Brent ByungHoon Kang

Learn More
Botnets have recently been identified as one of the most important threats to the security of the Internet. Traditionally, botnets organize themselves in an hierarchical manner with a central command and control location. This location can be statically defined in the bot, or it can be dynamically defined based on a directory server. Presently, the(More)
Within the hierarchy of the Software Defined Network (SDN) network stack, the control layer operates as the critical middleware facilitator of interactions between the data plane and the network applications, which govern flow routing decisions. In the OpenFlow implementation of the SDN model, the control layer, commonly referred to as a network operating(More)
Peer to Peer (P2P) botnets are a growing occurrence in the malware community. The Waledac botnet represents a new, more challenging trend in the P2P botnet evolution. The Waledac infrastructure has evolved key aspects of the P2P architecture and devolved others. This evolution/devolution has resulted in a more formidable botnet. As a result, the Waledac(More)
Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multitiered design wherein the webserver runs the application front-end logic and data are outsourced(More)
Hardware technologies for trusted computing, or trusted execution environments (TEEs), have rapidly matured over the last decade. In fact, TEEs are at the brink of widespread commoditization with the recent introduction of Intel Software Guard Extensions (Intel SGX). Despite such rapid development of TEE, software technologies for TEE significantly lag(More)
Modern advanced botnets may employ a decentralized peer-to-peer overlay network to bootstrap and maintain their command and control channels, making them more resilient to traditional mitigation efforts such as server incapacitation. As an alternative strategy, the malware defense community has been trying to identify the bot-infected hosts and enumerate(More)
In this paper, we present <i>Vigilare system</i>, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent hardware. This <i>snoop-based monitoring</i> enabled by the Vigilare system, overcomes the limitations of the <i>snapshot-based monitoring</i> employed in previous kernel integrity(More)
Kernel rootkits undermine the integrity of system by manipulating its operating system kernel. External hardware-based monitors can serve as a root of trust that is resilient to rootkit attacks. The existing external hardware-based approaches lack an event-triggered verification scheme for mutable kernel objects. To address the issue, we present KI-Mon, a(More)
In this study, we advance the understanding of botmaster-owned systems in an advanced botnet, Waledac, through the analysis of file-system and network trace data from the upper-tiers in its architecture. The functionality and existence of these systems has to-date only been postulated as existing knowledge has generally been limited to behavioral(More)
We propose RepuScore, a collaborative reputation management framework over email infrastrucure, which allows participating organizations to establish sender accountability on the basis of senders’ past actions. RepuScore’s generalized design can be deployed with any Sender Authentication technique such as SPF, SenderID and DKIM. With RepuScore,(More)