Skip to search formSkip to main contentSkip to account menu

From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware

A new technique to detect randomly generated domains without reversing is presented, finding that most of the DGA-generated domains that a bot queries would result in Non-Existent Domain (NXDomain) responses, and that bots from the same bot-net (with the same DGA algorithm) would generate similar NXDomain traffic.
View Paper (opens in a new tab)

Building a Dynamic Reputation System for DNS

Notos, a dynamic reputation system for DNS, is proposed that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services.
View Paper (opens in a new tab)

Peer-to-Peer Botnets: Overview and Case Study

An overview of peer-to-peer botnets is presented and a case study of a Kademlia-based Trojan is presented, which shows how attackers will move to more resilient architectures in the near future.
View Paper (opens in a new tab)

Detecting Malware Domains at the Upper DNS Hierarchy

Kopis passively monitors DNS traffic at the upper levels of the DNS hierarchy, and is able to accurately detect malware domains by analyzing global DNS query resolution patterns.
View Paper (opens in a new tab)

PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware

The results from the experiments show the approach can be used to significantly reduce the time required to analyze such malware, and to improve the performance of malware detection tools.
View on IEEE (opens in a new tab)

A Taxonomy of Botnet Structures

We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performance…
View on IEEE (opens in a new tab)

Modeling Botnet Propagation Using Time Zones

A diurnal propagation model is created that uses diurnal shaping functions to capture regional variations in online vulnerable populations and lets one compare propagation rates for different botnets, and prioritize response.
View Paper (opens in a new tab)

Measuring intrusion detection capability: an information-theoretic approach

This paper provides a novel information-theoretic analysis of IDS and proposes a new metric, CI D (Intrusion Detection Capability), which is defined as the ratio of the mutual information between the IDS input and output to the entropy of the input.
View on ACM (opens in a new tab)

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces

A novel, passive approach based on passive analysis of recursive DNS traffic traces collected from multiple large networks able to detect malicious flux service networks in-the-wild, i.e., as they are accessed by users who fall victims of malicious content advertised through blog spam, instant messaging spam, social website spam, etc., beside email spam.
View on IEEE (opens in a new tab)

Misleading worm signature generators using deliberate noise injection

A new and general class of attacks whereby a worm can combine polymorphism and misleading behavior to intentionally pollute the dataset of suspicious flows during its propagation and successfully mislead the automatic signature generation process is described.
View on IEEE (opens in a new tab)
...
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)