• Publications
  • Influence
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation
TLDR
A new kind of network perimeter monitoring strategy, which focuses on recognizing the infection and coordination dialog that occurs during a successful malware infection, and contrast this strategy to other intrusion detection and alert correlation methods. Expand
AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks
TLDR
This paper introduces an extension to the OpenFlow data plane called "connection migration", which dramatically reduces the amount of data-to-control-plane interactions that arise during attacks, and introduces "actuating triggers" over the data plane's existing statistics collection services. Expand
FRESCO: Modular Composable Security Services for Software-Defined Networks
TLDR
This paper introduces FRESCO, an OpenFlow security application development framework designed to facilitate the rapid design, and modular composition of OF-enabled detection and mitigation modules, and demonstrates the utility of FRESCO through the implementation of several well-known security defenses as Open Flow security services. Expand
A security enforcement kernel for OpenFlow networks
TLDR
This work introduces FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller that enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications. Expand
An Inside Look at Botnets
TLDR
A significant change in motivation for malicious activity has taken place over the past several years: from vandalism and recognition in the hacker community, to attacks and intrusions for financial gain, thereby escalating the network security arms race. Expand
Characteristics of internet background radiation
TLDR
This work breaks down the components of background radiation by protocol, application, and often specific exploit; analyzes temporal patterns and correlated activity; and assess variations across different networks and over time. Expand
Rosemary: A Robust, Secure, and High-performance Network Operating System
TLDR
ROSEMARY is presented, which implements a network application containment and resilience strategy based around the notion of spawning applications independently within a micro-NOS, and it is found that with the integration of two optimization features, ROSEMARY offers a competitive performance advantage over the majority of other controllers. Expand
Global Intrusion Detection in the DOMINO Overlay System
TLDR
An architecture for a distributed intrusion detection system that fosters collaboration among heterogeneous nodes organized as an overlay network that facilitates efficient detection of attacks from spoofed IP sources, reduces false positives, and enables attack classification and production of timely blacklists is described. Expand
Securing the Software Defined Network Control Layer
TLDR
This work proposes the design of security extensions at the control layer to provide the security management and arbitration of conflicting flow rules that arise when multiple applications are deployed within the same network. Expand
DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications
TLDR
A new, complementary system, called DroidMiner, which uses static analysis to automatically mine malicious program logic from known Android malware, abstracts this logic into a sequence of threat modalities, and then seeks out these threat modality patterns in other unknown (or newly published) Android apps. Expand
...
1
2
3
4
5
...