This is a really quick post. No analysis or commentary, just some links to papers I found interesting. These are from some conferences (WOOT, NDSS, ACM CCS, ASAC) from this year.

Tick Tock: Building Browser Red Pills from Timing Side Channels. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-ho.pdf

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. NDSS 2014. http://www.internetsociety.org/sites/default/files/05_4_0.pdf

Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS 2014. http://www.internetsociety.org/sites/default/files/01_5.pdf

Zippier ZMap: Internet-Wide Scanning at 10 Gbps. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-adrian.pdf

Through the Looking-Glass, and What Eve Found There. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bruno.pdf

The End is Nigh: Generic Solving of Text-based CAPTCHAs. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bursztein.pdf

Uncovering Network Tarpits with Degreaser http://www.rbeverly.net/research/papers/degreaser-acsac14.pdf http://www.cmand.org/degreaser/alt_degreaser_caidatopology_052014.pdf (slides)

SEER: Practical Memory Virus Scanning as a Service http://gionta.org/static/pdf/seer_acsac14.pdf

Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System https://www.sec.in.tum.de/assets/Uploads/scalability-fidelity-stealth.pdf

Protecting Client Browsers with a Principal-based Approach http://yinzhicao.org/thesis/thesis.pdf

From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation http://www.utdallas.edu/~hamlen/araujo14ccs.pdf

Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising. ACM CCS 2014 http://wenke.gtisc.gatech.edu/papers/ccs2014-meng.pdf

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. ACM CCS 2014 https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf

A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. ACM CCS 2014 http://www.cypherpunks.ca/~iang/pubs/webfingerprint-ccs14.pdf

Characterizing Large-Scale Click Fraud in ZeroAccess. ACM CCS 2014 http://cseweb.ucsd.edu/~voelker/pubs/za-ccs14.pdf

(Nothing else) MATor(s): Monitoring the Anonymity of Tor’s Path Selection. ACM CCS 2014 http://www.infsec.cs.uni-saarland.de/~mohammadi/paper/mator.pdf

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound http://arxiv.org/pdf/1407.0803v1.pdf

Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. ACM CCS 2014 http://www.icir.org/robin/papers/ccs14-concurrency.pdf

A Critical Evaluation of Website Fingerprinting Attacks. ACM CCS 2014 https://www.eecs.berkeley.edu/~sa499/papers/ccs-webfp-final.pdf

To Find:

AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis An Epidemiological Study of Malware Encounters in a Large Enterprise

Over the past several years I have collected and read many security research papers/slides and have started a small catalog of sorts. The topics of these papers range from intrusion detection, anomaly detection, machine learning/data mining, Internet scale data collection, malware analysis, and intrusion/breach reports. I figured this collection might useful to others. All links lead to PDFs hosted here.

I hope to clean this up (add author info, date, and publication) when I get some more time as well as adding some detailed notes I have on the various features, models, algorithms, and datasets used in many of these papers.

Here are some of my favorites (nice uses of machine learning, graph analytics, and/or anomaly detection to solve interesting security problems):

Here is the entire collection:

Intrusion Detection

Malware

Data Collection

Vulnerability Analysis/Reversing

Anonymity/Privacy/OPSEC/Censorship

Data Mining

Cyber Crime

CND/CNA/CNE/CNO

–Jason
@jason_trost

This is an awesome collection of Security Data Science ipython notebooks from @clicksecurity.

They demonstrate using Pandas, Scikit-Learn, and Matplotlib for exploring security datasets involving:

  • Detecting Algorithmically Generated Domains
  • Hierarchical Clustering of Syslogs
  • Exploration of data from Malware Domain List
  • SQL Injection
  • Browser Agent Fingerprinting

–Jason

Mubix (@mubix) used the subdomains list from here to bruteforce subdomains using dig and args. Really nice use of xargs for parallel execution.

cat subdomains.txt | \
	xargs -P 122 -I subdomain dig +noall subdomain.microsoft.com +answer

–Jason

Another security related “bigdata” release. The DNS Census is an anonymous public release of DNS data. The person behind this claimed they were inspired by the Internet Census.

Some stats:

  • 2.5B DNS records
  • ~106M unique domain names
  • Most DNS RR types are represented (A/AAAA/CNAME/DNAME/MX/NS/SOA/TXT)
  • 15 GB compressed
  • 157 GB uncompressed
  • Available as a torrent

–Jason