My current research falls under two areas: DNS related security concerns and OSN security concerns.
Understanding the vulnerability of the DNS hierarchy by querying for open resolvers (submitted to PAM 2014)
Open DNS resolvers accept DNS queries from hosts around the world and serve an important role in reducing resolution latencies and increasing availability of alternative resolvers for clients in the DNS infrastructure. However, open DNS resolvers can be exploited in denial-of-service (DoS) attacks. In this paper, we undertake a study of the open DNS resolvers around the world. While we identify many open resolvers, we find three disturbing trends. First, many DNS resolvers which are correctly configured as closed to anyone but users in their network become effectively open if user machines or their routers in that network are open and forward requests to that resolver. A second trend is the rise of open forwarders who forward DNS requests to other actual resolvers. These forwarders outnumber resolvers by a factor of 30 and appear to clients as open resolvers. The third trend is the discovery of 18.1 million devices snooping on DNS traffic due to a previously unreported vulnerability in several models of SOHO routers that enables these devices to engage in DoS based attacks against authoritative servers.
Behind Box-Office Sales: Understanding Automation in Online Classifieds (submitted to INFOCOM 2014)
In spite of being prohibited by the terms and conditions of the classifieds websites, automation is widespread due to a combination of low barrier to entry and limited enforcement of rules. Unchecked automation can frustrate sellers who do not resort to it and can decrease the variety of products for the buyers – overall leading to poor experience for all users. Due to these reasons, detecting automation is important. Very little research currently exists in the area of detecting automation, with state-of-the-art relying on account properties, due to which its applicability is limited to websites with accounts. In this paper, we develop a general purpose algorithm that can detect automation any time a post contains one or more URLs. Using our algorithm, we characterize automation on a popular classifieds website, Craigslist, and find that 2/3rd of the posts with URLs are automated. Automation is more prevalent in categories dominated by businesses, such as Tickets, Cars by Dealer, and Real Estate, with 67-92% of the posts with URLs exhibiting automation. While individual automated campaigns tend to confine themselves to a handful of categories, often one, they are spread across a range of cities. Also, even in categories with less automation, intermittent automation can occasionally overwhelm a category.
Previous Research Projects
Presentation: Collision Avoidance in UAVs using Dynamic Sparse A*
Discussed research performed at Auburn University regarding real-time collision avoidance algorithms. Topics in the presentation included challenges of real-time collision avoidance, use of a discrete based algorithm in continuous space, and performance of our heuristic against traditional discrete heuristics (Manhattan, Chebyshev, etc.). Presented at Truman State University Student Research Conference, Spring 2012.
Presentation: Online Requests and Politeness Approaches
Politeness Theory (Brown & Levinson, 1987) is applied to 202 online requests sent over 3.5 years to a Teaching Assistant or to a coed honor fraternity’s organization officer, showing that the emails utilize more negative than positive politeness strategies and patterns to lessen the imposition of the request. Gender and status of requester, length and type of prior relationship are analyzed with status and relationship found to be significant while gender is not. Future applications for pattern matching and machine learning are explored, along with social applications of patterns. Presented at Truman State University Student Research Conference, Spring 2012.
Research Experience for Undergraduates: Collision Avoidance for Unmanned Aerial Vehicles
Investigated the use of the A* algorithm in collision avoidance. The project took us into a novel approach to make it Dynamic-Sparse A* in order to cope with the real-time constraints of collision avoidance. Interesting results showed that under certain turning restrictions (such as 45-degree turn in 1 second) enabled several planes to be controlled in a simulation and avoid collisions. [Took place at Auburn University Research Experience for Undergraduates (Summer 2011) with team website accessible here.]