Group 1: Email Spam

• [RFV07] Anirudh Ramachandran, Nick Feamster, and Santosh Vempala, Filtering Spam with Behavioral Blacklisting , Proceedings of ACM CCS '2007 .
• [XYAPHO08] Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov, Spamming Botnet: Signatures and Characteristics, Proceedings of ACM SIGCOMM 2008.

Additional Readings:

• [RF06] Anirudh Ramachandran and Nick Feamster, Understanding the NetworkLevel Behavior of Spammers , Proceedings of ACM SIGCOMM '2006.
• [LZ06] Kang Li and Zhenyu Zhong, Fast Statistical Spam Filter by Approximate Classifications , Proceedings of ACM SIGMETRICS'2006.
• [XYW06] Mengjun Xie, Heng Yin, and Haining Wang, An Effective Defense Against Email Spam Laundering , Proceedings of ACM CCS '2006 .

Group 2: DNS Security

• [DPLL'08] David Dagon, Niels Provos, Christopher P. Lee, and Wenke Lee, Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority , Proceedings of NDSS'2008.
• [ORMZ08] David Dagon, Manos Antonakakis, Paul Vixie, Tatuya Jinmei, and Wenke Lee, Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries , ACM CCS'2008.
• [ORMZ08] Eric Osterweil, Michael Ryan, Dan Massey, and Lixia Zhang, Quantifying the Operational Status of the DNSSEC Deployment , Proceedings of the ACM Internet Measurement Conference'2008.
• [BF08] Hitesh Ballani and Paul Francis, Mitigating DNS DoS Attacks , Proceedings of the ACM CCS'2008.

Additional Readings:

• [PXLTMZ'04] V. Pappas, Z. Xu, S. Lu, A. Terzes, D. Massey, L. Zhang, Impact of Configuration Errors on DNS Robustness , Proceedings of ACM SIGCOMM'2004 , Portland, OR, August 2004.
• [PHAMPS04] J. Pang, J. Hendricks, A. Akella, B. Maggs, R. De Prisco and S. Seshan, Availability, Usage, and Deployment Characteristics of the Domain Name System , Proceedings of the ACM Internet Measurement Conference, Taormina, Sicily, October 2004.

Group 3: TCP Misbehaviors

• [SB05] R. Sherwood and B. Bhattacharjee, Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse , Proceedings of ACM CCS'05, October 2005.
• [SCWA99] Stefan Savage, Neal Cardwell, David Wetherall, and Tom Anderson, TCP Congestion Control with a Misbehaving Receiver , ACM Computer Communication Review, Vol. 29, No. 5, 1999.
• [WSP09] N. Weaver, R. Sommer and V. Paxson, Detecting Forged TCP Reset Packets , Proceedings of NDSS'2009.

Additional Readings:

• [FF96] K. Fall and S. Floyd, Simulation-based Comparisons of Tahoe, Reno and SACK TCP, ACM Computer Communications Review, Vol. 26, No. 3 pp. 5-21, July, 1996.
• [PFTK98] Mythili Vutukuru, Hari Balakrishnan, and Vern Paxson, Efficient and Robust TCP Stream Normalization , Proceedings of IEEE Symposium Security and Privacy 2008.

Group 4: DoS Attacks

• [MVS01] David Moore, Geoffrey Voelker, and Stefan Savage, Inferring Internet Denial of Service Activity, Proceedings of USENIX Security Symposium'2001.
• [Pax01] Vern Paxson, An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks , ACM Computer Communication Review, Vol. 31, No. 3, 2001.
• [JKR02] Jaeyeon Jung, Balachander Krishnamurthy, and Michael Rabinovich, Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites, Proceedings of the Eleventh International World Wide Web Conference.
• [YWA05] Xiaowei Yang, David Wetherall, and Tom Anderson, A DoS-limiting Network Architecture , Proceedings of ACM SIGCOMM'2005.

Additional Readings:

• [SWKA00], S. Savage, D. Wetherall, A. Karlin, T. Anderson Practical Network Support for IP Traceback; Proceedings of ACM SIGCOMM '2000.
• [JWK03] Cheng Jin, Haining Wang, and Kang G. Shin, Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic , Proceedings of ACM CCS'03, October 2003.

Group 5: Botnets and Bot

• [RZMT06] Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, and Andreas Terzis, A Multifaceted Approach to Understanding the Botnet Phenomenon , Proceedings of ACM IMC'2006.
• [DZL06] David Dagon, Cliff Zou, and Wenke Lee, Modeling Botnet Propagation Using Time Zones , Proceedings of NDSS'2006.
• [GPZL08] Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee, BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , Proceedings of USENIX Security'2008.
• [GZL08] Guofei Gu, Junjie Zhang, and Wenke Lee, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , Proceedings of NDSS'2008.
• [GXWW08] Steven Gianvecchio, Mengjun Xie, Zhenyu Wu, and Haining Wang, Measurement and Classification of Humans and Bots in Internet Chat . Proceedings of USENIX Security'2008.

Group 6: Spyware

• [SGL04] Stefan Saroiu, Steven D. Gribble, and Henry M. Levy, Measurement and Analysis of Spyware in a University Environment, Proceedings of USENIX NSDI'2004..
• [MBGL06] Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy A Crawler-based Study of Spyware on the Web Proceedings of NDSS'2006.
• [KKBVK'06] Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, and Richard A. Kemmerer, Behavior-based Spyware Detection , Proceedings of USENIX Security'2006.
• [MKKYS'07] Manuel Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Song, Dynamic Spyware Analysis , Proceedings of USENIX Annual Technical Conference'2007.

Group 7: Phishing

• [DTH06] Rachna Dhamija, J. D. Tygar and Marti Hearst, Why Phishing Works , Proceedings of ACM CHI'2006.
• [ZECH07] Yue Zhang, Serge Egelman, Lorrie Cranor, and Jason Hong, Phinding Phish: Evaluating Anti-Phishing Tools Proceedings of NDSS'2007.
• [ZHC07] Yue Zhang, Jason Hong, and Lorrie Cranor, CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Proceedings of WWW'2007.
• [YW08] Chuan Yue and Haining Wang, Anti-Phishing in Offense and Defense, Proceedings of ACSAC'2008.

Group 8: Web Security

• [GTK08] Chris Grier, Shuo Tang, and Samuel T. King, Secure web browsing with the OP web browser , Proceedings of IEEE Symposium on Security and Privacy'2008.
• [JBSB07] Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh, Protecting Browsers from DNS Rebinding Attacks , Proceedings of ACM CCS'2007.
• [JSH07] Trevor Jim, Nikhil Swamy, and Michael Hicks, Defeating Script Injection Attacks with Browser-Enforced Embedded Policies , Proceedings of WWW'2007.
• [MCK04] V. T. Lam, S. Antonatos, P. Akritidis, and K. G. Anagnostakis, Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure , Proceedings of ACM CCS'2006 .
• [RVKK06] W. Robertson, G. Vigna, C. Kruegel, and R. Kemmerer, o Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks , Proceedings of NDSS'2006.

Group 9: Internet Worms and Malware

• [SPW02] S. Staniford, V. Paxson and N. Weaver, How to Own the Internet in Your Spare Time, In Proc. of USENIX Security Symposium'2002
• [MPSSSW03] David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford and Nicholas Weaver, Inside the Slammer Worm , IEEE Security and Privacy 1(4) 2003.
• [WSP04] N. Weaver, S. Staniford and V. Paxson, Very Fast Containment of Scanning Worms , Proceedings of USENIX Security Symposium '2004.
• [BOAMJN07] Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian, and Jose Nazario, Automated Classification and Analysis of Internet Malware , Proceedings of RAID'2007.

Group 10: Network Intrusion Detection

• [WGSZ04], Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier, Shield: Vulnerability Driven Network Filters for Preventing Known Vulnerability Exploits , Proceedings of ACM SIGCOMM'2004.
• [Pax99] V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time; Computer Networks, 31(23-24), December, 1999.
• [SP03], Robin Sommer and Vern Paxson Enhancing Byte-Level Network Intrusion Detection Signatures with Context , Proceedings of ACM CCS'2003.
• [GPW07] Jose M Gonzalez, Vern Paxson, and Nicholas Weaver Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention , Proceedings of ACM CCS'2007.
• [SAB08] Nabil Schear, David Albrecht, and Nikita Borisov, High-speed Matching of Vulnerability Signatures, Proceedings of RAID'2008.

Additional Readings:

• [WLXRKC06] X.F. Wang, Z. Li, J. Xu, M. Reiter, C. Kil and J. Choi, Packet Vaccine: Black-box Exploit Detection and Signature Generation , Proceedings of ACM CCS'06, October 2006.
• [CGAFBMS06] M. Casado, T. Garfinkel, A. Akella, M. Freedman, D. Boneh, N. McKeown, and S. Shenker, SANE: A Protection Architecture for Enterprise Networks ; In Proc. of 15th USENIX Security Symposium, August, 2006.

Group 11: IP Dynamics and Prefix Hijacking

• [XYAGG07], Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moises Goldszmidt, and Ted Wobber, How Dynamic are IP Addresses ; Proceedings of ACM SIGCOMM'2007.
• [CBJM06] E. Cooke, M. Bailey, F. Jahanian, and R. Mortier, The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery , Proceedings of USENIX NSDI'06 .
• [HM07] Xin Hu and Z. Morley Mao, Accurate Real-time Identification of IP Prefix Hijacking ; Proceedings of IEEE Symposium on Security and Privacy'2007.
• [ZZHMB08], Zheng Zhang, Ying Zhang, Y Charlie Hu, Z Morley Mao, and Randy Bush, iSPY: Detecting IP Prefix Hijacking on My Own ; Proceedings of ACM SIGCOMM'2008.

Group 12: VoIP Security

• [Wang07] Xinyuan Wang, Research Challenges in Securing VoIP ; Tutorial in ACM CCS'2007.
• [MNS08] Bertrand Mathieu, Saverio Niccolini, and Dorgham Sisalem, SDRS: A Voice-over-IP Spam Detection and Reaction System , IEEE Security and Privacy, Vol. 6, No. 6, 2008.