Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on combination of cryptographic protection and peer-to-peer protocol for witnessing settlements. Consequently, has the unintuitive property that while ownership money implicitly anonymous, its flow globally visible. In this paper we explore unique characteristic further, using heuristic clustering to group wallets based evidence shared authority, then...

In this article, we seek to address a simple question: “How prevalent are denial-of-service attacks in the Internet?” Our motivation is quantitatively understand nature of current threat as well enable longer-term analyses trends and recurring patterns attacks. We present new technique, called “backscatter analysis,” that provides conservative estimate worldwide activity. use approach on 22 traces (each covering week or more) gathered over three years from 2001 through 2004. Across corpus...

Malicious Web sites are a cornerstone of Internet criminal activities. As result, there has been broad interest in developing systems to prevent the end user from visiting such sites. In this paper, we describe an approach problem based on automated URL classification, using statistical methods discover tell-tale lexical and host-based properties malicious site URLs. These able learn highly predictive models by extracting automatically analyzing tens thousands features potentially indicative...

This paper presents and analyzes user behavior network performance in a public-area wireless using workload captured at well-attended ACM conference. The goals of our study are: (1) to extend understanding performance; (2) characterize users terms parameterized model for use with analytic simulation studies involving LAN traffic; (3) apply analysis results issues deployment, such as capacity planning, potential optimizations, algorithms load balancing across multiple access points (APs) network.

It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homogeneous security vulnerabilities. However, the last few years have seen dramatic increase in frequency and virulence of such "worm" outbreaks. For example, Code-Red worm epidemics 2001 infected hundreds thousands Internet hosts very short period - incurring enormous operational expense to track down, contain, repair each machine. In response this threat, there is considerable effort...

This paper explores online learning approaches for detecting malicious Web sites (those involved in criminal scams) using lexical and host-based features of the associated URLs. We show that this application is particularly appropriate algorithms as size training data larger than can be efficiently processed batch because distribution typify URLs changing continuously. Using a real-time system we developed gathering URL features, combined with source labeled from large mail provider,...

In this paper, we analyze the mobility patterns of users wireless hand-held PDAs in a campus network using an eleven week trace activity. Our study has two goals. First, characterize high-level and access PDA compare these characteristics to previous workload studies focused on laptop users. Second, develop topology models for use studies: evolutionary model based user proximity waypoint that serves as trace-based complement random model. We our case preliminary evaluation three ad hoc...

The conversion rate of spam--the probability that an unsolicited e-mail will ultimately elicit a sale--underlies the entire spam value proposition. However, our understanding this critical behavior is quite limited, and literature lacks any quantitative study concerning its true value. In paper we present methodology for measuring spam. Using parasitic infiltration existing botnet's infrastructure, analyze two campaigns: one designed to propagate malware Trojan, other marketing on-line...

Underground forums, where participants exchange information on abusive tactics and engage in the sale of illegal goods services, are a form online social network (OSN). However, unlike traditional OSNs such as Facebook, underground forums pattern communications does not simply encode pre-existing relationships, but instead captures dynamic trust relationships forged between mutually distrustful parties. In this paper, we empirically characterize six different --- BlackHatWorld, Carders,...

Spam-based advertising is a business. While it has engendered both widespread antipathy and multi-billion dollar anti-spam industry, continues to exist because fuels profitable enterprise. We lack, however, solid understanding of this enterprise's full structure, thus most anti-Spam interventions focus on only one facet the overall spam value chain (e.g., filtering, URL blacklisting, site takedown).In paper we present holistic analysis that quantifies set resources employed monetize email --...

Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on combination of cryptographic protection and peer-to-peer protocol for witnessing settlements. Consequently, has the unintuitive property that while ownership money implicitly anonymous, its flow globally visible. In this paper we explore unique characteristic further, using heuristic clustering to group wallets based evidence shared authority, then...

In this paper, we explore end-to-end loss differentiation algorithms (LDAs) for use with congestion-sensitive video transport protocols networks either backbone or last-hop wireless links. As our basic protocol, UDP in conjunction a congestion control mechanism extended an LDA. For control, the TCP-Friendly Rate Control (TFRC) algorithm. We extend TFRC to LDA when connection uses at least one link path between sender and receiver. then evaluate various LDAs under different network...

The combination of unlicensed spectrum, cheap wireless interfaces and the inherent convenience untethered computing have made 802.11 based networks ubiquitous in enterprise. Modern universities, corporate campuses government offices routinely de-ploy scores access points to blanket their sites with Internet access. However, while fine-grained behavior protocol itself has been well studied, our understanding how large behave full empirical complex-ity is surprisingly limited. In this paper,...

The rapid evolution of large-scale worms, viruses and bot-nets have made Internet malware a pressing concern. Such infections are at the root modern scourges including DDoS extortion, on-line identity theft, SPAM, phishing, piracy. However, most widely used tools for gathering intelligence on new -- network honeypots forced investigators to choose between monitoring activity large scale or capturing behavior with high fidelity. In this paper, we describe an approach minimize tension improve...

The security demands on modern system administration are enormous and getting worse. Chief among these demands, administrators must monitor the continual ongoing disclosure of software vulnerabilities that have potential to compromise their systems in some way. Such include buffer overflow errors, improperly validated inputs, other unanticipated attack modalities. In 2008, over 7,400 new were disclosed--well 100 per week. While no enterprise is affected by all disclosures, commonly face many...

Virtual machine monitors (VMMs) are a popular platform for Internet hosting centers and cloud-based compute services. By multiplexing hardware resources among virtual machines (VMs) running commodity operating systems, VMMs decrease both the capital outlay management overhead of centers. Appropriate placement migration policies can take advantage statistical to effectively utilize available processors. However, main memory is not amenable such often primary bottleneck in achieving higher...

This paper presents Sora, a fully programmable software radio platform on commodity PC architectures. Sora combines the performance and fidelity of hardware software-defined (SDR) platforms with programmability flexibility general-purpose processor (GPP) SDR platforms. uses both techniques to address challenges using architectures for high-speed SDR. The components consist front-end reception transmission, control board high-throughput, low-latency data transfer between host memories. makes...

Malicious Web sites are a cornerstone of Internet criminal activities. The dangers these have created demand for safeguards that protect end-users from visiting them. This article explores how to detect malicious the lexical and host-based features their URLs. We show this problem lends itself naturally modern algorithms online learning. Online not only process large numbers URLs more efficiently than batch algorithms, they also adapt quickly new in continuously evolving distribution develop...

Wireless LAN administrators are often called upon to deal with the problem of sporadic user congestion at certain popular spaces ("hot-spots") within network. To address this problem, we describe and evaluate two new approaches, explicit channel switching network-directed roaming for providing hot-spot relief while maintaining pre-negotiated bandwidth agreements The goals these algorithms are: (i) accommodate more users by dynamically capacity where it is needed, when needed; (ii) improve...

Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from debugging and security analytics policy support. Traditionally, have relied on application adherence well established global port mapping: Web 80, mail 25 so on. However, factors - including firewall blocking, tunneling, dynamic allocation, bloom new distributed applications has weakened the value...