NISL
清华大学网络与信息安全实验室学术沙龙,欢迎关注~
This is the Paper Reading Seminar of Network and Information Security Lab (NISL) at Tsinghua University. Tune in for more details!
时间:2023年5月18日 14:00 - 16:00
腾讯会议:https://meeting.tencent.com/dm/tR1LHrTFb2sV
会议ID:523-1869-1572
会议密码:230518
* 本次分享部分对外公开直播,线上参会者要求实名备注“姓名-单位”
Agenda
1.【论文分享】Investigating the impact of DDoS attacks on DNS infrastructure
Presenter: 许威
Conference: IMC'22
Authors: Raffaele Sommese, KC Claffy, Roland van Rijswijk-Deij, Arnab Chattopadhyay, Alberto Dainotti, Anna Sperotto, Mattijs Jonker
Abstract: This paper characterizes recent DDoS attacks on authoritative DNS infrastructure by combining two existing datasets. Millions of domains (up to 5% of the DNS namespace) experienced a DoS attack, but known best practices like anycast and topological redundancy can improve DNS resilience to attacks.
Link to paper: https://dl.acm.org/doi/abs/10.1145/3517745.3561458
2.【论文分享】ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
Presenter: 李哲铭
Conference: S&P 2023
Authors: Sicong Cao, Biao He, Xiaobing Sun, Yu Ouyang, Chao Zhang, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li, Chuanlei Ma, Jiajia Li, Tao Wei
Abstract: The paper presents a new method called ODDFUZZ to efficiently find Java deserialization vulnerabilities by combining static analysis with directed fuzzing. ODDFUZZ outperformed existing solutions in discovering known and previously unreported gadget chains in popular Java libraries and real-world applications.
Link to paper: https://arxiv.org/abs/2304.04233
本文不公开分享
# 学术沙龙问卷反馈
编辑|许威 高泽豫
来源|NISL实验室
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...