Learn More
—Several attacks on DNS inject forged DNS replies without suppressing the legitimate replies. Current implementations of DNS resolvers are vulnerable to accepting the injected replies if the attacker's reply arrives before the legitimate one. In the case of regular DNS, this behavior allows an attacker to corrupt a victim's interpretation of a name; for(More)
Capability leak is a vulnerability in Android applications, which violates the enforcement of permission model and threatens the secure usage of Android phone users. Malicious applications can launch permission escalation attacks with this vulnerability. In this paper, we propose a dynamic Intent fuzzing mechanism to uncover vulnerable applications in both(More)
The botnet construction mechanism (BCM) is one of the key technologies of the botnets and the most important issue to both the attackers and the defenders. To the best of our knowledge, although the BCM has been mentioned in many researching papers, it has not been systemically studied. In this paper, we attempt to discuss the BCM methodically.We first give(More)
While reputation systems have already been applied into the field of anti-spam, they still have some shortcomings,in terms of reputation database scale and vulnerable to be evaded by the adverse users. To solve these problems,we present a novel reputation system named IPGroupRep.The performance of this system is evaluated on some real world dataset, and(More)
Identification of P2P traffic is very useful for many network management tasks such as application-specific traffic engineering, network planning and monitoring. However, this is a challenging issue because many P2P applications use dynamic port numbers, and deriving signatures that can be used for reliable detection manually is time consuming and(More)
With the development of polymorphic worms, worms do greater harm to networks. The content-based signature generation of polymorphic worms has been a challenge for network security. This paper presents a fast signature generation method for polymorphic worms. The main feature of this method is clustering network normal traffic to create a white list before(More)
IPv6 is widely deployed in recent years, but IPv6 protocols still have many security threats, especially the traffic hijack in LAN (Local Area Network). In this paper we implement an IPv6 traffic hijack test system to help user aware the security risks, and then design a defense tool using DNSSEC to avoid traffic hijack attack.