PROVEX: Detecting Botnets with Encrypted Command and Control Channels

Botmasters increasingly encrypt command-and-control (C&C) communication to evade existing intrusion detection systems. Our detailed C&C traffic analysis shows that at least ten prevalent malware families avoid well-known C&C carrier protocols, such …

P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets

Centralized botnets are easy targets for takedown efforts by computer security researchers and law enforcement. Thus, botnet controllers have sought new ways to harden the infrastructures of their botnets. In order to meet this objective, some …

Exploiting Visual Appearance to Cluster and Detect Rogue Software

Manufacturing Compromise: The Emergence of Exploit-as-a-Service

Large Scale Analysis of Malware Downloaders

Prudent Practices for Designing Malware Experiments Status Quo and Outlook

eID Online Authentication: Network Threat Model Attacks and Implications

On Botnets That Use DNS for Command and Control (C2)

Sandnet: Network Traffic Analysis of Malicious Software

Detecting Gray in Black and White