Copyright Compromises, Mini-Conference Presentation, October 12, 2011. Nick Feamster, Associate Professor of Computer Science, Georgia Tech.
ISPs Already Help Users Fight Malware, Comcast “Constant Guard”: Observes user traffic and notifies user about possible compromise. Notifying a user about possible piracy: Significantly different! Malware and Spam Detection: No Content Inspection Necessary! Domains: Can detect using lookup features, Spam: Can detect using sending behavior, Source ISP of sender, Geography (distance traveled), Time of day, Malware: Can detect using network statistics, Coordinated behavior across “bots”, Correlation with attack traffic. DNS Domain Reputation (How Constant Guard Works), Domain registration and resource record establishment occur before attacks take place.