Refine
Departments, institutes and facilities
- Fachbereich Informatik (59)
- Fachbereich Angewandte Naturwissenschaften (32)
- Institut für Technik, Ressourcenschonung und Energieeffizienz (TREE) (32)
- Fachbereich Ingenieurwissenschaften und Kommunikation (25)
- Institut für Cyber Security & Privacy (ICSP) (20)
- Fachbereich Wirtschaftswissenschaften (17)
- Institut für funktionale Gen-Analytik (IFGA) (16)
- Institute of Visual Computing (IVC) (13)
- Institut für Verbraucherinformatik (IVI) (11)
- Internationales Zentrum für Nachhaltige Entwicklung (IZNE) (6)
Document Type
- Conference Object (79)
- Article (70)
- Part of a Book (10)
- Conference Proceedings (3)
- Book (monograph, edited volume) (2)
- Doctoral Thesis (2)
- Bachelor Thesis (1)
- Contribution to a Periodical (1)
- Research Data (1)
- Master's Thesis (1)
Year of publication
- 2016 (174) (remove)
Language
- English (174) (remove)
Keywords
- Dielectric analysis (2)
- Fas (2)
- IEEE802.11 (2)
- Intelligent Transport System (2)
- Large, high-resolution displays (2)
- Lignin (2)
- Long-Distance WiFi (2)
- Numerical optimization (2)
- Single Instruction Multiple Data (SIMD) (2)
- SpMV (2)
Recent years have seen extensive adoption of domain generation algorithms (DGA) by modern botnets. The main goal is to generate a large number of domain names and then use a small subset for actual C&C communication. This makes DGAs very compelling for botmasters to harden the infrastructure of their botnets and make it resilient to blacklisting and attacks such as takedown efforts. While early DGAs were used as a backup communication mechanism, several new botnets use them as their primary communication method, making it extremely important to study DGAs in detail.
In this paper, we perform a comprehensive measurement study of the DGA landscape by analyzing 43 DGAbased malware families and variants. We also present a taxonomy for DGAs and use it to characterize and compare the properties of the studied families. By reimplementing the algorithms, we pre-compute all possible domains they generate, covering the majority of known and active DGAs. Then, we study the registration status of over 18 million DGA domains and show that corresponding malware families and related campaigns can be reliably identified by pre-computing future DGA domains. We also give insights into botmasters’ strategies regarding domain registration and identify several pitfalls in previous takedown efforts of DGA-based botnets. We will share the dataset for future research and will also provide a web service to check domains for potential DGA identity.
Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study
(2016)
Doubting - Path to Science
(2016)
The analysis of Δ9-tetrahydrocannabinol (THC) and its metabolites 11-hydroxy-Δ9-tetrahydrocannabinol (11-OH-THC), and 11-nor-9-carboxy-Δ9-tetrahydrocannabinol (THC-COOH) from blood serum is a routine task in forensic toxicology laboratories. For examination of consumption habits, the concentration of the phase I metabolite THC-COOH is used. Recommendations for interpretation of analysis values in medical-psychological assessments (regranting of driver’s licenses, Germany) include threshold values for the free, unconjugated THC-COOH. Using a fully automated two-step liquid-liquid extraction, THC, 11-OH-THC, and free, unconjugated THC-COOH were extracted from blood serum, silylated with N-methyl-N-(trimethylsilyl) trifluoroacetamide (MSTFA), and analyzed by GC/MS. The automation was carried out by an x-y-z sample robot equipped with modules for shaking, centrifugation, and solvent evaporation. This method was based on a previously developed manual sample preparation method. Validation guidelines of the Society of Toxicological and Forensic Chemistry (GTFCh) were fulfilled for both methods, at which the focus of this article is the automated one. Limits of detection and quantification for THC were 0.3 and 0.6 μg/L, for 11-OH-THC were 0.1 and 0.8 μg/L, and for THC-COOH were 0.3 and 1.1 μg/L, when extracting only 0.5 mL of blood serum. Therefore, the required limit of quantification for THC of 1 μg/L in driving under the influence of cannabis cases in Germany (and other countries) can be reached and the method can be employed in that context. Real and external control samples were analyzed, and a round robin test was passed successfully. To date, the method is employed in the Institute of Legal Medicine in Giessen, Germany, in daily routine. Automation helps in avoiding errors during sample preparation and reduces the workload of the laboratory personnel. Due to its flexibility, the analysis system can be employed for other liquid-liquid extractions as well. To the best of our knowledge, this is the first publication on a comprehensively automated classical liquid-liquid extraction workflow in the field of forensic toxicological analysis.