This is a really quick post. No analysis or commentary, just some links to papers I found interesting. These are from some conferences (WOOT, NDSS, ACM CCS, ASAC) from this year.

Tick Tock: Building Browser Red Pills from Timing Side Channels. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-ho.pdf

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. NDSS 2014. http://www.internetsociety.org/sites/default/files/05_4_0.pdf

Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS 2014. http://www.internetsociety.org/sites/default/files/01_5.pdf

Zippier ZMap: Internet-Wide Scanning at 10 Gbps. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-adrian.pdf

Through the Looking-Glass, and What Eve Found There. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bruno.pdf

The End is Nigh: Generic Solving of Text-based CAPTCHAs. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bursztein.pdf

Uncovering Network Tarpits with Degreaser http://www.rbeverly.net/research/papers/degreaser-acsac14.pdf http://www.cmand.org/degreaser/alt_degreaser_caidatopology_052014.pdf (slides)

SEER: Practical Memory Virus Scanning as a Service http://gionta.org/static/pdf/seer_acsac14.pdf

Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System https://www.sec.in.tum.de/assets/Uploads/scalability-fidelity-stealth.pdf

Protecting Client Browsers with a Principal-based Approach http://yinzhicao.org/thesis/thesis.pdf

From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation http://www.utdallas.edu/~hamlen/araujo14ccs.pdf

Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising. ACM CCS 2014 http://wenke.gtisc.gatech.edu/papers/ccs2014-meng.pdf

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. ACM CCS 2014 https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf

A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. ACM CCS 2014 http://www.cypherpunks.ca/~iang/pubs/webfingerprint-ccs14.pdf

Characterizing Large-Scale Click Fraud in ZeroAccess. ACM CCS 2014 http://cseweb.ucsd.edu/~voelker/pubs/za-ccs14.pdf

(Nothing else) MATor(s): Monitoring the Anonymity of Tor’s Path Selection. ACM CCS 2014 http://www.infsec.cs.uni-saarland.de/~mohammadi/paper/mator.pdf

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound http://arxiv.org/pdf/1407.0803v1.pdf

Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. ACM CCS 2014 http://www.icir.org/robin/papers/ccs14-concurrency.pdf

A Critical Evaluation of Website Fingerprinting Attacks. ACM CCS 2014 https://www.eecs.berkeley.edu/~sa499/papers/ccs-webfp-final.pdf

To Find:

AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis An Epidemiological Study of Malware Encounters in a Large Enterprise

The Definitive Security Data Science and Machine Learning Guide

Books, tutorials, presentations, and research papers on various security topics that use data science and machine learning Continue reading

Deep Learning Security Papers

Published on December 29, 2016