-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpapers.html
More file actions
1673 lines (1436 loc) · 54.5 KB
/
Copy pathpapers.html
File metadata and controls
1673 lines (1436 loc) · 54.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<html><head><title>Vern Paxson, Papers</title>
</head><body>
<h1> Vern Paxson, Papers </h1>
<h2>2017</h2>
G. Ho, A. Sharma, M. Javed, V. Paxson and D. Wagner,
<b>
<a href="http://www.icir.org/vern/papers/spearphishing-usesec17.pdf">Detecting Credential Spearphishing Attacks in Enterprise Settings</a></b>,
Proc. USENIX Security Symposium, August 2017.
<p>
P. Pearce, B. Jones, F. Li, R. Ensafi, N. Feamster, N. Weaver and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/iris-dns-usesec17.pdf">Global Measurement of DNS Manipulation</a></b>,
Proc. USENIX Security Symposium, August 2017.
<p>
P. Pearce, R. Ensafi, F. Li, N. Feamster and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/oakland_2017_augur.pdf">Augur: Internet-Wide Detection of Connectivity Disruptions</a></b>,
Proc. IEEE Symposium on Security and Privacy, May 2017.
<p>
R. S. Portnoff, S. Afroz, G. Durrett, J. Kummerfeld, T. Berg-Kirkpatrick, D. McCoy, K. Levchenko and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/cyberforum-analysis-www17.pdf">Tools for Automated Analysis of Cybercriminal Markets</a></b>,
Proc. WWW, April 2017.
<p>
Z. Durumeric,
Z. Ma,
D. Springall,
R. Barnes,
N. Sullivan,
E. Bursztein,
M. Bailey,
J. A. Halderman
and
V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/tls-interception-ndss17.pdf">The Security Impact of HTTPS Interception</a></b>,
Proc. NDSS, February 2017.
<p>
W. R. Marczak and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/surv-target-survey.pets17.pdf">Social Engineering Attacks on Government Opponents: Target Perspectives</a></b>,
<em>Proceedings on Privacy Enhancing Technologies</em>, (2):152-164, 2017.
<p>
M. Sargent, J. Kristoff, V. Paxson and M. Allman,
<b>
<a href="http://www.icir.org/vern/papers/igmp-ccr17.pdf">On the Potential Abuse of IGMP</a></b>,
<em>Computer Communication Review</em> 47(1), January 2017.
<p>
<h2>2016</h2>
P. Richter, F. Wohlfart, N. Vallina-Rodriguez, M. Allman,
R. Bush, A. Feldmann, C. Kreibich, N. Weaver, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/cgn-imc16.pdf">A Multi-perspective Analysis of Carrier-Grade NAT Deployment</a></b>,
Proc. ACM IMC, November 2016.
Awarded the <a href="https://irtf.org/anrp.html">IRTF Applied Networking Research Prize</a>.
<p>
M. Ikram, N. Vallina-Rodriguez, S. Seneviratne, M. Ali Kaafar, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/vpn-apps-imc16.pdf">An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps</a></b>,
Proc. ACM IMC, November 2016.
<p>
J. Chen, N. Weaver, J. Jiang, T. Wan, H. Duan, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/host-of-troubles.ccs16.pdf">Host of Troubles: Multiple Host Ambiguities in HTTP Implementations</a></b>,
Proc. ACM CCS, October 2016.
<p>
S. Hao, A. Kantchelian, B. Miller, V. Paxson, and N. Feamster,
<b>
<a href="http://www.icir.org/vern/papers/predator-ccs16.pdf">PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration</a></b>,
Proc. ACM CCS, October 2016.
<p>
F. Li, Z. Durumeric, J. Czyz, M. Karami, M. Bailey, D. McCoy, S. Savage, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/sec16-vuln-notifications.pdf">You've Got Vulnerability: Exploring Effective Vulnerability Notifications</a></b>,
Proc. USENIX Security Symposium, August 2016.
<p>
S. Jain, M. Javed, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/trackers-pets16.pdf">Towards Mining Latent Client Identifiers from Network Traffic</a></b>,
Proc. PETS, July 2016.
<p>
M. Tschanz, S. Afroz, D. Fifield, and V. Paxson,
<b>
<a href="http://internet-freedom-science.org/circumvention-survey/">SoK: Towards Grounding Censorship Circumvention in Empiricism</a></b>,
Proc. IEEE Symposium on Security and Privacy, May 2016.
<p>
S. Sundaresan, D. McCoy, S. Afroz, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/skype-profile.ecrime16.pdf">Profiling Underground Merchants Based on Network Behavior</a></b>,
Proc. APWG eCrime, May 2016.
<p>
F. Li, G. Ho, E. Kuan, Y. Niu, L. Ballard, K. Thomas, E. Bursztein, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/notification-www16.pdf">Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension</a></b>,
Proc. WWW, April 2016.
<p>
M. Vallentin, V. Paxson, and R. Sommer,
<b>
<a href="http://www.icir.org/vern/papers/vast-nsdi16.pdf">VAST: A Unified Platform for Interactive Network Forensics</a></b>,
Proc. NSDI, March 2016.
<p>
B. Jones, N. Feamster, V. Paxson, N. Weaver, and M. Allman,
<b>
<a href="http://www.icir.org/mallman/pubs/JFP+16/JFP+16.pdf">Detecting DNS Root Manipulation</a></b>,
Proc. Passive & Active Measurement: PAM-2016.
<p>
S. Khattak, D. Fifield, S. Afroz, M. Javed, S. Sundaresan, V. Paxson, S. J. Murdoch, and D. McCoy,
<b>
<a href="http://www.icir.org/vern/papers/tor-differential.NDSS16.pdf">Do You See What I See? Differential Treatment of Anonymous Users</a></b>,
Proc. NDSS, February 2016.
<p>
J. Chen, J. Jiang, X. Zheng, H. Duan, J. Liang, K. Li, T. Wan, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/cdn-loops.NDSS16.pdf">Forwarding-Loop Attacks in Content Delivery Networks</a></b>,
Proc. NDSS, February 2016. Winner of Distinguished Paper.
<p>
<h2>2015</h2>
M. Javed, C. Herley, M. Peinado, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/traffic-exchanges-imc15.pdf">Measurement and Analysis of Traffic Exchange Services</a></b>,
Proc. ACM IMC, October 2015.
<p>
R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/gfw-discovery-imc2015.pdf">Examining How the Great Firewall Discovers Hidden Circumvention Servers</a></b>,
Proc. ACM IMC, October 2015.
Awarded the <a href="https://irtf.org/anrp.html">IRTF Applied Networking Research Prize</a>.
<p>
F. Li, R. Shin, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/li_ppknn_ccsw2015.pdf">
Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners</a></b>,
Proc. ACM Cloud Computing Security Workshop, October 2015.
<a href="http://www.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-177.pdf">
Technical Report No. UCB/EECS-2015-177</a></b> with more detail,
UC Berkeley, July 2015.
<p>
N. Vallina-Rodriguez, S. Sundaresan, C. Kreibich, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/header-enrichment-hotmiddle15.pdf">Header Enrichment or ISP Enrichment? Emerging Privacy Threats in Mobile Networks</a></b>,
Proc. SIGCOMM HotMiddlebox Workshop, August 2015.
<p>
B. Jones, R. Ensafi, N. Feamster, V. Paxson, and N. Weaver,
<b>
<a href="http://www.icir.org/vern/papers/censorship-meas.nsethics15.pdf">Ethical Concerns for Censorship Measurement</a></b>,
Proc. SIGCOMM Workshop on Ethics in Networked Systems Research, August 2015.
<p>
W. R. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Scott-Railton, R. Deibert, and V. Paxson,
<b>
<a href="https://www.usenix.org/system/files/conference/foci15/foci15-paper-marczak.pdf">
An Analysis of China's "Great Cannon"</a></b>,
Proc. USENIX Workshop on Free and Open Communications on the Internet (FOCI),
August 2015. This is a (not heavily) revised version of our
<b>
<a href="https://citizenlab.org/2015/04/chinas-great-cannon/">
CitizenLab report</a></b> of April 2015.
<p>
D. Fifield, C. Lan, R. Hynes, P. Wegmann, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/meek-PETS-2015.pdf">
Blocking-resistant communication through domain fronting</a></b>,
Proc. Privacy Enhancing Technologies Symposium (PETS), June 2015.
<p>
S. Afroz, D. Fifield, M. Tschantz, V. Paxson, and J. D. Tygar,
<b>
<a href="http://www.icir.org/vern/papers/censor-eval-hotpets2015.pdf">
Censorship Arms Race: Research vs. Practice</a></b>,
Proc. Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs),
June 2015.
<p>
K. Thomas, et al,
<b>
<a href="http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/43346.pdf">
Ad Injection at Scale: Assessing Deceptive Advertisement Modifications</a></b>,
Proc. IEEE Symposium on Security and Privacy, May 2015.
<p>
R. Rasti, M. Murthy, N. Weaver, and V. Paxson,
<b>
<a href="http://icir.org/vern/papers/lensing.oak15.pdf">
Temporal Lensing and its Application in Pulsing Denial-of-Service Attacks</a></b>,
Proc. IEEE Symposium on Security and Privacy, May 2015.
<p>
N. Vallina-Rodriguez, S. Sundaresan, C. Kreibich, N. Weaver, and V. Paxson,
<b>
<a href="http://icir.org/christian/publications/2015-mobisys-beyond.pdf">
Beyond the Radio: Illuminating the Higher Layers of Mobile Networks</a></b>,
Proc. ACM MOBISYS, May 2015.
<p>
W. R. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Scott-Railton, R. Deibert, and V. Paxson,
<b>
<a href="https://citizenlab.org/2015/04/chinas-great-cannon/">
China's Great Cannon</a></b>, CitizenLab report, April 2015.
<p>
P. Richter, M. Allman, R. Bush, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/v4-primer.ccr15.pdf">
A Primer on IPv4 Scarcity</a></b>,
<em>Computer Communication Review</em>, April 2015.
<p>
<h2>2014</h2>
N. Vallina-Rodriguez, J. Amann, C. Kreibich, N. Weaver, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/android-cert-conext14.pdf">
A Tangled Mass: The Android Root Certificate Stores</a></b>,
Proc. ACM CoNEXT, December 2014. Winner of Best Short Paper.
<p>
Z. Durumeric, F. Li, J. Kasten, J. Amann, J. Beekman, M. Payer, N. Weaver, D. Adrian, V. Paxson, M. Bailey, and J. Halderman,
<b>
<a href="http://www.icir.org/vern/papers/heartbleed-imc14.pdf">
The Matter of Heartbleed</a></b>,
Proc. ACM IMC, November 2014. Winner of Best Paper.
<p>
S. Khattak, M. Javed, S. Khayam, Z. Uzmi, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/censorship-response.imc14.pdf">
A Look at the Consequences of Internet Censorship Through an ISP Lens</a></b>,
Proc. ACM IMC, November 2014.
<p>
R. Sommer, M. Vallentin, L. De Carli, and V. Paxson,
<b>
<a href="http://www.icir.org/robin/papers/imc14-hilti.pdf">
HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis</a></b>,
Proc. ACM IMC, November 2014.
<p>
P. Pearce, V. Dave, C. Grier, K. Levchenko, S. Guha, D. McCoy, V. Paxson,
S. Savage, and G. Voelker,
<b>
<a href="http://www.icir.org/vern/papers/ZeroAccess.CCS14.pdf">
Characterizing Large-Scale Click Fraud in ZeroAccess</a></b>,
Proc. ACM CCS, November 2014.
<p>
K. Thomas, F. Li, C. Grier, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/twitter-compromise.ccs2014.pdf">
Consequences of Connectivity: Characterizing Account Hijacking on Twitter</a></b>,
Proc. ACM CCS, November 2014.
<p>
W. R. Marczak, J. Scott-Railton, M. Marquis-Boire and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/govhack.usesec14.pdf">
When Governments Hack Opponents: A Look at Actors and Technology</a></b>,
Proc. USENIX Security Symposium, August 2014.
(<a href="http://www.icir.org/vern/papers/govhack.usesec14.arabic.pdf">Arabic translation</a>, courtesy
<a href="http://bahrainmirror.com/">Bahrain Mirror</a>.)
<p>
A. Kapravelos, C. Grier, N. Chachra, C. Kruegel, G. Vigna and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/hulk-usesec14.pdf">
Hulk: Eliciting Malicious Behavior in Browser Extensions</a></b>,
Proc. USENIX Security Symposium, August 2014.
<p>
R. Rasti, M. Murthy and V. Paxson,
<b>
<a href="http://www.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-129.pdf">
Temporal Lensing and its Application in Pulsing Denial of Service Attacks</a></b>,
Technical Report No. UCB/EECS-2014-129, UC Berkeley, May 2014.
<p>
N. Weaver, C. Kreibich, M. Dam, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/netalyzr-proxies.pam14.pdf">
Here Be Web Proxies</a></b>,
Proc. Passive & Active Measurement: PAM-2014.
March 2014.
<h2>2013</h2>
P. Pearce et al,
<b>
<a href="http://www.eecs.berkeley.edu/Pubs/TechRpts/2013/EECS-2013-211.pdf">
The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules</a></b>,
Technical Report No. UCB/EECS-2013-211, UC Berkeley, December 2013.
<p>
M. Javed and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/dist-ssh-det.ccs13.pdf">
Detecting Stealthy, Distributed SSH Brute-Forcing</a></b>,
Proc. ACM CCS, November 2013.
<p>
S. Hao, M Thomas, V. Paxson, N. Feamster, C. Kreibich, C. Grier, and S. Hollenbeck,
<b>
<a href="http://www.icir.org/vern/papers/spammer-domain-reg.imc13.pdf">
Understanding the Domain Registration Behavior of Spammers</a></b>,
Proc. ACM IMC, October 2013.
<p>
K. Thomas, D. McCoy, C. Grier, A. Kolcz, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/twitter-acct-purch.usesec13.pdf">
Trafficking Fraudulent Accounts:
The Role of the Underground Market in Twitter Spam and Abuse</a></b>,
Proc. USENIX Security Symposium, August 2013.
<p>
V. Paxson et al,
<b>
<a href="http://www.icir.org/vern/papers/covert-dns-usec13.pdf">
Practical Comprehensive Bounds on Surreptitious Communication Over DNS</a></b>,
Proc. USENIX Security Symposium, August 2013.
<p>
S. Khattak, M. Javed, P. D. Anderson, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/censorship-model.foci13.pdf">
Towards Illuminating a Censorship Monitor's Model to Facilitate Evasion</a></b>,
Proc. USENIX Workshop on Free and Open Communications on the Internet (FOCI),
August 2013.
<p>
<h2>2012</h2>
M. Dhawan, J. Samuel, R. Teixeira,
C. Kreibich, M. Allman, N. Weaver, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/imc077-dhawan.pdf">
Fathom: A Browser-based Network Measurement Platform</a></b>,
Proc. ACM IMC, November 2012.
<p>
C. Grier et al,
<b>
<a href="http://www.icir.org/vern/papers/driveby-ccs12.pdf">
Manufacturing Compromise: The Emergence of Exploit-as-a-Service</a></b>,
Proc. ACM CCS, October 2012.
<p>
L. Martignoni, P. Poosankam, M. Zaharia, J. Han, S. McCamant, D. Song, V. Paxson, A. Perrig, S. Shenker, and I. Stoica,
<b>
<a href="http://www.icir.org/vern/papers/cloud-terminal.atc12.pdf">
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems</a></b>,
Proc. USENIX Annual Technical Conference, June 2012.
<p>
C. Rossow, C. J. Dietrich, C. Kreibich, C. Grier, V. Paxson, N. Pohlmann, H. Bos, and M. van Steen,
<b>
<a href="http://christian-rossow.de/publications/guidelines-ieee2012.pdf">
Prudent Practices for Designing Malware Experiments: Status Quo and Outlook</a></b>,
Proc. IEEE Symposium on Security and Privacy, May 2012.
<p>
K. Thomas, C. Grier, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/kremlin-bots.leet11.pdf">
Adapting Social Spam Infrastructure for Political Censorship</a></b>,
Proc. USENIX LEET, April 2012.
<p>
H. Duan, N. Weaver, Z. Zhao, M. Hu, J. Liang, J. Jiang, K. Li, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/hold-on.satin12.pdf">
Hold-On: Protecting Against On-Path DNS Poisoning</a></b>,
<em>Securing and Trusting Internet Names</em>, SATIN 2012.
<p>
T. Halvorson, J. Szurdi, G. Maier, M. Felegyhazi, C. Kreibich, N. Weaver, K. Levchenko, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/dot-biz.pam12.pdf">
The BIZ Top-Level Domain: Ten Years Later</a></b>,
Proc. Passive & Active Measurement: PAM-2012.
<p>
M. Zaharia, S. Katti, C. Grier, V. Paxson, S. Shenker, I. Stoica and D. Song,
<b>
<a href="http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-12.pdf">
Hypervisors as a Foothold for Personal Computer Security: An Agenda for the Research Community</a></b>,
Technical Report No. UCB/EECS-2012-12, UC Berkeley, January 2012.
<p>
<h2>2011</h2>
C. Kreibich, N. Weaver, C. Kanich, W. Cui, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/gq.imc2011.pdf">
GQ: Practical Containment for Measuring Modern Malware Systems</a></b>,
Proc. ACM IMC, November 2011.
<p>
K. Thomas, C. Grier, V. Paxson and D. Song,
<b>
<a href="http://www.icir.org/vern/papers/twitter-susp-accounts.imc2011.pdf">
Suspended Accounts in Retrospect: An Analysis of Twitter Spam</a></b>,
Proc. ACM IMC, November 2011.
<p>
J. Caballero, C. Grier, C. Kreibich and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/ppi-usesec11.pdf">
Measuring Pay-per-Install: The Commoditization of Malware Distribution</a></b>,
Proc. USENIX Security Symposium, August 2011. Winner of Outstanding Paper.
<p>
C. Kanich, N. Weaver, D. McCoy, T. Halvorson, C. Kreibich, K. Levchenko,
V. Paxson, G. Voelker and S. Savage,
<b>
<a href="http://www.icir.org/vern/papers/ppair-usesec11.pdf">
Show Me the Money: Characterizing Spam-advertised Revenue</a></b>,
Proc. USENIX Security Symposium, August 2011.
<p>
N. Weaver, C. Kreibich and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/foci11-final14.pdf">
Redirecting DNS for Ads and Profit</a></b>,
Proc. USENIX Workshop on Free and Open Communications on the Internet (FOCI),
August 2011.
<p>
C. Kreibich, N. Weaver, G. Maier, B. Nechaev and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/wmu10t-kreibich.pdf">
Experiences from Netalyzr with Engaging Users in End-System Measurement</a></b>,
ACM SIGCOMM Workshop on Measurements Up the Stack (W-MUST),
August 2011.
<p>
B. Miller, P. Pearce, and C. Grier, C. Kreibich and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/clickbots.dimva2011.pdf">
What's Clicking What? Techniques and Innovations of Today's Clickbots</a></b>,
Proc. Eighth Conference on Detection of Intrusions and Malware &
Vulnerability Assessment, July 2011.
<p>
G. Maier, A. Feldmann, V. Paxson, R. Sommer, and M. Vallentin,
<b>
<a href="http://www.icir.org/vern/papers/ressec.dimva2011.pdf">
An Assessment of Overt Malicious Activity Manifest in
Residential Networks</a></b>,
Proc. Eighth Conference on Detection of Intrusions and Malware &
Vulnerability Assessment, July 2011.
<p>
V. Paxson, M. Allman, H.K. Chu, and M. Sargent,
<b>
<a href="http://www.ietf.org/rfc/rfc6298.txt">
Computing TCP's Retransmission Timer</a></b>,
RFC 6298, Proposed Standard, June 2011. This is an update of
<a href="http://www.ietf.org/rfc/rfc2988.txt">
RFC 2988</a></b>.
<p>
K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. Voelker and S. Savage,
<b>
<a href="http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf">
Click Trajectories: End-to-End Analysis of the Spam Value Chain</a></b>,
</b>
Proc. IEEE Symposium on Security and Privacy, May 2011.
<p>
K. Thomas, C. Grier, J. Ma, V. Paxson and D. Song,
<b>
<a href="http://www.icir.org/vern/papers/monarch-oak11.pdf">
Design and Evaluation of a Real-Time URL Spam Filtering Service</a></b>,
</b>
Proc. IEEE Symposium on Security and Privacy, May 2011.
<p>
N. Weaver, C. Kreibich, B. Nechaev and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/netalyzr-dns.satin2011.pdf">
Implications of Netalyzr's DNS Measurements</a></b>,
Proc. Workshop on Securing and Trusting Internet Names (SATIN), April 2011.
<p>
Z. Li, A. Goyal, Y. Chen and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/probing-analy.ccs09.pdf">
Towards Situational Awareness of Large-scale Botnet Probing Events</a></b>,
</b>
<em>IEEE Transactions on Information Forensics & Security</em>,
6(1), March 2011.
An earlier version of this paper appeared in Proc. ASIACCS, Mar. 2009.
<p>
C. M. Zhang and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/pam11.autotwit.pdf">
Detecting and Analyzing Automated Activity on Twitter</a></b>,
</b>
Proc. Passive & Active Measurement: PAM-2011.
<p>
<h2>2010</h2>
C. Kreibich, N. Weaver, B. Nechaev and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/netalyzr.imc2010.pdf">
Netalyzr: Illuminating The Edge Network</a></b>,
Proc. ACM IMC, November 2010.
<p>
C. Muthukrishnan, V. Paxson, M. Allman and A. Akella,
<b>
<a href="http://www.icir.org/vern/papers/hotnets10-tussle.pdf">
Using Strongly Typed Networking to Architect for Tussle</a></b>,
Proc. HotNets, October 2010.
<p>
C. Grier, K. Thomas, V. Paxson and M. Zhang,
<b>
<a href="http://www.icir.org/vern/papers/ccs2010-twitter-spam.pdf">
@spam: The Underground on 140 Characters or Less</a></b>,
Proc. ACM CCS, October 2010.
<p>
R. Sommer and V. Paxson,
<b>
<a href="http://www.icir.org/robin/papers/oakland10-ml.pdf">Outside the Closed
World: On Using Machine Learning For Network Intrusion Detection</a></b>,
Proc. IEEE Symposium on Security and Privacy, May 2010.
<p>
C. Y. Cho, J. Caballero, C. Grier, V. Paxson and D. Song,
<b>
<a href="http://www.icir.org/vern/papers/botnet-mgt.leet10.pdf">
Insights from the Inside:
A View of Botnet Management from Infiltration</a></b>,
Proc. USENIX LEET, April 2010.
<p>
M. Felegyhazi, C. Kreibich and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/proactive-blacklisting.leet10.pdf">
On the Potential of Proactive Domain Blacklisting</a></b>,
Proc. USENIX LEET, April 2010.
<p>
B. Nechaev, M. Allman, V. Paxson and A. Gurtov,
<b>
<a href="http://www.icir.org/vern/papers/enterprise-perf.wren10.pdf">
A Preliminary Analysis of TCP Performance in an Enterprise Network</a></b>,
Proc. USENIX Internet Network Management Workshop/Workshop on Research
on Enterprise Networking, April 2010.
<p>
T. Callahan, M. Allman and V. Paxson,
<b>
<a href="http://www.icir.org/mallman/papers/httpanaly-pam2010.pdf">
A Longitudinal View of HTTP Traffic</a></b>,
Proc. Passive & Active Measurement: PAM-2010, April 2010.
<p>
A. Pitsillidis, K. Levchenko, C. Kreibich, C. Kanich, G. Voelker, V. Paxson,
N. Weaver and S. Savage,
<b>
<a href="http://www.icir.org/vern/papers/judo-ndss10.pdf">
Botnet Judo: Fighting Spam with Itself</a></b>,
Proc. NDSS, February 2010.
<p>
<h2>2009</h2>
G. Maier, A. Feldmann, V. Paxson and M. Allman,
<b>
<a href="http://www.icir.org/vern/papers/imc102-maier.pdf">
On Dominant Characteristics of Residential Broadband Internet Traffic</a></b>,
Proc. ACM IMC, November 2009.
<p>
B. Nechaev, V. Paxson, M. Allman and A. Gurtov,
<b>
<a href="http://www.icir.org/vern/papers/imc070-nechaev.pdf">
On Calibrating Enterprise Switch Measurements</a></b>,
Proc. ACM IMC, November 2009.
<p>
P. Mittal, V. Paxson, R. Sommer and M. Winterrowd,
<b>
<!-- <a href="http://www.icir.org/vern/papers/mediated-analy.hn09.pdf"> -->
<a href="http://www.princeton.edu/~pmittal/publications/mediated-hotnets09.pdf">
Securing Mediated Trace Access Using Black-box Permutation Analysis</a></b>,
Proc. HOTNETS, October 2009.
<p>
C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson,
S. Savage,
<b>
<a href="http://www.icir.org/vern/papers/CACMSpam09.pdf">
Spamalytics: An Empirical Analysis of Spam Marketing Conversion</a></b>,
<em>Communications of the ACM</em>,
52(9), pp. 99-107, September 2009.
<p>
M. Allman, V. Paxson and E. Blanton,
<b>
<a href="http://www.ietf.org/rfc/rfc5681.txt">
TCP Congestion Control</a></b>,
RFC 5681, Draft Standard, September 2009.
<p>
R. Sommer, V. Paxson, and N. Weaver,
<b>
<a href="http://www.icir.org/robin/papers/cc-multi-core.pdf">
An architecture for exploiting multi-core processors to parallelize
network intrusion prevention</a></b>,
<em>Concurrency and Computation: Practice and Experience</em>,
Special Issue: Multi-core Supported Network and System Security,
21(10), pp. 1255-1279, May 2009.
<p>
C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage,
<b>
<a href="http://www.icir.org/vern/papers/spamcraft.leet09.pdf">
Spamcraft: An Inside Look At Spam Campaign Orchestration</a></b>,
Proc. USENIX LEET, April 2009.
<p>
N. Weaver, R. Sommer and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/reset-injection.ndss09.pdf">
Detecting Forged TCP Reset Packets</a></b>,
</b>
Proc. NDSS, February 2009.
<p>
Z. Li, A. Goyal, Y. Chen and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/probing-analy.ccs09.pdf">
Automating Analysis of Large-Scale Botnet Probing Events</a></b>,
</b>
Proc. ASIACCS, March 2009.
<p>
<h2>2008</h2>
C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson,
S. Savage,
<b>
<a href="http://www.icir.org/christian/publications/2008-ccs-spamalytics.pdf">
Spamalytics: An Empirical Analysis of Spam Marketing Conversion</a></b>,
</b>
(<a href="http://www.icir.org/christian/spamalytics/">Overview</a>),
Proc. ACM CCS, October 2008.
<p>
H. Dreger, A. Feldmann, V. Paxson and R. Sommer,
<b>
<a href="http://www.icir.org/vern/papers/autoconf-raid08.pdf">
Predicting the Resource Consumption of Network Intrusion Detection
Systems</a></b>,
Proc. RAID, September 2008.
<p>
G. Maier, R. Sommer, H. Dreger, A. Feldmann, V. Paxson and F. Schneider,
<b>
<a href="http://www.icir.org/vern/papers/time-machine-sigcomm08.pdf">
Enriching Network Security Analysis with Time Travel</a></b>,
Proc. ACM SIGCOMM, August 2008.
<p>
J. Jung, R. Milito, and V. Paxson,
<b>
<a href="http://www2.seattle.intel-research.net/~jjung/rbs-computer-virology.pdf">
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms</a></b>,
<em>Journal in Computer Virology</em>, Vol.4, No.3, August 2008.
An earlier version of this paper appeared in
Proc. Fourth GI International Conference on Detection of Intrusions & Malware,
and Vulnerability Assessment, July 2007.
<p>
M. Allman, C. Kreibich, V. Paxson, R. Sommer and N. Weaver,
<b>
Principles for Developing Comprehensive Network Visibility
</b>
(<a href="http://www.icir.org/vern/papers/awareness-hotsec08/index.html">HTML</a>,
<a href="http://www.icir.org/mallman/papers/awareness-hotsec08.pdf">
PDF</a>),
USENIX Workshop on Hot Topics in Security, July 2008.
<p>
L. Juan, C. Kreibich, C-H. Lin, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/idsprobe-dimva08.pdf">
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems (Extended Abstract)</a></b>,
Proc. Fifth GI International Conference on Detection of Intrusions and Malware &
Vulnerability Assessment, July 2008.
(<b><a href="http://www.icir.org/christian/publications/2008-icast-idsprobe.pdf">Longer version</a></b>).
<p>
C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage,
<b>On the Spam Campaign Trail</b>
(<a href="http://www.icir.org/christian/publications/2008-leet-spamtrail/index.html">HTML</a>,
<a href="http://www.icir.org/christian/publications/2008-leet-spamtrail.pdf">PDF</a>),
First USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '08), 2008.
<p>
M. Vutukuru, H. Balakrishnan and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/tcpnorm-oak08.pdf">
Efficient and Robust TCP Stream Normalization</a></b>,
Proc. IEEE Symposium on Security and Privacy, May 2008.
<p>
M. Allman and V. Paxson,
<b>
<a href="http://www.icir.org/mallman/papers/rem-overview-pam08.pdf">
A Reactive Measurement Framework</a></b>,
Proc. Passive and Active Measurement Conference, April 2008.
<p>
<h2>2007</h2>
M. Allman, K. Christensen, B. Nordman, and V. Paxson,
<b>
<a href="http://www.icir.org/mallman/share/sconn/sconn-hotnets07-web.pdf">
Enabling an Energy-Efficient Future Internet Through Selectively Connected End Systems</a></b>,
Proc. HOTNETS, November 2007.
<p>
J. Franklin, V. Paxson, A. Perrig, and S. Savage,
<b>
<a href="http://www.icir.org/vern/papers/miscreant-wealth.ccs07.pdf">
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants</a></b>,
Proc. ACM CCS, October 2007.
<p>
J. Gonzalez, V. Paxson, and N. Weaver,
<b>
<a href="http://www.icir.org/vern/papers/shunting.ccs07.pdf">
Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention</a></b>,
Proc. ACM CCS, October 2007.
<p>
M. Allman, V. Paxson, and J. Terrell,
<b>
<a href="http://www.icir.org/mallman/papers/scan-history-imc07.pdf">
A Brief History of Scanning</a></b>,
Proc. ACM IMC, October 2007.
<p>
M. Allman and V. Paxson,
<b>
<a href="http://www.icir.org/mallman/papers/etiquette-imc07.pdf">
Issues and Etiquette Concerning Use of Shared Measurement Data</a></b>,
Proc. ACM IMC, October 2007.
<p>
M. Vallentin,
R. Sommer,
J. Lee,
C. Leres,
V. Paxson,
and B. Tierney,
<b>
<a href="http://www.icir.org/vern/papers/nids-cluster-raid07.pdf">
The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on
Commodity Hardware</a></b>,
Proc. RAID 2007.
<p>
M. Allman, C. Kreibich, V. Paxson, R. Sommer and N. Weaver,
<b>
<a href="http://www.icir.org/mallman/papers/opp-personas-hotsec07.pdf">
The Strengths of Weaker Identities: Opportunistic Personas</a></b>,
Proc. USENIX Hot Security, August 2007.
<p>
J. Jung, R. Milito, and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/rbs-dimva07.pdf">
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms</a></b>,
Proc. Fourth GI International Conference on Detection of Intrusions & Malware,
and Vulnerability Assessment, July 2007.
<p>
V. Paxson, R. Sommer, and N. Weaver,
<b>
<a href="http://www.icir.org/vern/papers/multicore-sarnoff07.pdf">
An Architecture for Exploiting Multi-Core Processors to Parallelize
Network Intrusion Prevention</a></b>,
Proc. IEEE Sarnoff Symposium, May 2007.
<p>
N. Weaver, V. Paxson, and J. Gonzalez,
<b>
<a href="http://www.icir.org/vern/papers/shunt-fpga-2007.pdf">
The Shunt: An FPGA-Based Accelerator for Network Intrusion Prevention</a></b>,
Proc. FPGA '07, February 2007.
<p>
<h2>2006</h2>
E. Kohler, J. Li, V. Paxson, and S. Shenker,
<b>
<a href="http://www.icir.org/vern/papers/address-structure.TON.06.pdf">
Observed Structure of Addresses in IP Traffic</a></b>,
<em>IEEE/ACM Transactions on Networking</em>, Vol.14, No.6, December 2006.
An earlier version of this paper appeared in Proc. ACM SIGCOMM
Internet Measurement Workshop, November 2002.
<p>
M. Allman, E. Blanton, V. Paxson and S. Shenker,
<b>
<a href="http://www.icir.org/vern/papers/info-sharing-hotnet06.pdf">
Fighting Coordinated Attackers with Cross-Organizational
Information Sharing</a></b>,
Proc. HOTNETS 2006.
<p>
<!A. Parker, S. Reddy, T. Schmid, K. Chang, G. Saurabh, M. Srivastava,
M. Hansen, J. Burke, D. Estrin, M. Allman and V. Paxson,>
A. Parker et al,
<b>
<a href="http://www.icir.org/vern/papers/selective-sharing-hotnets06.pdf">
Network System Challenges in Selective Sharing and Verification for Personal,
Social, and Urban-Scale Sensing Applications</a></b>,
Proc. HOTNETS 2006.
<p>
J. Jung, R. Milito and V. Paxson,
<b>
<a href="https://dspace.mit.edu/handle/1721.1/34875">
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms</a></b>,
MIT Technical Report MIT-CSAIL-TR-2006-074, November 2006.
<p>
R. Pang, V. Paxson, R. Sommer and L. Peterson,
<b>
<a href="http://www.icir.org/vern/papers/binpac.IMC06.pdf">
binpac: A yacc for Writing Application Protocol Parsers</a></b>,
Proc. ACM IMC, October 2006.
<p>
J. Kannan, J. Jung, V. Paxson and C. Koksal,
<b>
<a href="http://www.icir.org/vern/papers/session-discovery.IMC06.pdf">
Semi-Automated Discovery of Application Session Structure</a></b>,
Proc. ACM IMC, October 2006.
<p>
W. Cui, V. Paxson and N. Weaver,
<b>
<a href="http://research.microsoft.com/en-us/UM/people/wdcui/papers/gq-techreport.pdf">
GQ: Realizing a System to Catch Worms in a Quarter Million Places</a></b>,
ICSI Technical Report TR-06-004, September 2006.
<p>
V. Paxson, K. Asanovic, S. Dharmapurikar, J. Lockwood, R. Pang, R. Sommer
and N. Weaver,
<b>
<a href="http://www.icir.org/vern/papers/hotsec06.pdf">
Rethinking Hardware Support for Network Analysis and Intrusion Prevention</a></b>,
Proc. USENIX Hot Security, August 2006.
<p>
H. Dreger, A. Feldmann, M. Mai, V. Paxson and R. Sommer,
<b>
<a href="http://www.icir.org/robin/papers/usenix06/">
Dynamic Application-Layer Protocol Analysis for
Network Intrusion Detection</a></b>,
Proc. USENIX Security Symposium, August 2006.
(<a href="http://www.icir.org/robin/papers/usenix06.pdf">PDF</a>)
<p>
N. Duffield, F. Lo Presti, V. Paxson and D. Towsley,
<b>
<a href="http://www.icir.org/vern/papers/DLPT06-uinc.pdf">
Network Loss Tomography Using Striped Unicast Probes</a></b>,
<em>IEEE/ACM Transactions on Networking</em>, Vol.14, No.4, pp. 697-710, August 2006.
<p>
J. Gonzalez and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/secondary-path-raid06.pdf">
Enhancing Network Intrusion Detection With Integrated Sampling and Filtering</a></b>,
Proc. RAID 2006.
<p>
S. Floyd, V. Paxson and A. Falk,
<b>
<a href="http://www.ietf.org/rfc/rfc4440.txt">
IAB Thoughts on the Role of the Internet Research Task Force (IRTF)</a></b>,
RFC 4440, March 2006.
<p>
W. Cui, V. Paxson, N. Weaver and R. Katz,
<b>
<a href="http://research.microsoft.com/~wdcui/papers/roleplayer-ndss06.pdf">
Protocol-Independent Adaptive Replay of Application Dialog</a></b>,
Proc. NDSS, February 2006.
<p>
R. Pang, M. Allman, V. Paxson and J. Lee,
<b>
<a href="http://www.icir.org/enterprise-tracing/devil-ccr-jan06.pdf">
The Devil and Packet Trace Anonymization</a></b>,
<em>Computer Communication Review</em>, 36(1), January 2006.
<p>
<h2>2005</h2>
M. Casado, T. Garfinkel, W. Cui, V. Paxson and S. Savage,
<b>
<a href="http://www.icir.org/vern/papers/oppo-meas-hotnet05.pdf">
Opportunistic Measurement: Extracting Insight from Spurious Traffic</a></b>,
Proc. HOTNETS 2005.
<p>
V. Yegneswaran, P. Barford and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/sit-aware-hotnet05.pdf">
Using Honeynets for Internet Situational Awareness</a></b>,
Proc. HOTNETS 2005.
<p>
R. Pang, M. Allman, M. Bennett, J. Lee, V. Paxson and B. Tierney,
<b>
<a href="http://www.icir.org/enterprise-tracing/first-look-imc05/">
A First Look at Modern Enterprise Traffic</a></b>,
Proc. ACM IMC, October 2005.
(<a href="http://www.icir.org/enterprise-tracing/first-look-imc05.pdf">PDF</a>)
<p>
R. Sommer and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/state-acsac05.pdf">
Exploiting Independent State For Network Intrusion Detection</a></b>,
Proc. ACSAC 2005.
<p>
A. Kumar, V. Paxson and N. Weaver,
<b>
<a href="http://www.icir.org/vern/papers/witty-imc05.pdf">
Exploiting Underlying Structure for Detailed Reconstruction of an Internet Scale Event</a></b>,
Proc. ACM IMC, October 2005.
<p>
S. Kornexl, V. Paxson, H. Dreger, A. Feldmann and R. Sommer,
<b>
<a href="http://www.icir.org/vern/papers/TimeMachine-IMC05/index.html">
Building a Time Machine for Efficient Recording and Retrieval of High-Volume
Network Traffic</a></b>,
Proc. ACM IMC, October 2005.
(<a href="http://www.icir.org/vern/papers/TimeMachine-IMC05/TimeMachine.pdf">PDF</a>)
<p>
S. Dharmapurikar and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/TcpReassembly/index.html">
Robust TCP Stream Reassembly in the Presence of Adversaries</a></b>,
Proc. USENIX Security Symposium 2005.
(<a href="http://www.icir.org/vern/papers/TcpReassembly/TcpReassembly.pdf">PDF</a>)
<p>
M. Allman, E. Blanton and V. Paxson,
<b>
<a href="http://www.icir.org/vern/papers/history/">