• Publications
  • Influence
A Taxonomy of Botnet Structures
We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performanceExpand
  • 96
  • 12
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
We study and document an important development in how attackers are using Internet resources: the creation of malicious DNS resolution paths. In this growing form of attack, victims are forced to useExpand
  • 104
  • 10
IDS rainStorm: visualizing IDS alarms
The massive amount of alarm data generated from intrusion detection systems is cumbersome for network system administrators to analyze. Often, important details are overlooked and it is difficult toExpand
  • 128
  • 9
A Large-Scale Empirical Study of Conficker
Conficker is the most recent widespread, well-known worm/bot. According to several reports, it has infected about 7 million to 15 million hosts and the victims are still increasing even now. In thisExpand
  • 65
  • 9
A Taxonomy of Botnet Structures
We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performanceExpand
  • 202
  • 8
Countering security information overload through alert and packet visualization
This article presents a framework for designing network security visualization systems as well as results from the end-to-end design and implementation of two highly interactive systems. In thisExpand
  • 44
  • 6
Towards complete node enumeration in a peer-to-peer botnet
Modern advanced botnets may employ a decentralized peer-to-peer overlay network to bootstrap and maintain their command and control channels, making them more resilient to traditional mitigationExpand
  • 66
  • 3
A Security Scheme for Centralized Scheduling in IEEE 802.16 Mesh Networks
Worldwide interoperability for microwave access (WiMAX), designed by the IEEE 802.16 standards group, can deliver high-speed connectivity for both fixed and vehicular speed subscribers. MeshExpand
  • 8
  • 2
Dynamic Optimal Fragmentation with Rate Adaptation for Goodput Enhancement in WLANs
To meet the demand for broadband wireless communication, wireless systems should work well in typical wireless environments, characterized by the path loss of the signals, multipath fading,Expand
  • 8
  • 1
Recursive DNS Architectures and Vulnerability Implications
DNS implementers face numerous choices in architecting DNS resolvers, each with profound implications for security. Absent the use of DNSSEC, there are numerous interim techniques to improve DNSExpand
  • 35
  • 1