Today, the Internet security community largely emphasizes cyberspace monitoring for the
purpose of generating cyber intelligence. In this paper, we present a survey on darknet. The …

In network intrusion detection research, one popular strategy for finding attacks is monitoring
a network's activity for anomalies: deviations from profiles of normality previously learned …

Connectivity in today's enterprise networks is regulated by a combination of complex routing
and bridging policies, along with various interdiction mechanisms such as ACLs, packet …

This paper studies the network-level behavior of spammers, including: IP address ranges
that send the most spam, common spamming modes (eg, BGP route hijacking, bots), how …

Antivirus software is one of the most widely used tools for detecting and stop** malicious
and unwanted files. However, the long term effectiveness of traditional host-based antivirus …

The continued growth and diversification of the Internet has been accompanied by an
increasing prevalence of attacks and intrusions [40]. It can be argued, however, that a …

The monitoring of packets destined for routeable, yet unused, Internet addresses has proved
to be a useful technique for measuring a variety of specific Internet phenomenon (eg, worms …

A key step in the semantic analysis of network traffic is to parse the traffic stream according
to the high-level protocols it contains. This process transforms raw bytes into structured …

Annotating Internet interconnections with robust physical coordinates at the level of a
building facilitates network management including interdomain troubleshooting, but also has …

Botnets dominate today's attack landscape. In this work we investigate ways to analyze
collections of malicious probing traffic in order to understand the significance of large-scale" …