Alexandros Kapravelos Joins Networking and Security

Thursday, August 1, 2013

Alexadros KapravelosAlexandros Kapravelos is visiting Networking and Security for the summer, working with Chris Grier and Vern Paxson, the director of the group.

Alexandros is originally from Greece and received his bachelor's and master's degrees at the University of Crete. He is now a PhD student at UC Santa Barbara, where he is finishing his third year. His research focuses on making the Web safer. He has done some work on browser fingerprinting, which allows a Web page to uniquely identify visitors. This can be a privacy problem when a visitor, for example, makes a personal purchase on one Web site and is targeted by personalized ads based on that purchase on another Web site.

His main interests are in, broadly, Internet security and, specifically, drive-by downloads. In a drive-by download, someone visits a Web page that downloads software onto her machine without her knowledge. This software, often malicious, can then try to take control of the machine. Alexandros works on ways to detect pages that perform these tactics, and his group at UC Santa Barbara has developed a service, Wepawet, that can do just that. Users submit URLs and Wepawet analyzes the page to detect drive-by downloads. For a paper that will be presented in August at the USENIX Security Symposium, the group looked into Web pages that perform evasive drive-bys - that is, Web pages that can detect when a service is analyzing it for suspicious behavior and that can then change that behavior in order to look innocuous and evade detection.

At ICSI, he works with Chris Grier and Vern Paxson on methods of detecting malicious extensions for the Web browser Chrome. Malicious extensions interfere with the user's browsing experience. They can, for example, control what ads are displayed where or allow online accounts to be hacked. Malicious Chrome extensions are similar to drive-by downloads in that they are both written in JavaScript, but they require different techniques to be detected since the malware is already installed. Alexandros and Chris are working on a detection system similar to Wepawet but to be used on extensions.

In Santa Barbara, he is a member of the hacking group Shellphish, which has qualified for this year's DEF CON Capture the Flag (CTF) competition. CTF challenges teams of hackers from all over the world to hack into each other's networks and services. Shellphish is in the top 20 teams to compete in the qualifying competitions. He'll be at DEF CON this weekend for CTF.