{"671430":{"#nid":"671430","#data":{"type":"event","title":"Ph.D. Proposal Oral Exam - Runze Zhang","body":[{"value":"\u003Cp\u003E\u003Cspan\u003E\u003Cspan\u003E\u003Cspan\u003E\u003Cstrong\u003E\u003Cspan\u003ETitle:\u0026nbsp; \u003C\/span\u003E\u003C\/strong\u003E\u003Cem\u003E\u003Cspan\u003EHunter and Gatherer: Gearing Rapid Malware Forensics Towards More Effective Botnet Attack Remediation\u003C\/span\u003E\u003C\/em\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cspan\u003E\u003Cspan\u003E\u003Cstrong\u003E\u003Cspan\u003ECommittee:\u0026nbsp; \u003C\/span\u003E\u003C\/strong\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cspan\u003E\u003Cspan\u003E\u003Cspan\u003EDr. \u003C\/span\u003E\u003Cspan\u003ESaltaformaggio\u003C\/span\u003E\u003Cspan\u003E, Advisor\u003C\/span\u003E\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003C\/span\u003E\u003C\/span\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cspan\u003E\u003Cspan\u003E\u003Cspan\u003EDr. \u003C\/span\u003E\u003Cspan\u003ESpecter\u003C\/span\u003E\u003Cspan\u003E, Chair\u003C\/span\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cspan\u003E\u003Cspan\u003E\u003Cspan\u003EDr. \u003C\/span\u003E\u003Cspan\u003EFrank Li\u003C\/span\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/p\u003E\r\n","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003E\u003Cspan\u003E\u003Cspan\u003EThe objective of the proposed research is to help incident responders mitigate the attacks from advanced botnets with automatic frontend bot forensics pipelines. For decades, law enforcement and commercial entities have attempted botnet takedowns with mixed success. These efforts, relying on DNS sink-holing or seizing C\u0026amp;C infrastructure, require months of preparation and often omit the cleanup of left-over infected machines. This allows botnet operators to push updates to the bots and re-establish their control. Besides, the advanced botnets also empower similar infrastructure to frequently update their frontend bots to perform new attacks and improve attack strategies. In my proposed study, firstly,\u0026nbsp; I expand the goal of botnet takedowns to include the covert and timely removal of frontend bots from infected devices. Specifically, this work proposes seizing the bot\u0027s built-in update mechanism to distribute crafted remediation payloads. Besides, focusing on ad-click attacks stemming out of botnet, I also propose to extract attacking strategies from the frontend bots to defend upcoming attacks from the ad platforms\u2019 perspectives actively. In the preliminary studies, I developed GLEAN, an automated malware forensics pipeline that extracts frontend bot payload deployment routines and generates remediation payloads to disable or remove the frontend bots on infected devices. The study of 702 Android bots shows that 523 bots can be remediated via GLEAN\u0027s takedown approach, ranging from covertly warning users about bot infection to uninstalling the bot.\u003C\/span\u003E\u003C\/span\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"field_summary_sentence":[{"value":"Hunter and Gatherer: Gearing Rapid Malware Forensics Towards More Effective Botnet Attack Remediation"}],"uid":"28475","created_gmt":"2023-12-05 23:11:21","changed_gmt":"2023-12-05 23:11:40","author":"Daniela Staiculescu","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2023-12-08T11:00:00-05:00","event_time_end":"2023-12-08T13:00:00-05:00","event_time_end_last":"2023-12-08T13:00:00-05:00","gmt_time_start":"2023-12-08 16:00:00","gmt_time_end":"2023-12-08 18:00:00","gmt_time_end_last":"2023-12-08 18:00:00","rrule":null,"timezone":"America\/New_York"},"location":"Room C0915 Atlantic, CODA","extras":[],"groups":[{"id":"434371","name":"ECE Ph.D. Proposal Oral Exams"}],"categories":[],"keywords":[{"id":"102851","name":"Phd proposal"},{"id":"1808","name":"graduate students"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}