The BADGERS workshop is intended to encourage the development of large scale security-related data collection and analysis initiatives. It provides an environment to describe already existing real-world, large-scale datasets, and to share with the systems community the return on experiences acquired by analyzing such collected data. Furthermore, novel approaches to collect and study such data sets are presented at the first edition of this workshop. By giving visibility to existing solutions, we expect that the workshop will promote and encourage the better sharing of data and knowledge.
We are happy to report that the first BADGERS workshop received many interesting submissions, spanning three continents, and many aspects of data collection and analysis initiatives. In the end, the program committee accepted 15 papers (including three short papers) out of 21 submissions (71%) for publication and all of the papers received at least three reviews from our program committee. This workshop would never have taken place without the truly excellent program committee and external reviewers and we are grateful for all the hard work they put in.
In our opinion the resulting program is quite interesting and promises to spark lively discussions. In summary, the accepted papers address topics that range from testbeds that can be used to study current attacks, to large scale data collection systems, to legal issues associated with data collection and sharing. All very different papers and presentations, but all focusing on the problem of data collection and analysis initiatives. They were selected for their novelty, and their potential for interesting debate. We sincerely hope you will enjoy the workshop.
Proceeding Downloads
Study on information security and e-Trust in Spanish households
The study on Information Security and e-Trust in Spanish households has been conducted by INTECO - The National Institute of Communication Technologies (www.inteco.es) - through the Information Security Observatory (http://observatorio.inteco.es) It is ...
Reflections on the engineering and operation of a large-scale embedded device vulnerability scanner
We present important lessons learned from the engineering and operation of a large-scale embedded device vulnerability scanner infrastructure. Developed and refined over the period of one year, our vulnerability scanner monitored large portions of the ...
Blueprints of a lightweight automated experimentation system: a building block towards experimental cyber security
Many research projects studying security threats require realistic network scenarios while dealing with millions of cyber threats (e.g., exploit programs and malware). For instance, studying the execution of malware may require to take into account ...
Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation
With the rapid evolution and proliferation of botnets, large-scale cyber attacks such as DDoS, spam emails are also becoming more and more dangerous and serious cyber threats. Because of this, network based security technologies such as Network based ...
nicter: a large-scale network incident analysis system: case studies for understanding threat landscape
We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose objective is to detect and identify propagating malwares. The nicter mainly monitors darknet, a set of unused IP addresses, to observe global ...
HARMUR: storing and analyzing historic data on malicious domains
A large amount of work has been done to develop tools and techniques to detect and study the presence of threats on the web. This includes, for instance, the development of a variety of different client honeypot techniques for the detection and study of ...
Adversaries' Holy Grail: access control analytics
The analysis of access control data has many applications in information security, including: role mining and policy learning; discovering errors in deployed policies; regulatory compliance; intrusion detection; and risk mitigation. The success of ...
On collection of large-scale multi-purpose datasets on internet backbone links
We have collected several large-scale datasets in a number of passive measurement projects on an Internet backbone link belonging to a national university network. The datasets have been used in different studies such as in general classification and ...
An experimental study on the measurement of data sensitivity
Data-centric security proposes to leverage the business value of data to determine the level of overall IT security. It has gained much enthusiasm from the security community, but has not materialized into a practical security system. In this paper, we ...
Sandnet: network traffic analysis of malicious software
- Christian Rossow,
- Christian J. Dietrich,
- Herbert Bos,
- Lorenzo Cavallaro,
- Maarten van Steen,
- Felix C. Freiling,
- Norbert Pohlmann
Dynamic analysis of malware is widely used to obtain a better understanding of unknown software. While existing systems mainly focus on host-level activities of malware and limit the analysis period to a few minutes, we concentrate on the network ...
Toward a standard benchmark for computer security research: the worldwide intelligence network environment (WINE)
Unlike benchmarks that focus on performance or reliability evaluations, a benchmark for computer security must necessarily include sensitive code and data. Because these artifacts could damage systems or reveal personally identifiable information about ...
Legal issues associated with data collection & sharing
Cyber security researchers require the use of various types of communications data for problem definition and testing purposes, but they often do not have access to such data, especially that which reflects current traffic patterns and threats. When ...
An architectural solution for data exchange in cooperative network security research
Science can be seen as a cycle of hypothesis, collection of experimental results, and analysis to refine or refute the original hypothesis. The desire to increase the rigor of large-scale computer and network security studies extends to all three of ...
PREDICT: a trusted framework for sharing data for cyber security research
In this paper, we describe the formatting guidelines for ACM SIG The Protected Repository for Defense of Infrastructure against Cyber Threats (PREDICT) has established a trusted framework for sharing real-world security-related datasets for cyber ...
A social-engineering-centric data collection initiative to study phishing
Phishers nowadays rely on a variety of channels, ranging from old-fashioned emails to instant messages, social networks, and the phone system (with both calls and text messages), with the goal of reaching more victims. As a consequence, modern phishing ...
Recommendations
Acceptance Rates
Year | Submitted | Accepted | Rate |
---|---|---|---|
BADGERS '12 | 7 | 4 | 57% |
Overall | 7 | 4 | 57% |