UC San Diego Computer Science and Engineering (CSE) Department professor and vice chair Alex C. Snoeren has been elected to the Institute of Electrical and Electronics Engineers (IEEE) Fellow class of 2020 for his “contributions to management and security of networked systems.” Recognition as an IEEE Fellow is the organization’s highest honor for electrical engineers, computer engineers and computer scientists.
Snoeren is a leader in network security. Early in his career, he focused on defeating denial of service attacks, developing a unique capability to track where these attacks originate. He has also done extensive work measuring malicious activity on services that run on the Internet.
“That's a common theme that runs through a lot of my work,” said Snoeren, “figuring out how to manage, control, secure and defend networks and the services on top of them.”
Networked systems take in a lot of territory: wireless, wide area, data centers – like the ones Google, Facebook and Amazon use – the big, wide internet.
Snoeren’s team studies potential risks and develops creative ways to counter them. The group spends a lot of time on empirical security research: studying the real threats, right now.
“Typically, we look for trends and connections between various activities and exploits we're seeing,” he said, “thinking about the fundamental changes that might negate an entire class of attack or vulnerability.”
Recently, Snoeren and his students began looking at services that run on top of the internet, such as Google Maps, where spam businesses have become an emerging threat.
“If you search for a business on Google maps – locksmiths for example – you get many locations,” said Snoeren. “In some cases, half of them, or even almost all of them, are a fraud. They're not actual locksmiths. They're people preying on you because, if you're looking for a locksmith, they know you're vulnerable. You need help now, and you'll probably call anything that comes up.”
This could also be true for alcohol and drug counseling, pregnancy testing or any urgently-needed service. For companies like Google, there’s a constant tension between the data they let through and the data they manually check. Given the volume, they can’t check it all. Snoeren’s group worked with Google to help identify markers in the data that might indicate a map entry, for example, should receive extra scrutiny.
If this seems like a monumental task, it can be. That is why Snoeren is interested in securing against entire classes of attacks, which requires some deeper thinking.
“Why is it that people are incentivized to behave in this way?” asks Snoeren. “We can try and prevent them from acting poorly, whatever that means, or take away the incentive to act that way. Other times, we can use their own motivations against them.”
Snoeren points to a system he developed with a graduate student to detect website breaches without actually knowing anything about the websites. Instead, it leverages attackers’ desire to monetize the information they gain.
Users often re-use passwords, so if an attacker hacks into a website’s account database, and learns a user’s email address and password, they will likely attempt to log into the user’s email account. To counter this, Snoeren’s team collaborated with a major email provider to monitor logins for specially-created email addresses they had deliberately registered at thousands of sites. By doing this, they could detect when account information at any of these websites was compromised.
“A huge chunk of people are just economically motivated,” said Snoeren. “If you can figure out how they plan to extract value from their activities, you can identify ways to monitor or, ideally, stop the behavior entirely.”
This is the latest in a series of honors for Snoeren. In 2018, he was named a Fellow of the Association for Computing Machinery (ACM) for his work measuring, managing and detecting network traffic. Among other awards, he has also received an Alfred P. Sloan Fellowship, a National Science Foundation CAREER Award, and earned best-paper awards at the ACM SIGCOMM and USENIX OSDI conferences.
Snoeren, who joined the CSE Department in 2002, teaches a number of undergraduate and graduate courses and works closely with the next generation of computer scientists and engineers. To learn more about his research, visit his CSE faculty page.