• Publications
  • Influence
Internet inter-domain traffic
The majority of inter-domain traffic by volume now flows directly between large content providers, data center / CDNs and consumer networks, and this analysis shows significant changes in inter-AS traffic patterns and an evolution of provider peering strategies.
Delayed Internet routing convergence
This paper presents a two-year study of Internet routing convergence through the experimental instrumentation of key portions of the Internet infrastructure, including both passive data collection and fault-injection machines at Internet exchange points, and describes several unexpected properties of convergence.
Automated Classification and Analysis of Internet Malware
This paper examines the ability of existing host-based anti-virus products to provide semantically meaningful information about the malicious software and tools used by attackers and proposes a new classification technique that describes malware behavior in terms of system state changes rather than in sequences or patterns of system calls.
The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets
This paper outlines the origins and structure of bots and botnets and uses data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today and describes a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.
Safety analysis of timing properties in real-time systems
  • F. Jahanian, A. Mok
  • Computer Science
    IEEE Transactions on Software Engineering
  • 1 September 1986
The authors formalize the safety analysis of timing properties in real-time systems. The analysis is based on a formal logic, RTL (real-time logic), which is especially suitable for reasoning about
CloudAV: N-Version Antivirus in the Network Cloud
It is shown that the average length of time to detect new threats by an antivirus engine is 48 days and that retrospective detection can greatly minimize the impact of this delay, and a new model for malware detection on end hosts based on providing antivirus as an in-cloud network service is advocated.
A Survey of Botnet Technology and Defenses
Global Internet threats have undergone a profound transformation from attacks designed solely to disable infrastructure to those that also target people and organizations. At the center of many of
Internet routing instability
The analysis in this paper is based on data collected from border gateway protocol (BGP) routing messages generated by border routers at five of the Internet core's public exchange points during a nine month period, and reveals several unexpected trends and ill-behaved systematic properties in Internet routing.
An exploration of L2 cache covert channels in virtualized environments
This paper demonstrates a covert channel with considerably higher bit rate than previously reported, and assesses that even at such improved rates, the harm of data exfiltration from these channels is still limited to the sharing of small, if important, secrets such as private keys.
The Internet Motion Sensor - A Distributed Blackhole Monitoring System
The Internet Motion Sensor is introduced, a globally scoped Internet monitoring system whose goal is to measure, characterize, and track threats and the architectural tradeoffs are explored in the context of a 3 year deployment across multiple dark address blocks ranging in size from /24s to a /8.