Network Security
 
    Network Security

Current interests include analysis of Internet-scale threats. We've undertaken a number of studies to assess the prevalence of botnets and various malware delivery mechanisms (drive-by downloads). We have also examined the effectiveness of network telescopes for a variety of tasks, particularly to better understand their capabilities and limits with respect to malware detection and containment.

  Empirical Evaluations

       Teryl Taylor, Kevin Z. Snow, Nathan Otterness and Fabian Monrose. Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-wire. In Proceedings of ISOC Network and Distributed Systems Symposium, Feb 2016. (PDF).

       Teryl Taylor, Xin Hu, Ting Wang, Jiyong Jang, Marc Stoeckin, Fabian Monrose Reiner Sailer. Detecting Malicious Exploit Kits Using Tree-based Similarity Searches. In Proceedings ACM Conference on Data and Application Security, March 2016. (PDF).

       Srinivas Krishnan, Teryl Taylor,  Fabian Monrose, and John McHugh. Crossing the Threshold: Detecting Network Malfeasance via Sequential Hypothesis Testing. In Proceedings of 43rd IEEE/IFIP International Conference on Dependable Systems and Networks,  June, 2013. (PDF).

Teryl Taylor, Scott E. Coull, Fabian Monrose, and John McHugh. Toward Efficient Querying of Compressed Network Payloads. In Proceedings of USENIX Annual Technical Conference, June, 2012. (PDF).

Srinivas Krishnan and Fabian Monrose. An Empirical Study of the Performance, Security and Privacy Implications of Domain Name Prefetching. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June, 2011. (PDF)


▪S. Coull, Michael Bailey and Fabian Monrose. On Measuring the Similarity of Network Hosts: Pitfalls, New Metrics, and Empirical Analyses. In Proceedings of the Network and Distributed Systems Security Symposium, Feb, 2011. (PDF)


▪S. Coull and A. White and T. Yen and F. Monrose and M.K. Reiter. Understanding Domain Registration Abuses. In Proceedings of the International Information Security Conference, September, 2010. (PDF)


▪Srinivas Krishnan and Fabian Monrose. DNS Prefetching and Its Privacy Implications. In Proceedings of the 3rd  USENIX Workshop on Large-scale Exploits and Emergent Threats, April, 2010 (PDF).


▪Sam Small, Josh Mason, Fabian Monrose, Niels Provos and Adam Stubblefield. To Catch A Predator: A Natural Language Approach for Eliciting Malicious Payloads. To appear in Proceedings of the 17th USENIX Security Symposium, July, 2008. (PDF)


▪Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab, and Fabian Monrose. All Your iFrames Point to Us. To appear in the Proceedings of the 17th USENIX Security Symposium, July, 2008 (PDF)


▪Moheeb Rajab, Jay Zarfoss, Fabian Monrose and Andreas Terzis. A Multifaceted Approach to Understanding the Botnet Phenomenon. In proceedings of ACM SIGCOMM/USENIX Internet Measurement Conference, October, Brazil, 2006. (PDF) More information on the architecture we used in the IMC paper is provided in Jay Zarfoss' Masters thesis on A Scalable Architecture for Persistent Botnet Tracking, Jan. 26, 2007.


▪Moheeb Rajab, Jay Zarfoss, Fabian Monrose and Andreas Terzis. My Botnet is Bigger than Yours (Maybe, Better than Yours). In proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets, April, Boston, 2007. (PDF)


   Modeling and New Threats


▪Josh Mason, Sam Small,  Fabian Monrose and Greg MacManus. English Shellcode. In Proceedings of the ACM Conference on Computer and Communications Security, pages 524-533, 2009, (PDF)


▪Moheeb Rajab, Fabian Monrose, Andreas Terzis and Niels Provos. Peeking Through the Cloud: DNS-based Estimation and its Applications In proceedings the 6th Conference on Applied Cryptography and Network Security (ACNS), 2008. (PDF)


                  The full version of this paper, Client Density Estimation via DNS Cache Probing appears in ACM Transactions on Information Technologies (TOIT), 10(3), October, 2010. (PDF)


▪Moheeb Rajab, Fabian Monrose and Andreas Terzis. Fast and Evasive Attacks: Highlighting the Challenges Ahead. In proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID), Sept, Germany, 2006. (PDF)


▪Moheeb Rajab, Fabian Monrose and Andreas Terzis. On the Impact of Dynamic Addressing on Malware Propagation. In Proceedings of the ACM Workshop on Recurring Malware (WORM), Washington D.C., November, 2006.(PDF)


▪Moheeb Rajab, Fabian Monrose and Andreas Terzis. On the effectiveness of Distributed Worm Monitoring. In Proceedings of the 14th USENIX Security Symposium, pages 225-237, Baltimore, August, 2005. (PDF)


▪Moheeb Rajab, Fabian Monrose and Andreas Terzis. Worm Evolution Tracking via Timing Analysis. In ACM Workshop on Recurring Malware (WORM), pages 52-59, Washington D.C., November, 2005. (PDF)