Information technology (IT) adds $2 trillion annually to the US economy alone, and while these technologies have enabled significant global economic growth, they have become rich targets for criminal activity. Cyber crime now ranks as the US Federal Bureau of Investigation (FBI)'s third highest priority, behind such dramatic threats as counter-terrorism and counter-espionage. Underlying cyber crime, including spam, phishing, and distributed denial of service attacks, is a vast ecosystem of malicious code, or malware, which is used by attackers to compromise and take control of users' machines. Recognizing that these nearly ubiquitous compromised hosts constitute a valuable reusable resource, attackers often combine numerous such hosts into malicious overlay networks, or botnets, capable of serving as powerful and anonymous delivery platforms for future infections and other large scale malicious activity. In this talk, I will discuss our group's work in analyzing malware and our efforts to use this intelligence and other sources of information to detect and dismantle botnets. I will briefly highlight our perspective on botnet and malware evolution.
Michael Bailey is a leading researcher in the area of security and availability of complex distributed systems. To date his work has included the characterization of specific network threats (e.g., worms, botnets, spam) and techniques for measurement of these threats at scale (e.g., network anomaly detection, distributed network telescopes). A goal of Dr. Bailey's work is to turn theoretical results and observations into meaningful projects that benefit the research community and society as a whole. For example, his work in security has led him to create systems that detect and dismantle security threats, such as botnets, on today’s Internet. These systems have been making significant impact; the software has been previously deployed at the United States Computer Emergency Response Team (US-CERT), where it helped protect 14 government agencies and networks, and now this technology is being transferred to state and local governments through a pilot at the city of Seattle, WA.
Before coming to the University of Michigan, Dr. Bailey was the Director of Engineering at Arbor Networks and a programmer at Amoco Corporation (now BP). He holds degrees from the University of Michigan, DePaul University, and the University of Illinois at Urbana-Champaign.