According to the recent studies, malicious software (malware) is increasing at an alarming
rate, and some malware can hide in the system by using different obfuscation techniques. In …

Binary code similarityapproaches compare two or more pieces of binary code to identify their
similarities and differences. The ability to compare binary code enables many real-world …

Labeling a malicious executable as a variant of a known family is important for security
applications such as triage, lineage, and for building reference datasets in turn used for …

A processing device in one embodiment comprises a processor coupled to a memory and is
configured to obtain internal log data of a computer network of an enterprise, to extract …

Identifying threats contained within encrypted network traffic poses a unique set of
challenges. It is important to monitor this traffic for threats and malware, but do so in a way …

(57) ABSTRACT A method for identifying a botnet in a network, including analyzing historical
network data using a pre-determined heuristic to determine values of a feature in the …

The use of TLS by malware poses new challenges to network threat detection because
traditional pattern-matching techniques can no longer be applied to its messages. However …

The execution of malware in an instrumented sandbox is a widespread approach for the
analysis of malicious code, largely because it sidesteps the difficulties involved in the static …

mart home devices are vulnerable to passive inference attacks based on network traffic,
even in the presence of encryption. In this paper, we present PINGPONG, a tool that can …

Abstract The Domain Name System (DNS) is an essential protocol used by both legitimate
Internet applications and cyber attacks. For example, botnets rely on DNS to support agile …