NSRG Publications

2016

  • Jakub Czyz, Matthew Luckie, Mark Allman, and Michael Bailey. Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy. In Proceedings of the Network & Distributed System Security Symposium (NDSS '16), San Diego, California, USA, February 2016. [pdf] [bib]

2015

  • Matthew Sargent, Jakub Czyz, Mark Allman, and Michael Bailey. On the Power and Limitations of Detecting Network Filtering via Passive Observation. In Proceedings of the Passive and Active Measurement Conference (PAM '15), New York, New York, USA, March 2015. [pdf] [bib]

2014

  • Jakub Czyz, Michael Kallitsis, Manaf Gharaibeh, Christos Papadopoulos, Michael Bailey, and Manish Karir. Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks. In Proceedings of the 14th ACM SIGCOMM Conference on Internet Measurement (IMC '14), Vancouver, Canada, November 2014. [pdf] [bib] [slides]
  • Zakir Durumeric, Andrew Springall, Michael Bailey, and J. Alex Halderman. An Internet-wide View of Internet-wide Scanning. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security '14), San Diego, California, USA, August 20-22, 2014.
  • Jakub Czyz, Mark Allman, Jing Zhang, Scott Iekel-Johnson, Eric Osterweil, and Michael Bailey. Measuring IPv6 Adoption. In Proceedings of the 2014 ACM SIGCOMM Conference (SIGCOMM '14), Chicago, Illinois, USA, August 17-22, 2014. [pdf] [bib] [slides]
  • Yunjing Xu, Zachary Musgrave, Brian Noble, and Michael Bailey. Workload-Aware Provisioning in Public Clouds. In IEEE Internet Computing 18(4) 2014. [bib]
  • Erin Kenneally and Michael Bailey. Cyber-security Research Ethics Dialogue & Strategy Workshop Report. ACM SIGCOMM Computer Communication Review (CCR). Volume 44 Issue 2, April 2014. Pages 76-79.
  • Jing Zhang, Zakir Durumeric, Michael Bailey, Manish Karir, and Mingyan Liu. On the Mismanagement and Maliciousness of Networks. In Proceedings of the 21st Annual Network & Distributed System Security Symposium (NDSS '14), San Diego, California, USA, February, 2014.

2013

  • Denis Bueno, Kevin J. Compton, Karem A. Sakallah, and Michael Bailey. Detecting Traditional Packers, Decisively. Symposium on Research in Attacks, Intrusions, and Defenses (RAID). St Lucia, October 2013. [pdf] [bib]
  • Jakub Czyz, Kyle Lady, Sam G. Miller, Michael Bailey, Michael Kallitsis, and Manish Karir. Understanding IPv6 Internet Background Radiation. In Proceedings of the 13th ACM SIGCOMM Conference on Internet Measurement (IMC '13), Barcelona, Spain, October 2013. [pdf] [bib] [slides]
  • Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman. Analysis of the HTTPS Certificate Ecosystem. In Proceedings of the 13th ACM SIGCOMM Conference on Internet Measurement (IMC '13), Barcelona, Spain, October 2013. [pdf] [bib] [slides]
  • Yunjing Xu, Michael Bailey, Brian Noble and Farnam Jahanian. Small is Better: Avoiding Latency Traps in Virtualized Data Centers. In Proceedings of the 2013 ACM Symposium on Cloud Computing (SoCC'13) Santa Clara, CA, USA, October 2013. [pdf] [bib]
  • Jakub Czyz, Mark Allman, Jing Zhang, Scott Iekel-Johnson, Eric Osterweil, and Michael Bailey. Measuring IPv6 Adoption. Technical Report TR-13-004, International Computer Science Institute, Berkeley, CA, USA, August 2013. (See also/instead updated conference proceeding version above, published in 2014). [pdf] [bib]
  • Yunjing Xu, Zachary Musgrave, Brian Noble and Michael Bailey. Bobtail: Avoiding Long Tails in the Cloud. In proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI'13) Lombard, IL, USA, April 2013. [pdf] [bib]
  • Jing Zhang, Ari Chivukula, Michael Bailey, Manish Karir, Mingyan Liu. Characterization of Blacklists and Tainted Network Traffic. In Proceedings of the Passive and Active Measurement Conference (PAM '13), Hong Kong, March 2013. [pdf] [bib]
  • Andrew White, Srinivas Krishnan, Phillip Porras, Michael Bailey, and Fabian Monrose. Clear and Present Data: Opaque Traffic and its Security Implications for the Future. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS '13), San Diego, California, USA, February 2013. [pdf] [bib]

2012

  • Jing Zhang, Robin Berthier, Will Rhee, Michael Bailey, Partha Pal, Farnam Jahanian and William Sanders. Learning from Early Attempts to Measure Information Security Performance. In Proceeding of the 5th Workshop on Cyber Security Experimentation and Test (CSET '12), Bellevue WA, USA, August 2012. [pdf] [bib]
  • Jing Zhang, Robin Berthier, Will Rhee, Michael Bailey, Partha Pal, Farnam Jahanian and William Sanders. Safeguarding Academic Accounts and Resources with the University Credential Abuse Auditing System. In Proceedings of the 42nd Annual IEEE International Conference on Dependable Systems and Networks (DSN '12), Boston MA, USA, June 2012. [pdf] [bib]

2011

  • Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. An Exploration of L2 Cache Covert Channels in Virtualized Environments. In Proceedings of the 3rd ACM Cloud Computing Security Workshop (CCSW '11), Chicago, IL, USA, October 2011. [pdf] [bib]
  • Michael Bailey and Craig Labovitz. Censorship and Co-option of the Internet Infrastructure. Technical Report CSE-TR-572-11, University of Michigan, Ann Arbor, MI, USA, July 2011. [pdf] [bib]
  • Kaustubh Nyalkalkar, Sushant Sinha, Michael Bailey, and Farnam Jahanian. A Comparative Study of Two Network-based Anomaly Detection Methods. In (mini-conference) The 30th IEEE International Conference on Computer Communications (INFOCOM '11), Shanghai, China, April 2011. [pdf] [bib]
  • Scott Coull, Fabian Monrose, and Michael Bailey. On Measuring the Similarity of Network Hosts: Pitfalls, New Metrics, and Empirical Analyses. In Proceedings of the 18th Annual Network & Distributed System Security Symposium (NDSS '11), San Diego, California, USA, February 2011. [pdf] [bib]

2010

  • Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, and Geoff Houston. Internet Background Radiation Revisited. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC '10), Melbourne, Australia, November 2010. [pdf] [bib]
  • Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, and Geoff Houston. Internet Background Radiation Revisited. Technical Report CSE-TR-564-10, University of Michigan, Ann Arbor, MI, USA, June 2010.
  • Yunjing Xu, Michael Bailey, Eric Vander Weele, and Farnam Jahanian. CANVuS: Context-Aware Network Vulnerability Scanning. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID '10), Ottawa, Ontario, Canada, September 2010. [pdf] [bib]
  • Craig Labovitz, Scott Iekel-Johnson, Danny McPherson, Jon Oberheide, and Farnam Jahanian. Internet Inter-Domain Traffic. In Proceedings of the ACM SIGCOMM 2010 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM '10), New Delhi, India, August-September 2010. [pdf] [bib]
  • Sushant Sinha, Michael Bailey, and Farnam Jahanian. Improving SPAM Blacklisting through Dynamic Thresholding and Speculative Aggregation. In Proceedings of the 17th Annual Network & Distributed System Security Symposium (NDSS '10), San Diego, California, USA, February-March 2010. [pdf] [bib]
  • Jon Oberheide and Farnam Jahanian. When Mobile is Harder Than Fixed: Demystifying Security Challenges in Mobile Environments. In Proceedings of the 11th Workshop on Mobile Computing Systems and Applications (HotMobile '10), Annapolis, Maryland, USA, February 2010. [pdf] [bib]
  • Erin Kenneally, Michael Bailey, and Douglas Maughan. A Tool for Understanding and Applying Ethical Principles in Network and Security Research. In Workshop on Ethics in Computer Security Research (WECSR '10), Tenerife, Canary Islands, Spain, January 2010. [pdf] [bib]

2009

  • Jon Oberheide and Farnam Jahanian. Remote Fingerprinting and Exploitation of Mail Server Antivirus Engines. University of Michigan Technical Report CSE-TR-552-09, June 2009. [pdf] [bib]
  • Jon Oberheide, Evan Cooke, and Farnam Jahanian. If It Ain't Broke, Don't Fix It: Challenges and New Directions for Inferring the Impact of Software Patches. In Proceedings of 12th Workshop on Hot Topics in Operating Systems (HotOS XII), Monte Verita, Switzerland, May 2009. [pdf]  [bib]
  • David Dittrich, Michael Bailey, Sven Dietrich. Towards Community Standards for Ethical Behavior in Computer Security Research. Stevens CS Technical Report 2009-1, 20 April 2009. [pdf] [bib]
  • David Dittrich, Michael Bailey, and Sven Dietrich. Have we Crossed the Line? The Growing Ethical Debate in Modern Computer Security Research. In (Poster at) Proceedings of the 16th ACM Conference on Computer and Communication Security (CCS '09), Chicago, Illinois, USA, November 2009 [pdf]  [bib]
  • Jon Oberheide, Michael Bailey, and Farnam Jahanian. PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion. In 3rd USENIX Workshop on Offensive Technologies (WOOT '09), Montreal, Canada, August 2009. [pdf] [bib]
  • Sushant Sinha, Michael Bailey, and Farnam Jahanian. One Size Does Not Fit All: 10 Years of Applying Context Aware Security. In Proceedings of the 2009 IEEE International Conference on Technologies for Homeland Security (HST '09), Waltham, Massachusetts, USA, May 2009. [pdf] [bib]
  • Michael Bailey, Evan Cooke, Farnam Jahanian, Yunjing Xu, and Manish Karir. A Survey of Botnet Technology and Defenses. In Proceedings of the Cybersecurity Applications & Technology Conference For Homeland Security (CATCH '09), pages 299-304, Washington, District of Columbia, USA, March 2009. [pdf] [bib]
  • Scott E. Coull, Fabian Monrose, Michael K. Reiter, and Michael Bailey. The Challenges of Effectively Anonymizing Network Data. In Proceedings of the Cybersecurity Applications & Technology Conference For Homeland Security (CATCH '09), pages 230-236, Washington, District of Columbia, USA, March 2009. [pdf] [bib]

2008

  • Sushant Sinha, Michael Bailey, and Farnam Jahanian. Shades of Grey: On the Effectiveness of Reputation-based blacklists. In Proceedings of the 3rd International Conference on Malicious and Unwanted Software (MALWARE '08), pages 57-64, Fairfax, Virginia, USA, October 2008. [pdf] [bib]
  • Jon Oberheide, Evan Cooke, and Farnam Jahanian. CloudAV: N-Version Antivirus in the Network Cloud. In Proceedings of the 17th USENIX Security Symposium, July 2008. [pdf] [bibtex]
  • Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, and Farnam Jahanian. Virtualized In-Cloud Security Services for Mobile Devices. In Proceedings of the Workshop on Virtualization in Mobile Computing (MobiVirt'08), Breckenridge, Colorado, USA, June 2008. [pdf] [bib]
  • Xu Chen, Jon Andersen, Z. Morley Mao, Michael Bailey, and Jose Nazario. Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware. In Proceedings of the 38th Annual IEEE International Conference on Dependable Systems and Networks (DSN '08), pages 177-186, Anchorage, Alaska, USA, June 2008. [pdf] [bib]
  • Jon Oberheide, Evan Cooke, and Farnam Jahanian. Exploiting Live Virtual Machine Migration. In Proceedings of the Black Hat DC Briefings, Washington, DC, USA, February 2008. [pdf] [bib]

2007

  • Michael Bailey, Jon Oberheide, Jon Andersen, Zhuoqing Morley Mao, Farnam Jahanian, and Jose Nazario. Automated Classification and Analysis of Internet Malware. In Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID '07), pages 178-197, Gold Coast, Australia, September 2007. [pdf] [bib]
  • Jon Oberheide, Evan Cooke, and Farnam Jahanian. Rethinking Antivirus: Executable Analysis in the Network Cloud. In Proceedings of the USENIX Workshop on Hot Topics in Security (HotSec'07), Boston, Massachussets, USA, August 2007. [pdf] [bib]
  • Jon Oberheide, Manish Karir, Z. Morley Mao and Farnam Jahanian. Characterizing Dark DNS Behavior. In Proceedings of the 4th GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'07), Switzerland, July 2007. [pdf] [bib]
  • Sushant Sinha, Michael Bailey, and Farnam Jahanian. Shedding Light on the Configuration of Dark Addresses. In Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS '07), pages 125-139, San Diego, California, USA, February-March 2007. [pdf] [bib]

2006

  • Sushant Sinha, Farnam Jahanian, and Jignesh M. Patel. WIND: Workload-aware INtrusion Detection. In Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID'06), Hamburg, Germany, September 2006. [pdf] [bib]
  • Evan Cooke, Andrew Myrick, David Rusek, and Farnam Jahanian. Resource-Aware Multi-Format Network Security Data Storage. In Proceedings of the SIGCOMM Workshop on Large Scale Attack Defense (LSAD '06), September 2006. [pdf] [bib]
  • Evan Cooke, Z. Morley Mao, and Farnam Jahanian. Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware. In Proceedings of the International Conference on Dependable Systems and Networks (DSN '06), June 2006. [pdf] [bib]
  • Michael Donald Bailey. A Scalable Hybrid Network Monitoring Architecture for Measuring, Characterizing, and Tracking Internet Threat Dynamics. PhD thesis, University of Michigan, Ann Arbor, MI, USA, 2006. [pdf] [bib]
  • Evan Cooke, Michael Bailey, Farnam Jahanian, and Richard Mortier. The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery. In Proceedings of the 3rd Symposium on Networked Systems Design & Implementation (NSDI '06), pages 101-114, San Jose, California, USA, May 2006. [pdf] [bib]
  • Michael Bailey, Evan Cooke, Farnam Jahanian, Andrew Myrick, and Sushant Sinha. Practical Darknet Measurement. In Proceedings of the 40th Annual Conference on Information Sciences and Systems (CISS '06), pages 1496-1501, Princeton, New Jersey, USA, March 2006. [pdf] [bib]

2005

  • Michael Bailey, Evan Cooke, Farnam Jahanian, David Watson, and Jose Nazario. The Blaster Worm: Then and Now. IEEE Security and Privacy, 3(4):26-31, 2005. [pdf] [bib]
  • Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson. Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC '05), pages 239-252, Berkeley, California, USA, October 2005. [pdf] [bib]
  • Evan Cooke, Danny McPherson, and Farnam Jahanian. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. In Proceedings of the Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI '05), Cambridge, Massachussets, USA, July 2005. [pdf] [bib]
  • Michael Bailey, Evan Cooke, Farnam Jahanian, and Jose Nazario. The Internet Motion Sensor - A Distributed Blackhole Monitoring System. In Proceedings of the 12th Annual Network & Distributed System Security Symposium (NDSS '05), pages 167-179, San Diego, California, USA, February 2005. [pdf] [bib]

Earlier

  • Michael Bailey, Evan Cooke, David Watson, Farnam Jahanian, and Niels Provos. A Hybrid Honeypot Architecture for Scalable Network Monitoring. Technical Report CSE-TR-499-04, University of Michigan, Ann Arbor, Michigan, USA, October 2004. [pdf] [bib]
  • Evan Cooke, Michael Bailey, Z. Morley Mao, David Watson, Farnam Jahanian, and Danny McPherson. Toward Understanding Distributed Blackhole Placement. In Proceedings of the 2nd Workshop on Rapid Malcode (WORM '04), pages 54-64, Washington, District of Columbia, USA, October 2004. [pdf] [bib]
  • Michael Bailey, Farnam Jahanian, G. Robert Malan, Jose Nazario, Dug Song, and Robert Stone. Measuring, Characterizing, and Tracking Internet Threat Dynamics. In Proceedings of the OpenSig 2003 Workshop (OpenSig '03), New York, New York, USA, October 2003. [pdf] [bib]
  • Craig Labovitz, Abha Ahuja, and Michael Bailey. Shining light on dark address space. Technical Report TR-2001-01, Arbor Netwoks, Ann Arbor, Michigan, USA, November 2001. [pdf] [bib]