Papers by Md Sazzadur Rahman
Peer-to-Peer Networking and Applications, 2012
Traditional software and security patch update delivery mechanisms rely on a client/server approa... more Traditional software and security patch update delivery mechanisms rely on a client/server approach where clients pull updates from servers regularly. This approach, however, suffers a high window of vulnerability (WOV) for clients and the risk of a single point of failure. Overlay-based information dissemination schemes overcome these problems, but often incur high infrastructure cost to set up and maintain individual information dissemination networks. Against
SUT: Quantifying and mitigating URL typosquatting
Computer Networks, 2011
One form of profiting from the web is URL typosquatting: people register phony sites that are com... more One form of profiting from the web is URL typosquatting: people register phony sites that are common mispellings of popular sites. These phony sites advertise and sell products or, in the worst case, con users into identify theft. In this work, we quantify the extent of this phenomenon, and propose, SUT, a practical countermeasure based on network metrics. We start with an initial set of 900 popular websites, and create 3 million name variations in a systematic and exhaustive way. We find that URL typosquatting is a wide-spread phenomenon and identify common practices and preferred targets of typosquatters. Second, we find that phony websites exhibit significantly different network-layer behavior, such as number of http redirections, compared to regular sites. Based on this insight, we develop, SUT, an automated approach to detect phony websites. We find that the power of SUT lies in the use of the network-layer profile of the phony sites, and less in the perceived popularity of the site. We find that SUT can identify phony websites with near perfect accuracy and recall in our controlled tests. We conclude that our approach is a promising step towards protecting users from URL typosquatting.
Online social networks (OSNs) have become the new vector for cybercrime, and hackers are finding ... more Online social networks (OSNs) have become the new vector for cybercrime, and hackers are finding new ways to propagate spam and malware on these platforms, which we refer to as socware. As we show here, socware cannot be identified with existing security mechanisms (e.g., URL blacklists), because it exploits different weaknesses and often has different intentions. In this paper, we present MyPageKeeper, a Facebook application that we have developed to protect Facebook users from socware. Here, we present results from the perspective of over 12K users who have installed MyPageKeeper and their roughly 2.4 million friends. Our work makes three main contributions. First, to enable protection of users at scale, we design an efficient socware detection method which takes advantage of the social context of posts. We find that our classifier is both accurate (97% of posts flagged by it are indeed socware and it incorrectly flags only 0.005% of benign posts) and efficient (it requires 46 ms on average to classify a post). Second, we show that socware significantly differs from traditional email spam or web-based malware. For example, website blacklists identify only 3% of the posts flagged by MyPageKeeper, while 26% of flagged posts point to malicious apps and pages hosted on Facebook (which no current antivirus or blacklist is designed to detect). Third, we quantify the prevalence of socware by analyzing roughly 40 million posts over four months; 49% of our users were exposed to at least one socware post in this period. Finally, we identify a new type of parasitic behavior, which we refer to as "Like-as-a-Service", whose goal is to artificially boost the number of "Likes" of a Facebook page.
Uploads
Papers by Md Sazzadur Rahman