Events Calendar

USC CS Colloquium Series

Dr. Brad KarpUniversity College LondonTitle: Evolution in Action: Worms and Worm DefensesAbstract:Secure systems are interesting to design and build because they face an adaptive, adversarially constructed workload. In this talk, I will trace three years of experience building systems to defend Internet-connected hosts from Internet worms, and the evolutionary pressure exerted on worm designers by defenses.I will first describe Autograph, a system that generates signatures for never-before-seen worms quickly and automatically. A distributed deployment of Autograph would have generated a signature for Code-Red-Iv2 before 2% of vulnerable Internet hosts had become infected (despite the exponential spread of worms, which can scan the entire Internet address space in minutes).The natural response of worm authors to signature-based worm quarantine is to render worms *polymorphic*, so that they change their payloads on every infection attempt, and thus match no single contiguous signature. Motivated by this threat model, I will describe Polygraph, a suite of signature generation algorithms that can be used to automatically generate signatures, even for polymorphic worms.I will finally describe Paragraph, a suite of attacks on signature generation algorithms based on conventional machine learning (sadly, including Polygraph). The attacks in Paragraph are particularly devastating because they are practical attacks on learning *itself*. As conventional learning approaches assume that training examples are random in content, or even designed by a *helpful* teacher, they perform unacceptably when a malicious adversary controls training examples.I will close with a few final musings on how to design signature generation systems immune to Paragraph-style attacks.[This talk will describe joint work with Andrea Bittau, Mark Handley, Hyang-Ah Kim, Jinyang Li, Jim Newsome, and Dawn Song.] Biography: "Brad Karp is an Associate Professor (or "Senior Lecturer," in UK academic parlance) at the Department of Computer Science at University College London. He previously was a Staff Scientist at ICIR (originally ACIRI) at ICSI in Berkeley, a Senior Staff Researcher at Intel Research Pittsburgh, and Adjunct Assistant Professor at Carnegie Mellon University's Computer Science Department. His research marries the design of algorithms and the building of real systems, in the areas of wireless and sensor networks (e.g., GPSR and CLDP for geographic routing), Internet worm quarantine (e.g., Autograph and Polygraph for worm signature generation), and Internet-scale distributed systems (e.g., Open DHT, a public DHT service, and Re:, a system to eliminate false positives caused by spam filtering). Brad holds a Royal Society-Wolfson Reseach Merit Award, given to recruit leading scientists to UK universities."Hosted by: Prof. Ramesh Govindan

Location: Seaver Science Library (SSL) - 150

Audiences: Everyone Is Invited

Contact: Nancy Levien