposed spoofing prevention approaches either...
We develop new techniques to map botnet membership using traces of spam email. To group bots into botnets we look for multiple bots participating in the same spam email campaign. We have applied our technique against a trace of spam email from Hotmail ...
Web sites on the Internet often use redirection. Unfor- tunately, without additional security, many of the redi- rection links can be manipulated and abused to mask phishing attacks. In this paper, we prescribe a set of heuristics to identify redirects that can be exploited. Us- ing these heuristics, we examine the prevalence of ex- ploitable redir...
DNS is a critical component of the Internet. This paper takes a comprehensive look at the provisioning of Internet domains and its impact on the availability of various services. To gather data, we sweep 60% of the Internet's domains for zone transfers. 6.6% of them allow us to transfer their complete information. We find that carelessness in handl...
Digital microfluidic systems (DMFS) are a new class of lab-on-a-chip systems for biochemical analysis. A DMFS uses electro wetting to manipulate discrete droplets on a planar array of electrodes. The chemical analysis is performed by repeatedly moving, mixing, and splitting droplets on the electrodes. Recently, there has been a lot of interest in d...
Using domain names for routing, instead of IP prefixes, has the potential to address many of the core outstanding issues in today's Internet. To initiate research in that direction, this paper compares the performance of name-based routing in the core of the Internet with that of IPv4 routing. Our analysis concludes that name-based routing is well...
Internet protocol security (IPSec) is a widely deployed mechanism for implementing Virtual Private Networks (VPNs). In previous work, we examined the overheads incurred by an IPSec server in a single client setting. In this paper, we extend that work by examining the scaling of a VPN server in a multiple client environment and by evaluating the eff...
The Web has grown beyond anybody's imagination. While significant research has been devoted to understanding as- pects of the Web from the perspective of the documents that comprise it, we have little data on the relationship among servers that comprise the Web. In this paper, we explore the extent to which Web servers are co-located with other Web...
The success of incentive techniques to motivate freeriders to contribute resources in file-sharing Gnutella-like peer-to-peer networks depends on the availability of peer behavior tracking in terms of resource consumption and contribution. Though many reputation systems have been proposed toward the goal of behavior tracking, the overheads incurred...
Peer-to-peer (P2P) networks continue to be popular means of trad- ing content. However, very little protection is in place to make sure that the les exchanged in these networks are not malicious, mak- ing them an ideal medium for spreading malware. We instrument two different open source P2P networks, Limewire and OpenFT, to examine the prevalence...
Unsolicited bulk email, aka spam is a persistent threat to the usefulness of the Internet. The fight against spam today relies solely on filtering at the recipient's mail server, which can delay mail delivery. We present a spam countering approach consisting of two complementary techniques. The first, token-based authentication, can identify emails...
Understanding the nature of media server workloads is crucial to properly designing and provisioning current and future media services. The main issue we address in this paper is the workload analysis of today's enterprise media servers. This analysis aims to establish a set of properties specific to the enterprise media server workloads and to com...
As the population of P2P networks increases, service dieren tiation issues become very important in distin- guishing cooperating peers from free-loaders. The basis for service dieren tiation could either be economic or the fact that the peers dier from each other in the type of services and resources they contribute to the system. Taking the latter...
The main issue we address in this paper is the workload analysis of today's enterprise media servers. This analysis aims to establish a set of properties specific for enterprise media server workloads and to compare them with well known related observations about web server workloads. We propose two new metrics to characterize the dynamics and evol...
The main issue we address in this report is the workload analysis of today's enterprise media servers. This analysis aims to establish a set of properties specific for enterprise media server workloads and to compare them with well known related observations about web server workloads. We propose two new metrics to characterize the dynamics and evo...
While routing table growth, its impact, and causes have been examined extensively for IPv4, little work in this direc-tion exists for IPv6. This paper is the first step at examining performance aspects of IPv6 packet forwarding. We do so by using a software implementation of various packet forward-ing algorithms used by routers and running them aga...
While mechanics of Web censorship in China are well stud-ied, those of other countries are less understood. Through a combination of personal contacts and Planet-Lab nodes, we conduct experiments to explore the mechanics of Web cen-sorship in 11 countries around the world, including China. Our work provides insights into the diversity of modus oper...
