Many botnet detection systems employ a blacklist of known command and control (C&C)
domains to detect bots and block their traffic. Similar to signature-based virus detection, such a …

Cross-site scripting (or XSS) has been the most dominant class of web vulnerabilities in
2007. The main underlying reason for XSS vulnerabilities is that web markup and client-side …

Graph modeling allows numerous security problems to be tackled in a general way, however,
little work has been done to understand their ability to withstand adversarial attacks. We …

Any individual that re-registers an expired domain implicitly inherits the residual trust
associated with the domain's prior use. We find that adversaries can, and do, use malicious re-…

Devices infected with malicious software typically form botnet armies under the influence of
one or more command and control (C&C) servers. The botnet problem reached such levels …

Most modern cyber crime leverages the Domain Name System (DNS) to attain high levels of
network agility and make detection of Internet abuse challenging. The majority of malware, …

In this paper, we present an analysis of a new class of domain names: disposable domains.
We observe that popular web applications, along with other Internet services, systematically …

Mobile application markets currently serve as the main line of defense against malicious
applications. While marketplace revocations have successfully removed the few overtly …

The Something Awful Forums (SAF) is an online community comprised of a loosely connected
federation of forums, united in a distinctive brand of humor with a focus on the quality of …

In this paper we study the structure of criminal networks, groups of related malicious infrastructures
that work in concert to provide hosting for criminal activities. We develop a method to …