This is a really quick post. No analysis or commentary, just some links to papers I found interesting. These are from some conferences (WOOT, NDSS, ACM CCS, ASAC) from this year.

Tick Tock: Building Browser Red Pills from Timing Side Channels. WOOT 2014.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. NDSS 2014.

Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS 2014.

Zippier ZMap: Internet-Wide Scanning at 10 Gbps. WOOT 2014.

Through the Looking-Glass, and What Eve Found There. WOOT 2014.

The End is Nigh: Generic Solving of Text-based CAPTCHAs. WOOT 2014.

Uncovering Network Tarpits with Degreaser (slides)

SEER: Practical Memory Virus Scanning as a Service

Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System

Protecting Client Browsers with a Principal-based Approach

From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation

Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising. ACM CCS 2014

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. ACM CCS 2014

A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. ACM CCS 2014

Characterizing Large-Scale Click Fraud in ZeroAccess. ACM CCS 2014

(Nothing else) MATor(s): Monitoring the Anonymity of Tor’s Path Selection. ACM CCS 2014

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound

Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. ACM CCS 2014

A Critical Evaluation of Website Fingerprinting Attacks. ACM CCS 2014

To Find:

AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis An Epidemiological Study of Malware Encounters in a Large Enterprise

Update (1/1/2017): I will not be updating this page and instead will make all updates to this page: The Definitive Security Data Science and Machine Learning Guide (see Machine Learning and Security Papers section).

Over the past several years I have collected and read many security research papers/slides and have started a small catalog of sorts. The topics of these papers range from intrusion detection, anomaly detection, machine learning/data mining, Internet scale data collection, malware analysis, and intrusion/breach reports. I figured this collection might useful to others. All links lead to PDFs hosted here.

I hope to clean this up (add author info, date, and publication) when I get some more time as well as adding some detailed notes I have on the various features, models, algorithms, and datasets used in many of these papers.

Here are some of my favorites (nice uses of machine learning, graph analytics, and/or anomaly detection to solve interesting security problems):

Here is the entire collection:

Intrusion Detection


Data Collection

Vulnerability Analysis/Reversing


Data Mining

Cyber Crime



This is an awesome collection of Security Data Science ipython notebooks from @clicksecurity.

They demonstrate using Pandas, Scikit-Learn, and Matplotlib for exploring security datasets involving:

  • Detecting Algorithmically Generated Domains
  • Hierarchical Clustering of Syslogs
  • Exploration of data from Malware Domain List
  • SQL Injection
  • Browser Agent Fingerprinting


Mubix (@mubix) used the subdomains list from here to bruteforce subdomains using dig and args. Really nice use of xargs for parallel execution.

cat subdomains.txt | \
	xargs -P 122 -I subdomain dig +noall +answer


Another security related “bigdata” release. The DNS Census is an anonymous public release of DNS data. The person behind this claimed they were inspired by the Internet Census.

Some stats:

  • 2.5B DNS records
  • ~106M unique domain names
  • Most DNS RR types are represented (A/AAAA/CNAME/DNAME/MX/NS/SOA/TXT)
  • 15 GB compressed
  • 157 GB uncompressed
  • Available as a torrent