目录机器学习与网络安全入侵检测恶意软件数据收集漏洞分析/逆向匿名/隐私/审查数据挖掘APT与网络犯罪CND/CNA/CNE/CNO 深度学习与网络安全机器学习与网络安全入侵检测A Close Look on n-Grams in Intrusion Detection- Anomaly Detection vs. Classification (opens new window)A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures (opens new window)A Kill Chain Analysis of the 2013 Target Data Breach (opens new window)A Lone Wolf No More - Supporting Network Intrusion Detection with Real-Time Intelligence (opens new window)A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks (opens new window)Acquiring Digital Evidence from Botnet Attacks: Procedures and Methods (PhD Thesis) (opens new window)ALERT-ID - Analyze Logs of the network Element in Real Time for Intrusion Detection (opens new window)Anagram - A Content Anomaly Detector Resistant to Mimicry Attack (opens new window)Anagram - A Content Anomaly Detector Resistant to Mimicry Attack (opens new window)Anomaly-based Intrusion Detection in Software as a Service (opens new window)Application of the PageRank Algorithm to Alarm Graphs (opens new window)Back to Basics - Beyond Network Hygiene (opens new window)Beehive - Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks (opens new window)Behavioral Clustering of HTTP-based Malware and Signature Generation Using Malicious Network Traces (opens new window)Beheading Hydras - Performing Effective Botnet Takedowns (opens new window)Bloodhound - Searching Out Malicious Input in Network Flows for Automatic Repair Validation (opens new window)Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling (opens new window)CAMP - Content Agnostic Malware Protection (opens new window)CAMP - Content Agnostic Malware Protection (opens new window)Casting out demons - Sanitizing training data for anomaly sensors (opens new window)CloudFence - Data Flow Tracking as a Cloud Service (opens new window)Comparing anomaly detection techniques for HTTP (opens new window)Cujo - Efficient detection and prevention of drive-by-download attacks (opens new window)Decoy Document Deployment for Effective Masquerade Attack Detection (opens new window)Detecting Spammers with SNARE - Spatio-temporal Network-level Automatic Reputation Engine (opens new window)Detecting Unknown Network Attacks Using Language Models (opens new window)Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis (opens new window)Effective Anomaly Detection with Scarce Training Data (opens new window)Efficient Multidimensional Aggregation for Large Scale Monitoring (opens new window)EFFORT - Efficient and Effective Bot Malware Detection (opens new window)ExecScent- Mining for New C and C Domains in Live Networks with Adaptive Control Protocol Templates - slides (opens new window)ExecScent- Mining for New C and C Domains in Live Networks with Adaptive Control Protocol Templates (opens new window)EXPOSURE - Finding Malicious Domains Using Passive DNS Analysis (opens new window)EXPOSURE - Finding Malicious Domains Using Passive DNS Analysis (opens new window)FiG - Automatic Fingerprint Generation (opens new window)Filtering Spam with Behavioral Blacklisting (opens new window)Finding The Needle - Suppression of False Alarms in Large Intrusion Detection Data Sets (opens new window)FLIPS - Hybrid Adaptive Intrusion Prevention (opens new window)Heuristics for Improved Enterprise Intrusion Detection (opens new window) by Jim TreinenHMMPayl - An Intrusion Detection System Based on Hidden Markov Models (opens new window)Kopis - Detecting malware domains at the upper dns hierarchy (opens new window)Kopis - Detecting malware domains at the upper dns hierarchy (opens new window)Large-Scale Malware Analysis, Detection, and Signature Generation (opens new window)Leveraging Honest Users - Stealth Command-and-Control of Botnets - slides (opens new window)Leveraging Honest Users - Stealth Command-and-Control of Botnets (opens new window)Local System Security via SSHD Instrumentation (opens new window)Machine Learning In Adversarial Environments (opens new window)Malware vs. Big Data (Umbrella Labs) (opens new window)McPAD - A Multiple Classifier System for Accurate Payload-based Anomaly Detection (opens new window)Measuring and Detecting Malware Downloads in Live Network Traffic (opens new window)Mining Botnet Sink Holes - slides (opens new window)MISHIMA - Multilateration of Internet hosts hidden using malicious fast-flux agents (opens new window)Monitoring the Initial DNS Behavior of Malicious Domains (opens new window)N-Gram against the Machine - On the Feasibility of the N-Gram Network Analysis for Binary Protocols (opens new window)Nazca - Detecting Malware Distribution in Large-Scale Networks (opens new window)Nazca - Detecting Malware Distribution in Large-Scale Networks (opens new window)Netgator - Malware Detection Using Program Interactive Challenges - slides (opens new window)Network Traffic Characterization Using (p, n)-grams Packet Representation (opens new window)Notos - Building a Dynamic Reputation System for DNS (opens new window)Notos - Building a Dynamic Reputation System for DNS (opens new window)On the Feasibility of Online Malware Detection with Performance Counters (opens new window)On the Infeasibility of Modeling Polymorphic Shellcode (opens new window)On the Mismanagement and Maliciousness of Networks (opens new window)Outside the Closed World - On Using Machine Learning For Network Intrusion Detection (opens new window)PAYL - Anomalous Payload-based Network Intrusion Detection (opens new window)PAYL - Anomalous Payload-based Network Intrusion Detection (opens new window)PAYL2 - Anomalous Payload-based Worm Detection and Signature Generation (opens new window)Pleiades - From Throw-away Traffic To Bots - Detecting The Rise Of DGA-based Malware (opens new window)Pleiades - From Throw-away Traffic To Bots - Detecting The Rise Of DGA-based Malware (opens new window)Polonium - Tera-Scale Graph Mining for Malware Detection (opens new window)Practical Comprehensive Bounds on Surreptitious Communication Over DNS - slides (opens new window)Practical Comprehensive Bounds on Surreptitious Communication Over DNS (opens new window)Privacy-preserving Payload-based Correlation for Accurate Malicious Traffic Detection (opens new window)Revealing Botnet Membership Using DNSBL Counter-Intelligence (opens new window)Revolver - An Automated Approach to the Detection of Evasive Web-based Malware (opens new window)Self-organized Collaboration of Distributed IDS Sensors (opens new window)SinkMiner- Mining Botnet Sinkholes for Fun and Profit (opens new window)Spamming Botnets - Signatures and Characteristics (opens new window)Spectrogram - A Mixture of Markov Chain models for Anomaly Detection in Web Traffic (opens new window)The Security of Machine Learning (opens new window)Toward Stealthy Malware Detection (opens new window)Traffic Aggregation for Malware Detection (opens new window)Understanding the Domain Registration Behavior of Spammers (opens new window)Understanding the Network-Level Behavior of Spammers (opens new window)VAST- Network Visibility Across Space and Time (opens new window)恶意软件A static, packer-agnostic filter to detect similar malware samples (opens new window)A study of malcode-bearing documents (opens new window)A survey on automated dynamic malware-analysis techniques and tools (opens new window)APT1 Technical backstage (malware.lu hack backs of APT1 servers) (opens new window)Automatic Analysis of Malware Behavior using Machine Learning (opens new window)BitShred - Fast, Scalable Code Reuse Detection in Binary Code (opens new window)BitShred - Fast, Scalable Malware Triage (opens new window)Deobfuscating Embedded Malware using Probable-Plaintext Attacks (opens new window)Escape from Monkey Island - Evading High-Interaction Honeyclients (opens new window)Eureka - A framework for enabling static malware analysis (opens new window)Extraction of Statistically Significant Malware Behaviors (opens new window)Fast Automated Unpacking and Classification of Malware (opens new window)FIRMA - Malware Clustering and Network Signature Generation with Mixed Network Behaviors (opens new window)FuncTracker - Discovering Shared Code (to aid malware forensics) - slides (opens new window)FuncTracker - Discovering Shared Code to Aid Malware Forensics Extended Abstract (opens new window)Malware files clustering based on file geometry and visualization using R language (opens new window)Mobile Malware Detection Based on Energy Fingerprints — A Dead End (opens new window)Polonium - Tera-Scale Graph Mining for Malware Detection (opens new window)Putting out a HIT - Crowdsourcing Malware Installs (opens new window)Scalable Fine-grained Behavioral Clustering of HTTP-based Malware (opens new window)Selecting Features to Classify Malware (opens new window) by Karthik RamanSigMal - A Static Signal Processing Based Malware Triage (opens new window)Tracking Memory Writes for Malware Classification and Code Reuse Identification (opens new window)Using File Relationships in Malware Classification (opens new window)VAMO - Towards a Fully Automated Malware Clustering Validity Analysis (opens new window)数据收集Crawling BitTorrent DHTs for Fun and Profit (opens new window)CyberProbe - Towards Internet-Scale Active Detection of Malicious Servers (opens new window)Demystifying service discovery - Implementing an internet-wide scanner (opens new window)gitDigger - Creating useful wordlists from GitHub (opens new window)PoisonAmplifier - A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks (opens new window)ZMap - Fast Internet-Wide Scanning and its Security Applications (slides) (opens new window)ZMap - Fast Internet-Wide Scanning and its Security Applications (opens new window)漏洞分析/逆向A Preliminary Analysis of Vulnerability Scores for Attacks in Wild (opens new window)Attacker Economics for Internet-scale Vulnerability Risk Assessment (opens new window)Detecting Logic Vulnerabilities in E-Commerce Applications (opens new window)ReDeBug - Finding Unpatched Code Clones in Entire OS Distributions (opens new window)The Classification of Valuable Data in an Assumption of Breach Paradigm (opens new window)Toward Black-Box Detection of Logic Flaws in Web Applications (opens new window)Vulnerability Extrapolation - Assisted Discovery of Vulnerabilities using Machine Learning - slides (opens new window)Vulnerability Extrapolation - Assisted Discovery of Vulnerabilities using Machine Learning (opens new window)匿名/隐私/审查Anonymous Hacking Group – #OpNewblood Super Secret Security Handbook (opens new window)Detecting Traffic Snooping in Tor Using Decoys (opens new window)Risks and Realization of HTTPS Traffic Analysis (opens new window)Selling Off Privacy at Auction (opens new window)The Sniper Attack - Anonymously Deanonymizing and Disabling the Tor Network (opens new window)The Velocity of Censorship - High-Fidelity Detection of Microblog Post Deletions - slides (opens new window)The Velocity of Censorship - High-Fidelity Detection of Microblog Post Deletions (opens new window)Tor vs. NSA (opens new window)数据挖掘An Exploration of Geolocation and Traffic Visualization Using Network Flows to Aid in Cyber Defense (opens new window)DSpin - Detecting Automatically Spun Content on the Web (opens new window)Gyrus - A Framework for User-Intent Monitoring of Text-Based Networked Applications (opens new window)Indexing Million of Packets per Second using GPUs (opens new window)Multi-Label Learning with Millions of Labels - Recommending Advertiser Bid Phrases for Web Pages (opens new window)Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework (opens new window)Shingled Graph Disassembly - Finding the Undecideable Path (opens new window)Synoptic Graphlet - Bridging the Gap between Supervised and Unsupervised Profiling of Host-level Network Traffic (opens new window)APT与网络犯罪Connected Colors - Unveiling the Structure of Criminal Networks (opens new window)Image Matching for Branding Phishing Kit Images - slides (opens new window)Image Matching for Branding Phishing Kit Images (opens new window)Inside a Targeted Point-of-Sale Data Breach (opens new window)Investigating Advanced Persistent Threat 1 (APT1) (opens new window)Measuring pay-per-install - the Commoditization of Malware Distribution (opens new window)Scambaiter - Understanding Targeted Nigerian Scams on Craigslist (opens new window)Sherlock Holmes and the Case of the Advanced Persistent Threat (opens new window)The Role of the Underground Market in Twitter Spam and Abuse (opens new window)The Tangled Web of Password Reuse (opens new window)Trafficking Fraudulent Accounts - The Role of the Underground Market in Twitter Spam and Abuse (opens new window)CND/CNA/CNE/CNO Amplification Hell - Revisiting Network Protocols for DDoS Abuse (opens new window)Defending The Enterprise, the Russian Way (opens new window)Protecting a Moving Target - Addressing Web Application Concept Drift (opens new window)Timing of Cyber Conflict (opens new window) 深度学习与网络安全A Deep Learning Approach for Network Intrusion Detection System (opens new window)A Hybrid Malicious Code Detection Method based on Deep Learning (opens new window)A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks (opens new window)A Multi-task Learning Model for Malware Classification with Useful File Access Pattern from API Call Sequence (opens new window)A Novel LSTM-RNN Decoding Algorithm in CAPTCHA Recognition (opens new window) (Short paper)An Analysis of Recurrent Neural Networks for Botnet Detection Behavior (opens new window)Application of Recurrent Neural Networks for User Verification based on Keystroke Dynamics (opens new window)Applications of Deep Learning On Traffic Identification (opens new window) (video: here (opens new window))Combining Restricted Boltzmann Machine and One Side Perceptron for Malware Detection (opens new window)Comparison Deep Learning Method to Traditional Methods Using for Network Intrusion Detection (opens new window) (short paper)Convolutional Neural Networks for Malware Classification (opens new window) (THESIS)Deep Learning Approach for Network Intrusion Detection in Software Defined Networking (opens new window)Deep Learning for Classification of Malware System Call Sequences (opens new window)Deep Learning for Zero-day Flash Malware Detection (opens new window) (Short Paper)Deep Learning is a Good Steganalysis Tool When Embedding Key is Reused for Different Images, even if there is a cover source mismatch (opens new window)Deep Learning-based Feature Selection for Intrusion Detection System in Transport Layer (opens new window) (Short Paper)Deep Neural Network Based Malware Detection using Two Dimensional Binary Program Features (opens new window)DeepDGA: Adversarially-Tuned Domain Generation and Detection (opens new window)DeepSign: Deep Learning for Automatic Malware Signature Generation and Classification (opens new window)DL4MD: A Deep Learning Framework for Intelligent Malware Detection (opens new window)Droid-Sec: Deep Learning in Android Malware Detection (opens new window)DroidDetector: Android Malware Characterization and Detection using Deep Learning (opens new window)HADM: Hybrid Analysis for Detection of Malware (opens new window)Identifying Top Sellers In Underground Economy Using Deep Learning-based Sentiment Analysis (opens new window)Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security (opens new window)Large-scale Malware Classification using Random Projections and Neural Networks (opens new window)Learning a Static Analyzer: A Case Study on a Toy Language (opens new window)Learning Spam Features using Restricted Boltzmann Machines (opens new window)Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection (opens new window)LSTM-based System-call Language Modeling and Robust Ensemble Method for Designing Host-based Intrusion Detection Systems (opens new window)Malware Classification on Time Series Data Through Machine Learning (opens new window) (THESIS)Malware Classification with Recurrent Networks (opens new window)Malware Detection with Deep Neural Network using Process Behavior (opens new window)MS-LSTM: a Multi-Scale LSTM Model for BGP Anomaly Detection (opens new window)MtNet: A Multi-Task Neural Network for Dynamic Malware Classification (opens new window)Network Anomaly Detection with the Restricted Boltzmann Machine (opens new window)Predicting Domain Generation Algorithms with Long Short-Term Memory Networks (opens new window)Recognizing Functions in Binaries with Neural Networks (opens new window)The Limitations of Deep Learning in Adversarial Settings (opens new window)Toward large-scale vulnerability discovery using Machine Learning (opens new window)