Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Rhiannon Weaver
November 2015 - Webinar Finding Related Malware Samples Using Run-Time Features

Topics: Malware Analysis

Authors: Rhiannon Weaver

Rhiannon Weaver discusses how a small subset of features from dynamic malware analysis can help to uncover possible relationships among files and to direct static reverse engineering efforts.

January 2011 - Presentation Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet

Topics: Network Situational Awareness

In this presentation, the authors discuss a new method for measuring the discrepancy between counting IP addresses and counting individual machines in a botnet.

August 2010 - Presentation Modeling Populations of Large-Scale Internet Threats

Topics: Network Situational Awareness

Authors: Rhiannon Weaver

In this presentation, Rhiannon Weaver describes malicious activity perpetrated through botnets, phishing, and malware, and describes related modeling approaches.

August 2010 - White Paper A Continuous Time List Capture Model for Internet Threats

Topics: Network Situational Awareness

Authors: Rhiannon Weaver

In this paper, Rhiannon Weaver describes a population study of malware files under the CTLC framework and presents a simulation study as well as future work.

May 2010 - Technical Report Identifying Anomalous Port-Specific Network Behavior

Topics: Network Situational Awareness

Authors: Rhiannon Weaver

In this report, Rhiannon Weaver describes a method for identifying network behavior that may be a sign of coming internet-wide attacks.

February 2010 - White Paper A Probabilistic Population Study of the Conficker-C Botnet

Topics: Network Situational Awareness

Authors: Rhiannon Weaver

In this paper, Rhiannon Weaver estimates the number of active machines per hour infected with the Conficker-C worm using a probability model.

January 2010 - Presentation Beyond the Top Talkers: Empirical Correlation of Conficker-C Infected IP Space

Topics: Network Situational Awareness

Authors: Rhiannon Weaver

In this presentation, Rhiannon Weaver discusses Conficker, a computer worm that targets the Microsoft Windows operating system.

October 2007 - White Paper Fishing for Phishes: Applying Capture-Recapture Methods to Estimate Phishing Populations

Topics: Network Situational Awareness

In this paper, the authors describe addressing phishing problems by estimating population in terms of netblocks and by clustering phishing attempts into scams.

May 2007 - Conference Paper Predicting Future Botnet Addresses With Uncleanliness

Topics: Network Situational Awareness

In this paper, the authors discuss whether we can effectively predict future bot locations.