Publications
You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012) BibTeX Fulltext (PDF, 737.7 KB)
Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012) BibTeX Fulltext (PDF, 424.7 KB)
Poultry Markets: On the Underground Economy of Twitter Followers Proceedings of the Workshop on Online Social Networks (WOSN 2012) BibTeX Fulltext (PDF, 767.5 KB)
B@BEL: Leveraging Email Delivery for Spam Mitigation Proceedings of the USENIX Security Symposium (USENIX Security 2012) BibTeX Fulltext (PDF, 983.3 KB)
Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner Proceedings of the USENIX Security Symposium (USENIX Security 2012) BibTeX Fulltext (PDF, 230.8 KB)
A Mission-Centric Visualization Tool for Cybersecurity Situation Awareness (2012-07) Fulltext (PDF, 761.1 KB)
A Quantitative Study of Accuracy in System Call-Based Malware Detection Proceedings of the International Symposium on Software Testing and Analysis (ISSTA 2012) BibTeX Fulltext (PDF, 551.6 KB)
EVILSEED: A Guided Approach to Finding Malicious Web Pages Proceedings of the IEEE Symposium on Security and Privacy (SSP 2012) BibTeX Fulltext (PDF, 759.4 KB)
BareBox: Efficient Malware Analysis on Bare Metal Proceedings of the Annual Computer Security Applications Conference (ACSAC 2011) BibTeX Fulltext (PDF, 726.0 KB)
Nexat: A History-Based Approach to Predict Attacker Actions Proceedings of the Annual Computer Security Applications Conference (ACSAC 2011) BibTeX Fulltext (PDF, 225.5 KB)
Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness Proceedings of the Annual Computer Security Applications Conference (ACSAC 2011) BibTeX Fulltext (PDF, 1.9 MB)
Understanding Fraudulent Activities in Online Ad Exchanges Proceedings of the Internet Measurement Conference (IMC 2011) BibTeX Fulltext (PDF, 781.4 KB)
Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities Proceedings of the ACM Conference on Computer and Communications Security (CCS 2011) BibTeX Fulltext (PDF, 228.2 KB)
Dymo: Tracking Dynamic Code Identity Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2011) BibTeX Fulltext (PDF, 209.2 KB)
Shellzer: a tool for the dynamic analysis of malicious shellcode Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2011) BibTeX Fulltext (PDF, 284.4 KB)
BotMagnifier: Locating Spambots on the Internet Proceedings of the USENIX Security Symposium (USENIX Security 2011) BibTeX Fulltext (PDF, 286.6 KB)
Jackstraws: Picking Command and Control Connections from Bot Traffic Proceedings of the USENIX Security Symposium (USENIX Security 2011) Fulltext (PDF, 313.7 KB)
Escape from Monkey Island: Evading High-Interaction Honeyclients Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2011) BibTeX Fulltext (PDF, 224.9 KB)
The Underground Economy of Fake Antivirus Software Proceedings of the Workshop on Economics of Information Security (WEIS 2011) BibTeX Fulltext (PDF, 799.3 KB)
Peering Through the iFrame Proceedings of the International Conference on Computer Communications (INFOCOM 2011) BibTeX Fulltext (PDF, 312.9 KB)
Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages Proceedings of the International World Wide Web Conference (WWW 2011) BibTeX Fulltext (PDF, 1.2 MB)
The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns Proceedings of the Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET 2011) BibTeX Fulltext (PDF, 1.2 MB)
PiOS: Detecting Privacy Leaks in iOS Applications Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2011) BibTeX Fulltext (PDF, 272.1 KB)
Exposure: Finding Malicious Domains Using Passive DNS Analysis Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2011) Fulltext (PDF, 275.6 KB)
Analysis of a Botnet Takeover IEEE Security and Privacy Magazine, 2011, vol. 9, no.1 BibTeX Fulltext (PDF, 1.3 MB)
Network Intrusion Detection: Dead or Alive? Proceedings of the Annual Computer Security Applications Conference (ACSAC 2010) BibTeX Fulltext (PDF, 168.2 KB)
AccessMiner: Using System-Centric Models for Malware Protection Proceedings of the ACM Conference on Computer and Communications Security (CCS 2010) BibTeX Fulltext (PDF, 452.1 KB)
Static Analysis for Detecting Taint-Style Vulnerabilities in Web Applications Journal of Computer Security, 2010 Fulltext (PDF, 273.9 KB)
Toward Automated Detection of Logic Vulnerabilities in Web Applications Proceedings of the USENIX Security Symposium (USENIX Security 2010) BibTeX Fulltext (PDF, 246.9 KB)
Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2010) BibTeX Fulltext (PDF, 177.3 KB)
An Experience in Testing the Security of Real-world Electronic Voting Systems IEEE Transactions on Software Engineering, 2010 BibTeX
Organizing Large Scale Hacking Competitions Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2010) BibTeX Fulltext (PDF, 1.9 MB)
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries Proceedings of the IEEE Symposium on Security and Privacy (SSP 2010) BibTeX Fulltext (PDF, 474.7 KB)
Identifying Dormant Functionality in Malware Programs Proceedings of the IEEE Symposium on Security and Privacy (SSP 2010) BibTeX Fulltext (PDF, 367.5 KB)
Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code Proceedings of the International World Wide Web Conference (WWW 2010) BibTeX Fulltext (PDF, 242.5 KB)
A Solution for the Automated Detection of Clickjacking Attacks Proceedings of the ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2010) BibTeX Fulltext (PDF, 398.3 KB)
Effective Anomaly Detection with Scarce Training Data Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2010) BibTeX Fulltext (PDF, 490.3 KB)
Are BGP Routers Open To Attack? An Experiment Proceedings of the Open Research Problems in Network Security (iNetSec 2010) BibTeX Fulltext (PDF, 240.4 KB)
CAPTCHA Smuggling: Hijacking Web Browsing Sessions to Create CAPTCHA Farms Proceedings of the ACM Symposium on Applied Computing (SAC 2010) BibTeX
Improving the Efficiency of Dynamic Malware Analysis Proceedings of the ACM Symposium on Applied Computing (SAC 2010) BibTeX Fulltext (PDF, 180.9 KB)
Efficient Detection of Split Personalities in Malware Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2010) BibTeX Fulltext (PDF, 154.6 KB)
FIRE: FInding Rogue nEtworks Proceedings of the Annual Computer Security Applications Conference (ACSAC 2009) BibTeX Fulltext (PDF, 198.6 KB)
Analyzing and Detecting Malicious Flash Advertisements Proceedings of the Annual Computer Security Applications Conference (ACSAC 2009) BibTeX Fulltext (PDF, 376.0 KB)
Your Botnet is My Botnet: Analysis of a Botnet Takeover Proceedings of the ACM Conference on Computer and Communications Security (CCS 2009) BibTeX Fulltext (PDF, 921.8 KB)
Protecting a Moving Target: Addressing Web Application Concept Drift Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2009) BibTeX Fulltext (PDF, 244.6 KB)
Automated Spyware Collection and Analysis Proceedings of the Information Security Conference (ISC 2009) BibTeX Fulltext (PDF, 151.4 KB)
Automatically Generating Models for Botnet Detection Proceedings of the European Symposium on Research in Computer Security (ESORICS 2009) BibTeX Fulltext (PDF, 157.2 KB)
Static Enforcement of Web Application Integrity Through Strong Typing Proceedings of the USENIX Security Symposium (USENIX Security 2009) BibTeX Fulltext (PDF, 479.0 KB)
Reducing Errors in the Anomaly-based Detection of Web-Based Attacks through the Combined Analysis of Web Requests and SQL Queries Computer Security, 2009, vol. 17, no.3 BibTeX Fulltext (PDF, 345.7 KB)
Client-side Cross-site Scripting Protection Computers & Security, 2009, vol. 28, no.7 BibTeX Fulltext (PDF, 1.2 MB)
Effective and Efficient Malware Detection at the End Host Proceedings of the USENIX Security Symposium (USENIX Security 2009) BibTeX Fulltext (PDF, 497.1 KB)
Are Your Votes Really Counted? Testing the Security of Real-world Electronic Voting Systems Proceedings of the International Symposium on Software Testing and Analysis (ISSTA 2008) BibTeX Fulltext (PDF, 220.9 KB)
VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2008) BibTeX Fulltext (PDF, 582.0 KB)
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications Proceedings of the IEEE Symposium on Security and Privacy (SSP 2008) BibTeX Fulltext (PDF, 244.4 KB)
ClearShot: Eavesdropping on Keyboard Input from Video Proceedings of the IEEE Symposium on Security and Privacy (SSP 2008) BibTeX Fulltext (PDF, 217.7 KB)
Malware in IEEE 802.11 Wireless Networks Proceedings of the Passive and Active Measurement Conference (PAM 2008) BibTeX Fulltext (PDF, 272.6 KB)
A Parallel Architecture for Stateful, High-Speed Intrusion Detection Proceedings of the International Conference on Information Systems Security (ICISS 2008) BibTeX Fulltext (PDF, 275.9 KB)
There is No Free Phish: An Analysis of "Free" and Live Phishing Kits Proceedings of the USENIX Workshop on Offensive Technologies (WOOT 2008) BibTeX Fulltext (PDF, 134.1 KB)
Feature Omission Vulnerabilities: Thwarting Signature Generation for Polymorphic Worms Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2007) BibTeX Fulltext (PDF, 143.6 KB)
Improving Signature Testing Through Dynamic Data Flow Analysis Proceedings of the Annual Computer Security Applications Conference (ACSAC 2007) BibTeX Fulltext (PDF, 178.6 KB)
Multi-Module Vulnerability Analysis of Web-based Applications Proceedings of the ACM Conference on Computer and Communications Security (CCS 2007) BibTeX Fulltext (PDF, 247.2 KB)
Extending .NET Security to Unmanaged Code International Journal of Information Security, 2007 BibTeX
Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2007) BibTeX Fulltext (PDF, 538.3 KB)
Exploiting Execution Context for the Detection of Anomalous System Calls Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2007) BibTeX Fulltext (PDF, 212.4 KB)
Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms Proceedings of the USENIX Workshop on Offensive Technologies (WOOT 2007) BibTeX Fulltext (PDF, 106.1 KB)
Security Evaluation of the Sequoia Voting System BibTeX Fulltext (PDF, 108.5 KB)
Is Code Still Moving Around? Looking Back at a Decade of Code Mobility Proceedings of the International Conference on Software Engineering (ICSE 2007) BibTeX Fulltext (PDF, 146.0 KB)
Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2007) BibTeX Fulltext (PDF, 177.5 KB)
Using a Virtual Security Testbed for Digital Forensic Reconstruction Journal in Computer Virology, 2007, vol. 2, no.4 BibTeX
Testing and Analysis of Web Services BibTeX
Static Disassembly and Code Analysis Malware Detection, 2007, vol. 27 BibTeX
Vulnerability Analysis of MMS User Agents Proceedings of the Annual Computer Security Applications Conference (ACSAC 2006) BibTeX Fulltext (PDF, 147.5 KB)
Static Detection of Vulnerabilities in x86 Executables Proceedings of the Annual Computer Security Applications Conference (ACSAC 2006) BibTeX Fulltext (PDF, 321.8 KB)
Behavior-based Spyware Detection Proceedings of the USENIX Security Symposium (USENIX Security 2006) BibTeX Fulltext (PDF, 325.5 KB)
SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr Proceedings of the Information Security Conference (ISC 2006)
An Anomaly-driven Reverse Proxy for Web Applications Proceedings of the ACM Symposium on Applied Computing (SAC 2006)
Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2006)
A Multi-model Approach to the Detection of Web-based Attacks Computer Networks, 2005, vol. 48, no.5 BibTeX
Polymorphic Worm Detection Using Structural Information of Executables Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2005) BibTeX
Automating Mimicry Attacks Using Static Binary Analysis Proceedings of the USENIX Security Symposium (USENIX Security 2005) BibTeX
A Learning-Based Approach to the Detection of SQL Attacks Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2005) BibTeX
Exploiting OS-level Mechanisms to Implement Mobile Code Security Proceedings of the International Conference on Engineering of Complex Computer Systems (ICECCS 2005) BibTeX
Detecting Malicious JavaScript Code in Mozilla Proceedings of the International Conference on Engineering of Complex Computer Systems (ICECCS 2005) BibTeX
Reverse Engineering of Network Signatures Proceedings of the Asia Pacific Information Technology Security Conference (AusCERT 2005) BibTeX
Intrusion Detection and Correlation: Challenges and Solutions BibTeX
Sensor Families for Intrusion Detection Infrastructures BibTeX
Detecting Kernel-Level Rootkits Through Binary Analysis Proceedings of the Annual Computer Security Applications Conference (ACSAC 2004) BibTeX Fulltext (PDF, 788.3 KB)
Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing Proceedings of the Annual Computer Security Applications Conference (ACSAC 2004) BibTeX
An Intrusion Detection Tool for AODV-based Ad Hoc Wireless Networks Proceedings of the Annual Computer Security Applications Conference (ACSAC 2004) BibTeX Fulltext (PDF, 239.1 KB)
Using Alert Verification to Identify Successful Intrusion Attempts Practice in Information Processing and Communication (PIK), 2004 BibTeX
Static Disassembly of Obfuscated Binaries Proceedings of the USENIX Security Symposium (USENIX Security 2004) BibTeX Fulltext (PDF, 211.9 KB)
A Comprehensive Approach to Intrusion Detection Alert Correlation IEEE Transactions on Dependable and Secure Computing, 2004 BibTeX
Mobile Agents: Ten Reasons For Failure Proceedings of the IEEE International Conference on Mobile Data Management (MDM 2004) BibTeX Fulltext (PDF, 28.2 KB)
Testing Network-based Intrusion Detection Signatures Using Mutant Exploits Proceedings of the ACM Conference on Computer and Communications Security (CCS 2004) BibTeX Fulltext (PDF, 165.2 KB)
A Stateful Intrusion Detection System for World-Wide Web Servers Proceedings of the Annual Computer Security Applications Conference (ACSAC 2003) BibTeX
An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems Proceedings of the Annual Computer Security Applications Conference (ACSAC 2003) BibTeX
Bayesian event classification for intrusion detection Proceedings of the Annual Computer Security Applications Conference (ACSAC 2003)
Anomaly Detection of Web-based Attacks Proceedings of the ACM Conference on Computer and Communications Security (CCS 2003) BibTeX
On the Detection of Anomalous System Call Arguments Proceedings of the European Symposium on Research in Computer Security (ESORICS 2003) BibTeX
Teaching Hands-On Network Security: Testbeds and Live Exercises Journal of Information Warfare, 2003 BibTeX
A Topological Characterization of TCP/IP Security Proceedings of the International FME Symposium (FME 2003) BibTeX
Designing and Implementing A Family of Intrusion Detection Systems Proceedings of the European Conference on Software Engineering (ESEC 2003) BibTeX
Teaching Network Security Through Live Exercises Proceedings of the Annual World Conference on Information Security Education (WISE 2003) BibTeX
Detecting Malicious Java Code Using Virtual Machine Auditing Proceedings of the USENIX Security Symposium (USENIX Security 2003) BibTeX
Mnemosyne: Designing and Implementing Network Short-Term Memory Proceedings of the International Conference on Engineering of Complex Computer Systems (ICECCS 2002) BibTeX Fulltext (PDF, 148.3 KB)
Sensor-Based Intrusion Detection for Intra-Domain Distance-Vector Routing Proceedings of the ACM Conference on Computer and Communications Security (CCS 2002) BibTeX Fulltext (PDF, 184.7 KB)
An Intrusion Detection System for Aglets Proceedings of the International Conference on Mobile Agents (MA 2002) BibTeX Fulltext (PDF, 200.4 KB)
Stateful Intrusion Detection for High-Speed Networks Proceedings of the IEEE Symposium on Security and Privacy (SSP 2002) BibTeX Fulltext (PDF, 107.0 KB)
Intrusion Detection: A Brief History and Overview IEEE Computer, 2002, vol. 35, no.4 BibTeX Fulltext (PDF, 363.2 KB)
Composable Tools For Network Discovery and Security Analysis Proceedings of the Annual Computer Security Applications Conference (ACSAC 2002) BibTeX
STATL: An Attack Language for State-based Intrusion Detection Journal of Computer Security, 2002 BibTeX Fulltext (PDF, 810.7 KB)
Evaluating the Security Of Three Java-Based Mobile Agent Systems Proceedings of the International Conference on Mobile Agents (MA 2001) BibTeX Fulltext (PDF, 89.5 KB)
Designing a Web of Highly-Configurable Intrusion Detection Sensors Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2001) BibTeX Fulltext (PDF, 218.7 KB)
MASSA: Mobile Agents Security through Static/Dynamic Analysis Proceedings of the ICSE Workshop on Software Engineering and Mobility (WSEM 2001) BibTeX Fulltext (PDF, 34.8 KB)
E-Commerce Security and Privacy BibTeX
Security Testing of the Online Banking Service of a Large International Bank Proceedings of the Workshop on Security and Privacy in E-Commerce (WSPEC 2000) BibTeX
Attack Languages Proceedings of the Information Survivability Workshop (ISW 2000) BibTeX
The STAT Tool Suite Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX 2000) BibTeX
NetSTAT: A Network-based Intrusion Detection System Journal of Computer Security, 1999, vol. 7, no.1 BibTeX
NetSTAT: A Network-based Intrusion Detection Approach Proceedings of the Annual Computer Security Applications Conference (ACSAC 1998) BibTeX
Requirements Targeting Software and System Engineering BibTeX
Mobile Agents and Security BibTeX
Cryptographic Traces for Mobile Agents BibTeX
A Model-Centered Electronic Commerce Middleware Proceedings of the International IFIP Working Conference on Trends in Electronic Commerce (TrEC 1998) BibTeX