Damballa's Academic Roots
Many current and former Damballa employees have distinguished themselves within both the academic and business worlds. The following publications
feature cutting-edge research, much of which has made its way into Damballa's products.
A Taxonomy of Botnet Structures
D. Dagon, G. Gu, C. Lee, W. Lee.
In Proceedings of The 23rd
Annual Computer Security Applications Conference (ACSAC
2007), Miami Beach, FL, December 2007.
Misleading and Defeating Importance-Scanning Malware
Propagation
G. Gu, Z. Chen, P. Porras, W. Lee.
In Proceedings of The 3rd International
Conference on Security and Privacy in Communication Networks
(SecureComm'07), Nice, France, September 2007.
BotHunter: Detecting Malware Infection Through IDS-Driven
Dialog Correlation
G. Gu, P. Porras, V. Yegneswaran, M., W. Lee.
In Proceedings of The 16th
USENIX Security Symposium (Security'07), Boston, MA,
August 2007.
PolyUnpack: Automating the Hidden-Code Extraction of
Unpack-Executing Malware
P. Royal, M. Halpin,
D. Dagon, R. Edmonds, W. Lee.
In Proceedings of The 22th Annual Computer
Security Applications Conference (ACSAC
2006), Miami Beach, FL, December 2006.
Modeling Botnet Propagation Using Time Zones
D. Dagon,
C. Zou, W. Lee.
In Proceedings of The
13th Annual Network and Distributed System Security Symposium
(NDSS 2006), San Diego, CA, February 2006.
Worm Detection, Early
Warning, and Response Based on Local Victim Information
G. Gu, D. Dagon, X. Qin, M. Sharif, W. Lee, G. Riley.
In Proceedings of The 20th Annual Computer Security Applications Conference (ACSAC 2004), Tucson, Arizona, December 2004.
Simulating Internet
Worms
G. Riley, M. Sharif, W. Lee.
In
Proceedings of The 12th Annual Meeting of the IEEE/ACM
International Symposium on Modeling, Analysis, and Simulation of
Computer and Telecommunication Systems (MASCOTS),
Volendam, The Netherlands, October 2004
HoneyStat: Local Worm Detection
Using Honeypots
D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levin, H. Owen.
In
Proceedings of The 7th International Symposium on Recent
Advances in Intrusion Detection (RAID 2004), Sophia
Antipolis, France, September 2004.
Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems
R. Perdisci, G. Gu, W. Lee. IEEE International Conference on Data Mining, ICDM 2006.
Polymorphic Blending Attacks
P. Fogla, M. Sharif, R. Perdisci, O. Kolesnikov, W. Lee. USENIX Security 2006.
Misleading Worm Signature Generators Using Deliberate Noise Injection
R. Perdisci, D. Dagon, W. Lee, P. Fogla, M. Sharif. IEEE Symposium on Security and Privacy 2006.
Ether: Malware Analysis via Hardware Virtualization Extensions
A. Dinaburg, P. Royal, M. Sharif, W. Lee. Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, October 2008.
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection
G. Gu, R. Perdisci, J. Zhang, W. Lee. USENIX Security Conference, 2008.
McBoost: Boosting Scalability in Malware Collection and Analysis Using
Statistical Classification of Executables
R. Perdisci, A. Lanzi, W. Lee. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, CA, December 2008.
Classification of Packed Executables
for Accurate Computer Virus Detection
R. Perdisci, A. Lanzi, W. Lee., Pattern Recognition Letters, 29(14), 2008.
