CCIED: Papers

Papers

Detecting Compromised Routers via Packet Forwarding Behavior, Alper Mizrak, Stefan Savage, and Keith Marzullo, IEEE Network 22(2), March 2008.

Detecting Malicious Packet Losses, Alper Mizrak, Stefan Savage, and Keith Marzullo, IEEE Transactions on Parallel and Distributed Systems, 2008.

Detecting In-Flight Page Changes with Web Tripwires, Charles Reis, Steven D. Gribble, Tadayoshi Kohno, and Nicholas Weaver, Proceedings of the 5th ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA, April 2008.

Predicting the Resource Consumption of Network Intrusion Detection Systems, Holger Dreger, Anja Feldmann, Vern Paxson, and Robin Sommer, RAID 2008, September 2008.

Enriching Network Security Analysis with Time Travel, Gregor Maier, Robin Sommer, Holger Dreger, Anja Feldmann, Vern Paxson, and Fabian Schneider, Proceedings of the ACM SIGCOMM Conference, Seattle, WA, August 2008.

A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems (Extended Abstract), Leo Juan, Christian Kreibich, Chih-Hung Lin, and Vern Paxson, Proc. Fifth GI International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 2008.

Storm: When Researchers Collide, Brandon Enright, Geoff Voelker, Stefan Savage, Chris Kanich, and Kirill Levchenko, login 33(4), August 2008.

Spamalytics: an Empirical Analysis of Spam Marketing Conversion, Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Arlington, VA, October 2008.

Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding, Benjamin Laxton, Kai Wang, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Arlington, VA, October 2008.

When Good Instructions Go Bad: Generalizing Return-oriented Programming to the SPARC, Erik Buchanan, Ryan Roemer, Hovav Schacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Arlington, VA, October 2008.

On the Spam Campaign Trail, Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.

The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.

Can You Infect Me Now? Malware Propagation in Mobile Phone Networks, Chris Fleizach, Michael Lilijenstam, Per Johansson, Geoffrey M. Voelker, and András Méhes, Proceedings of the ACM Workshop on Recurring Malcode (WORM), Washington D.C., November 2007.

Issues and Etiquette Concerning Use of Shared Measurement Data, Mark Allman and Vern Paxson, Proceedings of the ACM Internet Measurement Conference, San Diego, CA, October 2007.

A Brief History of Scanning, Mark Allman, Vern Paxson, and Jeff Terrell, Proceedings of the ACM Internet Measurement Conference, San Diego, CA, October 2007.

Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention, Jose Maria Gonzalez, Nicholas Weaver, and Vern Paxson, Proceedings of the ACM Conference on Computer and Communications Security, Arlington, VA, October 2007.

An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, Jason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Arlington, VA, October 2007.

Spamscatter: Characterizing Internet Scam Hosting Infrastructure, David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the USENIX Security Symposium, Boston, MA, August 2007.

Slicing Spam with Occam's Razor, Chris Fleizach, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Conference on Email and Anti-Spam (CEAS), Mountain View, CA, August 2007.

On the Adaptive Real-Time Detection of Fast-Propagating Network Worms, Jaeyeon Jung, Rodolfo A. Milito, and Vern Paxson, Proceedings of the Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Lucerne, Switzerland, July 2007.

The Shunt: An FPGA-Based Accelerator for Network Intrusion Prevention, Nicholas Weaver, Vern Paxson, and Jose M. Gonzalez, Proceedings of the ACM/SIGDA 15th International Symposium on Field Programmable Gate Arrays, February 2007.

Glavlit: Preventing Exfiltration at Wire Speed, Nabil Schear, Carmelo Kintana, Qing Zhang, and Amin Vahdat, Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets-V), Irvine, CA, November 2006.

Fighting Coordinated Attackers with Cross-Organizational Information Sharing, Mark Allman, Ethan Blanton, Vern Paxson, and Scott Shenker, Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets-V), Irvine, CA, November 2006.

On the Adaptive Real-Time Detection of Fast-Propagating Network Worms, Jaeyeon Jung, Rodolfo A. Milito, and Vern Paxson, MIT technical report MIT-CSAIL-TR-2006-074, November 2006.

binpac: A yacc for Writing Application Protocol Parsers, Ruoming Pang, Vern Paxson, Robin Sommer, and Larry Peterson, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Semi-Automated Discovery of Application Session Structure, Jayanthkumar Kannan, Jaeyeon Jung, Vern Paxson, and Can Emre Koksal, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Automated Protocol Inference: Unexpected Means of Identifying Protocols, Justin Ma, Kirill Levchenko, Cristian Kriebich, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Finding Diversity in Remote Code Injection Exploits, Justin Ma, John Dunagan, Helen J. Wang, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

GQ: Realizing a System to Catch Worms in a Quarter Million Places, Weidong Cui, Vern Paxson, and Nicholas Weaver, ICSI technical report TR-06-004, September 2006.

Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection, Holger Dreger, Anja Feldmann, Michael Mai, Vern Paxson, and Robin Sommer, 15th Usenix Security Symposium, August 2006.

Fatih: Detecting and Isolating Malicious Routers via Traffic Validation, Alper Mizrak, Yu-Chung Cheng, Keith Marzullo, and Stefan Savage, IEEE Transactions on Dependable and Secure Computing 3(3), July 2006.

Inferring Internet Denial-of-Service Activity, David Moore, Colleen Shannon, Doug Brown, Geoffrey M. Voelker, and Stefan Savage, ACM Transactions on Computer Systems 24(2):115-139, May 2006.

Community-Oriented Network Measurement Infrastructure (CONMI) Workshop Report, kc claffy, Mark Crovella, Timur Friedman, Colleen Shannon, and Neil Spring, 36(2):41-48, April 2006.

Protocol-Independent Adaptive Replay of Application Dialog, Weidong Cui, Vern Paxson, Nicholas Weaver, and Randy H. Katz, 13th Annual Network and Distributed System Security Symposium (NDSS'06), February 2006.

Case Study: A Failure Wrapped in Success' Clothing - On the Need for Sound Forensics in Handling Digital Evidence Cases, Erin E. Kenneally and Andrea Monti, Digital Investigation, Elsevier Ltd., Winter 2005.

Using Honeynets for Internet Situational Awareness, Vinod Yegneswaran, Paul Barford, and Vern Paxson, Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD, November 2005.

Opportunistic Measurement: Extracting Insight from Spurious Traffic, Martin Casado, Tal Garfinkel, Weidong Cui, Vern Paxson, and Stefan Savage, Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD, November 2005.

Self-stopping Worms, Justin Ma, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington D.C., November 2005.

Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm, Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik VandeKieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005.

Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event, Abhishek Kumar, Vern Paxson, and Nicholas Weaver, Proceedings of the USENIX/ACM Internet Measurement Conference, New Orleans, LA, October 2005.

Confluence of Digital Evidence and the Law: On the Forensic Soundness of Live-Remote Digital Evidence Collection, Erin E. Kenneally, UCLA Journal of Law and Technology, 2005.

Automated Worm Fingerprinting, Sumeet Singh, Cristian Estan, George Varghese, and Stefan Savage, Proceedings of the 6th ACM/USENIX Symposium on Operating System Design and Implementation (OSDI), San Francisco, CA, December 2004.

On the Difficulty of Scalably Detecting Network Attacks, Kirill Levchenko, Ramamohan Paturi, and George Varghese, Proceedings of the ACM Conference on Computer and Communications Security, Washington, D.C., October 2004.

Preliminary Results Using ScaleDown to Explore Worm Dynamics, Nicholas Weaver, Ihab Hamadeh, George Kesidis, and Vern Paxson, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington, D.C., October 2004.

The Top Speed of Flash Worms, Stuart Staniford, David Moore, Vern Paxson, and Nicholas Weaver, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington, D.C., October 2004.

On Scalable Attack Detection in the Network, Ramana Rao Kompella, Sumeet Singh, and George Varghese, Proceedings of the USENIX/ACM Internet Measurement Conference, Taormina, Sicily, Italy, October 2004.

cied-pi@cs.ucsd.edu