Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the inf...
Min Gyung Kang, Juan Caballero, Dawn Xiaodong Song
We collected DNS responses at the University of Auckland Internet gateway in an SQL database, and analyzed them to detect unusual behaviour. Our DNS response data have included typ...
Security researchers and network operators increasingly rely on information gathered from honeypots and sensors deployed on darknets, or unused address space, for attack detection....
By exploiting the object-oriented dynamic composability of modern document applications and formats, malcode hidden in otherwise inconspicuous documents can reach third-party appli...
Wei-Jen Li, Salvatore J. Stolfo, Angelos Stavrou, ...
Abstract. We present two light-weight worm detection algorithms that offer significant advantages over fixed-threshold methods. The first algorithm, RBS (ratebased sequential hy...
Abstract. Autonomous spreading malware in the form of bots or worms is a constant threat in today’s Internet. In the form of botnets, networks of compromised machines that can be...