Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Jonathan Spring
May 2017 - Presentation Thinking about Intrusion Kill Chains as Mechanisms

Topics: Cybersecurity Engineering

Authors: Jonathan Spring, Eric Hatleback

We integrate two established modeling methods from disparate fields: mechanisms from the philosophy of science literature and intrusion kill chain modeling from the computer security literature.

August 2016 - White Paper Blacklist Ecosystem Analysis: 2016 Update

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Eric Hatleback, Jonathan Spring

This white paper, which is the latest in a series of regular updates, builds upon the analysis of blacklists presented in our 2013 and 2014 reports.

March 2016 - White Paper Malware Capability Development Patterns Respond to Defenses: Two Case Studies

Topics: Malware Analysis

Authors: Kyle O'Meara, Deana Shick, Jonathan Spring, Ed Stoner

In this paper, the authors describe their analysis of two case studies to outline the relationship between adversaries and network defenders.

December 2015 - Conference Paper Blacklist Ecosystem Analysis

Topics: Cybersecurity Engineering

Authors: Leigh B. Metcalf, Jonathan Spring

In this paper, the authors compare the contents of 86 Internet blacklists to provide a view of the whole ecosystem of blocking network touch points and blacklists.

July 2015 - White Paper CND Equities Strategy

Topics: Vulnerability Analysis, Network Situational Awareness

Authors: Jonathan Spring, Ed Stoner

In this paper, the authors discuss strategies for successful computer network defense (CND) based on considering the adversaries' responses.

May 2015 - Conference Paper Global Adversarial Capability Modeling

Authors: Jonathan Spring, Sarah Kern, Alec Summers

Jonathan Spring, Sarah Kern, and Alec Summers propose a model of global capability advancement, the adversarial capability chain (ACC).

January 2015 - Video Flocon 2015 Welcome Talk

Topics: Network Situational Awareness

Authors: Jonathan Spring

In this video, Jonathan Spring introduces FloCon 2015, which took place in Portland, Oregon in January 2015.

January 2015 - White Paper Blacklist Ecosystem Analysis Update: 2014

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

This white paper compares the contents of 85 different Internet blacklists to discover patterns in shared entries.

December 2014 - White Paper Domain Parking: Not as Malicious as Expected

Topics: Cybersecurity Engineering

Authors: Leigh B. Metcalf, Jonathan Spring

In this paper we discuss scalable detection methods for domain names parking on reserved IP address space, and then using this data set, evaluate whether this behavior appears to be indicative of malicious behavior.

September 2014 - Article Toward Realistic Modeling Criteria of Games in Internet Security

Authors: Jonathan Spring

In this article, Jonathan Spring discusses game theory and security as it relates to computers and the Internet.

August 2014 - Article The Long "Taile" of Typosquatting Domain Names

Authors: Janos Szurdi, Balazs Kocso, Gabor Cseh , Jonathan Spring, Mark Felegyhazi, Chris Kanich

In this USENIX 2014 paper, the authors describe a methodology to improve existing solutions in identifying typosquatting domains and their monetization strategies.

August 2014 - White Paper Abuse of Customer Premise Equipment and Recommended Actions

Topics: Malware Analysis, Vulnerability Analysis

Authors: Paul Vixie, Chris Hallenbeck, Jonathan Spring

In this paper, the authors provide recommendations for addressing problems related to poor management of Consumer Premise Equipment (CPE).

August 2014 - Presentation Abuse of CPE Devices and Recommended Fixes

Topics: Malware Analysis, Vulnerability Analysis

Authors: Paul Vixie, Chris Hallenbeck, Jonathan Spring

In this Black Hat 2014 presentation, the authors provide recommendations for addressing problems related to poor management of Consumer Premise Equipment (CPE).

July 2014 - Conference Paper SiLK: A Tool Suite for Unsampled Network Flow Analysis at Scale

Topics: Network Situational Awareness

Authors: Mark Thomas, Leigh B. Metcalf, Jonathan Spring, Paul Krystosek, Katherine Prevost

In this paper, the authors discuss SiLK, a tool suite created to analyze high-volume data sources without sampling.

July 2014 - Article Exploring a Mechanistic Approach to Experimentation in Computing

Topics: Science of Cybersecurity, Measurement and Analysis

Authors: Jonathan Spring,

In this article, the authors describe the benefits of applying the mechanistic approach in philosophy of science to experimentation in computing.

April 2014 - Book Introduction to Information Security: A Strategic-Based Approach

Topics: Network Situational Awareness

Authors: Timothy J. Shimeall, Jonathan Spring

The authors provide a strategy-based introduction to providing defenses as a basis for engineering and risk-management decisions in the defense of information.

April 2014 - Conference Paper Modeling Malicious Domain Name Take-Down Dynamics: Why eCrime Pays

Topics: Network Situational Awareness

Authors: Jonathan Spring

In this paper, Jonathan Spring derives an ad-hoc model of the competition for domain names by criminals and defenders using a modification of Lanchester's equations for combat.

January 2014 - Presentation Passive Detection of Misbehaving Name Servers

Topics: Network Situational Awareness

Authors: Jonathan Spring, Leigh B. Metcalf

In this presentation, the authors discuss name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.

October 2013 - Technical Report Passive Detection of Misbehaving Name Servers

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

In this report, the authors explore name-server flux and two types of data that can reveal it.

September 2013 - White Paper Everything You Wanted to Know About Blacklists But Were Afraid to Ask

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

This document compares the contents of 25 different common public-internet blacklists in order to discover any patterns in the shared entries.

September 2013 - Conference Paper A Notation for Describing the Steps in Indicator Expansion

Topics: Network Situational Awareness

Authors: Jonathan Spring

In this paper, Jonathan Spring proposes a method of capturing the process of indicator expansion in a deterministic yet flexible and extensible manner.

January 2013 - Poster Name Servers Should Not Move

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

In this poster, Leigh Metcalf and Jonathan Spring illustrate how to find name servers that move from IP address to IP address too often.

March 2012 - White Paper The Impact of Passive DNS Collection on End-User Privacy

Topics: Network Situational Awareness

Authors: Jonathan Spring, Carly L. Huth

In this paper, the authors discuss whether pDNS allows reconstruction of an end user's DNS behavior and if DNS behavior is personally identifiable information.

January 2012 - White Paper Modifying Lanchester's Equations for Modeling and Evaluating Malicious Domain Name Take-Down

Topics: Network Situational Awareness

Authors: Jonathan Spring

In this paper, Jonathan Spring models internet competition on large, decentralized networks using a modification of Lanchester's equations for combat.

January 2012 - White Paper Passive Detection of Misbehaving Name Servers

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

In this paper, the authors demonstrate that there are name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.

August 2011 - Podcast Controls for Monitoring the Security of Cloud Services

Authors: Art Manion, Jonathan Spring, Julia H. Allen

In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information.

June 2011 - White Paper Monitoring Cloud Computing by Layer, Part 2

Topics: Network Situational Awareness

Authors: Jonathan Spring

In this paper, Jonathan Spring presents a set of recommended restrictions and audits to facilitate cloud security.

April 2011 - White Paper Correlating Domain Registrations and DNS First Activity in General and for Malware

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring, Ed Stoner

In this paper, the authors describe a pattern in the amount of time it takes for that domain to be actively resolved on the Internet.

April 2011 - White Paper Monitoring Cloud Computing by Layer, Part 1

Topics: Network Situational Awareness

Authors: Jonathan Spring

In this paper, Jonathan Spring presents a set of recommended restrictions and audits to facilitate cloud security.

January 2009 - Presentation Welcome to FloCon 2009

Topics: Network Situational Awareness

Authors: Jonathan Spring, Juan Garza (APCON)

In this presentation, the author welcomes attendees and describes the schedule for Flocon 2009 and other information attendees need to know.