Botnet Analysis and mitigation

Developing novel botnet mitigation techniques

Botnets, which are large networks of compromised computers acting under the control of a single entity, are nowadays the most common way for cybercriminals to carry out their activities. This project's goal is to understand how current botnets work, in order to develop novel techniques to mitigate their effects

Publications

2014 (1 publication)

Extracting Probable Command and Control Signatures for Detecting Botnets A. Zand, G. Vigna, X. Yan, C. Kruegel Proceedings of the ACM Symposium on Applied Computing (SAC 2014) BibTeX PDF (154.6 KB)

2013 (1 publication)

2012 (5 publications)

You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen , C. Kruegel, F. Piessens, G. Vigna Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012) BibTeX PDF (737.7 KB)

Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds A. Bianchi, Y. Shoshitaishvili, C. Kruegel, G. Vigna Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012) BibTeX PDF (424.7 KB)

Poultry Markets: On the Underground Economy of Twitter Followers G. Stringhini, M. Egele, C. Kruegel, G. Vigna Proceedings of the Workshop on Online Social Networks (WOSN 2012) BibTeX PDF (767.5 KB)

B@BEL: Leveraging Email Delivery for Spam Mitigation G. Stringhini, M. Egele, A. Zarras, T. Holz, C. Kruegel, G. Vigna Proceedings of the USENIX Security Symposium (USENIX Security 2012) BibTeX PDF (983.3 KB)

EVILSEED: A Guided Approach to Finding Malicious Web Pages L. Invernizzi, S. Benvenuti, P. Milani Comparetti, M. Cova, C. Kruegel, G. Vigna Proceedings of the IEEE Symposium on Security and Privacy (SSP 2012) BibTeX PDF (759.4 KB)

2011 (11 publications)

BareBox: Efficient Malware Analysis on Bare Metal D. Kirat, G. Vigna, C. Kruegel Proceedings of the Annual Computer Security Applications Conference (ACSAC 2011) BibTeX PDF (726.0 KB)

Understanding Fraudulent Activities in Online Ad Exchanges B. Stone-Gross, R. Stevens, A. Zarras, R. Kemmerer, C. Kruegel Proceedings of the Internet Measurement Conference (IMC 2011) BibTeX PDF (781.4 KB)

Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities A. Doupé, B. Boe, C. Kruegel, G. Vigna Proceedings of the ACM Conference on Computer and Communications Security (CCS 2011) BibTeX PDF (228.2 KB)

Shellzer: a tool for the dynamic analysis of malicious shellcode Y. Fratantonio, C. Kruegel, G. Vigna Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID 2011) BibTeX PDF (284.4 KB)

BotMagnifier: Locating Spambots on the Internet G. Stringhini, T. Holz, B. Stone-Gross, C. Kruegel, G. Vigna Proceedings of the USENIX Security Symposium (USENIX Security 2011) BibTeX PDF (286.6 KB)

Jackstraws: Picking Command and Control Connections from Bot Traffic G. Jacob, R. Hund, C. Kruegel, T. Holz Proceedings of the USENIX Security Symposium (USENIX Security 2011) PDF (313.7 KB)

Escape from Monkey Island: Evading High-Interaction Honeyclients A. Kapravelos, M. Cova, C. Kruegel, G. Vigna Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2011) BibTeX PDF (224.9 KB)

The Underground Economy of Fake Antivirus Software B. Stone-Gross, R. Abman, R. Kemmerer, C. Kruegel, G. Vigna Proceedings of the Workshop on Economics of Information Security (WEIS 2011) BibTeX PDF (799.3 KB)

The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns B. Stone-Gross, T. Holz, G. Stringhini, G. Vigna Proceedings of the Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET 2011) BibTeX PDF (1.2 MB)

PiOS: Detecting Privacy Leaks in iOS Applications M. Egele, C. Kruegel, E. Kirda, G. Vigna Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2011) BibTeX PDF (272.1 KB)

Exposure: Finding Malicious Domains Using Passive DNS Analysis L. Bilge, E. Kirda, C. Kruegel, M. Balduzzi Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2011) PDF (275.6 KB)

2010 (7 publications)

AccessMiner: Using System-Centric Models for Malware Protection A. Lanzi, D. Balzarotti, C. Kruegel, M. Christoderescu, E. Kirda Proceedings of the ACM Conference on Computer and Communications Security (CCS 2010) BibTeX PDF (452.1 KB)

Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners A. Doupé, M. Cova, G. Vigna Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2010) BibTeX PDF (177.3 KB)

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries C. Kolbitsch, T. Holz, C. Kruegel, E. Kirda Proceedings of the IEEE Symposium on Security and Privacy (SSP 2010) BibTeX PDF (474.7 KB)

Identifying Dormant Functionality in Malware Programs P. Milani Comparetti, G. Salvaneschi, E. Kirda, C. Kolbitsch, C. Kruegel, S. Zanero Proceedings of the IEEE Symposium on Security and Privacy (SSP 2010) BibTeX PDF (367.5 KB)

Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code M. Cova, C. Kruegel, G. Vigna Proceedings of the International World Wide Web Conference (WWW 2010) BibTeX PDF (242.5 KB)

Are BGP Routers Open To Attack? An Experiment L. Cavedon, C. Kruegel, G. Vigna Proceedings of the Open Research Problems in Network Security (iNetSec 2010) BibTeX PDF (240.4 KB)

Portions of this work are supported by the ONR under Grant N00014-09-1-1042

Research topics

Malware Analysis and Detection

People involved

Faculty

Post-doctoral Researchers

PhD Students

Last update: April 10, 2014, 7:05 p.m.