On the Power of Distributed Network Telescopes

Speaker: Dr. Andreas Terzis, John Hopkins University
Abstract: Four years after the Code-Red worm attack, self-replicating malware represent one of the major threats to the security of the Internet. Traffic monitors, also known as network telescopes or darknets, that record packets arriving to unused portions of the IP address space have been proposed as tools for detecting novel attacks as well as forensics tools gleaning information about past attacks. In this talk we are going to give two examples that showcase the power of network telescopes, introduce models that provide limits on their power, and present experimental results that verify the importance of telescopes in early detection and forensic analysis. The last part of the talk will be focused on future directions for malware mitigation as well as potential new threats.
Biography: Andreas Terzis is an Assistant Professor in the Department of Computer Science at Johns Hopkins University. He joined the faculty in January 2003. Before coming to JHU, Andreas received his Ph.D. in computer science from UCLA in 2000. His thesis research was in the area of QoS signaling where he proposed and implemented a Two-Tier Resource Allocation Architecture. Andreas heads the Hopkins InterNetworking Research (HiNRG) Group and his current research interests are in the areas of network security and sensor networks.
Presented On: Friday, October 21, 2005
Videotape: Terzis.mov