A taxonomy of botnet behavior, detection, and defense
S Khattak, NR Ramay, KR Khan… - … surveys & tutorials, 2013 - ieeexplore.ieee.org
A number of detection and defense mechanisms have emerged in the last decade to tackle
the botnet phenomenon. It is important to organize this knowledge to better understand the …
the botnet phenomenon. It is important to organize this knowledge to better understand the …
A survey on regular expression matching for deep packet inspection: Applications, algorithms, and hardware platforms
Deep packet inspection (DPI) is widely used in content-aware network applications such as
network intrusion detection systems, traffic billing, load balancing, and government …
network intrusion detection systems, traffic billing, load balancing, and government …
SIMPLE-fying middlebox policy enforcement using SDN
Networks today rely on middleboxes to provide critical performance, security, and policy
compliance capabilities. Achieving these benefits and ensuring that the traffic is directed …
compliance capabilities. Achieving these benefits and ensuring that the traffic is directed …
Defeating {DNN-Based} traffic analysis systems in {Real-Time} with blind adversarial perturbations
Deep neural networks (DNNs) are commonly used for various traffic analysis problems, such
as website fingerprinting and flow correlation, as they outperform traditional (eg, statistical) …
as website fingerprinting and flow correlation, as they outperform traditional (eg, statistical) …
Deepcorr: Strong flow correlation attacks on tor using deep learning
Flow correlation is the core technique used in a multitude of deanonymization attacks on
Tor. Despite the importance of flow correlation attacks on Tor, existing flow correlation …
Tor. Despite the importance of flow correlation attacks on Tor, existing flow correlation …
Method and system for detecting malicious and/or botnet-related domain names
R Perdisci, W Lee - US Patent 10,027,688, 2018 - Google Patents
A method and system of detecting a malicious and/or botnet-related domain name,
comprising: reviewing a domain name used in Domain Name System (DNS) traffic in a …
comprising: reviewing a domain name used in Domain Name System (DNS) traffic in a …
Timing analysis of keystrokes and timing attacks on {SSH}
SSH is designed to provide a secure channel between two hosts. Despite the encryption
and authentication mechanisms it uses, SSH has two weakness: First, the transmitted …
and authentication mechanisms it uses, SSH has two weakness: First, the transmitted …
Low-cost traffic analysis of Tor
SJ Murdoch, G Danezis - … on Security and Privacy (S&P'05), 2005 - ieeexplore.ieee.org
Tor is the second generation onion router supporting the anonymous transport of TCP
streams over the Internet. Its low latency makes it very suitable for common tasks, such as …
streams over the Internet. Its low latency makes it very suitable for common tasks, such as …
Performance debugging for distributed systems of black boxes
MK Aguilera, JC Mogul, JL Wiener… - ACM SIGOPS …, 2003 - dl.acm.org
Many interesting large-scale systems are distributed systems of multiple communicating
components. Such systems can be very hard to debug, especially when they exhibit poor …
components. Such systems can be very hard to debug, especially when they exhibit poor …
Method and system for detecting and responding to attacking networks
D Dagon, N Feamster, W Lee, R Edmonds… - US Patent …, 2013 - Google Patents
A system and method for detecting a first network of compromised computers in a second
network of computers, comprising: collecting Domain Name System (DNS) data for the …
network of computers, comprising: collecting Domain Name System (DNS) data for the …