Measuring and modeling the label dynamics of online {Anti-Malware} engines
VirusTotal provides malware labels from a large set of anti-malware engines, and is heavily
used by researchers for malware annotation and system evaluation. Since different engines …
used by researchers for malware annotation and system evaluation. Since different engines …
Fingerprinting the fingerprinters: Learning to detect browser fingerprinting behaviors
Browser fingerprinting is an invasive and opaque stateless tracking technique. Browser
vendors, academics, and standards bodies have long struggled to provide meaningful …
vendors, academics, and standards bodies have long struggled to provide meaningful …
System-Level Data Management for Endpoint Advanced Persistent Threat Detection: Issues, Challenges and Trends
Advanced persistent threat (APT) attacks pose significant security threats to governments
and large enterprises. Endpoint detection and response (EDR) methods, which are standard …
and large enterprises. Endpoint detection and response (EDR) methods, which are standard …
Opening the blackbox of virustotal: Analyzing online phishing scan engines
Online scan engines such as VirusTotal are heavily used by researchers to label malicious
URLs and files. Unfortunately, it is not well understood how the labels are generated and …
URLs and files. Unfortunately, it is not well understood how the labels are generated and …
Sok: History is a vast early warning system: Auditing the provenance of system intrusions
Auditing, a central pillar of operating system security, has only recently come into its own as
an active area of public research. This resurgent interest is due in large part to the notion of …
an active area of public research. This resurgent interest is due in large part to the notion of …
Adgraph: A graph-based approach to ad and tracker blocking
User demand for blocking advertising and tracking online is large and growing. Existing
tools, both deployed and described in research, have proven useful, but lack either the …
tools, both deployed and described in research, have proven useful, but lack either the …
{SEAL}: Storage-efficient causality analysis on enterprise logs with query-friendly compression
Causality analysis automates attack forensic and facilitates behavioral detection by
associating causally related but temporally distant system events. Despite its proven …
associating causally related but temporally distant system events. Despite its proven …
Visiblev8: In-browser monitoring of javascript in the wild
J Jueckstock, A Kapravelos - Proceedings of the Internet Measurement …, 2019 - dl.acm.org
Modern web security and privacy research depends on accurate measurement of an often
evasive and hostile web. No longer just a network of static, hyperlinked documents, the …
evasive and hostile web. No longer just a network of static, hyperlinked documents, the …
Wtagraph: Web tracking and advertising detection using graph neural networks
Web tracking and advertising (WTA) nowadays are ubiquitously performed on the web,
continuously compromising users' privacy. Existing defense solutions, such as widely …
continuously compromising users' privacy. Existing defense solutions, such as widely …
What you see is not what you get: Discovering and tracking social engineering attack campaigns
Malicious ads often use social engineering (SE) tactics to coax users into downloading
unwanted software, purchasing fake products or services, or giving up valuable personal …
unwanted software, purchasing fake products or services, or giving up valuable personal …