GTISC Security Reading Group

Fall 2007

Georgia Tech

Note: The SRG website has been moved to a new place (since March 2008)


The GTISC Security Reading Group is a weekly informal seminar for discussing research papers, emerging problems, interesting issues in computer and network security (our main purpose). We need criticize, discuss/brainstorm, in purpose of producing new idea. This is also a stage for individual presentations of current research efforts, trying to get response/comment/criticism.

Currently, it starts as an informal discussion forum and lunch meeting for (and only for) GTISC lab students. This seminar is supervised by professors Wenke Lee, maintained by Guofei Gu. We greatfuly thank Prof. Lee for his generous support for the lunch.

Drop me a line if you have any comments (guofei AT!

Requirement of Engagement


Paper reading list

Fall 2007
Date Moderator Paper Pros/Cons Summary
8/24 Guofei botnet research     
8/31 Roberto Learning to Detect and Classify Malicious Executables in the Wild. J. Zico Kolter, Marcus A. Maloof. JMLR, Special Issue on Machine Learning for Computer Security, 2006.
Malware Analysis through Statistical Classification of Executables
9/7 Andrea,
Exploring Multiple Execution Paths for Malware Analysis. Andreas Moser, Christopher Kruegel and Engin Kirda. Oakland'07.
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. Seshadri et al. SOSP 2007
9/14 Monirul malware research    
9/21 Long Automated Classification and Analysis of Internet Malware. M.Bailey et al. RAID'07.    
9/28 Artem,
The Ghost In The Browser, Analysis of Web-based Malware. N. Provos et al. HotBots'07.
Botnet research
10/5 Manos On Attack Causality in Internet-Connected Cellular Networks Patrick Traynor, Patrick McDaniel, and Thomas La Porta. Security'07    
10/12 Abhinav,
Dynamic Spyware Analysis. Manuel Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Song. Usenix Annual Technical Conference 2007.    
10/19 Matim,
Automated Detection of Persistent Kernel Control-Flow Attacks. Nick L. Petroni, Jr. and Michael Hicks. CCS'07
Protomatching Network Traffic for High Throughput Network Intrusion Detection. Shai Rubin, Somesh Jha, and Barton P. Miller. CCS'06
10/26 Ikpeme,
ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities
with Informed Probing. Weidong Cui, Marcus Peinado, Helen J. Wang and Michael Locasto. Okaland'07
VM research
11/2 Junjie,
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis.Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda.  CCS'07.
SpyProxy: Execution-based Detection of Malicious Web Content. Alexander Moshchuk, Tanya Bragin, Damien Deville, Steven D. Gribble, and Henry M. Levy, USENIX Security'07
11/9 Daniel,
Protecting Browsers from DNS Rebinding Attacks. Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao and Dan Boneh. CCS'07
Stealthy Malware Detection Through VMM-Based "Out-of-the-Box" Semantic View Reconstruction. Xuxian Jiang, Dongyan Xu and Xinyuan Wang.CCS'07
11/16 Martim,
Oslo: Improving the security of trusted computing. Bernhard Kauer. USENIX Security'07
HookFinder: Identifying and Understanding Malware Hooking Behaviors. Heng Yin, Zhenkai Liang and Dawn Song. NDSS 2008
11/23   Thanksgiving!    
11/30 Abhinav,
A Forced Sampled Execution Approach to Kernel Rootkit Identification.
Jeffrey Wilhelm Tzi-cker Chiueh. RAID'07
Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis. Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Song. CCS'07
12/7 David,
ACSAC'07 practice talk    


Spring 2007
Date Moderator Paper Pros/Cons Summary
1/12 Monirul Automatic Diagnosis and Response to Memory Corruption Vulnerabilities. Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai and Chris Bookholt.CCS'05    
1/19 Prahlad Evading Network Anomaly Detection Systems. Job talk    
1/26 Manos DEMEM: Distributed Evidence-Driven Message Exchange Intrusion Detection Model for MANET. Chinyang Henry Tseng, Shiau-Huey Wang, Calvin Ko, Karl N. Levitt. RAID 2006    
2/2   USENIX Security'07    
2/9 Bryan A Safety-Oriented Platform for Web Applications. R. S. Cox and J. G. Hansen and S. D. Gribble and H. M. Levy. Oakland'06    
2/16 Prahlad      
2/23 Abhinav Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. Richard Ta-Min, Lionel Litty, David Lie. OSDI'06    
3/2 Claudio On The Effectivenes of Distributed Worm Monitoring. M. A. Rajab, F. Monrose, A. Terzis. Security'06    
3/9 Martim Secure and Practical Defense Against Code-injection Attacks Using Software Dynamic Translation. Wei Hu etal. VEE '06    
3/16 Junjie Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure. V.T. Lam, S. Antonatos, P. Akritidis, K. G. Anagnostakis. CCS'06    
3/23   Spring break    
3/30 Kapil Backtracking Algorithmic Complexity Attacks Against a NIDS. Randy Smith, Cristian Estan, and Somesh Jha. ACSAC'06    
4/6 Guofei Army of Botnets. Ryan Vogt, John Aycock, Michael Jacobson. NDSS'07    
4/13 Roberto Behavioral Distance Measurement Using Hidden Markov Models. Debin Gao, Michael K. Reiter, and Dawn Song. RAID'06    
4/20 Tak Detection of audio covert channels using statistical footprints of hidden messages. Digital Signal Processing 2006    
4/27 Mike Inferring the source of encrypted HTTP connections. Marc Liberatore, Brian Neil Levine. CCS'06    



Fall 2006
Date Moderator Paper Pros/Cons Summary
8/25   Organize meeting    
9/1 Bryan Computer forensic:
Searching for Processes and Threads in Microsoft Windows Memory Dumps. Andreas Schuster. Digital Forensics Research Workshop, 2006.
Digital Forensics Reconstruction and the Virtual Security Testbed ViSe. Andre Arnes, Paul Haas, Giovanni Vigna, and Richard A. Kemmerer. DIMVA '06.
Forensic Discovery. Dan Farmer, and Wietse Venema.
9/8 Manos MANET security:
Securing MAODV: Attacks and Countermeasures. Sankardas Roy, V. Gopala Addada, Sanjeev Setia and Sushil Jajodia. SECON'05
A Secure Adhoc Routing Approach using Localized Selfhealing Communities. Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang Park, Jun Liu and Mario Gerla. MOBIHOC'05
A Survey of Secure Wireless Ad Hoc Routing [2004]
A Survey of Existing Approaches for Secure MANET [2006]
9/15 Manos Sensor network security:
Sluice: Secure Dissemination of Code Up dates in Sensor Networks. Lanigan, P.E., Gandhi, R., Narasimhan, P. ICDCS 2006
SIGF: A Family of Configurable, Secure Routing Protocols for Wireless Sensor Networks. Anthony Wood, Lei Fang, John Stankovic and Tian He. SASN 2006
A survey of security issues in mobile ad hoc and sensor networks (p.22-25) [2005]
Security services and enhanc ements in the IEEE 802.15.4 wireless sensor networks [2005]
9/22 Takehiro Wireless security:
Central Manager: A Solution to Avoid Denial of Service Attacks for Wireless LANs. Ping Ding.
SOLA: Lightweight Security for Access Control in IEEE 802.11. Felix Wu, et al.
9/29 Martim kernel level mechanisms for host-based security:
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. Tal Garfinkel. NDSS'03
An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. Nick L. Petroni, Jr., Timothy Fraser, AAron Walters, William A. Arbaugh. Security'06.
10/6 Bryan Formal Models for Computer Security. C. E. Landwehr.ACM Computing Surveys (CSUR) Volume 13 , Issue 3 (September 1981)    
10/13 Anirudh BGP security:
PHAS: A Prefix Hijack Alert System, M. Lad et. al.; Usenix '06
Modeling Adoptability of Secure BGP Protocols, H. Chan et. al; SIGCOMM '06
10/20 Guofei Botnet analysis/defense:
A Multifaceted Approach to Understanding the Botnet Phenomenon. Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis. IMC 2006.
An Effective Defense Against Email Spam Laundering. Mengjun Xie, Heng Yin and Haining Wang. CCS'06
10/27 Roberto Anagram: A Content Anomaly Detector Resistant To Mimicry Attack.Ke Wang, Janak J. Parekh, Salvatore J. Stolfo. RAID'06    
11/3 Kapil Spyware:
Behavior-based Spyware Detection. Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, and Richard A. Kemmerer. Security'06
A Crawler-based Study of Spyware in the Web. Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy. NDSS 2006
11/10 Sagar Honeypot:
The Nepenthes Platform: An Efficient Approach to Collect Malware
Paul Baecher, Markus Koetter,Thorsten Holz etal.RAID 2006
Honeypot-Aware Advanced Botnet Construction and Maintenance
Cliff C. Zou and Ryan Cunningham, DSN 2006
Honeytokens: The Other Honeypot, Know your enemy: Tracking Botnets
11/17 Prahlad Privacy and authentication:
Doppelganger: Better Browser Privacy Without the Bother. Umesh
Shankar and Chris Karlof. CCS'06
Fourth-Factor Authentication: Somebody You Know. John Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo, and Moti Yung.CCS'06
11/24   Thanksgiving!    
12/1 David Worm:
The Impact of Stochastic Variance on Worm Propagation and Detection. Nicol. WORM'06
Internet-Scale Malware Mitigation: Combining Intelligence of the Control and Data Plane. Zhang, et al. WORM'06
12/8 Paul ACSAC'06 practice talk: PolyUnpack    


Spring 2006
Date Moderator Paper Pros/Cons Summary
1/13 Paul DDOS topic:
A DoS-limiting Network Architecture. Xiaowei Yang, David Wetherall, and Tom Anderson. SIGCOMM'05. Also refer to SIFF (Oakland'04)
Roberto summary
1/19   USENIX Security'06    
1/27   USENIX Security'06    
2/3 Roberto COTS Diversity Intrusion Detection and Application to Web Servers (RAID'05) Guofei, Prahlad  
2/10 Bryan Isolating Intrusions By Automatic Experiments. Neuhaus and Zeller. NDSS'06 Sanjeev  
2/17 Monirul Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. James Newsome, Dawn Song. NDSS'05    
2/24 Guofei Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience. Z. Li, M. Sanghi, B. Chavez, Y. Chen and M. Kao. Oakland'06 Roberto  
3/3   Dan Wallach's talk    
3/10 Yi-An On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques. Pai Peng, Peng Ning, Douglas S. Reeves. Oakland'06    
3/17 David SubVirt: Implementing malware with virtual machines. Samuel T. King, Peter M. Chen, etal. Oakland'06    
3/24   Spring break    
3/31 Prahlad Towards a Framework for the Evaluation of Intrusion Detection Systems. Alvaro A. Cardenas, Karl Seamon and John S. Baras. Oakland'06 Guofei  
4/7 Takehiro Security analysis and improvements for IEEE 802.11i.Changhua He, John C. Mitchell. NDSS'05    
4/14 Sanjeev BLINC: Multilevel Traffic Classification in the Dark.  Thomas Karagiannis, Konstantina Papagiannaki and Michalis Faloutsos. Sigcomm'05    
4/21 Kapil Vigilante: End-to-End Containment of Internet Worms. Manuel Costa et al. SOSP'05    
4/27   Roberto's Practice talk for Oakland'06    

Previous years. A candidate paper list (for 2005)


Fall 2005
Date Moderator Paper Pros/Cons Summary
9/2   Organize meeting, everyone introduces his work    
9/9   cancel due to RAID'05 conference    
9/16 Guofei Gu Network mapping topic:
Mapping Internet Sensors with Probe Response Attacks. John Bethencourt, Jason Franklin, and Mary Vernon. USENIX Sec'05. Also refer to "Vulnerabilities of Passive Internet Threat Monitors" by Yoichi Shinoda, etal.
David Dagon, Prahlad Fogla summary
9/23 Monirul Sharif DRM topic:
A Generic Attack on Checksumming-Based Software Tamper Resistance. Glenn Wurster, Paul van Oorschot, Anil Somayaji. Oakland'05. Also refer to a recent attack "Strengthening software self-checksumming via self-modifying code" by Jonathon T. Giffin, Mihai Christodorescu, and Louis Kruger. ACSAC05.
Paul Royal summary
9/30   Oakland submission discussion and criticism    
10/7 Bryan Payne Forensic topic:
Backtracking Intrusions. Samuel King and Peter Chen. SOSP'03. Detecting Past and Present Intrusions Through Vulnerability-Specific Predicates. Peter Chen, Ashlesha Joshi, Sam King, George Dunlap.SOSP05
Kapil Singh, Takehiro Takahashi summary
10/14 Roberto Perdisci Automatic signature generation topic:
Polygraph: Automatically Generating Signatures For Polymorphic Worms. James Newsome, Brad Karp, Dawn Song. Oakland'05. Also with detailed comparison with Autograph (Sec04), Earlybird (OSDI04), honeycomb (HotNetsII) and Nemean(Sec05)
Guofei Gu,Monirul Sharif summary
10/21 David Dagon IDS evasion topic:
Network IDS evasion: Automatic Generation and Analysis of NIDS Attacks.Shai Rubin, Somesh Jha, Barton Miller. ACSAC'04.
Testing Intrusion Detection Signatures Using Mutant Exploits. Giovanni Vigna, Will Robertson and Davide Balzarotti. CCS'04.
Host IDS evasion: Automating Mimicry Attacks Using Static Binary Analysis. Christopher Kruegel etal. Sec'05.
Bryan Payne, Sanjeev Dwivedi  
10/28 Yi-An Huang Protocol security/anomaly/modeling:
SPV: Secure Path Vector Routing for Securing BGP (Sigcomm'04).
Athena, a Novel Approach to Efficient Automatic Security Protocol Analysis. D. Song, S. Berezin, and A. Perrig. (JCS'01)
Takehiro Takahashi, Sanjeev Dwivedi summary
11/4 Takehiro Takahashi RFID topic:
Privacy and Security in Library RFID: Issues, Practices, and Architectures. David Molnar and David Wagner.ccs'04
Paul Royal, Yi-an Huang summary
11/11 Sanjeev Dwivedi Sensor network topic:
Distributed Detection of Node Replication Attacks in Sensor Networks. Bryan Parno, Adrian Perrig, Virgil Gligor. Oakland'05
Yi-an Huang,Prahlad Fogla  
11/18 Prahlad Fogla Worm and Stepping stone topic:
Worm Origin Identification Using Random Moonwalks.Yinglian Xie, Vyas Sekar, David A. Maltz, Michael K. Reiter, Hui Zhang. Oakland'05.
Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet by Xinyuan Wang, Shiping Chen, and Sushil Jajodia. CCS05
Bryan Payne, Roberto Perdisci summary
11/25   Thanksgiving!    
12/2 Kapil Singh Software security topic:
Semantics-Aware Malware Detection. Mihai Christodorescu, Somesh Jha, Sanjit Seshia, Dawn Song, Randal E. Bryant.Oakland'05
Using Model Checking to Find Serious File System Errors. Junfeng Yang, Paul Twohey, and Dawson Engler, Madanlal Musuvathi.OSDI04
Monirul Sharif,David Dagon summary
12/9   Out for lunch to celebrate the end of semester and the begin of holidays. Thanks Prof. Lee!    

Related Links (see my webpage for more)