Networking and Security Research GroupProfessor Farnam JahanianUniversity of Michigan Software Systems Laboratory (SSL) |
Our research group investigates...
Projects:
- CloudAV: N-Version Antivirus in the Network Cloud - This project advocates and explores the deployment of malware detection functionality as an in-cloud service in contrast to the traditional host-based deployment model.
- Detecting and Dismantling Botnet Command and Control Infrastructure using Behavioral Profilers and Bot Informants - In this project we seek to develop tools and techniques for identifying bots and botnets and for mitigating botnet attacks.
- PREDICT - The Virtual Center for Network and Security Data is a unique effort to organize, structure, and combine the efforts of the network security researcher community with the efforts of the data measurement and collection community. Under the umbrella of the Protected Repository for the Defense of Infrastructure against Cyber Threats (PREDICT) our virtual center provides a common framework for managing datasets from various data providers.
- Topology-Aware Internet Threat Detection Using Pervasive Darknets - This project seeks to increase the visibility and effectiveness of Internet threat detection systems by developing methods to automatically discover network topology and use that knowledge to deploy pervasive network sensors that enable new Internet threat detection capabilities.
- Internet Motion Sensor - The Internet Motion Sensor (IMS) is a globally-scoped threat monitoring system whose goal is to measure, characterize, and track emerging threats such as worms, denial of service attacks and network scanning activities. The IMS utilizes a large collection of distributed sensors that monitor blocks of globally routable unused address space.
Recent Publications:
If It Ain't Broke, Don't Fix It: Challenges and New Directions for Inferring the Impact of Software PatchesJon Oberheide, Evan Cooke, and Farnam Jahanian
Workshop on Hot Topics in Operating Systems (HotOS XII), May 2009.
[pdf] [bibtex]
CloudAV: N-Version Antivirus in the Network Cloud
Jon Oberheide, Evan Cooke, and Farnam Jahanian
Proc. of the 17th USENIX Security Symposium, July 2008.
[pdf] [bibtex]
Virtualized In-Cloud Security Services for Mobile Devices
Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, and Farnam Jahanian
Workshop on Virtualization in Mobile Computing (MobiVirt'08), June 2008.
[pdf] [bibtex]
Exploiting Live Virtual Machine Migration
Jon Oberheide, Evan Cooke, and Farnam Jahanian
Black Hat DC 2008 Briefings, February 2008.
[pdf] [bibtex]
Automated Classification and Analysis of Internet Malware
Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian, and Jose Nazario
Proc. of Recent Advances in Intrusion Detection (RAID'07), September 2007.
[pdf] [bibtex]
Rethinking Antivirus: Executable Analysis in the Network Cloud
Jon Oberheide, Evan Cooke, and Farnam Jahanian
USENIX Workshop on Hot Topics in Security (HotSec'07), August 2007.
[pdf] [bibtex]
Characterizing Dark DNS Behavior
Jon Oberheide, Manish Karir, Z. Morley Mao, and Farnam Jahanian
Proc. of the Fourth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'07), July 2007.
[pdf] [bibtex]
Shedding Light on the Configuration of Dark Addresses
Sushant Sinha, Michael Bailey, and Farnam Jahanian
Proc. of Network and Distributed System Security (NDSS'07), February 2007.
[pdf] [bibtex]
WIND: Workload-aware INtrusion Detection
Sushant Sinha, Farnam Jahanian, and Jignesh M. Patel
Proc. of Recent Advances In Intrusion Detection (RAID'06), September 2006.
[pdf] [bibtex]
Resource-Aware Multi-Format Network Security Data Storage
Evan Cooke, Andrew Myrick, David Rusek, Farnam Jahanian
Proc. of the SIGCOMM Workshop on Large Scale Attack Defense (LSAD'06), September 2006.
[pdf] [bibtex]
Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware
Evan Cooke, Z. Morley Mao, and Farnam Jahanian
Proc. of the International Conference on Dependable Systems and Networks (DSN'06), June 2006.
[pdf] [bibtex]
The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery
Evan Cooke, Michael Bailey, Farnam Jahanian, and Richard Mortier
Proc. of the 3rd ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI'06), May 2006.
[pdf] [bibtex]
Practical Darknet Measurement
Michael Bailey, Evan Cooke, Farnam Jahanian, Andrew Myrick, and Sushant Sinha
Conference on Information Sciences and Systems (CISS'06), March 2006.
[pdf] [bibtex]
Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic
Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson
Proc. of Internet Measurement Conference (IMC'05), October 2005.
[pdf] [bibtex]
The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets Evan Cooke, Farnam Jahanian, and Danny McPherson Proc. of Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'05), July 2005.
[pdf] [bibtex]
The Blaster Worm: Then and Now
Michael Bailey, Evan Cooke, David Watson, Farnam Jahanian, and Jose Nazario
IEEE Security & Privacy Magazine, Volume: 3, Issue: 4, pages: 26-31, July-August 2005
[pdf] [bibtex]
The Internet Motion Sensor: A distributed blackhole monitoring system
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson
Proc. of Network and Distributed System Security Symposium (NDSS'05), February 2005.
[pdf] [bibtex]
Toward Understanding Distributed Blackhole Placement
Evan Cooke, Michael Bailey, David Watson, Farnam Jahanian, and Danny McPherson
Proc. of ACM CCS Workshop on Rapid Malcode (WORM'04), October 2004.
[pdf] [bibtex]
Measuring, Characterizing, and Tracking Internet Threat Dynamics
Michael Bailey, Farnam Jahanian, G. Robert Malan, Jose Nazario, Dug Song and Robert Stone.
OpenSig 2003 Workshop
[pdf] [bibtex]
Older Publications...
Sponsors:
