Google Tech Talk September 10, 2009 ABSTRACT Presented by Richard A. Kemmerer. Botnets, which are networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, which is a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims. In this talk, we report on our efforts to take control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected. While botnets have been hijacked before, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server during the ten day period. This shows that botnet estimates that are based on IP addresses are likely to report inflated numbers. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of information from the infected victims. This allowed us to perform interesting data analysis that goes well beyond simply counting the number of stolen credit cards. In this talk we will discuss the analysis that we performed on the data collected …
Identifying Suspicious URLs: An Application of Large-Scale Online Learning
Google Tech Talk May 5, 2010 ABSTRACT Presented by Justin Ma. We explore online learning approaches for detecting malicious Web sites (those involved in criminal scams) using lexical and host-based features of the associated URLs. We show that this application is particularly appropriate for online algorithms as the size of the training data is larger than can be efficiently processed in batch and because the distribution of features that typify malicious URLs is changing continuously. Using a real-time system we developed for gathering URL features, combined with a real-time source of labeled URLs from a large Web mail provider, we demonstrate that recently-developed online algorithms can be as accurate as batch techniques, achieving daily classification accuracies up to 99% over a balanced data set. Slides: cseweb.ucsd.edu Justin Ma is a PhD candidate at UC San Diego advised by Stefan Savage, Geoff Voelker and Lawrence Saul. His research interests are in systems and networking with an emphasis on network security, and his current focus is the application of machine learning to problems in security. He will be joining UC Berkeley as a postdoc after graduation. [Home page: www.cs.ucsd.edu ]
Google I/O 2010 – Porting v2 JavaScript Maps API apps to v3
Google I/O 2010 – Stepping up: Porting v2 JavaScript Maps API applications to v3 Geo 201 Daniels Lee The JavaScript Maps API v3 is the future of the Google Maps API. To take advantage of the many great features coming to the API you will need to migrate existing v2 applications to v3. This session will guide you through the process, illustrating how easy it is to start reaping the benefits in features and performance. For all I/O 2010 sessions, please go to code.google.com
LISP Part 3 – Deployed Network and Use-Cases
Google Tech Talk February 24, 2010 ABSTRACT Presented by Dino Farinacci. Now that Part 1 and Part 2 sessions gave you the foundation of the technology, we will take a deep-dive of the various use-cases LISP provides. From low opex multi-homing to using provider independent addresses to Data Center to Mobility applications, we will show how one architectural solution can solve so many critical problems we have today in networking. We will show how LISP can be deployed practically and incrementally. We will give an update on the 3rd generation LISP network we have deployed to test the LISP protocols. This network has over 50 boxes from 4 distinct product sets across 10 countries. We will share with you lessons learned and where we are going forward. Dino Farinacci: Dino originally joined Cisco in spring of 1991 and was one of the first two Cisco Fellows. He has built routers for 27 years. Dino currently works in the Data Center Business Unit at cisco where his focus is on building a next-generation platform and operating system for Enterprise and Data Center environments. This platform is the Nexus 7000 running NX-OS which shipped in April of 2008. His expertise specializes in routing protocols where he has intimate knowledge and implementation experience with IS-IS, EIGRP, OSPF, BGP, IGMP, PIM, and MSDP, as well as IPv6 and MPLS protocols. He is an advocate for modular operating systems. Dino also has been a member of the IETF for 19 years making many contributions over …
Google I/O 2010 – OpenID-based SSO & OAuth for Google Apps
Google I/O 2010 – OpenID-based single sign on and OAuth data access for Google Apps Enterprise, Google APIs 201 Ryan Boyd, David Primmer A discussion of all the auth tangles you’ve encountered so far — OpenID, SSO, 2-Legged OAuth, 3-Legged OAuth, and Hybrid OAuth. We’ll show you when and where to use the APIs, code some example apps, and demonstrate how they all integrate with Google APIs and other developer products. We’ll also talk about how these technologies relate to apps sold on the Google Apps Marketplace. For all I/O 2010 sessions, please go to code.google.com