Duc T. Ha

Learn More
Recently, peer-to-peer (P2P) networks have emerged as a covert communication platform for malicious programs known as bots. As popular distributed systems, they allow bots to communicate easily while protecting the botmaster from being discovered. Existing work on P2P-based botnets mainly focuses on measurement-based studies of botnet behaviors. In this(More)
Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation(More)
— Insider attacks constitute one of the most potent, yet difficult to detect threats to information security in the cyber-domain. Malicious actions perpetrated by privileged insiders usually circumvent intrusion detection systems (IDS) and other mechanisms designed to detect and prevent unauthorized activity. In this paper, we present an architectural(More)
Botnets have emerged as one of the most severe cyber-threats in recent years. To evade detection and improve resistance against countermeasures, botnets have evolved from the first generation that relies on IRC chat channels to deliver commands to the current generation that uses highly resilient P2P (peer-to-peer) protocols to spread their C&C (Command and(More)
— Inspired by the Flash worm paper [1], we formulate and investigate the problem of finding a fast and resilient propagation topology and propagation schedule for Flash worms and similar malcodes. Resiliency means a very large proportion of infectable targets are still infected no matter which fraction of targets are not infectable. There is an intrinsic(More)
—We analyze crosstalk-free widesense nonblocking multicast multi-log networks. Widesense nonblocking strikes a balance between strictly nonblocking and rearrangeably non-blocking both in terms of cost-effectiveness and route establishment efficiency. The problem is important as cost-effective and efficient crosstalk-free multicast photonic switching(More)
—We show that it is possible to design botnet structures called CRESTBOT based on extractor graphs which are highly resilient to command-and-control (C&C) take-downs, yet do not require significant changes to existing botnet designs and codes, and do not suffer from the implementation complexity of P2P-based and hybrid structures. The UDP family of CRESTBOT(More)
When analyzing a nonblocking switching network, the typical problem is to find a route for a new request through the network without disturbing existing routes. By solving this problem, we can derive how many hardware components of a certain type (Banyan planes in a multi-log network, for instance) are needed for the network to be nonblocking. This scenario(More)