awesome security papers.
├── APT
│ ├── A-Formal-Understanding-about-APT-Infection.pdf
│ └── Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.pdf
├── Binvul
│ ├── Some Vulnerabilities Are Different Than Others Studying Vulnerabilities and Attack Surfaces in the Wild.pdf
│ ├── The Attack of the Clones- A Study of the Impact of Shared Code on Vulnerability Patching.pdf
│ └── ZigZag- Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities.pdf
├── Code review
│ ├── Automatic Detection and Repair of Input Validation and Sanitization Bugs.pdf
│ ├── Behind an Application Firewall, Are We Safe from SQL Injection Attacks.pdf
│ ├── Code Reuse Attacks in PHP- Automated POP Chain Generation.pdf
│ ├── Dynamic PHP web-application analysis.pdf
│ ├── EKHUNTER- A Counter-Offensive Toolkit for Exploit Kit Infiltration.pdf
│ ├── Experience Report- An Empirical Study of PHP Security Mechanism Usage.pdf
│ ├── Saner- Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.pdf
│ ├── Simulation of Built-in PHP Features for Precise Static Code Analysis.pdf
│ ├── Software Verification and Validation Laboratory- Black-box SQL Injection Testing- Technical Report.pdf
│ ├── Static Detection of Second-Order Vulnerabilities in Web Applications.pdf
│ ├── Static and Dynamic Analysis for PHP Security.pdf
│ └── WAFA- Fine-grained Dynamic Analysis of Web Applications.pdf
├── Machine learning
│ ├── ASwatch- An AS Reputation System to Expose Bulletproof Hosting ASes.pdf
│ ├── An Empirical Analysis of Malware Blacklists.pdf
│ ├── An SVM-based machine learning method for accurate internet traffic classification.pdf
│ ├── Anagram- A Content Anomaly Detector Resistant to Mimicry Attack.pdf
│ ├── Characterizing Google Hacking- A First Large-Scale Quantitative Study.pdf
│ ├── Classification of Malicious Domain Names using Support Vector Machine and Bi-gram Method.pdf
│ ├── Detecting Malicious Landing Pages in Malware Distribution Networks.pdf
│ ├── Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data.pdf
│ ├── Developing Security Reputation Metrics for Hosting Providers.pdf
│ ├── From Throw-Away Traffic to Bots- Detecting the Rise of DGA-Based Malware.pdf
│ ├── Machine Learning Classification over Encrypted Data.pdf
│ ├── PoisonAmplifier- A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks.pdf
│ ├── Stickler- Defending Against Malicious CDNs in an Unmodified Browser.pdf
│ └── TrueClick- Automatically Distinguishing Trick Banners from Genuine Download Links.pdf
├── Mobile
│ ├── A Study of Android Application Security.pdf
│ ├── Finding Unknown Malice in 10 Seconds- Mass Vetting for New Threats at the Google-Play Scale.pdf
│ ├── Privacy Implications of Presence Sharing in Mobile Messaging Applications.pdf
│ └── What is Wrecking Your Data Plan? A Measurement Study of Mobile Web Overhead.pdf
├── NLP
│ ├── A Close Look on n-Grams in Intrusion Detection- Anomaly Detection vs. Classification.pdf
│ ├── Breaking Bad- Detecting malicious domains using word segmentation.pdf
│ ├── DSpin- Detecting Automatically Spun Content on the Web.pdf
│ ├── Detecting Unknown Network Attacks Using Language Models.pdf
│ ├── Detection of Malware by using Sequence Alignment Strategy and Data Mining Techniques.pdf
│ └── Metaphor Detection in Discourse.pdf
├── Password
│ └── OMEN- Faster Password Guessing Using an Ordered Markov Enumerator.pdf
├── Phishing
│ ├── A Framework for Predicting Phishing Websites using Neural Networks .pdf
│ ├── A Lexical Approach for Classifying Malicious URLs.pdf
│ ├── An Approach to Predict Drive-by-Download Attacks by Vulnerability Evaluation and Opcode.pdf
│ ├── An efficacious method for detecting phishing webpages through target domain identification.pdf
│ ├── Beyond Blacklists- Learning to Detect Malicious Web Sites from Suspicious URLs.pdf
│ ├── Cluster-Oriented Ensemble Classifiers for Intelligent Malware Detection.pdf
│ ├── Cross-project Defect Prediction.pdf
│ ├── Detecting Phishing Emails the Natural Language Way.pdf
│ ├── Gangeshwari_Phising_Review+Paper.pdf
│ ├── Geo-Phisher- The Design of a Global Phishing Trend Visualization Tool.pdf
│ ├── Large-Scale Automatic Classification of Phishing Pages.pdf
│ ├── Lexical Feature Based Phishing URL Detection Using Online Learning.pdf
│ ├── Multi-label rules for phishing classification.pdf
│ ├── On the Character of Phishing URLs- Accurate and Robust Statistical Learning Classifiers�\210\227.pdf
│ ├── PREDICTION OF PHISHING WEBSITES USING CLASSIFICATION ALGORITHMS BASED ON WEIGHT OF WEB PAGES CHARACTERISTICS (1).doc
│ ├── PREDICTION OF PHISHING WEBSITES USING CLASSIFICATION ALGORITHMS BASED ON WEIGHT OF WEB PAGES CHARACTERISTICS.doc
│ ├── Parameters of Genetic Algorithm with Optimization for Phishing Detection.pdf
│ ├── PhishAri- Automatic Realtime Phishing Detection on Twitter.pdf
│ ├── PhishDef- URL Names Say It All.pdf
│ ├── PhishNet- Predictive Blacklisting to Detect Phishing Attacks.pdf
│ ├── Phishing Detection Using Traffic Behavior, Spectral Clustering, and Random Forests .pdf
│ ├── Phishing URL detection using URL Ranking .pdf
│ ├── Phishing Website Detection Fuzzy System Modelling.pdf
│ ├── Predicting Phishing Websites using Classification Mining Techniques with Experimental Case Studies.pdf
│ ├── Text-Based Phishing Detection Using A Simulation Model.pdf
│ ├── Towards Building a Word Similarity Dictionary for Personality Bias Classification of Phishing Email Contents .pdf
│ ├── Towards building a word similarity dictionary for personality bias classification of phishing email contents.pdf
│ ├── Using Uncleanliness to Predict Future Botnet Addresses.pdf
│ ├── Utilisation of website logo for phishing detection.pdf
│ └── Visual-Similarity-Based Phishing Detection.pdf
├── Social
│ ├── Algorithmically Bypassing Censorship on Sina Weibo with Nondeterministic Homophone Substitutions.pdf
│ ├── Are You Sure You Want to Contact Us.pdf
│ ├── Real-Time Entity-Based Event Detection for Twitter.pdf
│ └── Vulnerability Disclosure in the Age of Social Media- Exploiting Twitter for Predicting Real-World Exploits.pdf
├── Spam
│ ├── Drops for Stuff- An Analysis of Reshipping Mule Scams.pdf
│ ├── That Ain't You- Blocking Spearphishing Emails Before They Are Sent.pdf
│ ├── Transductive Link Spam Detection.pdf
│ └── WE KNOW IT BEFORE YOU DO- PREDICTING MALICIOUS DOMAINS.pdf
├── WAF
│ └── Reliable Machine Learning Algorithms for Intrusion Detection Systems.pdf
├── Web malware
│ ├── Ad Injection at Scale- Assessing Deceptive Advertisement Modifications.pdf
│ ├── Analyzing and Defending Against Web-based Malware.pdf
│ ├── AutoBLG- Automatic URL Blacklist Generator Using Search Space Expansion and Filters.pdf
│ ├── Comparisons of machine learning techniques for detecting malicious webpages.pdf
│ ├── EKHUNTER- A Counter-Offensive Toolkit for Exploit Kit Infiltration.pdf
│ ├── Eyes of a Human, Eyes of a Program- Leveraging Different Views of the Web for Analysis and Detection.pdf
│ ├── JSOD- JavaScript obfuscation detector.pdf
│ ├── Measuring Drive-by Download Defense in Depth.pdf
│ ├── Meerkat- Detecting Website Defacements through Image-based Object Recognition.pdf
│ ├── Paint it Black- Evaluating the Effectiveness of Malware Blacklists.pdf
│ ├── The Ghost In The Browser Analysis of Web-based Malware.pdf
│ ├── Understanding Malvertising Through Ad-Injecting Browser Extensions.pdf
│ ├── WebWinnow- Leveraging Exploit Kit Workflows to Detect Malicious URLs.pdf
│ ├── WebWitness- Investigating, Categorizing, and Mitigating Malware Download Paths.pdf
│ └── Your Reputation Precedes You- History, Reputation, and the Chrome Malware Warning.pdf
└── Websec
├── Detecting Logic Vulnerabilities in E-Commerce Applications.pdf
├── High-speed web attack detection through extracting exemplars from HTTP traffic.pdf
├── May I? - Content Security Policy Endorsement for Browser Extensions.pdf
├── Web Attack Detection Using IDS*.pdf
└── Why Is CSP Failing? Trends and Challenges in CSP Adoption .pdf