{"id":664,"date":"2014-07-21T00:24:46","date_gmt":"2014-07-21T00:24:46","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=664"},"modified":"2014-07-21T00:24:46","modified_gmt":"2014-07-21T00:24:46","slug":"%e8%bd%acsecurity-data-science-papers","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/664.html","title":{"rendered":"[collect]Security Data Science Papers[bak]"},"content":{"rendered":"<p style=\"color: #222222;\">\u4ecereddit\u4e0a\u770b\u5230\u7684\u8fd9\u5219\u4fe1\u606f\uff0c\u535a\u4e3b\u5c06\u4ed6\u8fd9\u4e9b\u5e74\u6765\u770b\u5230\/\u641c\u96c6\u5230\u7684\u4e0e\u5b89\u5168\u7814\u7a76\u76f8\u5173\u7684\u8bba\u6587\/\u6f14\u793a\u6587\u7a3f\u8fdb\u884c\u4e86\u4e00\u4e2a\u5927\u4f53\u7684\u5206\u7c7b\uff0c\u4ee5\u94fe\u63a5\u7684\u5f62\u5f0f\u7ed9\u4e86\u51fa\u6765\uff0c\u8d21\u732e\u7ed9\u6709\u9700\u8981\u7684\u4eba\uff0c\u6211\u642c\u8fd0\u81f3\u6b64\u505a\u4e2a\u5907\u4efd\uff1a<\/p>\n<p style=\"color: #222222;\">Over the past several years I have collected and read many security research papers\/slides and have started a small catalog of sorts. The topics of these papers range from intrusion detection, anomaly detection, machine learning\/data mining, Internet scale data collection, malware analysis, and intrusion\/breach reports. I figured this collection might useful to others. All links lead to PDFs hosted here.<\/p>\n<p style=\"color: #222222;\">I hope to clean this up (add author info, date, and publication) when I get some more time as well as adding some detailed notes I have on the various features, models, algorithms, and datasets used in many of these papers.<\/p>\n<p style=\"color: #222222;\">Here are some of my favorites (nice uses of machine learning, graph analytics, and\/or anomaly detection to solve interesting security problems):<\/p>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/CAMP%20-%20Content%20Agnostic%20Malware%20Protection.pdf\" target=\"_blank\">CAMP &#8211; Content Agnostic Malware Protection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Notos%20-%20Building%20a%20dynamic%20reputation%20system%20for%20dns.pdf\" target=\"_blank\">Notos &#8211; Building a Dynamic Reputation System for DNS<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Kopis%20-%20Detecting%20malware%20domains%20at%20the%20upper%20dns%20hierarchy.pdf\">Kopis &#8211; Detecting malware domains at the upper dns hierarchy<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/From%20throw-away%20traffic%20to%20bots%20-%20detecting%20the%20rise%20of%20dga-based%20malware.pdf\">Pleiades &#8211; From Throw-away Traffic To Bots &#8211; Detecting The Rise Of DGA-based Malware<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Exposure%20-%20Finding%20malicious%20domains%20using%20passive%20dns%20analysis.pdf\">EXPOSURE &#8211; Finding Malicious Domains Using Passive DNS Analysis<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Polonium%20-%20Tera-Scale%20Graph%20Mining%20for%20Malware%20Detection.pdf\">Polonium &#8211; Tera-Scale Graph Mining for Malware Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Nazca%20-%20%20Detecting%20Malware%20Distribution%20in%20Large-Scale%20Networks.pdf\">Nazca &#8211; Detecting Malware Distribution in Large-Scale Networks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/PAYL%20-%20Anomalous%20Payload-based%20Network%20Intrusion%20Detection.pdf\">PAYL &#8211; Anomalous Payload-based Network Intrusion Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Anagram%20-%20A%20Content%20Anomaly%20Detector%20Resistant%20to%20Mimicry%20Attack.pdf\">Anagram &#8211; A Content Anomaly Detector Resistant to Mimicry Attack<\/a><\/li>\n<\/ul>\n<p style=\"color: #222222;\">Here is the entire collection:<\/p>\n<h2 id=\"intrusion-detection\" style=\"color: #222222;\">Intrusion Detection<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20Close%20Look%20on%20n-Grams%20in%20Intrusion%20Detection-%20Anomaly%20Detection%20vs.%20Classi%EF%AC%81cation.pdf\">A Close Look on n-Grams in Intrusion Detection- Anomaly Detection vs. Classi\ufb01cation<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20Kill%20Chain%20Analysis%20of%20the%202013%20Target%20Data%20Breach.pdf\">A Kill Chain Analysis of the 2013 Target Data Breach<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20Lone%20Wolf%20No%20More%20-%20%20Supporting%20Network%20Intrusion%20Detection%20with%20Real-Time%20Intelligence.pdf\">A Lone Wolf No More &#8211; Supporting Network Intrusion Detection with Real-Time Intelligence<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20Machine-learning%20Approach%20for%20Classifying%20and%20Categorizing%20Android%20Sources%20and%20Sinks.pdf\">A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Acquiring%20Digital%20Evidence%20from%20Botnet%20Attacks:%20Procedures%20and%20Methods%20(PhD%20Thesis).pdf\">Acquiring Digital Evidence from Botnet Attacks: Procedures and Methods (PhD Thesis)<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/ALERT-ID%20-%20%20Analyze%20Logs%20of%20the%20network%20Element%20in%20Real%20Time%20for%20Intrusion%20Detection.pdf\">ALERT-ID &#8211; Analyze Logs of the network Element in Real Time for Intrusion Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Anagram%20-%20A%20Content%20Anomaly%20Detector%20Resistant%20to%20Mimicry%20Attack.pdf\">Anagram &#8211; A Content Anomaly Detector Resistant to Mimicry Attack<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Anomaly-based%20intrusion%20detection%20in%20software%20as%20a%20service.pdf\">Anomaly-based Intrusion Detection in Software as a Service<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Back%20to%20Basics%20-%20Beyond%20Network%20Hygiene.pdf\">Back to Basics &#8211; Beyond Network Hygiene<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Beehive%20-%20Large-Scale%20Log%20Analysis%20for%20Detecting%20Suspicious%20Activity%20in%20Enterprise%20Networks.pdf\">Beehive &#8211; Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Behavioral%20clustering%20of%20http-based%20malware%20and%20signature%20generation%20using%20malicious%20network%20traces.pdf\">Behavioral Clustering of HTTP-based Malware and Signature Generation Using Malicious Network Traces<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Beheading%20Hydras%20-%20Performing%20Effective%20Botnet%20Takedowns.pdf\">Beheading Hydras &#8211; Performing Effective Botnet Takedowns<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Bloodhound%20-%20Searching%20Out%20Malicious%20Input%20in%20Network%20Flows%20for%20Automatic%20Repair%20Validation.pdf\">Bloodhound &#8211; Searching Out Malicious Input in Network Flows for Automatic Repair Validation<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Boosting%20the%20Scalability%20of%20Botnet%20Detection%20Using%20Adaptive%20Traffic%20Sampling.pdf\">Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/CAMP%20-%20Content%20Agnostic%20Malware%20Protection.pdf\">CAMP &#8211; Content Agnostic Malware Protection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Casting%20out%20demons%20-%20Sanitizing%20training%20data%20for%20anomaly%20sensors.pdf\">Casting out demons &#8211; Sanitizing training data for anomaly sensors<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/CloudFence%20-%20Data%20Flow%20Tracking%20as%20a%20Cloud%20Service.pdf\">CloudFence &#8211; Data Flow Tracking as a Cloud Service<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Comparing%20anomaly%20detection%20techniques%20for%20HTTP.pdf\">Comparing anomaly detection techniques for HTTP<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Cujo%20-%20Efficient%20detection%20and%20prevention%20of%20drive-by-download%20attacks.pdf\">Cujo &#8211; Efficient detection and prevention of drive-by-download attacks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Decoy%20Document%20Deployment%20for%20Effective%20Masquerade%20Attack%20Detection.pdf\">Decoy Document Deployment for Effective Masquerade Attack Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Detecting%20Spammers%20with%20SNARE%20-%20Spatio-temporal%20Network-level%20Automatic%20Reputation%20Engine.pdf\">Detecting Spammers with SNARE &#8211; Spatio-temporal Network-level Automatic Reputation Engine<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Detecting%20unknown%20network%20attacks%20using%20language%20models.pdf\">Detecting Unknown Network Attacks Using Language Models<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Early%20Detection%20of%20Malicious%20Flux%20Networks%20via%20Large-Scale%20Passive%20DNS%20Traffic%20Analysis.pdf\">Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Effective%20Anomaly%20Detection%20with%20Scarce%20Training%20Data.pdf\">Effective Anomaly Detection with Scarce Training Data<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Efficient%20Multidimensional%20Aggregation%20for%20Large%20Scale%20Monitoring.pdf\">Efficient Multidimensional Aggregation for Large Scale Monitoring<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/EFFORT%20-%20Efficient%20and%20Effective%20Bot%20Malware%20Detection.pdf\">EFFORT &#8211; Efficient and Effective Bot Malware Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/ExecScent-%20Mining%20for%20New%20C%20and%20C%20Domains%20in%20Live%20Networks%20with%20Adapive%20Control%20Protocol%20Templates%20-%20slides.pdf\">ExecScent- Mining for New C and C Domains in Live Networks with Adaptive Control Protocol Templates &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/ExecScent-%20Mining%20for%20New%20C%20and%20C%20Domains%20in%20Live%20Networks%20with%20Adapive%20Control%20Protocol%20Templates.pdf\">ExecScent- Mining for New C and C Domains in Live Networks with Adaptive Control Protocol Templates<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Exposure%20-%20Finding%20malicious%20domains%20using%20passive%20dns%20analysis.pdf\">EXPOSURE &#8211; Finding Malicious Domains Using Passive DNS Analysis<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/FiG%20-%20Automatic%20Fingerprint%20Generation.pdf\">FiG &#8211; Automatic Fingerprint Generation<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Filtering%20Spam%20with%20Behavioral%20Blacklisting.pdf\">Filtering Spam with Behavioral Blacklisting<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/FLIPS%20-%20Hybrid%20Adaptive%20Intrusion%20Prevention.pdf\">FLIPS &#8211; Hybrid Adaptive Intrusion Prevention<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/HMMPayl%20-%20An%20intrusion%20detection%20system%20based%20on%20Hidden%20Markov%20Models.pdf\">HMMPayl &#8211; An Intrusion Detection System Based on Hidden Markov Models<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Kopis%20-%20Detecting%20malware%20domains%20at%20the%20upper%20dns%20hierarchy.pdf\">Kopis &#8211; Detecting malware domains at the upper dns hierarchy<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Large-Scale%20Malware%20Analysis,%20Detection,%20and%20Signature%20Generation.pdf\">Large-Scale Malware Analysis, Detection, and Signature Generation<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Leveraging%20Honest%20Users%20-%20Stealth%20Command-and-Control%20of%20Botnets%20-%20slides.pdf\">Leveraging Honest Users &#8211; Stealth Command-and-Control of Botnets &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Leveraging%20Honest%20Users%20-%20Stealth%20Command-and-Control%20of%20Botnets.pdf\">Leveraging Honest Users &#8211; Stealth Command-and-Control of Botnets<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Local%20System%20Security%20via%20SSHD%20Instrumentation%20%20.pdf\">Local System Security via SSHD Instrumentation<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Machine%20learning%20in%20adversarial%20environments.pdf\">Machine Learning In Adversarial Environments<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Malware%20vs%20Big%20Data%20(Ubrella%20Labs).pdf\">Malware vs. Big Data (Umbrella Labs)<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/McPAD%20-%20A%20multiple%20classifier%20system%20for%20accurate%20payload-based%20anomaly%20detection.pdf\">McPAD &#8211; A Multiple Classifier System for Accurate Payload-based Anomaly Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Measuring%20and%20Detecting%20Malware%20Downloads%20in%20Live%20Network%20Traffic.pdf\">Measuring and Detecting Malware Downloads in Live Network Traffic<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Mining%20Botnet%20Sink%20holes%20-%20slides.pdf\">Mining Botnet Sink Holes &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/MISHIMA%20-%20Multilateration%20of%20Internet%20hosts%20hidden%20using%20malicious%20fast-%EF%AC%82ux%20agents.pdf\">MISHIMA &#8211; Multilateration of Internet hosts hidden using malicious fast-\ufb02ux agents<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Monitoring%20the%20Initial%20DNS%20Behavior%20of%20Malicious%20Domains.pdf\">Monitoring the Initial DNS Behavior of Malicious Domains<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/N-Gram%20against%20the%20Machine%20-%20%20On%20the%20Feasibility%20of%20the%20N-Gram%20Network%20Analysis%20for%20Binary%20Protocols.pdf\">N-Gram against the Machine &#8211; On the Feasibility of the N-Gram Network Analysis for Binary Protocols<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Nazca%20-%20%20Detecting%20Malware%20Distribution%20in%20Large-Scale%20Networks.pdf\">Nazca &#8211; Detecting Malware Distribution in Large-Scale Networks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Netgator%20-%20%20Malware%20Detection%20Using%20Program%20Interactive%20Challenges%20%20-%20slides.pdf\">Netgator &#8211; Malware Detection Using Program Interactive Challenges &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Network%20Traffic%20Characterization%20Using%20(p,%20n)-grams%20Packet%20Representation.pdf\">Network Traffic Characterization Using (p, n)-grams Packet Representation<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Notos%20-%20Building%20a%20dynamic%20reputation%20system%20for%20dns.pdf\">Notos &#8211; Building a Dynamic Reputation System for DNS<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/On%20the%20Feasibility%20of%20Online%20Malware%20Detection%20with%20Performance%20Counters.pdf\">On the Feasibility of Online Malware Detection with Performance Counters<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/On%20the%20infeasibility%20of%20modeling%20polymorphic%20shellcode.pdf\">On the Infeasibility of Modeling Polymorphic Shellcode<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/On%20the%20Mismanagement%20and%20Maliciousness%20of%20Networks.pdf\">On the Mismanagement and Maliciousness of Networks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Outside%20the%20Closed%20World%20-%20On%20Using%20Machine%20Learning%20For%20Network%20Intrusion%20Detection.pdf\">Outside the Closed World &#8211; On Using Machine Learning For Network Intrusion Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/PAYL%20-%20Anomalous%20Payload-based%20Network%20Intrusion%20Detection.pdf\">PAYL &#8211; Anomalous Payload-based Network Intrusion Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/PAYL2%20-%20Anomalous%20Payload-based%20Worm%20Detection%20and%20%20Signature%20Generation.pdf\">PAYL2 &#8211; Anomalous Payload-based Worm Detection and Signature Generation<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/From%20throw-away%20traffic%20to%20bots%20-%20detecting%20the%20rise%20of%20dga-based%20malware.pdf\">Pleiades &#8211; From Throw-away Traffic To Bots &#8211; Detecting The Rise Of DGA-based Malware<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Practical%20Comprehensive%20Bounds%20on%20Surreptitious%20Communication%20Over%20DNS%20-%20slides.pdf\">Practical Comprehensive Bounds on Surreptitious Communication Over DNS &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Practical%20Comprehensive%20Bounds%20on%20Surreptitious%20Communication%20Over%20DNS.pdf\">Practical Comprehensive Bounds on Surreptitious Communication Over DNS<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Privacy-preserving%20payload-based%20correlation%20for%20accurate%20malicious%20traffic%20detection.pdf\">Privacy-preserving Payload-based Correlation for Accurate Malicious Traffic Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Revealing%20Botnet%20Membership%20Using%20DNSBL%20Counter-Intelligence.pdf\">Revealing Botnet Membership Using DNSBL Counter-Intelligence<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Revolver%20-%20An%20Automated%20Approach%20to%20the%20Detection%20of%20Evasive%20Web-based%20Malware.pdf\">Revolver &#8211; An Automated Approach to the Detection of Evasive Web-based Malware<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Self-organized%20Collaboration%20of%20Distributed%20IDS%20Sensors.pdf\">Self-organized Collaboration of Distributed IDS Sensors<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/SinkMiner-%20Mining%20Botnet%20Sinkholes%20for%20Fun%20and%20Profit.pdf\">SinkMiner- Mining Botnet Sinkholes for Fun and Profit<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Spamming%20botnets%20-%20signatures%20and%20characteristics.pdf\">Spamming Botnets &#8211; Signatures and Characteristics<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Spectrogram%20-%20A%20mixture-of-markov-chains%20model%20for%20anomaly%20detection%20in%20web%20traffic.pdf\">Spectrogram &#8211; A Mixture of Markov Chain models for Anomaly Detection in Web Traffic<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/The%20security%20of%20machine%20learning.pdf\">The Security of Machine Learning<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Toward%20Stealthy%20Malware%20Detection.pdf\">Toward Stealthy Malware Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Traffic%20aggregation%20for%20malware%20detection.pdf\">Traffic Aggregation for Malware Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Understanding%20the%20Domain%20Registration%20Behavior%20of%20Spammers.pdf\">Understanding the Domain Registration Behavior of Spammers<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Understanding%20the%20Network-Level%20Behavior%20of%20Spammers.pdf\">Understanding the Network-Level Behavior of Spammers<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/VAST-%20Network%20Visibility%20Across%20Space%20and%20Time.pdf\">VAST- Network Visibility Across Space and Time<\/a><\/li>\n<\/ul>\n<h2 id=\"malware\" style=\"color: #222222;\">Malware<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20static,%20packer-agnostic%20filter%20to%20detect%20similar%20malware%20samples.pdf\">A static, packer-agnostic filter to detect similar malware samples<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20study%20of%20malcode-bearing%20documents.pdf\">A study of malcode-bearing documents<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20survey%20on%20automated%20dynamic%20malware-analysis%20techniques%20and%20tools.pdf\">A survey on automated dynamic malware-analysis techniques and tools<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/APT1%20Technical%20backstage%20(malware.lu%20hack%20backs%20of%20APT1%20servers).pdf\">APT1 Technical backstage (malware.lu hack backs of APT1 servers)<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Automatic%20Analysis%20of%20Malware%20Behavior%20using%20Machine%20Learning.pdf\">Automatic Analysis of Malware Behavior using Machine Learning<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/BitShred%20-%20Fast,%20Scalable%20Code%20Reuse%20Detection%20in%20Binary%20Code.pdf\">BitShred &#8211; Fast, Scalable Code Reuse Detection in Binary Code<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/BitShred%20-%20Fast,%20Scalable%20Malware%20Triage.pdf\">BitShred &#8211; Fast, Scalable Malware Triage<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Deobfuscating%20Embedded%20Malware%20using%20Probable-Plaintext%20Attacks.pdf\">Deobfuscating Embedded Malware using Probable-Plaintext Attacks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Escape%20from%20Monkey%20Island%20-%20Evading%20High-Interaction%20Honeyclients.pdf\">Escape from Monkey Island &#8211; Evading High-Interaction Honeyclients<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Eureka%20-%20A%20framework%20for%20enabling%20static%20malware%20analysis.pdf\">Eureka &#8211; A framework for enabling static malware analysis<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Extraction%20of%20Statistically%20Significant%20Malware%20Behaviors.pdf\">Extraction of Statistically Significant Malware Behaviors<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Fast%20Automated%20Unpacking%20and%20Classification%20of%20Malware.pdf\">Fast Automated Unpacking and Classification of Malware<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/FIRMA%20-%20Malware%20Clustering%20and%20Network%20Signature%20Generation%20with%20Mixed%20Network%20Behaviors.pdf\">FIRMA &#8211; Malware Clustering and Network Signature Generation with Mixed Network Behaviors<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/FuncTracker%20-%20Discovering%20Shared%20Code%20(to%20aid%20malware%20forensics)%20-%20slides.pdf\">FuncTracker &#8211; Discovering Shared Code (to aid malware forensics) &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/FuncTracker%20-%20Discovering%20Shared%20Code%20to%20Aid%20Malware%20Forensics%20Extended%20Abstract.pdf\">FuncTracker &#8211; Discovering Shared Code to Aid Malware Forensics Extended Abstract<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Malware%20files%20clustering%20based%20on%20file%20geometry%20and%20visualization%20using%20R%20language.pdf\">Malware files clustering based on file geometry and visualization using R language<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Mobile%20Malware%20Detection%20Based%20on%20Energy%20Fingerprints%20%E2%80%94%20A%20Dead%20End.pdf\">Mobile Malware Detection Based on Energy Fingerprints \u2014 A Dead End<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Polonium%20-%20Tera-Scale%20Graph%20Mining%20for%20Malware%20Detection.pdf\">Polonium &#8211; Tera-Scale Graph Mining for Malware Detection<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Putting%20out%20a%20HIT%20-%20Crowdsourcing%20Malware%20Installs.pdf\">Putting out a HIT &#8211; Crowdsourcing Malware Installs<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Scalable%20fine-grained%20behavioral%20clustering%20of%20http-based%20malware.pdf\">Scalable Fine-grained Behavioral Clustering of HTTP-based Malware<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/SigMal%20-%20A%20Static%20Signal%20Processing%20Based%20Malware%20Triage.pdf\">SigMal &#8211; A Static Signal Processing Based Malware Triage<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Tracking%20Memory%20Writes%20for%20Malware%20Classification%20and%20Code%20Reuse%20Identification.pdf\">Tracking Memory Writes for Malware Classification and Code Reuse Identification<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Using%20File%20Relationships%20in%20Malware%20Classification.pdf\">Using File Relationships in Malware Classification<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/VAMO%20-%20Towards%20a%20Fully%20Automated%20Malware%20Clustering%20Validity%20Analysis.pdf\">VAMO &#8211; Towards a Fully Automated Malware Clustering Validity Analysis<\/a><\/li>\n<\/ul>\n<h2 id=\"data-collection\" style=\"color: #222222;\">Data Collection<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Crawling%20BitTorrent%20DHTs%20for%20Fun%20and%20Pro%EF%AC%81t.pdf\">Crawling BitTorrent DHTs for Fun and Pro\ufb01t<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/CyberProbe%20-%20Towards%20Internet-Scale%20Active%20Detection%20of%20Malicious%20Servers.pdf\">CyberProbe &#8211; Towards Internet-Scale Active Detection of Malicious Servers<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Demystifying%20service%20discovery%20-%20Implementing%20an%20internet-wide%20scanner.pdf\">Demystifying service discovery &#8211; Implementing an internet-wide scanner<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/gitDigger%20-%20Creating%20useful%20wordlists%20from%20GitHub.pdf\">gitDigger &#8211; Creating useful wordlists from GitHub<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/PoisonAmplifier%20-%20A%20Guided%20Approach%20of%20Discovering%20Compromised%20Websites%20through%20Reversing%20Search%20Poisoning%20Attacks.pdf\">PoisonAmplifier &#8211; A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/ZMap%20-%20Fast%20Internet-Wide%20Scanning%20and%20its%20Security%20Applications%20(slides).pdf\">ZMap &#8211; Fast Internet-Wide Scanning and its Security Applications (slides)<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/ZMap%20-%20Fast%20Internet-Wide%20Scanning%20and%20its%20Security%20Applications.pdf\">ZMap &#8211; Fast Internet-Wide Scanning and its Security Applications<\/a><\/li>\n<\/ul>\n<h2 id=\"vulnerability-analysisreversing\" style=\"color: #222222;\">Vulnerability Analysis\/Reversing<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/A%20Preliminary%20Analysis%20of%20Vulnerability%20Scores%20for%20Attacks%20in%20Wild.pdf\">A Preliminary Analysis of Vulnerability Scores for Attacks in Wild<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Attacker%20Economics%20for%20Internet-scale%20Vulnerability%20Risk%20Assessment.pdf\">Attacker Economics for Internet-scale Vulnerability Risk Assessment<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Detecting%20Logic%20Vulnerabilities%20in%20E-Commerce%20Applications.pdf\">Detecting Logic Vulnerabilities in E-Commerce Applications<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/ReDeBug%20-%20finding%20unpatched%20code%20clones%20in%20entire%20os%20distributions.pdf\">ReDeBug &#8211; Finding Unpatched Code Clones in Entire OS Distributions<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/The%20Classification%20of%20Valuable%20Data%20in%20an%20Assumption%20of%20Breach%20Paradigm.pdf\">The Classification of Valuable Data in an Assumption of Breach Paradigm<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Toward%20Black-Box%20Detection%20of%20Logic%20Flaws%20in%20Web%20Applications.pdf\">Toward Black-Box Detection of Logic Flaws in Web Applications<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Vulnerability%20Extrapolation%20-%20Assisted%20Discovery%20of%20Vulnerabilities%20using%20Machine%20Learning%20-%20slides.pdf\">Vulnerability Extrapolation &#8211; Assisted Discovery of Vulnerabilities using Machine Learning &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Vulnerability%20Extrapolation%20-%20Assisted%20Discovery%20of%20Vulnerabilities%20using%20Machine%20Learning.pdf\">Vulnerability Extrapolation &#8211; Assisted Discovery of Vulnerabilities using Machine Learning<\/a><\/li>\n<\/ul>\n<h2 id=\"anonymityprivacyopseccensorship\" style=\"color: #222222;\">Anonymity\/Privacy\/OPSEC\/Censorship<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Anonymous%20Hacking%20Group%20--%20OpNewblood-Super-Secret-Security-Handbook.pdf\">Anonymous Hacking Group \u2013 #OpNewblood Super Secret Security Handbook<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Detecting%20Traffic%20Snooping%20in%20Tor%20Using%20Decoys.pdf\">Detecting Traffic Snooping in Tor Using Decoys<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Risks%20and%20Realization%20of%20HTTPS%20Traffic%20Analysis.pdf\">Risks and Realization of HTTPS Traffic Analysis<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Selling%20Off%20Privacy%20at%20Auction.pdf\">Selling Off Privacy at Auction<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/The%20Sniper%20Attack%20-%20Anonymously%20Deanonymizing%20and%20Disabling%20the%20Tor%20Network.pdf\">The Sniper Attack &#8211; Anonymously Deanonymizing and Disabling the Tor Network<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/The%20Velocity%20of%20Censorship%20-%20High-Fidelity%20Detection%20of%20Microblog%20Post%20Deletions%20-%20slides.pdf\">The Velocity of Censorship &#8211; High-Fidelity Detection of Microblog Post Deletions &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/The%20Velocity%20of%20Censorship%20-%20High-Fidelity%20Detection%20of%20Microblog%20Post%20Deletions.pdf\">The Velocity of Censorship &#8211; High-Fidelity Detection of Microblog Post Deletions<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Tor%20vs%20NSA.pdf\">Tor vs. NSA<\/a><\/li>\n<\/ul>\n<h2 id=\"data-mining\" style=\"color: #222222;\">Data Mining<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/An%20Exploration%20of%20Geolocation%20and%20Traffic%20Visualisation%20Using%20Network%20Flows%20to%20Aid%20in%20Cyber%20Defence.pdf\">An Exploration of Geolocation and Traffic Visualization Using Network Flows to Aid in Cyber Defense<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/DSpin%20-%20Detecting%20Automatically%20Spun%20Content%20on%20the%20Web.pdf\">DSpin &#8211; Detecting Automatically Spun Content on the Web<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Gyrus%20-%20A%20Framework%20for%20User-Intent%20Monitoring%20of%20Text-Based%20Networked%20Applications.pdf\">Gyrus &#8211; A Framework for User-Intent Monitoring of Text-Based Networked Applications<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Indexing%20Million%20of%20Packets%20per%20Second%20using%20GPUs.pdf\">Indexing Million of Packets per Second using GPUs<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Multi-Label%20Learning%20with%20Millions%20of%20Labels%20-%20Recommending%20Advertiser%20Bid%20Phrases%20for%20Web%20Pages.pdf\">Multi-Label Learning with Millions of Labels &#8211; Recommending Advertiser Bid Phrases for Web Pages<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Real-Time%20Handling%20of%20Network%20Monitoring%20Data%20Using%20a%20Data-Intensive%20Framework.pdf\">Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Shingled%20Graph%20Disassembly%20-%20Finding%20the%20Undecideable%20Path.pdf\">Shingled Graph Disassembly &#8211; Finding the Undecideable Path<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Synoptic%20Graphlet%20-%20Bridging%20the%20Gap%20between%20Supervised%20and%20Unsupervised%20Profiling%20of%20Host-level%20Network%20Traffic.pdf\">Synoptic Graphlet &#8211; Bridging the Gap between Supervised and Unsupervised Profiling of Host-level Network Traffic<\/a><\/li>\n<\/ul>\n<h2 id=\"cyber-crime\" style=\"color: #222222;\">Cyber Crime<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Connected%20Colors%20-%20Unveiling%20the%20Structure%20of%20Criminal%20Networks.pdf\">Connected Colors &#8211; Unveiling the Structure of Criminal Networks<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Image%20Matching%20for%20Branding%20Phishing%20Kit%20Images%20-%20slides.pdf\">Image Matching for Branding Phishing Kit Images &#8211; slides<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Image%20Matching%20for%20Branding%20Phishing%20Kit%20Images.pdf\">Image Matching for Branding Phishing Kit Images<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Inside-a-Targeted-Point-of-Sale-Data-Breach.pdf\">Inside a Targeted Point-of-Sale Data Breach<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Investigating%20Advanced%20Persistent%20Threat%201%20(APT1).pdf\">Investigating Advanced Persistent Threat 1 (APT1)<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Measuring%20pay-per-install%20-%20the%20commoditization%20of%20malware%20distribution.pdf\">Measuring pay-per-install &#8211; the Commoditization of Malware Distribution<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Scambaiter%20-%20Understanding%20Targeted%20Nigerian%20Scams%20on%20Craigslist.pdf\">Scambaiter &#8211; Understanding Targeted Nigerian Scams on Craigslist<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Sherlock%20Holmes%20and%20The%20Case%20of%20the%20Advanced%20Persistent%20Threat.pdf\">Sherlock Holmes and the Case of the Advanced Persistent Threat<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/The%20Role%20of%20the%20Underground%20Market%20in%20Twitter%20Spam%20and%20Abuse.pdf\">The Role of the Underground Market in Twitter Spam and Abuse<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/The%20Tangled%20Web%20of%20Password%20Reuse.pdf\">The Tangled Web of Password Reuse<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Traf%EF%AC%81cking%20Fraudulent%20Accounts%20-%20The%20Role%20of%20the%20Underground%20Market%20in%20Twitter%20Spam%20and%20Abuse.pdf\">Traf\ufb01cking Fraudulent Accounts &#8211; The Role of the Underground Market in Twitter Spam and Abuse<\/a><\/li>\n<\/ul>\n<h2 id=\"cndcnacnecno\" style=\"color: #222222;\">CND\/CNA\/CNE\/CNO<\/h2>\n<ul style=\"color: #222222;\">\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Ampli%EF%AC%81cation%20Hell%20-%20Revisiting%20Network%20Protocols%20for%20DDoS%20Abuse.pdf\">Ampli\ufb01cation Hell &#8211; Revisiting Network Protocols for DDoS Abuse<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/HITB2013AMS%20-%20Defending%20The%20Enterprise,%20the%20Russian%20Way.pdf\">Defending The Enterprise, the Russian Way<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Protecting%20a%20moving%20target%20-%20Addressing%20web%20application%20concept%20drift.pdf\">Protecting a Moving Target &#8211; Addressing Web Application Concept Drift<\/a><\/li>\n<li><a style=\"color: #555555;\" href=\"http:\/\/www.covert.io\/research-papers\/security\/Timing%20of%20Cyber%20Conflict.pdf\">Timing of Cyber Conflict<\/a><\/li>\n<\/ul>\n<p style=\"color: #222222;\">\u2013Jason<\/p>\n<h5 style=\"color: #222222;\">Reference:<\/h5>\n<p style=\"color: #222222;\"><a href=\"http:\/\/www.covert.io\/security-datascience-papers\/\" target=\"_blank\">Security Data Science Papers \u2013 covert.io<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4ecereddit\u4e0a\u770b\u5230\u7684\u8fd9\u5219\u4fe1\u606f\uff0c\u535a\u4e3b\u5c06\u4ed6\u8fd9\u4e9b\u5e74\u6765\u770b\u5230\/\u641c\u96c6\u5230\u7684\u4e0e\u5b89\u5168\u7814\u7a76\u76f8\u5173\u7684\u8bba\u6587\/\u6f14\u793a\u6587\u7a3f\u8fdb\u884c\u4e86\u4e00\u4e2a\u5927\u4f53\u7684\u5206 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,25],"tags":[37],"class_list":["post-664","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-security","tag-security"],"views":2176,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=664"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/664\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}