CCIED: Papers

Papers

Privacy-preserving Network Forensics, Mikhail Afanasyev, Tadayoshi Kohno, Justin Ma, Nick Murphy, Stefan Savage, Alex C. Snoeren, and Geoffrey M. Voelker, Communications of the Association for Computing Machinery, June 2011.

Learning to Detect Malicious URLs, Justin Ma, Lawrence K Saul, Stefan Savage, and Geoffrey M Voelker, ACM Transactions on Intelligent Systems and Technology (TIST) 2(3), 2011.

Proximax: Fighting Censorship with an Adaptive System for Distribution of Open Proxies, Kirill Levchenko, Jose Andre Morales, and Damon McCoy, Proceedings of the International Conference on Financial Cryptography and Data Security, St Lucia, February 2011.

Towards Situational Awareness of Large-scale Botnet Probing Events, Zhichun Li, Anup Goyal, Yan Chen, and Vern Paxson, IEEE Transactions on Information Forensics and Security 5(4), October 2010.

Employing Honeynets For Network Situational Awareness, Paul Barford, Yan Chen, Anup Goyal, Zhichun Li, Vern Paxson, and Vinod Yegneswaran, In Cyber Situational Awareness: Issues and Research. Sushil Jajodia and Peng Liu and Vipin Swarup and Cliff Wang, editor. Springer, 2010.

Re: CAPTCHAs -- Understanding CAPTCHA-Solving from an Economic Context, Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the USENIX Security Symposium, Washington, D.C., August 2010.

Dialing Privacy and Utility: A Proposed Data-Sharing Framework to Advance Internet Research, Erin E. Kenneally and Kimberly Claffy, IEEE Security and Privacy 8(4):31-39, July 2010.

Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits, Mehran Bozorgi, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM SIGKDD Conference, Washington D.C., July 2010.

SecondLife: a Social Network of Humans and Bots, Matteo Varvello and Geoffrey M. Voelker, Proceedings of the ACM International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV), Amsterdam, the Netherlands, June 2010.

Measuring Online Service Availability Using Twitter, Marti Motoyama, Brendan Meeder, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker, Proceedings of ACM Workshop on Online Social Networks (WOSN), Boston, MA, June 2010.

Outside the Closed World: On Using Machine Learning For Network Intrusion Detection, Robin Sommer and Vern Paxson, Proceedings of the IEEE Symposium and Security and Privacy, Oakland, CA, May 2010.

Exploiting Feature Covariance in High-Dimensional Online Learning, Justin Ma, Alex Kulesza, Mark Dredze, Koby Crammer, Lawrence K. Saul, and Fernando Pereira, Proceedings of the International Conference on Artificial Intelligence and Statistics (AISTATS), Sardinia, Italy, May 2010.

Insights from the Inside: A View of Botnet Management from Infiltration, Chia Yuan Cho, Juan Caballero, Chris Grier, Vern Paxson, and Dawn Song, Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Jose, CA, April 2010.

On the Potential of Proactive Domain Blacklisting, M. Felegyhazi and C. Kreibich and V. Paxson, Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Jose, CA, April 2010.

Botnet Judo: Fighting Spam with Itself, Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver, and Stefan Savage, Proceedings of the Network and Diestributed System Security Symposium (NDSS), San Diego, CA, February 2010.

A Framework for Understanding and Applying Ethical Principles in Network and Security Research, Erin Kenneally, Michael Bailey, and Douglas Maughan, Proceedings of the Workshop on Ethics in Computer Security Research (WECSR 2010), Canary Islands, Spain, January 2010.

An Internet Sharing Framework for Balancing Privacy and Utility, Erin E. Kenneally and kc claffy, Proceedings of Engaging Data: First International Forum on the Application and Management of Personal Electronic Information, October 2009.

Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering, Juan Caballero, Pongsin Poosankam, Christian Kreibich, and Dawn Song, Proceedings of the ACM Conference on Computer and Communications Security, Chicago, IL, November 2009.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Chicago, IL, November 2009.

Spamalytics: An Empirical Analysis of Spam Marketing Conversion, Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, Communications of the Association for Computing Machinery 52(9):99-107, September 2009.

Security of open source and closed source software: An empirical comparison of published vulnerabilities, Guido Schryen, Proceedings of the 15th Americas Conference on Information Systems, 2009.

Competitive Cyber-Insurance and Internet Security, Nikhil Shetty, Galina Schwartz, Mark Felegyhazi, and Jean Walrand, Workshop on Economics of Information Security (WEIS 2009), 2009.

Identifying Suspicious URLs: An Application of Large-Scale Online Learning, Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the International Conference on Machine Learning, Montreal, Quebec, June 2009.

Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs, Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM SIGKDD Conference, Paris, France, June 2009.

Defending Mobile Phones from Proximity Malware, Gjergji Zyba, Geoffrey M. Voelker, Michael Liljenstam, András Méhes, and Per Johansson, Proceedings of the IEEE Infocom Conference, Rio de Janeiro, Brazil, April 2009.

Spamcraft: An Inside Look at Spam Campaign Orchestration, Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, MA, April 2009.

Automating Analysis of Large-Scale Botnet Probing Events, Zhichun Li, Anup Goyal, Yan Chen, and Vern Paxson, Proceedings of ASIACCS, March 2009.

Detecting Forged TCP Reset Packets, Nicholas Weaver, Robin sommer, and Vern Paxson, Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS'09), February 2009.

Detecting Malicious Packet Losses, Alper Mizrak, Stefan Savage, and Keith Marzullo, IEEE Transactions on Parallel and Distributed Systems 20(2), February 2009.

Detecting In-Flight Page Changes with Web Tripwires, Charles Reis, Steven D. Gribble, Tadayoshi Kohno, and Nicholas Weaver, Proceedings of the 5th ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA, April 2008.

Spamalytics: an Empirical Analysis of Spam Marketing Conversion, Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Alexandria, VA, October 2008.

Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding, Benjamin Laxton, Kai Wang, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Alexandria, VA, October 2008.

When Good Instructions Go Bad: Generalizing Return-oriented Programming to the SPARC, Erik Buchanan, Ryan Roemer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Alexandria, VA, October 2008.

Predicting the Resource Consumption of Network Intrusion Detection Systems, Holger Dreger, Anja Feldmann, Vern Paxson, and Robin Sommer, RAID 2008, September 2008.

Enriching Network Security Analysis with Time Travel, Gregor Maier, Robin Sommer, Holger Dreger, Anja Feldmann, Vern Paxson, and Fabian Schneider, Proceedings of the ACM SIGCOMM Conference, Seattle, WA, August 2008.

A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems (Extended Abstract), Leo Juan, Christian Kreibich, Chih-Hung Lin, and Vern Paxson, Proc. Fifth GI International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 2008.

Storm: When Researchers Collide, Brandon Enright, Geoff Voelker, Stefan Savage, Chris Kanich, and Kirill Levchenko, USENIX ;login: 33(4), August 2008.

On the Spam Campaign Trail, Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.

The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.

Detecting Compromised Routers via Packet Forwarding Behavior, Alper Mizrak, Stefan Savage, and Keith Marzullo, IEEE Network 22(2), March 2008.

Can You Infect Me Now? Malware Propagation in Mobile Phone Networks, Chris Fleizach, Michael Lilijenstam, Per Johansson, Geoffrey M. Voelker, and András Méhes, Proceedings of the ACM Workshop on Recurring Malcode (WORM), Washington D.C., November 2007.

Issues and Etiquette Concerning Use of Shared Measurement Data, Mark Allman and Vern Paxson, Proceedings of the ACM Internet Measurement Conference, San Diego, CA, October 2007.

A Brief History of Scanning, Mark Allman, Vern Paxson, and Jeff Terrell, Proceedings of the ACM Internet Measurement Conference, San Diego, CA, October 2007.

Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention, Jose Maria Gonzalez, Nicholas Weaver, and Vern Paxson, Proceedings of the ACM Conference on Computer and Communications Security, Alexandria, VA, October 2007.

An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, Jason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Alexandria, VA, October 2007.

Spamscatter: Characterizing Internet Scam Hosting Infrastructure, David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the USENIX Security Symposium, Boston, MA, August 2007.

Slicing Spam with Occam's Razor, Chris Fleizach, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Conference on Email and Anti-Spam (CEAS), Mountain View, CA, August 2007.

On the Adaptive Real-Time Detection of Fast-Propagating Network Worms, Jaeyeon Jung, Rodolfo A. Milito, and Vern Paxson, Proceedings of the Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Lucerne, Switzerland, July 2007.

The Shunt: An FPGA-Based Accelerator for Network Intrusion Prevention, Nicholas Weaver, Vern Paxson, and Jose M. Gonzalez, Proceedings of the ACM/SIGDA 15th International Symposium on Field Programmable Gate Arrays, February 2007.

Glavlit: Preventing Exfiltration at Wire Speed, Nabil Schear, Carmelo Kintana, Qing Zhang, and Amin Vahdat, Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets-V), Irvine, CA, November 2006.

Fighting Coordinated Attackers with Cross-Organizational Information Sharing, Mark Allman, Ethan Blanton, Vern Paxson, and Scott Shenker, Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets-V), Irvine, CA, November 2006.

On the Adaptive Real-Time Detection of Fast-Propagating Network Worms, Jaeyeon Jung, Rodolfo A. Milito, and Vern Paxson, MIT technical report MIT-CSAIL-TR-2006-074, November 2006.

binpac: A yacc for Writing Application Protocol Parsers, Ruoming Pang, Vern Paxson, Robin Sommer, and Larry Peterson, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Semi-Automated Discovery of Application Session Structure, Jayanthkumar Kannan, Jaeyeon Jung, Vern Paxson, and Can Emre Koksal, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Automated Protocol Inference: Unexpected Means of Identifying Protocols, Justin Ma, Kirill Levchenko, Cristian Kriebich, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Finding Diversity in Remote Code Injection Exploits, Justin Ma, John Dunagan, Helen J. Wang, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

GQ: Realizing a System to Catch Worms in a Quarter Million Places, Weidong Cui, Vern Paxson, and Nicholas Weaver, ICSI technical report TR-06-004, September 2006.

Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection, Holger Dreger, Anja Feldmann, Michael Mai, Vern Paxson, and Robin Sommer, 15th Usenix Security Symposium, August 2006.

Fatih: Detecting and Isolating Malicious Routers via Traffic Validation, Alper Mizrak, Yu-Chung Cheng, Keith Marzullo, and Stefan Savage, IEEE Transactions on Dependable and Secure Computing 3(3), July 2006.

Inferring Internet Denial-of-Service Activity, David Moore, Colleen Shannon, Doug Brown, Geoffrey M. Voelker, and Stefan Savage, ACM Transactions on Computer Systems 24(2):115-139, May 2006.

Community-Oriented Network Measurement Infrastructure (CONMI) Workshop Report, kc claffy, Mark Crovella, Timur Friedman, Colleen Shannon, and Neil Spring, 36(2):41-48, April 2006.

Protocol-Independent Adaptive Replay of Application Dialog, Weidong Cui, Vern Paxson, Nicholas Weaver, and Randy H. Katz, 13th Annual Network and Distributed System Security Symposium (NDSS'06), February 2006.

Case Study: A Failure Wrapped in Success' Clothing - On the Need for Sound Forensics in Handling Digital Evidence Cases, Erin E. Kenneally and Andrea Monti, Digital Investigation, Elsevier Ltd., Winter 2005.

Using Honeynets for Internet Situational Awareness, Vinod Yegneswaran, Paul Barford, and Vern Paxson, Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD, November 2005.

Opportunistic Measurement: Extracting Insight from Spurious Traffic, Martin Casado, Tal Garfinkel, Weidong Cui, Vern Paxson, and Stefan Savage, Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD, November 2005.

Self-stopping Worms, Justin Ma, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington D.C., November 2005.

Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm, Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik VandeKieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005.

Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event, Abhishek Kumar, Vern Paxson, and Nicholas Weaver, Proceedings of the USENIX/ACM Internet Measurement Conference, New Orleans, LA, October 2005.

Confluence of Digital Evidence and the Law: On the Forensic Soundness of Live-Remote Digital Evidence Collection, Erin E. Kenneally, UCLA Journal of Law and Technology, 2005.

Automated Worm Fingerprinting, Sumeet Singh, Cristian Estan, George Varghese, and Stefan Savage, Proceedings of the 6th ACM/USENIX Symposium on Operating System Design and Implementation (OSDI), San Francisco, CA, December 2004.

On the Difficulty of Scalably Detecting Network Attacks, Kirill Levchenko, Ramamohan Paturi, and George Varghese, Proceedings of the ACM Conference on Computer and Communications Security, Washington, D.C., October 2004.

Preliminary Results Using ScaleDown to Explore Worm Dynamics, Nicholas Weaver, Ihab Hamadeh, George Kesidis, and Vern Paxson, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington, D.C., October 2004.

The Top Speed of Flash Worms, Stuart Staniford, David Moore, Vern Paxson, and Nicholas Weaver, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington, D.C., October 2004.

On Scalable Attack Detection in the Network, Ramana Rao Kompella, Sumeet Singh, and George Varghese, Proceedings of the USENIX/ACM Internet Measurement Conference, Taormina, Sicily, Italy, October 2004.

cied-pi@cs.ucsd.edu