Last modified:
Tue Oct 20 15:29:54 PDT 2009
Papers
- The conflicts facing those responding to cyberconflict, David Dittrich, to appear in USENIX ;login: vol. 34, no. 6, December 2009, pp. 7-15
- Have we Crossed the Line? The Growing Ethical Debate in Modern Computer Security Research, David Dittrich, Michael Bailey, and Sven Dietrich, poster presented at the 16th ACM Conference on Computer and Communication Security, November 2009
- Malware to crimeware: How far have they gone, and how do we catch up?, by David Dittrich. This article first appeared in ;login:, the USENIX magazine, vol. 34, no. 4, August 2009 [Local copy]
- Visual Analytics in Support of Secure Cyber-Physical Systems, by David Dittrich and Mark P. Haselkorn, DHS Workshop on Future Directions in Cyber-Physical Systems Security, July 2009
- Towards Community Standards for Ethical Behavior in Computer Security Research, by David Dittrich, Michael Bailey, and Sven Dietrich, Stevens CS Technical Report 2009-1, April 20, 2009 [Local copy and most recent draft release.]
- Discovery Techniques for P2P botnets, by David Dittrich and Sven Dietrich, Stevens Institute of Technology Tech Report CS 2008-4, September, 2008 [Local Copy. Discussed at DIMVA rump session presentation in July 2008 in Paris, and USENIX Security Works-in-Progress presentation in August 2008 in San Jose.]
-
Animation of the Nugache network with 1205 active bots. This shows the discovery of bots by crawling the active network using the method shown in Algorithm 1. Only those nodes that where active at the time are shown in this animation. The first node visited is left as a blue cube to give a point of reference as the P2P network is discovered. (This animation was created using Ubigraph from a Python script.)
- P2P as botnet command and control: a deeper insight, by David Dittrich and Sven Dietrich, in Proceedings of the 2008 3rd International Conference on Malicious and Unwanted Software (Malware), October 2008 ("Best Paper" award winner) [Local copy]
- New Directions in Peer-to-Peer Malware, by Dave Dittrich and Sven Dietrich, IEEE Sarnoff Symposium 2008, April 2008, pp. 1-5 [Local copy]
- On Developing Tomorrow's "Cyber Warriors," by David Dittrich, in Proccedings of the 12th Colloquium for Information Systems Security Education, Dallas, Texas, USA, June 2008 [Local copy]
- Command and control structures in malware: From Handler/Agent to P2P, by Dave Dittrich and Sven Dietrich, USENIX ;login: vol. 32, no. 6, December 2007, pp. 8-17 [Local copy]
- Analysis of the Storm and Nugache Trojans: P2P is here, Sam Stover, Dave Dittrich, John Hernandez, and Sven Dietrich, USENIX ;login: vol. 32, no. 6, December 2007, pp. 18-27 [Local copy]
- The Manuka Project, by Barbara Endicott-Popovsky, David Dittrich, Amelia Phillips, Deb Frincke, Jose Chavez, W. Jenks Gibbons, Don Nguyen, Christian Seifert, Amy Shephard, Chris Abate, Shawn Loveland, Proceedings of the 2004 IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY, June 2004 [Local copy]
- Know your Enemy: Know Your Lawyer, by David Dittrich and Alisha Ritter, June 2002 (unpublished draft of a "Know Your Enemy" series paper)
- Analyzing Distributed Denial of Service Tools: The Shaft Case, by Sven Dietrich, Neil Long, and David Dittrich, in Proceedings of USENIX LISA 2000, December 2000 [Dr. Dobb's Journal audio of the LISA presentation.]
- An Analysis of the Shaft Distributed Denial of Service Tool, by Sven Dietrich, Neil Long, and David Dittrich, Information Security Bulletin, Vol 5 Issue 4, Chi Publishing, May 2000
Books
-
- Hackers, Crackers and Computer Criminals, by David Dittrich and Kenneth Einar Himma, Vol. II, Chapter 80, "Handbook on Information Security," edited by Hossein Bidgoli, John Wiley and Sons, ISBN 0-471-64833-7 (2005)
- Active Response to Computer Intrusions, by David Dittrich and Kenneth Einar Himma, Vol. III, Chapter 182, "Handbook on Information Security," edited by Hossein Bidgoli, John Wiley and Sons, ISBN 0-471-64833-7 (2005)
- "Internet Denial of Service: Attack and Defense Mechanisms," Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher, Prentice-Hall PTR, ISBN 0-13-147573-8 (December 2004)
- Chapter 19 ("Omerta"), "The Hacker's Challenge," edited by Mike Shiffman, McGraw Hill, ISBN 0072193840 (2001)
- Contributor to Advanced Topics and Legal chapters, "Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (first edition), the Honeynet Project, Addison-Wesley (2000)
Articles/Editorials
- Evolution: Rise of the bots, by David Dittrich, Information Security magazine, March, 2005
- Invasion Force, by David Dittrich, Information Security Magazine, March 2005
- Developing an Effective Incident Cost Analysis Mechanism, by David Dittrich, SecurityFocus, June 12, 2002
- Fighting the Rising Tide: Predictions for 2001, by David Dittrich, InfoSecMagazine, November 2000
- "One Sniff and Your Password Is Stolen", C&C Windows on Computing Issue 21 [Original draft: Network "Sniffers" and You]
White papers
- Creating and Managing Distributed Honeynets using Honeywalls, by David Dittrich, February 14, 2004
- The Honeywall from 30,000 feet: Honeywall Fundamentals, by George Chamales and David Dittrich, March 21, 2004
- Customizing ISOs and the Honeynet Project's Honeywall, by David Dittrich, IEEE IA Workshop poster session paper, March 22, 2004
- Analysis of SSH crc32 compensation attack detector exploit
- Analysis of the "Power" bot
- The DoS Project's "trinoo" distributed denial of service attack tool
- The "Tribe Flood Network" distributed denial of service attack tool
- The "stacheldraht" distributed denial of service attack tool
- The "mstream" distributed denial of service attack tool
- Reacting to a suspected break-in
- Estimating the cost of damages due to a security incident (Draft)
- "Trojan Horse" attacks (Draft)
- Reporting probes/intrusion attempts from an IP address (Draft)
- Responding to a security incident on a Unix workstation (Draft)
- "Root Kits" and hiding files/directories/processes after a break-in (Draft)
- Unix Security Checklist
- The Secure Shell (Ssh)
Miscellaneous older stuff
Back to home page