Tag Archives: research

Anti-virus labels are not suitable for system evaluation

Posted on September 2011 by admin

I won’t name names, but there’s plenty of researchers out there that rely on anti-virus labeling in their research. While this could work, without manual validation there’s very little chance the AV labels can be used as any sort of ground truth.

Here’s 5 reports:
1. fc39ce1593cfb6ca1eb0c289a2ca561c
2. c4d93b536f35b350a992a402dfd72e12
3. c77ba55255c1db38568ca3a73d4b8a72
4. e57d938e0754e4fbb3b87cf818a0fc69
5. e397696b7835ccdcfad9d768cf1a091c

Quick highlights in classification from each report:
1. Bredolab, Krap, Ursnif, Downloader, Generic, etc…
2. Krap, Kryptic, Generic packed, etc…
3. Bredolab, Oficla, Krap, Zbot, Ldpinch, etc…
4. Bredolab, Harnig, Krap, Ursnif, etc…
5. FakeAV, Bubnix, etc… Continue reading

Posted in research | Tagged , | Comments Off

Naming some popular spambots

Posted on October 2010 by admin

Part of what I’ve been doing lately is finding, running, and maintaining bots in a controlled environment. The first part, finding, which includes identifying the binaries I’m running, turns out to be difficult to do. Continue reading

Posted in research | Tagged , , | Comments Off

presenting at CCS Tuesday

Posted on October 2010 by admin

I’m going to be at CCS 2010 in Chicago this week presenting @spam: The Underground on 140 Characters or Less. My presentation is the 3rd talk of the conference in the security session (on the first day).

Posted in Uncategorized | Tagged | Comments Off

Twitter spam paper at CCS 2010

Posted on June 2010 by admin

My paper about spam on Twitter has been accepted into ACM Conference on Computer and Communications Security in Oct 2010. It’s going to be a fun presentation in Chicago, and I’m looking forward to continuing the project now that we … Continue reading

Posted in research | Tagged , | Comments Off

Gazelle – MSR project update

Posted on July 2009 by admin

The project that I designed and developed at MSR last summer is going to be at USENIX security (and was previously a tech report). It’s available as a PDF here. Simply put, Gazelle is a browser with an OS architecture … Continue reading

Posted in research | Tagged | Comments Off

Fall 2008

Posted on November 2008 by admin

Fall 08 started a quick and is already half over. I’ve been continuing my project from Microsoft Research, working with a security group there lead by Helen Wang and working on a couple other security projects at school. I’m almost … Continue reading

Posted in research, school | Tagged | Comments Off

Illinois Malicious Processor Paper

Posted on April 2008 by admin

The Illinois Malicious Processor (IMP) project I worked on was written up by InfoWorld! Its a great read: Read it here – That is in addition to it being published at LEET and being awarded a Best Paper Award! The … Continue reading

Posted in research | Tagged , | Comments Off

Secure web browsing with the OP web browser

Posted on March 2008 by admin

Sam, Shuo and I have had our paper accepted at the 2008 Symposium on Security and Privacy (Oakland) conference this spring. Here’s the PDF. It was also written up in the news! “Secure web browsing with the OP web browser”, … Continue reading

Posted in research | Tagged , , | Comments Off

Summer 2008 – Seattle and research

Posted on March 2008 by admin

I’m going to Microsoft Research for the summer after I present at the IEEE Symposium on Security and Privacy. I’ll be out in Redmond, WA at the end of May through August. I’m going to be doing some pretty interesting … Continue reading

Posted in research | Tagged | Comments Off

Fall 2007 school and stuff

Posted on August 2007 by admin

This fall is a little bit different than most semesters – no class. I decided that I could fill my time easily enough with research that I didn’t need any busy work from courses. I’m currently working on web related … Continue reading

Posted in research, school | Tagged , | Comments Off