The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
Computer Security in the Real World
Computer
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Proceedings of the 4th ACM workshop on Recurring malcode
Spam double-funnel: connecting web spammers with advertisers
Proceedings of the 16th international conference on World Wide Web
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Dryad: distributed data-parallel programs from sequential building blocks
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
An Evaluation of How Search Engines Respond to Greek Language Queries
HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
A large-scale study of automated web search traffic
AIRWeb '08 Proceedings of the 4th international workshop on Adversarial information retrieval on the web
Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing
Financial Cryptography and Data Security
SBotMiner: large scale search bot detection
Proceedings of the third ACM international conference on Web search and data mining
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Heat-seeking honeypots: design and experience
Proceedings of the 20th international conference on World wide web
Privacy revelations for web and mobile apps
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
deSEO: combating search-result poisoning
SEC'11 Proceedings of the 20th USENIX conference on Security
Populated IP addresses: classification and applications
Proceedings of the 2012 ACM conference on Computer and communications security
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
| Hi-index | 0.00 |
Search engines not only assist normal users, but also provide information that hackers and other malicious entities can exploit in their nefarious activities. With carefully crafted search queries, attackers can gather information such as email addresses and misconfigured or even vulnerable servers. We present SearchAudit, a framework that identifies malicious queries from massive search engine logs in order to uncover their relationship with potential attacks. SearchAudit takes in a small set of malicious queries as seed, expands the set using search logs, and generates regular expressions for detecting new malicious queries. For instance, we show that, relying on just 500 malicious queries as seed, SearchAudit discovers an additional 4 million distinct malicious queries and thousands of vulnerable Web sites. In addition, SearchAudit reveals a series of phishing attacks from more than 400 phishing domains that compromised a large number of Windows Live Messenger user credentials. Thus, we believe that SearchAudit can serve as a useful tool for identifying and preventing a wide class of attacks in their early phases.