I’ve got a number of papers that I typically share with students in my class. I’ve selected these because I think they’re interesting, not necessarily because they’re the most current on the various topics. I gather these from a variety of sources including Usenix (I’m a huge Usenix fan, though I haven’t been able to attend any of the conferences lately), DefCon and BlackHat. There are also a number of authors I stalk, er, track. One of them is Vern Paxson – you’ll see that several of the papers below have his name on them.
“Measuring Pay-per-Install: The Commoditization of Malware Distribution“, by Juan Caballero, IMDEA Software Institute; Chris Grier, Christian Kreibich, and Vern Paxson, University of California, Berkeley. This talks about the ways that miscreants can pay for installation of malware.
“The Nuts and Bolts of a Forum Spam Automator” by Youngsang Shin, Minaxi Gupta, Steven Myers, School of Informatics and Computing, Indiana University discusses a highly automated forum spam automator. I get a chuckle out of thinking of competing automated systems posting spam to web forums in response to each other’s postings, and of automated systems trying to detect the same and remove the spam and block the posters…
This one is fun: “SkyNET: a 3G-enabled mobile attack drone and stealth botmaster“, by Theodore Reed, Joseph Geis and Sven Dietrich, all of the Stevens Institute of Technology. Follow up by watching the Terminator movies… 🙂
“An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants” by Jason Franklin (Carnegie Mellon University), Adrian Perrig (Cylab/CMU), Vern Paxson (ICSI), and Stefan Savage (UC San Diego) discusses how miscreants on the Internet get their $$. Great paper, must read! The title is a play on the title of a book by Adam Smith: “An Inquiry into the Nature and Causes of the Wealth of Nations“.
“The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments” by Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, and John F. Farrell (all of the NSA) argues that the security of modern systems depends on having secure operating systems. Which we (still) mostly don’t have.
“Manufacturing Compromise: The Emergence of Exploit-as-a-Service” by Chris Grier (UC Berkeley), Lucas Ballard (Google), Juan Caballero (IMDEA), Neha Chachra (UC San Diego), Christian J. Dietrich (University of Applied Sciences Gelsenkirchen), Kirill Levchenko (UC San Diego), Panayiotis Mavrommatis (Google), Damon McCoy (George Mason University), Antonio Nappa (IMDEA), Andreas Pitsillidis (ICSI), Niels Provos (Google), M. Zubair Rafique (IMDEA), Moheeb Abu Rajab (Google), Christian Rossow (University of Applied Sciences Gelsenkirchen), Kurt Thomas (UC Berkeley), Vern Paxson (UC Berkeley, ICSI), Stefan Savage (ICSI) and Geoffrey M. Voelker (UC San Diego) (whew!) investigates the use of browse drive-by infections in the underground economy.
“What’s Clicking What? Techniques and Innovations of Today’s Clickbots” by Brad Miller (UC Berkeley), Paul Pearce (UC Berkeley), and Chris Grier (UC Berkeley, ICSI), Christian Kreibich (ICSI), and Vern Paxson (UC Berkeley and ICSI) talks about click-bots – used to conduct click fraud. Wondering what that is? Read!
“Insights from the Inside: A View of Botnet Management from Infiltration” by Chia Yuan Cho (UC Berkeley), Juan Caballero (Carnegie Mellon University and UC Berkeley), Chris Grier (UC Berkeley), Vern Paxson (UC Berkeley, ICSI), and Dawn Song (UC Berkeley) explores the internal workings of the MegaD botnet, which they infiltrated.
— Steve