• Publications
  • Influence
Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm
TLDR
In a case study, the Storm Worm botnet is examined in detail, the most wide-spread P2P botnet currently propagating in the wild, and two different ways to disrupt the communication channel between controller and compromised machines in order to mitigate the botnet are presented. Expand
Automatic analysis of malware behavior using machine learning
TLDR
An incremental approach for behavior-based analysis, capable of processing the behavior of thousands of malware binaries on a daily basis is proposed, significantly reduces the run-time overhead of current analysis methods, while providing accurate discovery and discrimination of novel malware variants. Expand
Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications
TLDR
It is demonstrated that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice, and that even recently proposed defenses that specifically target C++ are vulnerable to COOP. Expand
Practical Timing Side Channel Attacks against Kernel Space ASLR
TLDR
This paper shows that an adversary can implement a generic side channel attack against the memory management system to deduce information about the privileged address space layout and can successfully circumvent kernel space ASLR on current operating systems. Expand
Toward Automated Dynamic Malware Analysis Using CWSandbox
TLDR
The design and implementation of CWSandbox is described, a malware analysis tool that fulfills the three design criteria of automation, effectiveness, and correctness for the Win32 family of operating systems. Expand
Measuring and Detecting Fast-Flux Service Networks
TLDR
This work presents the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet, and develops a metric with which FFSNs can be effectively detected. Expand
Quantifying the security of graphical passwords: the case of android unlock patterns
TLDR
This paper systematically improves the security of the Android Unlock Pattern by finding a small, but still effective change in the pattern layout that makes graphical user logins substantially more secure. Expand
Learning and Classification of Malware Behavior
TLDR
The effectiveness of the proposed method for learning and discrimination of malware behavior is demonstrated, especially in detecting novel instances of malware families previously not recognized by commercial anti-virus software. Expand
Cross-Architecture Bug Search in Binary Executables
TLDR
This paper proposes a system to derive bug signatures for known bugs and uses these signatures to find bugs in binaries that have been deployed on different CPU architectures (e.g., x86 vs. MIPS) and can find vulnerabilities in buggy binary code for any of these architectures. Expand
Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation
TLDR
A simple, yet effective method to detect bot-infected machines within a given network that relies on detection of the communication channel between bot and Command & Control server (C&C server). Expand
...
1
2
3
4
5
...