Before we knew it
作者: Leyla Bilge , Tudor Dumitras
关键词: Honeypot 、 The Internet 、 Internet privacy 、 Computer science 、 Volume (computing) 、 Full disclosure 、 Zero-day attack 、 Secure coding 、 Empirical research 、 Computer security 、 Exploit 、 Vulnerability
摘要: Little is known about the duration and prevalence of zero-day attacks, which exploit vulnerabilities that have not been disclosed publicly. Knowledge new gives cyber criminals a free pass to attack any target their choosing, while remaining undetected. Unfortunately, these serious threats are difficult analyze, because, in general, data available until after an discovered. Moreover, attacks rare events unlikely be observed honeypots or lab experiments.In this paper, we describe method for automatically identifying from field-gathered records when benign malicious binaries downloaded on 11 million real hosts around world. Searching set files indicates appeared Internet before corresponding were disclosed. We identify 18 exploited disclosure, previously employed attacks. also find typical lasts 312 days average that, publicly, volume exploiting them increases by up 5 orders magnitude.
acm.org
sci-hub.se 参考文章(17)
Duen Horng Chau, Carey Nachenberg, Christos Faloutsos, Adam Wright, Jeffrey Wilhelm, Polonium: Tera-Scale Graph Mining for Malware Detection ,(2013)
Anand Nandkumar, Ashish Arora, Rahul Telang, Ramayya Krishnan, H. John Heinz, Yubao Yang, Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis ,(2004)
Andy Ozment, Stuart E. Schechter, Milk or wine: does software security improve with age? usenix security symposium. pp. 7- ,(2006)
J. McHugh, W.L. Fithen, W.A. Arbaugh, Windows of vulnerability: a case study analysis IEEE Computer. ,vol. 33, pp. 52- 59 ,(2000) , 10.1109/2.889093
Bruce Schneier, The nonsecurity of secrecy Communications of the ACM. ,vol. 47, pp. 120- ,(2004) , 10.1145/1022594.1022629
B. Schneier, Locks and full disclosure ieee symposium on security and privacy. ,vol. 1, pp. 88- 88 ,(2003) , 10.1109/MSECP.2003.1193220
R. Anderson, T. Moore, The Economics of Information Security Science. ,vol. 314, pp. 610- 613 ,(2006) , 10.1126/SCIENCE.1130992
Jeff Bollinger, Economies of disclosure ACM SIGCAS Computers and Society. ,vol. 34, pp. 1- 1 ,(2004) , 10.1145/1111635.1111636
Perry Wagle, Steve Beattie, Crispin Cowan, Seth Arnold, Chris Wright, Adam Shostack, Timing the Application of Security Patches for Optimal Uptime usenix large installation systems administration conference. pp. 233- 242 ,(2002)
E. Rescorla, Is finding security holes a good idea ieee symposium on security and privacy. ,vol. 3, pp. 14- 19 ,(2005) , 10.1109/MSP.2005.17