Summary of the talk by Prof. Zhenhai Duan

Summary of the talk by Prof. Zhenhai Duan

Alan Lupsha

Professor Zhenhai Duan researches accountable and dependable Internet with good end-to-end performance. There is currently a serious problem with the Internet because it lacks accountability and there is not enough law enforcement. It is very hard to find out who did something wrong because hackers do not worry about breaking the law and they cover their tracks in order to not get caught. There is a need to design protocols and architectures which can prevent bad activities from happening and which can easier identify attackers.

The current Internet lacks accountability, as even if there are no attacks, there are still many problems. For example, the time to recover during routing failures is too long, and DNS also has many issues. Dependable Internet defines higher accountability for banking and secure applications. End-to-end performance also needs to be high, especially for more important applications which need a greater guarantee of data delivery.

Professor Duan’s research projects include network security, solutions to network problems, routing, and intrusion detection. In IP spoofing attacks it is difficult to isolate attack traffic from legitimate traffic, and these attacks include the man-in-the-middle method with TCP hijacking and DNS poisoning, as well as reflector-based attacks with DNS requests and DDOS. There are distributed denial of service attacks which are issued from bot nets made up of millions of zombie (compromised) computers. To solve these network problems, professor Duan researches route-based filtering techniques. These techniques take advantage of the fact that hackers can spoof their source addresses but they can not control the route of the packets, while filters which know part of the network topology can isolate illegitimate traffic.

Inter-Domain Packet Filter (IDPF) systems identify feasible routes based on the BGP (an Internet domain routing protocol) updates. These systems evaluate the performance of other IDPFs based on Autonomous Systems graphs. It is hard to completely protect an Autonomous System from spoofing attacks, but IDPFs can effectively limit the spoofing capability of attackers. Using the vertex cover algorithm, one can prevent attackers in 80.8% of the networks which are attacked. If the attacks can not be prevented, one can still look at the topology and determine who are the candidates of the source packets. IDPFs are effective in helping IP traceback, as all Autonomous Systems can localize attackers. The placement of IDPFs also plays a very important role in the performance of protecting networks.

Since botnets are becoming a major security issue, and they are used in distributed denial of service attacks, spamming and identity theft, there is a greater need for utility based detection of zombie machines. The SPOT system is one system being researched which classifies messages as spam or not spam. It computes a function based on the sequential probability ratio test, using previously learned behavior of systems, and finally arriving at one of two different hypotheses, classifying messages as spam or not spam. Professor Duan is currently testing the SPOT system and improving it.