Alexandria Digital Research Library

Stepping Up the Cybersecurity Game : Protecting Online Services from Malicious Activity

Author:
Stringhini, Gianluca
Degree Grantor:
University of California, Santa Barbara. Computer Science
Degree Supervisor:
Christopher Kruegel
Place of Publication:
[Santa Barbara, Calif.]
Publisher:
University of California, Santa Barbara
Creation Date:
2014
Issued Date:
2014
Topics:
Computer Science and Web Studies
Keywords:
Spam
Cyber Crime
Online Social Networks
Computer Security
Botnets
Genres:
Online resources and Dissertations, Academic
Dissertation:
Ph.D.--University of California, Santa Barbara, 2014
Description:

The rise in popularity of online services such as social networks, web-based emails, and blogs has made them a popular platform for attackers. Cybercriminals leverage such services to spread spam, malware, and steal personal information from their victims. In a typical cybercriminal operation, miscreants first infect their victims' machines with malicious software and have them join a botnet, which is a network of compromised computers. In the second step, the infected machines are often leveraged to connect to legitimate online services and perform malicious activities.

As a consequence, online services receive activity from both legitimate and malicious users. However, while legitimate users use these services for the purposes they were designed for, malicious parties exploit them for their illegal actions, which are often linked to an economic gain. In this thesis, I show that the way in which malicious users and legitimate ones interact with Internet services presents differences. I then develop mitigation techniques that leverage such differences to detect and block malicious parties that misuse Internet services.

As examples of this research approach, I first study the problem of spamming botnets, which are misused to send hundreds of millions of spam emails to mailservers spread across the globe. I show that botmasters typically split a list of victim email addresses among their bots, and that it is possible to identify bots belonging to the same botnet by enumerating the mailservers that are contacted by IP addresses over time. I developed a system, called BotMagnifier, which learns the set of mailservers contacted by the bots belonging to a certain botnet, and finds more bots belonging to that same botnet.

I then study the problem of misused accounts on online social networks. I first look at the problem of fake accounts that are set up by cybercriminals to spread malicious content. I study the modus operandi of the cybercriminals controlling such accounts, and I then develop a system to automatically flag a social network accounts as fake. I then look at the problem of legitimate accounts getting compromised by miscreants, and I present COMPA, a system that learns the typical habits of social network users and considers messages that deviate from the learned behavior as possible compromises.

As a last example, I present EvilCohort, a system that detects communities of online accounts that are accessed by the same botnet. EvilCohort works by clustering together accounts that are accessed by a common set of IP addresses, and can work on any online service that requires the use of accounts (social networks, web-based emails, blogs, etc.).

Physical Description:
1 online resource (248 pages)
Format:
Text
Collection(s):
UCSB electronic theses and dissertations
ARK:
ark:/48907/f3gf0rn7
ISBN:
9781321203165
Catalog System Number:
990045116420203776
Rights:
Inc.icon only.dark In Copyright
Copyright Holder:
Gianluca Stringhini
File Description
Access: Public access
Stringhini_ucsb_0035D_12140.pdf pdf (Portable Document Format)