Learn More
Internet worm spread is a phenomenon involving millions of hosts, who interact in complex and diverse environment. Scanning speed of each infected host depends on its resources and the defenses at work in its network. Aggressive worms further interact with the underlying Internet topology .. the dynamics of the spread is constrained by the limited bandwidth(More)
This paper addresses the critical need for a common evaluation methodology for distributed denial-of-service (DDoS) defenses. Our work on developing this methodology consists of: (i) a benchmark suite defining the necessary elements of DDoS attack scenarios needed to recreate them in a testbed setting, (ii) a set of performance metrics for defense systems,(More)
Network telescopes have been invaluable for collecting information about dynamics of large-scale worm events. Yet, a telescope's observation may be incomplete due to scan congestion drops, hardware limitations, filtering and presence of NATs, a worm's non-uniform scanning strategy or its short life. We investigate inaccuracies in telescope observations that(More)
We propose a design of a client reputation system that can be used to reduce unwanted traffic in the Internet. Many reputation systems proposed in the trust literature are provider-oriented, but because of different use and adversary models, their techniques are not directly applicable to client reputation systems. We survey the challenges of building(More)
While the DETER testbed provides a safe environment and basic tools for security experimentation, researchers face a significant challenge in assembling the testbed pieces and tools into realistic and complete experimental scenarios. In this paper, we describe our work on developing a set of sampled and comprehensive benchmark scenarios, and a workbench for(More)
Internet-scale security incidents are becoming increasingly common, and the researchers need tools to replicate and study them in a controlled setting. Current network simulators, mathematical event models and testbed emulation cannot faithfully replicate events at such a large scale. They either omit or simplify the relevant features of the Internet(More)
Worm experimentation is challenging for researchers today because of the lack of standardized tools to simulate and emulate worm spreads in a realistic setting. We have developed two tools for the DETER testbed to aid in worm experimentation: the PAWS simulator for Internet-wide worm propagation studies and the WE emulator for analysis of worm spread and(More)
Grid computing, as a technology to coordinate loosely-coupled computing resources for dynamic virtual organizations, has become prevalent in both industry and academia in the past decade. While providing or utilizing heterogeneous and distributed grids, people can never alleviate their security concerns on the resources and data. Globus Toolkit as an(More)
Signature-based static mobile malware detection is fragile when facing code obfuscation and transformation attacks. Behavior based malware detection mechanisms have been widely studied and experimented. So far only the application's running behaviors, such as API calls and resource consumption are used, which can also be easily concealed and obfuscated with(More)