Networking and Security Research Group Professor Farnam Jahanian University of Michigan Software Systems Laboratory (SSL)

Our research group investigates...

Projects:

• The CloudAV™ Architecture: N-Version Antivirus in the Network Cloud - This project advocates and explores the deployment of malware detection functionality as an in-cloud service in contrast to the traditional host-based deployment model.
• Detecting and Dismantling Botnet Command and Control Infrastructure using Behavioral Profilers and Bot Informants - In this project we seek to develop tools and techniques for identifying bots and botnets and for mitigating botnet attacks.
• PREDICT - The Virtual Center for Network and Security Data is a unique effort to organize, structure, and combine the efforts of the network security researcher community with the efforts of the data measurement and collection community. Under the umbrella of the Protected Repository for the Defense of Infrastructure against Cyber Threats (PREDICT) our virtual center provides a common framework for managing datasets from various data providers.
• Topology-Aware Internet Threat Detection Using Pervasive Darknets - This project seeks to increase the visibility and effectiveness of Internet threat detection systems by developing methods to automatically discover network topology and use that knowledge to deploy pervasive network sensors that enable new Internet threat detection capabilities.
• Internet Motion Sensor - The Internet Motion Sensor (IMS) is a globally-scoped threat monitoring system whose goal is to measure, characterize, and track emerging threats such as worms, denial of service attacks and network scanning activities. The IMS utilizes a large collection of distributed sensors that monitor blocks of globally routable unused address space.

Recent Publications:

Internet Inter-Domain Traffic
Craig Labovitz, Scott Iekel-Johnson, Danny McPherson, Jon Oberheide, and Farnam Jahanian
SIGCOMM 2010, September 2010.
[conference]

CANVuS: Context-Aware Network Vulnerability Scanning
Yunjing Xu, Michael Bailey, Eric Vander Weele, and Farnam Jahanian
Recent Advances in Intrusion Detection (RAID'10), September 2010.
[conference]

Improving SPAM Blacklisting through Dynamic Thresholding and Speculative Aggregation
Sushant Sinha, Michael Bailey, and Farnam Jahanian
17th Annual Network & Distributed System Security Symposium (NDSS'10), March 2010.
[pdf] [bibtex]

When Mobile is Harder Than Fixed: Demystifying Security Challenges in Mobile Environments
Jon Oberheide and Farnam Jahanian
HotMobile 2010, February 2010.
[pdf] [bibtex]

PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion
Jon Oberheide, Michael Bailey, and Farnam Jahanian
Workshop on Offensive Technologies (WOOT'09), August 2009.
[pdf] [bibtex]

Remote Fingerprinting and Exploitation of Mail Server Antivirus Engines
Jon Oberheide and Farnam Jahanian
University of Michigan Technical Report CSE-TR-552-09, June 2009.
[pdf] [bibtex]

If It Ain't Broke, Don't Fix It: Challenges and New Directions for Inferring the Impact of Software Patches
Jon Oberheide, Evan Cooke, and Farnam Jahanian
Workshop on Hot Topics in Operating Systems (HotOS XII), May 2009.
[pdf] [bibtex]

CloudAV: N-Version Antivirus in the Network Cloud
Jon Oberheide, Evan Cooke, and Farnam Jahanian
17th USENIX Security Symposium, July 2008.
[pdf] [bibtex]

Virtualized In-Cloud Security Services for Mobile Devices
Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, and Farnam Jahanian
Workshop on Virtualization in Mobile Computing (MobiVirt'08), June 2008.
[pdf] [bibtex]

Exploiting Live Virtual Machine Migration
Jon Oberheide, Evan Cooke, and Farnam Jahanian
Black Hat DC 2008 Briefings, February 2008.
[pdf] [bibtex]

Automated Classification and Analysis of Internet Malware
Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian, and Jose Nazario
Recent Advances in Intrusion Detection (RAID'07), September 2007.
[pdf] [bibtex]

Rethinking Antivirus: Executable Analysis in the Network Cloud
Jon Oberheide, Evan Cooke, and Farnam Jahanian
USENIX Workshop on Hot Topics in Security (HotSec'07), August 2007.
[pdf] [bibtex]

Characterizing Dark DNS Behavior
Jon Oberheide, Manish Karir, Z. Morley Mao, and Farnam Jahanian
Fourth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'07), July 2007.
[pdf] [bibtex]

Shedding Light on the Configuration of Dark Addresses
Sushant Sinha, Michael Bailey, and Farnam Jahanian
Network and Distributed System Security (NDSS'07), February 2007.
[pdf] [bibtex]

WIND: Workload-aware INtrusion Detection
Sushant Sinha, Farnam Jahanian, and Jignesh M. Patel
Recent Advances In Intrusion Detection (RAID'06), September 2006.
[pdf] [bibtex]

Resource-Aware Multi-Format Network Security Data Storage
Evan Cooke, Andrew Myrick, David Rusek, Farnam Jahanian
SIGCOMM Workshop on Large Scale Attack Defense (LSAD'06), September 2006.
[pdf] [bibtex]

Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware
Evan Cooke, Z. Morley Mao, and Farnam Jahanian
International Conference on Dependable Systems and Networks (DSN'06), June 2006.
[pdf] [bibtex]

The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery
Evan Cooke, Michael Bailey, Farnam Jahanian, and Richard Mortier
3rd ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI'06), May 2006.
[pdf] [bibtex]

Practical Darknet Measurement
Michael Bailey, Evan Cooke, Farnam Jahanian, Andrew Myrick, and Sushant Sinha
Conference on Information Sciences and Systems (CISS'06), March 2006.
[pdf] [bibtex]

Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic
Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson
Internet Measurement Conference (IMC'05), October 2005.
[pdf] [bibtex]

The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets Evan Cooke, Farnam Jahanian, and Danny McPherson Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'05), July 2005.
[pdf] [bibtex]

The Blaster Worm: Then and Now
Michael Bailey, Evan Cooke, David Watson, Farnam Jahanian, and Jose Nazario
IEEE Security & Privacy Magazine, Volume: 3, Issue: 4, pages: 26-31, July-August 2005
[pdf] [bibtex]

The Internet Motion Sensor: A distributed blackhole monitoring system
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson
Network and Distributed System Security Symposium (NDSS'05), February 2005.
[pdf] [bibtex]

Toward Understanding Distributed Blackhole Placement
Evan Cooke, Michael Bailey, David Watson, Farnam Jahanian, and Danny McPherson
ACM CCS Workshop on Rapid Malcode (WORM'04), October 2004.
[pdf] [bibtex]

Measuring, Characterizing, and Tracking Internet Threat Dynamics
Michael Bailey, Farnam Jahanian, G. Robert Malan, Jose Nazario, Dug Song and Robert Stone.
OpenSig 2003 Workshop
[pdf] [bibtex]

Older Publications...

Sponsors: