2012

• On the Soundness of Silence: Assessments of Malware Execution Studies to appear

  C. Rossow, C. Dietrich, C. Kreibich, C. Grier, V. Paxson, N. Pohlmann, H. Bos, M. van Steen. IEEE Symposium on Security and Privacy, 2012, San Francisco, USA.

• Probe and Pray: Using UPnP for Home Network Measurements to appear

  L. DiCioccio, R. Teixeira, M. May, C. Kreibich. Passive and Active Measurement Conference, 2012, Vienna, Austria.

• The BIZ Top-Level Domain: Ten Years Later to appear

  T. Halvorson, J. Szurdi, G. Maier, M. Felegyhazi, C. Kreibich, N. Weaver, K. Levchenko, V. Paxson. Passive and Active Measurement Conference, 2012, Vienna, Austria.

2011

• GQ: Practical Containment for Measuring Modern Malware Systems pdf bib

  C. Kreibich, N. Weaver, C. Kanich, W. Cui, V. Paxson. Internet Measurement Conference (IMC) 2011, Berlin, Germany.

  This paper presents the malware habitat that enabled all of our botnet infiltrations and spam harvesting, and also discusses some lessons learned from 5+ years of building and (safely!) running one of the most wretched hives of malware scum and villainy around.

• Experiences from Netalyzr with Engaging Users in End-System Measurement pdf bib

  C. Kreibich, N. Weaver, G. Maier, B. Nechaev, V. Paxson. ACM SIGCOMM Workshop on Measurements Up the Stack (W-MUST), 2011, Toronto, Canada.

• Redirecting DNS for Ads and Profit pdf bib

  N. Weaver, C. Kreibich, V. Paxson. USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2011, San Francisco, USA.

  This paper in part describes the unfolding story of some US ISPs using technology by a company called Paxfire to hijack web search queries for monetization through marketing affiliate programs. Read more at New Scientist, EFF, BoingBoing, Slashdot, or the Inquirer. You can also follow it over on the Netalyzr blog.

• Show Me the Money: Characterizing Spam-advertised Revenue pdf bib

  C. Kanich, N. Weaver, D. McCoy, T. Halvorson, C. Kreibich, K. Levchenko, V. Paxson, G. Voelker, S. Savage. USENIX Security Symposium, 2011, San Francisco, USA.

  MIT Technology Review article on this work, unfortunately completely failing to mention ICSI's involvement. 26.07.11

• Measuring Pay-per-Install: The Commoditization of Malware Distribution pdf bib 9 citations

  C. Grier, J. Caballero, C. Kreibich, V. Paxson. USENIX Security Symposium, 2011, San Francisco, USA.

  MIT Technology Review article on this work. 09.06.11

  We scored an outstanding paper award at the conference. 10.08.11

• What's Clicking What? Techniques and Innovations of Today's Clickbots pdf bib

  B. Miller, P. Pearce, C. Grier, C. Kreibich, V. Paxson. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2011, Amsterdam, The Netherlands.

• Click Trajectories: End-to-End Analysis of the Spam Value Chain pdf bib 18 citations

  K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage. IEEE Symposium on Security and Privacy, 2011, Oakland, USA.

  Read more details about this work here.

• Implications of Netalyzr's DNS Measurements pdf bib

  N. Weaver, C. Kreibich, B. Nechaev, V. Paxson. First Workshop on Securing and Trusting Internet Names (SATIN), 2011, Teddington, UK.

• On the Effects of Registrar-level Intervention pdf bib

  H. Liu, K. Levchenko, M. Felegyhazi, C. Kreibich, G. Maier, G. M. Voelker, S. Savage. Fourth USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '11), 2011, Boston, USA.

2010

• Netalyzr: Illuminating The Edge Network pdf bib 19 citations

  C. Kreibich, N. Weaver, B. Nechaev, V. Paxson. Internet Measurement Conference (IMC), 2010, Melbourne, Australia.

  This paper has co-won the FCC's Open Internet Research Challenge. Read more about the award here. 05.08.11

  For more details on this work, please check out the Netalyzr website.

• On the Potential of Proactive Domain Blacklisting pdf bib 13 citations

  M. Felegyhazi, C. Kreibich, V. Paxson. Third USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '10), 2010, San Jose, USA.

• Botnet Judo: Fighting Spam with Itself pdf bib 23 citations

  A. Pitsillidis, K. Levchenko, C. Kreibich, C. Kanich, G.M. Voelker, V. Paxson, N. Weaver, S. Savage. 17th Annual Network and Distributed System Security Symposium, 28 February - 3 March 2010, San Diego, USA.

  New Scientist featured this work, as did BoingBoing, Slashdot, Ars Technica, and the Chronicle of Higher Education. 25.01.10

• Detection of Intrusions and Malware, and Vulnerability Assessment html bib

  C. Kreibich, M. Jahnke (eds). Proceedings of the 7th International DIMVA Conference, July 2010, Bonn, Germany. LNCS Volme 6201, Springer Verlag. ISBN 978-3-642-14214-7.

• Recent Advances in Intrusion Detection html bib

  S. Jha, R. Sommer, C. Kreibich (eds). Proceedings of the 13th International RAID Symposium, September 2010, Ottawa, Ontario, Canada. LNCS Volume 6307, Springer Verlag. ISBN 978-3-642-15511-6.

2009

• Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-engineering pdf bib 45 citations

  J. Caballero, P. Poosankam, C. Kreibich, and D. Song. 16th ACM Conference on Computer and Communications Security (CCS), 9-13 November 2009, Chicago, USA.

  MIT Technology Review article on our work. 11.11.09

• Spamalytics: An Empirical Analysis of Spam Marketing Conversion pdf bib 133 citations

  C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Communications of the ACM, 52(9), pp. 99-107, September 2009.

  Read more about the Spamalytics study and its media coverage here.

• Spamcraft: An Inside Look At Spam Campaign Orchestration pdf bib 37 citations

  C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Second USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '09), 2009, Boston, USA.

  New Scientist article on our work. 07.05.09

2008

• Spamalytics: An Empirical Analysis of Spam Marketing Conversion pdf html bib 133 citations

  C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. 15th ACM Conference on Computer and Communications Security (CCS), 27-31 October 2008, Alexandria, VA.

  Read more details about the Spamalytics study here.

• Principles for Developing Comprehensive Network Visibility pdf 7 citations

  M. Allman, C. Kreibich, V. Paxson, R. Sommer, and N. Weaver. 3rd USENIX Workshop on Hot Topics in Security (HotSec '08), 29 July 2008, San Jose, USA.

• On the Spam Campaign Trail pdf html bib 46 citations

  C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. First USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '08), 2008, San Francisco, USA.

• A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems pdf

  L. Juan, C. Kreibich, C.-H. Lin, and V. Paxson. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2008, Paris, France.

2007

• The Strengths of Weaker Identities: Opportunistic Personas pdf 5 citations

  M. Allman, C. Kreibich, V. Paxson, R. Sommer, and N. Weaver. Second USENIX Workshop on Hot Topics in Security (HotSec '07), 2007, Boston, USA.

• Structural Traffic Analysis For Network Security Monitoring pdf

  C. Kreibich. Ph.D. thesis, 2007.

2006

• Unexpected Means of Protocol Inference pdf 105 citations

  J. Ma, K. Levchenko, C. Kreibich, S. Savage, and G. Voelker. Internet Measurement Conference (IMC), 2006, Rio de Janeiro, Brazil.

• Efficient Sequence Alignment of Network Traffic pdf 5 citations

  C. Kreibich and J. Crowcroft. Internet Measurement Conference (IMC), 2006, Rio de Janeiro, Brazil.

2005

• Using Packet Symmetry to Curtail Malicious Traffic pdf 29 citations

  C. Kreibich, A. Warfield, J. Crowcroft, S. Hand, and I. Pratt. Fourth Workshop on Hot Topics in Networks (HotNets-IV), 2005, College Park/Maryland, USA.

• Only 365 Days Left Until The Sigcomm Deadline pdf (Jon's fault! :)

  J. Crowcroft and C. Kreibich. ACM SIGCOMM Computer Communication Review, Volume 36, Issue 5 (October 2006), pages 57-62.

• Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context pdf

  H. Dreger, C. Kreibich, R. Sommer, and V. Paxson. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '05), Vienna, Austria.

• Policy-controlled Event Management for Distributed Intrusion Detection pdf 20 citations

  C. Kreibich and R. Sommer. 4th International Workshop on Distributed Event-Based Systems (DEBS '05), 2005, Columbus/Ohio, USA.

• Brooery: A Graphical Environment for Analysis of Security-Relevant Network Activity pdf 2 citations

  C. Kreibich. Usenix Technical Conference, Freenix Track, 2005, Anaheim, USA.

2004

• Design and Implementation of Netdude, a Framework for Packet Trace Manipulation pdf html 11 citations

  C. Kreibich. Usenix Technical Conference, Freenix Track, 2004, Boston, USA. Awarded Best Student Paper.

2003

• Honeycomb: Creating Intrusion Detection Signatures Using Honeypots pdf 389 citations

  C. Kreibich and J. Crowcroft. 2nd Workshop on Hot Topics in Networks (HotNets-II), 2003, Boston, USA.

• Towards an Infrastructure for Automated Distribution of Vulnerability Knowledge pdf

  C. Kreibich and J. Crowcroft. Cabernet Radicals Workshop 2003, Corsica.

• Automated NIDS Signature Generation using Honeypots pdf

  C. Kreibich and J. Crowcroft. Poster paper, SIGCOMM 2003, Karlsruhe, Germany.

• Architecture of a Network Monitor pdf 102 citations

  A. Moore, J. Hall, C. Kreibich, E. Harris, and I. Pratt. Passive and Active Measurements Workshop, La Jolla, California. 2003.

2001

• Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics ps.gz 354 citations

  M. Handley, C.Kreibich, and V. Paxson. Usenix Security Symposium, Washington, USA, 2001.

  The source code for Norm, the normalizer presented in this paper, is available here.

2000

• Analysis of Metaheuristics in the Network Design Process ps.gz

  C. Kreibich. Diplomarbeit, Technische Universität München, 2000.