Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Leigh B. Metcalf
June 2017 - White Paper Blacklist Ecosystem Analysis: July – December 2016

Authors: Eric Hatleback, Leigh B. Metcalf

This report provides a summary of various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from July 1 through December 31, 2016.

December 2016 - White Paper Blacklist Ecosystem Analysis: January – June, 2016

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Eric Hatleback

This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January 1, 2016 through June

August 2016 - White Paper Blacklist Ecosystem Analysis: 2016 Update

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Eric Hatleback, Jonathan Spring

This white paper, which is the latest in a series of regular updates, builds upon the analysis of blacklists presented in our 2013 and 2014 reports.

January 2016 - Presentation A Meaningful Metric for IPv4 Addresses

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf

This presentation was given in January 2016 at FloCon, a network security conference that provides a forum for large-scale network flow analytics.

December 2015 - Conference Paper Blacklist Ecosystem Analysis

Topics: Cybersecurity Engineering

Authors: Leigh B. Metcalf, Jonathan Spring

In this paper, the authors compare the contents of 86 Internet blacklists to provide a view of the whole ecosystem of blocking network touch points and blacklists.

January 2015 - Presentation Encounter Complexes For Clustering Network Flow

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf

In this presentation, Leigh defines and demonstrates an encounter complex for analyzing network flow.

January 2015 - White Paper Blacklist Ecosystem Analysis Update: 2014

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

This white paper compares the contents of 85 different Internet blacklists to discover patterns in shared entries.

December 2014 - White Paper Domain Parking: Not as Malicious as Expected

Topics: Cybersecurity Engineering

Authors: Leigh B. Metcalf, Jonathan Spring

In this paper we discuss scalable detection methods for domain names parking on reserved IP address space, and then using this data set, evaluate whether this behavior appears to be indicative of malicious behavior.

July 2014 - Conference Paper SiLK: A Tool Suite for Unsampled Network Flow Analysis at Scale

Topics: Network Situational Awareness

Authors: Mark Thomas, Leigh B. Metcalf, Jonathan Spring, Paul Krystosek, Katherine Prevost

In this paper, the authors discuss SiLK, a tool suite created to analyze high-volume data sources without sampling.

January 2014 - Poster A New Visualization for IPv4 Space

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf

This poster was presented at FloCon 2014, a network security conference that took place in Charleston, South Carolina, in January 2014.

January 2014 - Presentation Passive Detection of Misbehaving Name Servers

Topics: Network Situational Awareness

Authors: Jonathan Spring, Leigh B. Metcalf

In this presentation, the authors discuss name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.

January 2014 - Presentation Analyzing Flow Using Encounter Complexes

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf

In this presentation, Leigh Metcalf discusses network flow clustering and the use of encounter traces to form encounter complexes.

December 2013 - White Paper The Topological Properties of the Local Clustering Coefficient

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf

In this paper, Leigh Metcalf examines the local clustering coefficient for and provides a new formula to generate the local clustering coefficient.

October 2013 - Technical Report Passive Detection of Misbehaving Name Servers

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

In this report, the authors explore name-server flux and two types of data that can reveal it.

September 2013 - White Paper Everything You Wanted to Know About Blacklists But Were Afraid to Ask

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

This document compares the contents of 25 different common public-internet blacklists in order to discover any patterns in the shared entries.

January 2013 - Poster Name Servers Should Not Move

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

In this poster, Leigh Metcalf and Jonathan Spring illustrate how to find name servers that move from IP address to IP address too often.

January 2012 - White Paper Passive Detection of Misbehaving Name Servers

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring

In this paper, the authors demonstrate that there are name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.

April 2011 - White Paper Correlating Domain Registrations and DNS First Activity in General and for Malware

Topics: Network Situational Awareness

Authors: Leigh B. Metcalf, Jonathan Spring, Ed Stoner

In this paper, the authors describe a pattern in the amount of time it takes for that domain to be actively resolved on the Internet.