This is a really quick post. No analysis or commentary, just some links to papers I found interesting. These are from some conferences (WOOT, NDSS, ACM CCS, ASAC) from this year.
Tick Tock: Building Browser Red Pills from Timing Side Channels. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-ho.pdf
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. NDSS 2014. http://www.internetsociety.org/sites/default/files/05_4_0.pdf
Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS 2014. http://www.internetsociety.org/sites/default/files/01_5.pdf
Zippier ZMap: Internet-Wide Scanning at 10 Gbps. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-adrian.pdf
Through the Looking-Glass, and What Eve Found There. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bruno.pdf
The End is Nigh: Generic Solving of Text-based CAPTCHAs. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bursztein.pdf
Uncovering Network Tarpits with Degreaser http://www.rbeverly.net/research/papers/degreaser-acsac14.pdf http://www.cmand.org/degreaser/alt_degreaser_caidatopology_052014.pdf (slides)
SEER: Practical Memory Virus Scanning as a Service http://gionta.org/static/pdf/seer_acsac14.pdf
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System https://www.sec.in.tum.de/assets/Uploads/scalability-fidelity-stealth.pdf
Protecting Client Browsers with a Principal-based Approach http://yinzhicao.org/thesis/thesis.pdf
From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation http://www.utdallas.edu/~hamlen/araujo14ccs.pdf
Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising. ACM CCS 2014 http://wenke.gtisc.gatech.edu/papers/ccs2014-meng.pdf
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. ACM CCS 2014 https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf
A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. ACM CCS 2014 http://www.cypherpunks.ca/~iang/pubs/webfingerprint-ccs14.pdf
Characterizing Large-Scale Click Fraud in ZeroAccess. ACM CCS 2014 http://cseweb.ucsd.edu/~voelker/pubs/za-ccs14.pdf
(Nothing else) MATor(s): Monitoring the Anonymity of Tor’s Path Selection. ACM CCS 2014 http://www.infsec.cs.uni-saarland.de/~mohammadi/paper/mator.pdf
Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound http://arxiv.org/pdf/1407.0803v1.pdf
Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. ACM CCS 2014 http://www.icir.org/robin/papers/ccs14-concurrency.pdf
A Critical Evaluation of Website Fingerprinting Attacks. ACM CCS 2014 https://www.eecs.berkeley.edu/~sa499/papers/ccs-webfp-final.pdf
To Find:
AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis An Epidemiological Study of Malware Encounters in a Large Enterprise