CIP-PSP-325188 Advanced Cyber Defence Centre D 4 . 1 Documentation of botnet metrics methodology and development

[1]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[2]  Andrew B. Whinston,et al.  Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment , 2013 .

[3]  Radu State,et al.  ASMATRA: Ranking ASs providing transit service to malware hosters , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[4]  Aaron Schulman,et al.  Pingin' in the rain , 2011, IMC '11.

[5]  Ramesh Govindan,et al.  Census and survey of the visible internet , 2008, IMC '08.

[6]  Erich M. Nahum,et al.  Configuring DHCP leases in the smartphone era , 2012, Internet Measurement Conference.

[7]  M. Goldszmidt,et al.  How dynamic are IP addresses? , 2007, SIGCOMM '07.

[8]  Aiko Pras,et al.  Filtering spam from bad neighborhoods , 2010, Int. J. Netw. Manag..

[9]  Lachlan L. H. Andrew,et al.  Estimating IPv4 address space usage with capture-recapture , 2013, 38th Annual IEEE Conference on Local Computer Networks - Workshops.

[10]  Stefan Savage,et al.  PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs , 2012, USENIX Security Symposium.

[11]  Aziz Mohaisen,et al.  Kindred domains: detecting and clustering botnet domains using DNS traffic , 2014, WWW.

[12]  William Allen Simpson,et al.  The Point-to-Point Protocol (PPP) , 1993, RFC.

[13]  Lachlan L. H. Andrew,et al.  Mitigating sampling error when measuring internet client IPv6 capabilities , 2012, IMC '12.

[14]  Chris Kanich,et al.  The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff , 2008, LEET.

[15]  Kevin C. Almeroth,et al.  FIRE: FInding Rogue nEtworks , 2009, 2009 Annual Computer Security Applications Conference.

[16]  Ralph E. Droms,et al.  Dynamic Host Configuration Protocol , 1993, RFC.

[17]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[18]  Marco Cremonini,et al.  A framework for financial botnet analysis , 2010, 2010 eCrime Researchers Summit.

[19]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[20]  Christopher Leckie,et al.  Estimating the Number of Hosts Corresponding to an Address while Preserving Anonymity , 2012, NSS.

[21]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[22]  David C. Plummer,et al.  Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware , 1982, RFC.

[23]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[24]  Richard A. Clarke,et al.  Cyber War: The Next Threat to National Security and What to Do About It , 2010 .

[25]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[26]  Scott O. Bradner,et al.  Benchmarking Methodology for Network Interconnect Devices , 1999, RFC.

[27]  Leslie Daigle,et al.  WHOIS Protocol Specification , 2004, RFC.

[28]  Nathan Mantel,et al.  Chi-square tests with one degree of freedom , 1963 .

[29]  Johannes M. Bauer,et al.  The Role of Internet Service Providers in Botnet Mitigation an Empirical Analysis Based on Spam Data , 2010, WEIS.

[30]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[31]  Brian Rexroad,et al.  Wide-Scale Botnet Detection and Characterization , 2007, HotBots.

[32]  Helen J. Wang,et al.  Characterizing Botnets from Email Spam Records , 2008, LEET.

[33]  Giovane C. M. Moura,et al.  Internet Bad Neighborhoods , 2013 .

[34]  Steve Uhlig,et al.  IP geolocation databases: unreliable? , 2011, CCRV.

[35]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2009, CACM.

[36]  Vince Fuller,et al.  Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan , 2006, RFC.

[37]  Dimitriadis Evangelos,et al.  Your Botnet is My Botnet : Analysis of a , 2015 .

[38]  Giovane C. M. Moura,et al.  Towards Incentivizing ISPs to Mitigate Botnets , 2014, AIMS.

[39]  Craig A. Shue,et al.  Malicious Hubs: Detecting Abnormally Malicious Autonomous Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[40]  Athina Markopoulou,et al.  Blacklisting Recommendation System: Using Spatio-Temporal Patterns to Predict Future Attacks , 2011, IEEE Journal on Selected Areas in Communications.

[41]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[42]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[43]  Vern Paxson,et al.  Framework for IP Performance Metrics , 1998, RFC.

[44]  Cem Kaner,et al.  Software Engineering Metrics: What Do They Measure and How Do We Know? , 2004 .

[45]  Amr M. Youssef,et al.  On the analysis of the Zeus botnet crimeware toolkit , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[46]  Suman Banerjee,et al.  Debugging DHCP performance , 2004, IMC '04.

[47]  Jonathan D. Cryer,et al.  Time Series Analysis , 1986 .

[48]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[49]  John S. Heidemann,et al.  Understanding block-level address usage in the visible internet , 2010, SIGCOMM '10.

[50]  Ahmed Metwally,et al.  Estimating the number of users behind ip addresses for combating abusive traffic , 2011, KDD.

[51]  Nick G. Duffield,et al.  Sampling and Filtering Techniques for IP Packet Selection , 2009, RFC.

[52]  Hervé Debar,et al.  M2D2: A Formal Data Model for IDS Alert Correlation , 2002, RAID.

[53]  Jon Postel,et al.  Internet Registry IP Allocation Guidelines , 1996, RFC.

[54]  Jaehoon Choi,et al.  Mining Botnets and Their Evolution Patterns , 2013, Journal of Computer Science and Technology.

[55]  Alberto Dainotti,et al.  Errata for: Estimating internet address space usage through passive measurements (SIGCOMM CCR (Vol. 44, Issue 1, January, 2014) , 2014, CCRV.

[56]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[57]  Fang Yu,et al.  On Network-level Clusters for Spam Detection , 2010, NDSS.

[58]  Russell J. Clark,et al.  Usage-based dhcp lease time optimization , 2007, IMC '07.

[59]  Wenke Lee,et al.  Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces , 2009, 2009 Annual Computer Security Applications Conference.

[60]  Dennis Andriesse,et al.  An Analysis of the Zeus Peer-to-Peer Protocol , 2014 .

[61]  Rhiannon Weaver,et al.  A Probabilistic Population Study of the Conficker-C Botnet , 2010, PAM.

[62]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[63]  Insup Lee,et al.  Spam mitigation using spatio-temporal reputations from blacklist history , 2010, ACSAC '10.

[64]  Joseph B. Kadane,et al.  Using uncleanliness to predict future botnet addresses , 2007, IMC '07.

[65]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[66]  Vern Paxson,et al.  Automating analysis of large-scale botnet probing events , 2009, ASIACCS '09.

[67]  Norman F. Schneidewind,et al.  IEEE Standard For A Software Quality Metrics Methodology Revision And Reaffirmation , 1997, Proceedings of IEEE International Symposium on Software Engineering Standards.

[68]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, SIGCOMM '12.