Leigh B. Metcalf
CERT
Publications by Leigh B. Metcalf
-
Applying Scientific Methods in Cybersecurity
August 26, 2021 • Podcast
Leigh B. MetcalfJonathan Spring
Leigh Metcalf and Jonathan Spring discuss with Suzanne Miller the application of scientific methods to cybersecurity, a subject of their recently published book, Using Science in Cybersecurity.
learn more -
Using Science in Cybersecurity
May 01, 2021 • Book
Leigh B. MetcalfJonathan Spring
This book will give readers practical tools for cybersecurity.
read -
Machine Learning in Cybersecurity: A Guide
September 05, 2019 • Technical Report
Jonathan SpringJoshua FallonApril Galyardt
This report suggests seven key questions that managers and decision makers should ask about machine learning tools to effectively use those tools to solve cybersecurity problems.
read -
Blacklist Ecosystem Analysis: July - December 2017
April 19, 2018 • White Paper
Eric HatlebackLeigh B. Metcalf
This short report provides a summary of the various analyses of the blacklist ecosystem performed from July 1, 2017, through December 31, 2017.
read -
Open-source Measurement of Fast-flux Networks While Considering Domain-name Parking
December 19, 2017 • Conference Paper
Leigh B. MetcalfDaniel RuefJonathan Spring
In this paper, domain parking is the practice of assign- ing a nonsense location to an unused fully-qualified domain name (FQDN) to keep it ready for “live” use.
read -
Blacklist Ecosystem Analysis: January - June, 2017
August 22, 2017 • White Paper
Eric HatlebackLeigh B. Metcalf
This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January through June 2017.
read -
Blacklist Ecosystem Analysis: July – December 2016
June 01, 2017 • White Paper
Eric HatlebackLeigh B. Metcalf
This report provides a summary of various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from July 1 through December 31, 2016.
read -
Blacklist Ecosystem Analysis: January – June, 2016
December 01, 2016 • White Paper
Leigh B. MetcalfEric Hatleback
This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January through June 2016.
read -
Blacklist Ecosystem Analysis: 2016 Update
August 15, 2016 • White Paper
Leigh B. MetcalfEric HatlebackJonathan Spring
This white paper, which is the latest in a series of regular updates, builds upon the analysis of blacklists presented in our 2013 and 2014 reports.
read -
A Meaningful Metric for IPv4 Addresses
January 11, 2016 • Presentation
Leigh B. Metcalf
This presentation was given in January 2016 at FloCon, a network security conference that provides a forum for large-scale network flow analytics.
read -
Blacklist Ecosystem Analysis
December 03, 2015 • Conference Paper
Leigh B. MetcalfJonathan Spring
In this paper, the authors compare the contents of 86 Internet blacklists to provide a view of the whole ecosystem of blocking network touch points and blacklists.
read -
Encounter Complexes For Clustering Network Flow
January 12, 2015 • Presentation
Leigh B. Metcalf
In this presentation, Leigh defines and demonstrates an encounter complex for analyzing network flow.
read -
Blacklist Ecosystem Analysis Update: 2014
January 07, 2015 • White Paper
Leigh B. MetcalfJonathan Spring
This white paper compares the contents of 85 different Internet blacklists to discover patterns in shared entries.
read -
Domain Parking: Not as Malicious as Expected
December 10, 2014 • White Paper
Leigh B. MetcalfJonathan Spring
In this paper we discuss scalable detection methods for domain names parking on reserved IP address space, and then using this data set, evaluate whether this behavior appears to be indicative of malicious behavior.
read -
SiLK: A Tool Suite for Unsampled Network Flow Analysis at Scale
July 29, 2014 • Conference Paper
Mark ThomasLeigh B. MetcalfJonathan Spring
In this paper, the authors discuss SiLK, a tool suite created to analyze high-volume data sources without sampling.
read -
A New Visualization for IPv4 Space
January 13, 2014 • Poster
Leigh B. Metcalf
This poster was presented at FloCon 2014, a network security conference that took place in Charleston, South Carolina, in January 2014.
read -
Passive Detection of Misbehaving Name Servers
January 13, 2014 • Presentation
Jonathan SpringLeigh B. Metcalf
In this presentation, the authors discuss name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.
read -
Analyzing Flow Using Encounter Complexes
January 13, 2014 • Presentation
Leigh B. Metcalf
In this presentation, Leigh Metcalf discusses network flow clustering and the use of encounter traces to form encounter complexes.
read -
The Topological Properties of the Local Clustering Coefficient
December 09, 2013 • White Paper
Leigh B. Metcalf
In this paper, Leigh Metcalf examines the local clustering coefficient for and provides a new formula to generate the local clustering coefficient.
read -
Passive Detection of Misbehaving Name Servers
October 04, 2013 • Technical Report
Leigh B. MetcalfJonathan Spring
In this report, the authors explore name-server flux and two types of data that can reveal it.
read -
Everything You Wanted to Know About Blacklists But Were Afraid to Ask
September 30, 2013 • White Paper
Leigh B. MetcalfJonathan Spring
This document compares the contents of 25 different common public-internet blacklists in order to discover any patterns in the shared entries.
read -
Name Servers Should Not Move
January 07, 2013 • Poster
Leigh B. MetcalfJonathan Spring
In this poster, Leigh Metcalf and Jonathan Spring illustrate how to find name servers that move from IP address to IP address too often.
read -
Passive Detection of Misbehaving Name Servers
January 02, 2012 • White Paper
Leigh B. MetcalfJonathan Spring
In this paper, the authors demonstrate that there are name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters.
read -
Correlating Domain Registrations and DNS First Activity in General and for Malware
April 11, 2011 • White Paper
Leigh B. MetcalfJonathan SpringEd Stoner
In this paper, the authors describe a pattern in the amount of time it takes for that domain to be actively resolved on the Internet.
read