Automatic Detection of Internet-based Cyberattacks
Over the last few years, the Internet has been repeatedly used as a medium to launch attacks against computer and communication subsystems. Such attacks, which are usually called cyber-attacks may disable a large number of computers, which may in turn paralyze critical infrastructures including telecommunications, provision of electric power, transportation, water supplies, athletic infrastructure, and commerce. Such cyber-attacks propagate rapidly and may have profound impact.
Our research targets the creation of early warning systems that can detect cyber-attacks quickly and can respond to them efficiently. Our recent focus has been on the direction of designing, implementing, and deploying early-warning systems that are able to detect computer attacks at their infancy.
- E. Markatos et al. "EAR: Early Warning System fot the automatic detection of Internet-based Cyberattacks", project proposal submitted to GSRT, Call "Cooperation with R & D Organizations outside Europe, Action 188.8.131.52b, Structural Fund #3, Operational Program Competitiveness" , December 2002 (pdf).
- Spiros Antonatos, Periklis Akritidis, Evangelos P. Markatos and Kostas G. Anagnostakis. Defending against Hitlist Worms using Network Address Space Randomization In Computer Networks, to appear, 2007 (pdf)
- Spiros Antonatos and Kostas G. Anagnostakis. TAO: Protecting against Hitlist Worms using Transparent Address Obfuscation. In Proceedings of the 10th IFIP Open Conference on Communications and Multimedia Security (CMS'06) (to appear)
- Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos. Network-level Polymorphic Shellcode Detection using Emulation. In Proceedings of the GI/IEEE SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). July 2006, Berlin, Germany. (pdf)
- Demetres Antoniades, Manos Athanatos, Antonis Papadogiannakis, Evangelos P. Markatos, Constantine Dovrolis: Available bandwidth measurement as simple as running wget. In Proceedings of the Passive and Active Measurement Conference (PAM2006), March 2006 (pdf)
- Kostas G. Anagnostakis, Stelios Sidiroglou, Periklis Akritidis, Konstantinos Xinidis, Evangelos Markatos, and Angelos D. Keromytis: Detecting Targeted Attacks Using Shadow Honeypots. In the Proceedings of the 14th USENIX Security Symposium. August 2005, Baltimore, MD. (pdf)
- P. Akritidis, Kostas Anagnostakis, and E.P. Markatos: Efficient Content-Based Fingerprinting of Zero-Day Worms. Proceedings of the International Conference on Communications (ICC 2005), Seoul, Korea, 16-20 May 2005 (pdf)
- Kostas Xinidis, Kostas D. Anagnostakis, and Evangelos P. Markatos: Design and Implementation of a High-Performance Network Intrusion Prevention System In the Proceedings 20th IFIP International Information Security Conference (SEC 2005), May 2005 (pdf)
- P. Akritidis, Evangelos P. Markatos, M. Polychronakis, and Kostas D. Anagnostakis: STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis In the Proceedings 20th IFIP International Information Security Conference (SEC 2005), May 2005 (pdf)
- S. Antonatos, K. G. Anagnostakis, E. P. Markatos. Generating Realistic Workloads for Network Intrusion Detection Systems. Proceedings of the Fourth International Workshop on Software and Performance (WOSP2004), January 2004 (to appear). (pre-final draft pdf | compressed postscript)
- Cassandra is a utility that takes as an input a trace file and reports suspicious packets based on distinct destination counts.
- Packetgrep is a utility that given a trace file, a payload hash, and a payload length, reports all matching packets.
If you would like a copy of the tool, please contact akritid AT ics.forth.gr
- Computer immunology S. Forrest, S. Hofmeyr, and A. Somayaji. Communications of the ACM, 40(10), pp. 88-96, 1997.
- Computer virus-antivirus coevolution Carey Nachenberg. Communications of the ACM, 40(1):47-51, Jan. 1997.
- New Directions in Traffic Measurement and Accounting C. Estan and G. Varghese, in Proceedings of the ACM SIGGCOMM Conference, 2002.