Tracking Malicious Activities on the Internet

Claude Castelluccia

INRIA Rhones Alpes


Cybercrime is consolidating as a major threat for end users and the Internet. Entire underground infrastructures of compromised computers, called botnets, have been created to perform illegal activities ranging from unsolicited e-mail messages to identity theft or DDoS attacks. One of our research objectives is to understand the Internet underground economy and track malicious activities. Tracking malicious activities is challenging since cyber-criminals are very innovative and evolve their attack tools quite frequently. Furthermore, cyber-criminals frequently use various techniques to hide the actual location of their malicious servers in order to evade identification and prevent or, at least delay, the shutdown of their illegal servers by law enforcement. During this talk, I will present our research activities in the area of cyber-security and some of our preliminary results. I will, for example, describe a framework to geolocalize hidden servers, that is, to determine the physical location of these servers based on network measurements.

[Claude Castelluccia]
[INRIA Rhones Alpes]