• Publications
  • Influence
EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis
This paper introduces EXPOSURE, a system that employs large-scale, passive DNS analysis techniques to detect domains that are involved in malicious activity, and uses 15 features that it extracts from the DNS traffic that allow it to characterize different properties of DNS names and the ways that they are queried. Expand
Scalable, Behavior-Based Malware Clustering
Recent researchers have started to explore automated clustering techniques that help to identify samples that exhibit similar behavior, which allows an analyst to discard reports of samples that have been seen before, while focusing on novel, interesting threats. Expand
A survey on automated dynamic malware-analysis techniques and tools
An overview of techniques based on dynamic analysis that are used to analyze potentially malicious samples and analysis programs that employ these techniques to assist human analysts in assessing whether a given sample deserves closer manual inspection due to its unknown malicious behavior is provided. Expand
Pixy: a static analysis tool for detecting Web application vulnerabilities
This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection. Expand
All your contacts are belong to us: automated identity theft attacks on social networks
This paper investigates how easy it would be for a potential attacker to launch automated crawling and identity theft attacks against a number of popular social networking sites in order to gain access to a large volume of personal user information. Expand
LAVA: Large-Scale Automated Vulnerability Addition
LAVA, a novel dynamic taint analysis-based technique for producing ground-truth corpora by quickly and automatically injecting large numbers of realistic bugs into program source code, forms the basis of an approach for generating large ground- Truth vulnerability corpora on demand, enabling rigorous tool evaluation and providing a high-quality target for tool developers. Expand
Panorama: capturing system-wide information flow for malware detection and analysis
This work proposes a system, Panorama, to detect and analyze malware by capturing malicious information access and processing behavior, which separates these malicious applications from benign software. Expand
UNVEIL: A large-scale, automated approach to detecting ransomware (keynote)
  • E. Kirda
  • Computer Science
  • 10 August 2016
The evaluation shows that UNVEIL significantly improves the state of the art, and is able to identify previously unknown evasive ransomware that was not detected by the antimalware industry. Expand
PiOS: Detecting Privacy Leaks in iOS Applications
To protect its users from malicious applications, Apple has introduced a vetting process, which should ensure that all applications conform to Apple’s (privacy) rules before they can be offered via the App Store, but this vetting process is not welldocumented. Expand
Effective and Efficient Malware Detection at the End Host
A novel malware detection approach is proposed that is both effective and efficient, and thus, can be used to replace or complement traditional antivirus software at the end host. Expand