Fernando Sanchez scite author profile

Chen

et al. 2009

Compromised machines are one of the key security threats on the Internet; they are often used to launch various security attacks such as DDoS, spamming, and identity theft. In this thesis we address this issue by investigating effective solutions to automatically identify compromised machines in a network. Given that spamming provides a key economic incentive for attackers to recruit the large number of compromised machines, we focus on the subset of compromised machines that are involved in the spamming activities, commonly known as spam zombies. We develop an effective spam zombie detection system named SPOT by monitoring outgoing messages of a network. SPOT is designed based on a powerful statistical tool called Sequential Probability Ratio Test, which has bounded false positive and false negative error rates. Our evaluation studies based on a two-month email trace collected in a large U.S. campus network show that SPOT is an effective and efficient system in automatically detecting compromised machines in a network. For example, among the 440 internal IP addresses observed in the email trace, SPOT identifies 132 of them as being associated with compromised machines. Out of the 132 IP addresses identified by SPOT, 126 can be either independently confirmed (110) or highly likely (16) to be compromised.

Detecting Spam Zombies by Monitoring Outgoing Messages

Chen

IEEE Trans. Dependable and Secure Comput.

et al. 2012

A Sender-Centric Approach to Detecting Phishing Emails

2012

Email-based online phishing is a critical security threat on the Internet. Although phishers have great flexibility in manipulating both the content and structure of phishing emails, phishers have much less flexibility in completely concealing the sender information of a phishing message. Importantly, such sender information is often inconsistent with the target institution of a phishing email. Based on this observation, in this paper we advocate and develop a sender-centric approach to detecting phishing emails by focusing on the sender information of a message instead of the content or structure of the message. Our evaluation studies based on real-world email traces show that the sender-centric approach is a feasible and effective method in detecting phishing emails. For example, using an email trace containing both phishing and legitimate messages, we show that the sender-centric approach can detect 98.7% of phishing emails while correctly classifying all legitimate messages.

Tethered Linux CPE for IP service delivery

Sanchez¹,

Brazewell²

2015

This paper presents a new delivery model for IP communication services based on using lightweight Customer Premises Equipment (CPE) that is remotely controlled by virtualized software images running on a provider cloud.By removing the complex pieces of the service logic from the equipment in the customer premises, and by placing them in a virtualized software instance running inside the Service Provider's datacenter, relevant Operational and Capital Expenditure (CAPEX and OPEX) savings can be obtained. CAPEX savings are achieved by reducing the complexity of the piece of hardware to be deployed at the customer premises, or by extending the life cycle of existing devices already deployed.Potential OPEX savings are even larger: the complex logic of the service implementation (the software complexity) is under more manageable control of the service provider, thus enabling simpler troubleshooting and software upgrades, and reducing technical support calls and truck rolls.Hardware development is simplified as the service complexity is implemented in software with a continuous development model, thus reducing the time to market for new services whilst maintaining consistency of service regardless of hardware in the home. This model is enabled by the latest advances in the networking stack of the Linux kernel (which allow to implement network functions as programs running in kernel space), coupled with the use of Software-Defined Networking (SDN) and Network Functions Virtualization (NFV). The combination of these technologies allows controlling the broadband service in the cloud, while maintaining local, on-premises service enforcement, security and address management.

Scalable name-based inter-domain routing for information-centric networks

Kim

2015