We use cookies on this site. By browsing our site you agree to our use of cookies. Close this message Find out more

Home > Information Security home > Events > ISG Research Seminar 27 March 2014
More in this section Events articles

ISG Research Seminar 27 March 2014

27/03/2014 (11:00-12:00)

Contact: Lorenzo Cavallaro


Speaker: Juan Caballero (IMDEA Software Institute, ES)

Title: CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers

Juan Caballero is an Assistant Research Professor at the IMDEA Software Institute in Madrid, Spain. His research focuses on security issues in systems, software, and networks. He received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University, USA and was a visiting researcher at University of California, Berkeley for two years. His research has appeared (and has won best paper awards) at top security venues. He has
been in the technical committee of venues such as IEEE S&P, NDSS, WWW, RAID, and DIMVA. He is program chair for the 2014 Digital Forensics Research Symposium (DFRWS) and program co-chair for the 2014 EuroSec workshop.


Cybercriminals use different types of geographically distributed servers to run their operations such as C&C servers for managing their malware, exploit servers to distribute the malware, payment servers for monetization, and redirectors for anonymity. Identifying the server infrastructure used by a cybercrime operation is fundamental for defenders, as it enables take-downs that can disrupt the operation and is a critical step towards identifying the criminals behind it. In this paper, we propose a novel active probing approach for detecting malicious servers and compromised hosts that listen for (and react to) incoming network requests.  We have implemented our active probing approach in a tool called CyberProbe and have used CyberProbe to identify 151 malicious servers and 7,881 P2P bots.


Comment on this page

Did you find the information you were looking for? Is there a broken link or content that needs updating? Let us know so we can improve the page.

Note: If you need further information or have a question that cannot be satisfied by this page, please call our switchboard on +44 (0)1784 434455.

This window will close when you submit your comment.

Add Your Feedback