To catch a predator: A natural language approach for eliciting malicious payloads

Proceedings of the 17th USENIX Security Symposium

Volumn , Issue , 2008, Pages 171-183

  Small, Sam ^a   Mason, Joshua ^a   Monrose, Fabian ^a   Provos, Niels ^b   Stubblefield, Adam ^a  

^a JOHNS HOPKINS UNIVERSITY   (United States)

^b GOOGLE INC   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BOTNET; NETWORK SECURITY;

NATURAL LANGUAGE PROCESSING; NATURAL LANGUAGES; NETWORK TRAFFIC; REAL TIME NETWORK; STATE OF THE ART; STRING ALIGNMENT; WEB APPLICATION; WEB BASED;

NATURAL LANGUAGE PROCESSING SYSTEMS;

EID: 78651523935     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (31)

1. Milw0rm. See http://www.milw0rm.com/.
2. The Spamhaus Project. See http://www.spamhaus.org/.
3. The Google Hack Honeypot, 2005. See http://ghh.sourceforge.net/.
4. th USENIX Security Symposium, pp. 135–148.
5. BARFORD, P., AND YEGNESWARAN, V. An inside look at botnets. In Advances in Information Security (2007), vol. 27, Springer Verlag, pp. 171–191.
6. BEDDOE, M. The protocol informatics project, 2004.
7. CHEUNG, A. Secunia’s wordpress GBK/Big5 character set”S” SQL injection advisory. See http://secunia.com/advisories/28005/.
8. th USENIX Security Symposium (Boston, MA, August 2007), pp. 199–212.
9. CUI, W., PAXSON, V., WEAVER, N., AND KATZ, R. H. Protocol-independent adaptive replay of application dialog. In Network and Distributed System Security Symposium 2006 (February 2006), Internet Society.
10. CUI, W., PAXSON, V., AND WEAVER, N. C. GQ: Realizing a system to catch worms in a quarter million places. Tech. Rep. TR-06-004, International Computer Science Institute, 2006.
11. DUNLAP, G. W., KING, S. T., CINAR, S., BASRAI, M. A., AND CHEN, P. M. Revirt: enabling intrusion analysis through virtual-machine logging and replay. In Proceedings of the 5th symposium on Operating systems design and implementation (New York, NY, USA, 2002), ACM Press, pp. 211–224.
12. th European Symposium on Research in Computer Security (ESORICS) (September 2005), vol. 3679 of Lecture Notes in Computer Science, pp. 319–335.
13. GU, G., PORRAS, P., YEGNESWARAN, V., FONG, M., AND LEE, W. BotHunter: Detecting malware infection through IDS-driven dialog correlation. In Proceedings of the 16th USENIX Security Symposium (August 2007), pp. 167–182.
14. HOLZ, T., AND RAYNAL, F. Detecting honeypots and other suspicious environments. In Proceedings of the Workshop on Information Assurance and Security (June 2005).
15. Know your enemy: Tracking botnets. Tech. rep., The Honeynet Project and Research Alliance, March 2005. Available from http://www.honeynet.org/papers/bots/.
16. KREIBICH, C., AND CROWCROFT, J. Honeycomb - Creating Intrusion Detection Signatures Using Honeypots. In Proceedings of the Second Workshop on Hot Topics in Networks (Hotnets II) (Boston, November 2003).
17. LEITA, C., DACIER, M., AND MASSICOTTE, F. Automatic handling of protocol dependencies and reaction to 0-day attacks with ScriptGen based honeypots. In RAID(2006), D. Zamboni and C. Krügel, Eds., vol. 4219 of Lecture Notes in Computer Science, Springer, pp. 185–205.
18. st Annual Computer Security Applications Conference (December 2005), pp. 203–214.
19. NEEDLEMAN, S. B., AND WUNSCH, C. D. A general method applicable to the search for similarities in the amino acid sequence of two proteins. Journal of Molecular Biology, 48 (1970), 443–453.
20. NEWSOME, J., KARP, B., AND SONG, D. Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the 2005 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2005), IEEE Computer Society, pp. 226–241.
21. NEWSOME, J., AND SONG, D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium (2005).
22. PANG, R., YEGNESWARAN, V., BARFORD, P., PAXSON, V., AND PETERSON, L. Characteristics of Internet background radiation, October 2004.
23. th USENIX Security Symposium (August 2004), pp. 1–14.
24. th ACM workshop on Recurring malcode (New York, NY, USA, 2006), ACM, pp. 1–8.
25. PROVOS, N., MCNAMEE, D., MAVROMMATIS, P., WANG, K., AND MODADUGU, N. The ghost in the browser: Analysis of web-based malware. In Usenix Workshop on Hot Topics in Botnets (HotBots) (2007).
26. RAJAB, M. A., ZARFOSS, J., MONROSE, F., AND TERZIS, A. A multifaceted approach to understanding the botnet phenomenon. In Proceedings of ACM SIGCOMM/USENIX Internet Measurement Conference (October 2006), ACM, pp. 41–52.
27. RAJAB, M. A., ZARFOSS, J., MONROSE, F., AND TERZIS, A. My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging. In Proceedings of the first USENIX workshop on hot topics in Botnets (HotBots’07). (April 2007).
28. RIDEN, J., MCGEEHAN, R., ENGERT, B., AND MUETER, M. Know your enemy: Web application threats, February 2007.
29. TATA, S., AND PATEL, J. Estimating the selectivity of TF-IDF based cosine similarity predicates. SIGMOD Record 36, 2 (June 2007).
30. WITTEN, I. H., AND BELL, T. C. The zero-frequency problem: Estimating the probabilities of novel events in adaptive text compression. IEEE Transactions on Information Theory 37, 4 (1991), 1085–1094.
31. th USENIX Security Symposium (Baltimore, MD, USA, Aug. 2005), pp. 97–112.