Detecting malicious network traffic using inverse distributions of packet contents
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
Automatic diagnosis and response to memory corruption vulnerabilities
Proceedings of the 12th ACM conference on Computer and communications security
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
Design space and analysis of worm defense strategies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Exploit hijacking: side effects of smart defenses
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Polymorphic worm detection and defense: system design, experimental methodology, and data resources
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Approximate fingerprinting to accelerate pattern matching
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Efficient sequence alignment of network traffic
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM workshop on Recurring malcode
Profiling self-propagating worms via behavioral footprinting
Proceedings of the 4th ACM workshop on Recurring malcode
Proceedings of the 4th ACM workshop on Recurring malcode
Signature metrics for accurate and automated worm detection
Proceedings of the 4th ACM workshop on Recurring malcode
Protomatching network traffic for high throughputnetwork intrusion detection
Proceedings of the 13th ACM conference on Computer and communications security
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
A drawback of current anti-virus simulations: the need for background traffic
Proceedings of the 44th annual Southeast regional conference
Analyzing network traffic to detect self-decrypting exploit code
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Future internet: fundamentals and measurement
ACM SIGCOMM Computer Communication Review
Memory-efficient content filtering hardware for high-speed intrusion detection systems
Proceedings of the 2007 ACM symposium on Applied computing
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
DAW: A Distributed Antiworm System
IEEE Transactions on Parallel and Distributed Systems
Sweeper: a lightweight end-to-end system for defending against fast worms
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
On the infeasibility of modeling polymorphic shellcode
Proceedings of the 14th ACM conference on Computer and communications security
Evaluation of collaborative worm containment on the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Cognitive enhancements to support dependability
HotDep'07 Proceedings of the 3rd workshop on on Hot Topics in System Dependability
Catch me, if you can: evading network signatures with web-based polymorphic worms
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Noninvasive Methods for Host Certification
ACM Transactions on Information and System Security (TISSEC)
A scalable multi-level feature extraction technique to detect malicious executables
Information Systems Frontiers
Syntax vs. semantics: competing approaches to dynamic network intrusion detection
International Journal of Security and Networks
Detecting worm variants using machine learning
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
LISABETH: automated content-based signature generator for zero-day polymorphic worms
Proceedings of the fourth international workshop on Software engineering for secure systems
Detecting energy-greedy anomalies and mobile malware variants
Proceedings of the 6th international conference on Mobile systems, applications, and services
Polymorphic worm detection using token-pair signatures
Proceedings of the 4th international workshop on Security, privacy and trust in pervasive and ubiquitous computing
Exploiting machine learning to subvert your spam filter
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Spectator: detection and containment of JavaScript worms
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Automata-Theoretic Analysis of Bit-Split Languages for Packet Scanning
CIAA '08 Proceedings of the 13th international conference on Implementation and Applications of Automata
Towards Automatically Generating Double-Free Vulnerability Signatures Using Petri Nets
ISC '08 Proceedings of the 11th international conference on Information Security
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Fast and Black-box Exploit Detection and Signature Generation for Commodity Software
ACM Transactions on Information and System Security (TISSEC)
Open problems in the security of learning
Proceedings of the 1st ACM workshop on Workshop on AISec
A data mining approach for analysis of worm activity through automatic signature generation
Proceedings of the 1st ACM workshop on Workshop on AISec
The Design and Testing of Automated Signature Generation Engine for Worms Detection
KES-AMSTA '07 Proceedings of the 1st KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications
A Novel Worm Detection Model Based on Host Packet Behavior Ranking
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Online Network Forensics for Automatic Repair Validation
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
A Distributed Framework for the Detection of New Worm-Related Malware
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
To catch a predator: a natural language approach for eliciting malicious payloads
SS'08 Proceedings of the 17th conference on Security symposium
A rough set approach for automatic key attributes identification of zero-day polymorphic worms
Expert Systems with Applications: An International Journal
An architecture of unknown attack detection system against zero-day worm
ACS'08 Proceedings of the 8th conference on Applied computer scince
Targeting spam control on middleboxes: Spam detection based on layer-3 e-mail content classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hardening Botnet by a Rational Botmaster
Information Security and Cryptology
Extending finite automata to efficiently match Perl-compatible regular expressions
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Performance Improvement by Means of Collaboration between Network Intrusion Detection Systems
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Using automatic signature generation as a sensor backend
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Malyzer: Defeating Anti-detection for Application-Level Malware Analysis
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
A hardware platform for efficient worm outbreak detection
ACM Transactions on Design Automation of Electronic Systems (TODAES)
When gossip is good: distributed probabilistic inference for detection of slow network intrusions
AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
Journal of Systems and Software
Learning and multiagent reasoning for autonomous agents
IJCAI'07 Proceedings of the 20th international joint conference on Artifical intelligence
ANTIDOTE: understanding and defending against poisoning of anomaly detectors
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Adaptive Anomaly Detection via Self-calibration and Dynamic Updating
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Automatic Generation of String Signatures for Malware Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
A case study of unknown attack detection against zero-day worm in the honeynet environment
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 3
Feature based techniques for auto-detection of novel email worms
PAKDD'07 Proceedings of the 11th Pacific-Asia conference on Advances in knowledge discovery and data mining
PolyI-D: polymorphic worm detection based on instruction distribution
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Botzilla: detecting the "phoning home" of malicious software
Proceedings of the 2010 ACM Symposium on Applied Computing
Emulation-based detection of non-self-contained polymorphic shellcode
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Advanced allergy attacks: does a corpus really help
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Toward sound-assisted intrusion detection systems
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
SWorD: a simple worm detection scheme
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
PROBE: a process behavior-based host intrusion prevention system
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Probabilistic identification for hard to classify protocol
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Thwarting zero-day polymorphic worms with network-level length-based signature generation
IEEE/ACM Transactions on Networking (TON)
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
An automated signature generation approach for polymorphic worm based on color coding
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A behaviour study of network-aware stealthy worms
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Design of a multi_agent system for worm spreading_reduction
Journal of Intelligent Information Systems
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Machine learning in adversarial environments
Machine Learning
Mimimorphism: a new approach to binary code obfuscation
Proceedings of the 17th ACM conference on Computer and communications security
Behavior-based worm detectors compared
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Network intrusion detection with semantics-aware capability
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Searching the searchers with searchaudit
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Automatic generation of remediation procedures for malware infections
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Summary-invisible networking: techniques and defenses
ISC'10 Proceedings of the 13th international conference on Information security
ARROW: GenerAting SignatuRes to Detect DRive-By DOWnloads
Proceedings of the 20th international conference on World wide web
Cloud-based malware detection for evolving data streams
ACM Transactions on Management Information Systems (TMIS)
Fast, memory-efficient regular expression matching with NFA-OBDDs
Computer Networks: The International Journal of Computer and Telecommunications Networking
ZOZZLE: fast and precise in-browser JavaScript malware detection
SEC'11 Proceedings of the 20th USENIX conference on Security
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
Comparing files using structural entropy
Journal in Computer Virology
Network–Level polymorphic shellcode detection using emulation
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Graph based signature classes for detecting polymorphic worms via content analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
On the limits of cyber-insurance
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Virtual playgrounds for worm behavior investigation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Automatic protocol signature generation framework for deep packet inspection
Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools
Journal of Network and Computer Applications
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Using purpose capturing signatures to defeat computer virus mutating
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Allergy attack against automatic signature generation
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Paragraph: thwarting signature learning by training maliciously
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
SafeCard: a gigabit IPS on the network card
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Adaptive detection of local scanners
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Re-wiring activity of malicious networks
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Adversarial support vector machine learning
Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining
Mal-ID: automatic malware detection using common segment analysis and meta-features
The Journal of Machine Learning Research
AutoDunt: dynamic latent dependence analysis for detection of zero day vulnerability
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Frankenstein: stitching malware from benign binaries
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Towards automatic assembly of privacy-preserved intrusion signatures
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Polymorphic worms detection using Extended PolyTree
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Generating simplified regular expression signatures for polymorphic worms
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
A practical approach for detecting executable codes in network traffic
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
Argumentation logic to assist in security administration
Proceedings of the 2012 workshop on New security paradigms
Scalable fine-grained behavioral clustering of HTTP-based malware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Unsupervised traffic classification using flow statistical properties and IP packet payload
Journal of Computer and System Sciences
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Proceedings of the ACM International Conference on Computing Frontiers
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Approaches to adversarial drift
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
ProVeX: detecting botnets with encrypted command and control channels
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
ExecScent: mining for new C&C domains in live networks with adaptive control protocol templates
SEC'13 Proceedings of the 22nd USENIX conference on Security
Automated signature extraction for high volume attacks
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
CBSTM: Cloud-based Behavior Similarity Transmission Method to Detect Industrial Worms
Proceedings of the Second International Conference on Innovative Computing and Cloud Computing
Design and Implementation of a Data Mining System for Malware Detection
Journal of Integrated Design & Process Science
| Hi-index | 0.01 |
Host-based intrusion detection systems attempt to identify attacks by discovering program behaviors that deviate from expected patterns. While the idea of performing behavior validation on-the-fly and terminating errant tasks as soon as a violation is ...