MADCAT: Maltraffic Analysis and Detection in Challenging and Aggregate Traffic (NeTS-NBD)

Project Summary

The MR-Net project ran from 2006 to 2010 and is now complete. Its research results are now used by several other projects at ISI and elsewhere. For follow-on work, please see current work by the ANT Lab.

MADCAT is a joint research effort of USC/Information Sciences Institute, USC's Electrical Engineering Dept., and Colorado State University's Computer Science Dept.

The Internet can be a dangerous place, with malware taking control of users' computers and turning them against others or themselves. Many compromised computers generate maltraffic, which includes denial-of-service (DoS) attacks, spyware reporting home, unauthorized applications (applications in violation of a corporate acceptable use policy such as peer-to-peer file sharing, chat, games), spam (both inbound and outbound), and worms.

Firewalls, intrusion detection systems, anti-virus programs, proxies and filters all try to defend against maltraffic. Unfortunately, defense is increasingly difficult due to traffic encryption, edge-level aggregation (making filtering and blacklisting result in collateral damage), and large traffic volumes and active cloaking allowing maltraffic to hide itself.

MADCAT proposes to use signal processing and detection theory as new tools to address these problems in detecting maltraffic.

MADCAT is supported by the National Science Foundation's Networking Technology and Systems (NeTS) program, grant number CNS-0626696.

People

Publications

For related publications, please see the ANT publications web page.

Software

See also ANT software.

Traces

See the see the ANT traces page.

Related Links

ANT: the Analysis of Network Traffic research group