|
1. McGraw, G., Software security. Security & Privacy, IEEE, 2004. 2(2): p. 80-83. 2. Oehlert, P., Violating assumptions with fuzzing. Security & Privacy, IEEE, 2005. 3(2): p. 58-62. 3. Ganesh, V., T. Leek, and M. Rinard. Taint-based directed whitebox fuzzing. in Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on. 2009. IEEE. 4. Matenaar, F., et al. CIS: The Crypto Intelligence System for automatic detection and localization of cryptographic functions in current malware. in Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on. 2012. IEEE. 5. Caballero, J., et al. Input generation via decomposition and re-stitching: Finding bugs in malware. in Proceedings of the 17th ACM conference on Computer and communications security. 2010. ACM. 6. Jorge Mieres, K.L.E. Latin American banks under fire from the Mexican VOlk-Botnet. 2012; Available from: http://www.securelist.com/en/blog/208193160/Latin_American_banks_under_fire_from_the_Mexican_VOlk_Botnet2012-10-11. 7. Zhu, Z., et al. Botnet research survey. in Computer Software and Applications, 2008. COMPSAC'08. 32nd Annual IEEE International. 2008. IEEE. 8. Falliere, N. and E. Chien, Zeus: King of the Bots. Retrieved from Security Response Whitepapers Symantec Corp. website: http://www. symantec. com/content/en/us/enterprise/media/security_response/whitepapers/zeus_king_of_bots. pdf, 2009. 9. Wu, Y., et al. Malware network behavior extraction based on dynamic binary analysis. in Software Engineering and Service Science (ICSESS), 2012 IEEE 3rd International Conference on. 2012. IEEE. 10. Wang, P., et al., Honeypot detection in advanced botnet attacks. International Journal of Information and Computer Security, 2010. 4(1): p. 30-51. 11. Dinaburg, A., et al. Ether: malware analysis via hardware virtualization extensions. in Proceedings of the 15th ACM conference on Computer and communications security. 2008. ACM. 12. Moser, A., C. Kruegel, and E. Kirda. Exploring multiple execution paths for malware analysis. in Security and Privacy, 2007. SP'07. IEEE Symposium on. 2007. IEEE. 13. Godefroid, P., N. Klarlund, and K. Sen. DART: directed automated random testing. in ACM Sigplan Notices. 2005. ACM. 14. Egele, M., et al., A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 2012. 44(2): p. 6. 15. Yoshioka, K., et al. Vulnerability in public malware sandbox analysis systems. in Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on. 2010. IEEE. 16. Wang, T., et al. TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection. in Security and Privacy (SP), 2010 IEEE Symposium on. 2010. IEEE. 17. Weaver, A. and P. OWASP, Breaking Botnets: Finding App Vulnerabilities in Botnet Command and Control Servers., 2011. 18. Microsoft identifies two Zeus botnet crime ring suspects. 2012; Available from: http://news.cnet.com/8301-1009_3-57465470-83/microsoft-identifies-two-zeus-botnet-crime-ring-suspects/. 19. The top 10 spam botnets: New and improved. 2010; Available from: http://www.techrepublic.com/blog/10things/the-top-10-spam-botnets-new-and-improved/1373. 20. Oracle Security Alert for CVE-2012-4681. 2012; Available from: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html. 21. Stone-Gross, B., et al., The underground economy of fake antivirus software, in Economics of Information Security and Privacy III. 2013, Springer. p. 55-78. 22. Clarke, T., Fuzzing for software vulnerability discovery. Department of Mathematic, Royal Holloway, University of London, Tech. Rep. RHUL-MA-2009-4, 2009. 23. Bekrar, S., et al. Finding software vulnerabilities by smart fuzzing. in Software Testing, Verification and Validation (ICST), 2011 IEEE Fourth International Conference on. 2011. IEEE. 24. Gröbert, F., C. Willems, and T. Holz. Automated identification of cryptographic primitives in binary programs. in Recent Advances in Intrusion Detection. 2011. Springer. 25. America's 10 most wanted botnets. 2009; Available from: http://www.networkworld.com/news/2009/072209-botnets.html. 26. Willems, C., T. Holz, and F. Freiling, Toward automated dynamic malware analysis using cwsandbox. Security & Privacy, IEEE, 2007. 5(2): p. 32-39. 27. Leder, F., T. Werner, and P. Martini, Proactive botnet countermeasures: an offensive approach. The Virtual Battlefield: Perspectives on Cyber Warfare, 2009. 3: p. 211-225. 28. Feily, M., A. Shahrestani, and S. Ramadass. A survey of botnet and botnet detection. in Emerging Security Information, Systems and Technologies, 2009. SECURWARE'09. Third International Conference on. 2009. IEEE. 29. Rodrigues, N.G., A. Nogueira, and P. Salvador, Fighting botnets-a systematic approach. 2012. 30. Stone-Gross, B., et al. Your botnet is my botnet: analysis of a botnet takeover. in Proceedings of the 16th ACM conference on Computer and communications security. 2009. ACM. 31. Bächer, P., et al. Know your Enemy: Tracking Botnets. 2008; Available from: http://www.honeynet.org/papers/bots/. 32. Song, D., et al., BitBlaze: A new approach to computer security via binary analysis, in Information systems security. 2008, Springer. p. 1-25. 33. Miller, C., et al., Crash analysis with BitBlaze. at BlackHat USA, 2010. 34. Chipounov, V., et al. Selective symbolic execution. in Workshop on Hot Topics in Dependable Systems. 2009. 35. Calvet, J., J.M. Fernandez, and J.-Y. Marion. Aligot: cryptographic function identification in obfuscated binary programs. in Proceedings of the 2012 ACM conference on Computer and communications security. 2012. ACM. 36. Rascagneres, P., et al. Analysis & pownage of herpesnet botnet. 2012; Available from: https://code.google.com/p/malware-lu/wiki/en_analyse_herpnet. 37. Hardin, B. and B. Rios. Imagination - XSS and XSRF. 2011; Available from: http://spotthevuln.com/2011/07/imagination-xss-and-xsrf/. 38. Rios, B.B. Turning the Tables. 2010; Available from: http://xs-sniper.com/blog/2010/09/27/turning-the-tables/. 39. Open Source Vulnerability Database (OSVDB). 2002 - 2013; Available from: http://www.osvdb.org/. 40. National Vulnerability Database. Available from: http://nvd.nist.gov/. 41. Open Malware. Available from: http://www.offensivecomputing.net/. 42. Malware Domain List. 2009; Available from: http://www.malwaredomainlist.com/. 43. CWE - Common Weakness Enumeration. Available from: http://nvd.nist.gov/cwe.cfm. 44. Puri, R., Bots & botnet: An overview. SANS Institute 2003, 2003. 45. Fabian, M.A.R.J.Z. and M.A. Terzis. My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. in Proceedings of the 1st USENIX Workshop on Hot Topics in Understanding Botnets, Cambridge, USA. 2007. 46. Stone-Gross, B. Cutwail Spam Botnet Targeting Android Users. 2013; Available from: http://www.f-secure.com/weblog/archives/00002537.html. 47. FBI. Cyber Banking Fraud. 2010-2013; Available from: http://www.fbi.gov/news/stories/2010/october/cyber-banking-fraud. 48. Dunn, J.E. Popular Dirt Jumper DDoS toolkit riddled with security flaws, research finds. 2012; Available from: http://news.techworld.com/security/3376047/popular-dirt-jumper-ddos-toolkit-riddled-with-security-flaws-research-finds/. 49. Kaspersky Lab. Available from: http://www.securelist.com/en/. 50. Microsoft. Help protect yourself from the Conficker worm. 2009; Available from: http://www.microsoft.com/security/pc-security/conficker.aspx. 51. Huang, S.-K., et al. CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations. in Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on. 2012. IEEE.
|