A virtual honeypot framework

A hybrid quarantine defense

Proceedings of the 2004 ACM workshop on Rapid malcode

Design of network security projects using honeypots

Journal of Computing Sciences in Colleges

Remote Physical Device Fingerprinting

IEEE Transactions on Dependable and Secure Computing

Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Proceedings of the twentieth ACM symposium on Operating systems principles

The monitoring and early detection of internet worms

IEEE/ACM Transactions on Networking (TON)

Can machine learning be secure?

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security

Using VMM-based sensors to monitor honeypots

Proceedings of the 2nd international conference on Virtual execution environments

Simulating non-scanning worms on peer-to-peer networks

InfoScale '06 Proceedings of the 1st international conference on Scalable information systems

On the performance of internet worm scanning strategies

Performance Evaluation

A multifaceted approach to understanding the botnet phenomenon

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement

An effective defense against email spam laundering

Proceedings of the 13th ACM conference on Computer and communications security

Replayer: automatic protocol replay by binary analysis

Proceedings of the 13th ACM conference on Computer and communications security

Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006

SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots

Computer Networks: The International Journal of Computer and Telecommunications Networking

Collapsar: a VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention

Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems

Data reduction for the scalable automated analysis of distributed darknet traffic

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement

HoneySpam: honeypots fighting spam at the source

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop

Tracking the role of adversaries in measuring unwanted traffic

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2

Collapsar: a VM-based architecture for network attack detention center

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

An architecture for generating semantics-aware signatures

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14

Detecting targeted attacks using shadow honeypots

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14

An Automated Signature-Based Approach against Polymorphic Internet Worms

IEEE Transactions on Parallel and Distributed Systems

Learning network structure from passive measurements

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

Honey@home: a new approach to large-scale threat monitoring

Proceedings of the 2007 ACM workshop on Recurring malcode

Hacker Curriculum: How Hackers Learn Networking

IEEE Distributed Systems Online

An advanced hybrid peer-to-peer botnet

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets

Active behavioral fingerprinting of wireless devices

WiSec '08 Proceedings of the first ACM conference on Wireless network security

Data base support for intrusion detection with honeynets

TELE-INFO'07 Proceedings of the 6th WSEAS Int. Conference on Telecommunications and Informatics

Analyzing network and content characteristics of spim using honeypots

SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet

Events can make sense

ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference

Secure or insure?: a game-theoretic analysis of information security games

Proceedings of the 17th international conference on World Wide Web

Spamulator: the Internet on a laptop

Proceedings of the 13th annual conference on Innovation and technology in computer science education

Ghost turns zombie: exploring the life cycle of web-based malware

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats

Security Through Deception

Information Systems Security

Network discovery from passive measurements

Proceedings of the ACM SIGCOMM 2008 conference on Data communication

Distributed Evasive Scan Techniques and Countermeasures

DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

VCSTC: Virtual Cyber Security Testing Capability --- An Application Oriented Paradigm for Network Infrastructure Protection

TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop

A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems

DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Vigilante: End-to-end containment of Internet worm epidemics

ACM Transactions on Computer Systems (TOCS)

Thwarting E-mail Spam Laundering

ACM Transactions on Information and System Security (TISSEC)

A data mining approach for analysis of worm activity through automatic signature generation

Proceedings of the 1st ACM workshop on Workshop on AISec

Hiding "real" machine from attackers and malware with a minimal virtual machine monitor

Proceedings of the 4th international conference on Security and privacy in communication netowrks

Intrusion Prevention in Information Systems: Reactive and Proactive Responses

Journal of Management Information Systems

Panic passwords: authenticating under duress

HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security

To catch a predator: a natural language approach for eliciting malicious payloads

SS'08 Proceedings of the 17th conference on Security symposium

Automating analysis of large-scale botnet probing events

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

Simulating cyber-attacks for fun and profit

Proceedings of the 2nd International Conference on Simulation Tools and Techniques

An Attacker-Defender Game for Honeynets

COCOON '09 Proceedings of the 15th Annual International Conference on Computing and Combinatorics

Geolocalization of proxied services and its application to fast-flux hidden servers

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference

The WOMBAT Attack Attribution Method: Some Results

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security

Honeypot detection in advanced botnet attacks

International Journal of Information and Computer Security

honeyM: a framework for implementing virtual honeyclients for mobile devices

Proceedings of the third ACM conference on Wireless network security

"Out-of-the-Box" monitoring of VM-based high-interaction honeypots

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Vortex: enabling cooperative selective wormholing for network security systems

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Empirical study of the impact of metasploit-related attacks in 4 years of attack traces

ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security

Collecting autonomous spreading malware using high-interaction honeypots

ICICS'07 Proceedings of the 9th international conference on Information and communications security

References

Dependability metrics

Policy-based security configuration management application to intrusion detection and prevention

ICC'09 Proceedings of the 2009 IEEE international conference on Communications

Measurement and diagnosis of address misconfigured P2P traffic

INFOCOM'10 Proceedings of the 29th conference on Information communications

MitiBox: camouflage and deception for network scan mitigation

HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security

The limits of automatic OS fingerprint generation

Proceedings of the 3rd ACM workshop on Artificial intelligence and security

A cost-based analysis of intrusion detection system configuration under active or passive response

Decision Support Systems

Honeypot trace forensics: The observation viewpoint matters

Future Generation Computer Systems

Heat-seeking honeypots: design and experience

Proceedings of the 20th international conference on World wide web

Set-up and deployment of a high-interaction honeypot: experiment and lessons learned

Journal in Computer Virology

Exposing the lack of privacy in file hosting services

LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats

A practical and light-weight data capture tool for Xen virtual machine

ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science

nicter: a large-scale network incident analysis system: case studies for understanding threat landscape

Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security

Fast quarantining of proactive worms in unstructured P2P networks

Journal of Network and Computer Applications

Honeynet games: a game theoretic approach to defending network monitors

Journal of Combinatorial Optimization

These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security

TRUMANBOX: improving dynamic malware analysis by emulating the internet

SSS'11 Proceedings of the 13th international conference on Stabilization, safety, and security of distributed systems

Virtual playgrounds for worm behavior investigation

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

A dynamic mechanism for recovering from buffer overflow attacks

ISC'05 Proceedings of the 8th international conference on Information Security

The nepenthes platform: an efficient approach to collect malware

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptgen based honeypots

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Fast and evasive attacks: highlighting the challenges ahead

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Resettable public-key encryption: how to encrypt on a virtual machine

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology

Towards detection of botnet communication through social media by monitoring user activity

ICISS'11 Proceedings of the 7th international conference on Information Systems Security

Detecting traffic snooping in tor using decoys

RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection

Using active intrusion detection to recover network trust

LISA'11 Proceedings of the 25th international conference on Large Installation System Administration

A framework for attack patterns' discovery in honeynet data

Digital Investigation: The International Journal of Digital Forensics & Incident Response

False Positives: False positive response

Network Security

Security & SDLC: The 'phasing-in' of security governance in the SDLC

Network Security

Exploring the ecosystem of referrer-anonymizing services

PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies

Fast dynamic extracted honeypots in cloud computing

Proceedings of the 2012 ACM Workshop on Cloud computing security workshop

Detection of botnets before activation: an enhanced honeypot system for intentional infection and behavioral observation of malware

Security and Communication Networks

Bot detection evasion: a case study on local-host alert correlation bot detection methods

Security and Communication Networks

BotMosaic: Collaborative network watermark for the detection of IRC-based botnets

Journal of Systems and Software

Botnets: A survey

Computer Networks: The International Journal of Computer and Telecommunications Networking

Machine-oriented biometrics and cocooning for dynamic network defense

Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Testing large-scale cloud management

IBM Journal of Research and Development

Survey and taxonomy of botnet research through life-cycle

ACM Computing Surveys (CSUR)

POSTER: Reflected attacks abusing honeypots

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Explicit authentication response considered harmful

Proceedings of the 2013 workshop on New security paradigms workshop

Modeling and evaluating of typical advanced peer-to-peer botnet

Performance Evaluation