Network Coding Security
Defense Against Pollution Attacks in Network Coding (SpaceMac and InterMac)

- Description: Network coding has been shown to have high resilience against certain types of network attacks, such as eavesdropping attacks; however, it is extremely vulnerable to pollution attacks. A single node, that injects corrupted packets to a network, can potentially corrupt data received by all downstream nodes, thus preventing all receivers from correctly decoding the data sent by source nodes. Because of the severity, pollution attacks have drawn tremendous research efforts in the community. We propose novel cryptographic primitives called SpaceMac and InterMac, as well as design, implement, and evaluate complete defense mechanisms based on the primitivs to address pollution attacks in both intra-session (single source) as well as inter-session (multiple sources) network coding.

- Publications:

Implementation of Network Coding on Android Phones
MicroCast: Cooperative Video Streaming on Smartphones

- Description: Video streaming over the cellular connection is one of the increasingly popular, as well as demanding, applications on smartphones. We consider a group of smartphone users, within proximity of each other, who are interested in streaming the same video from the Internet at the same time. The common practice today is that each user downloads the video independently using one connection (e.g., cellular or WiFi), which often leads to poor quality. We design, implement, and evaluate a novel system, called MicroCast, that cooperatively uses the resources on all smartphones of the group to improve the streaming experience. More details can be found at our project page.

- Publications:

- Demo: Video demonstration of our prototype.

Applications of Machine Learning to Network Security
Light-Weight and Proactive Protection Against Phishing (PhishDef)

- Description: Phishing is an increasingly sophisticated method to steal personal user information using sites that pretend to be legitimate. We take the following steps to identify phishing URLs. First, we carefully select lexical features of the URLs that are resistant to obfuscation techniques used by attackers. Second, we evaluate the classification accuracy when using only lexical features, both automatically and hand-selected, vs. when using additional features. We show that lexical features are sufficient for all practical purposes. Third, we thoroughly compare several classification algorithms, and we propose to use an online method (AROW) that is able to overcome noisy training data. Based on the insights gained from our analysis, we propose PhishDef, a phishing detection system that uses only URL names and combines the above three elements. PhishDef is a highly accurate method (when compared to state-of-the-art approaches over real datasets), lightweight (thus appropriate for online and client-side deployment), proactive (based on online classification rather than blacklists), and resilient to training data inaccuracies (thus enabling the use of large noisy training data).

- Publications:

Understanding and Filtering Malicious Traffic (Blacklisting Recommendation System)

- Description: We study the problem of forecasting attack sources based on past attack logs from several contributors. We formulate this problem as an implicit recommendation system, and we propose a multi-level prediction model to solve it. Our model evaluates and combines various factors, namely: (i) attacker-victim history using time-series, (ii) attackers and/or victims interactions using neighborhood models and (iii) global patterns using singular value decomposition. We evaluate our combined method, referred to as Blacklisting Recommendation System (or BRS), on one month of logs from Dshield, and we demonstrate that it improves significantly the prediction rate over state-of-the-art methods as well as the robustness against poisoning attacks. Along the way, we analyze the Dshield dataset, and we reveal dominant patterns of malicious traffic.

- Publications:

- Patents:

Other Topics
Privacy Leakage of Chrome Extensions

- Description: We design and implement an analyzer that detect privacy leakage in Chrome extensions using static analysis techniques.

- Patents:

  • Anh Le and Andrew Swerdlow, "Browser Extension Control Flow Graph For Determining Sensitive Paths," filed by Google Inc., 2011.
  • Anh Le and Andrew Swerdlow, "Browser Extension Control Flow Graph Based Taint Tracking," filed by Google Inc., 2011.
Load Balancing for Clusters of Network Intrusion Detection and Prevention Systems

- Description: In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protections. In this context, keeping load evenly distributed among the systems is crucial. This is because even load distributions provide protection to the networks and improve the networks' quality of service. A challenging problem, however, is to maintain the load balancing of the systems while minimizing the loss of correlation information due to distributing traffic. Since anomaly-based detection and prevention of some intrusions, such as distributed denial of service attacks and port scans, require a single system to analyze correlated flows of the attacks, this loss of correlation information might severely affect the accuracy of the detections and preventions. We aim to address this challenging problem.

- Publications:

Fairness in Multi-Player Online Games on Deadline-Based Networks

- Description: Deadline-based network resource management is a new approach to supporting real-time applications in packet switched networks. Multip-player online games (MOGs) are computer games in which multiple game players simultaneously participate in a game session over a computer network. There are various types of MOGs, among which the FPS games often have the most stringent requirement on the delay performance of the underlying network because of the highly interactive nature of such games. One of the most important requirements of a FPS game is fairness. In common terms, fairness gives each player an equal opportunity to win the game. Our goal is to come up with strategies providing fair treatment among game clients on a deadline-based network.

- Publications: