【学术沙龙】NISL 5月18日活动预告 - TO BE ON AIR

清华大学网络与信息安全实验室学术沙龙，欢迎关注~ 

This is the Paper Reading Seminar of Network and Information Security Lab (NISL) at Tsinghua University. Tune in for more details!

* 本次分享部分对外公开直播，线上参会者要求实名备注“姓名-单位”

1.【论文分享】Investigating the impact of DDoS attacks on DNS infrastructure

• Presenter: 许威

• Conference: IMC'22

• Authors: Raffaele Sommese, KC Claffy, Roland van Rijswijk-Deij, Arnab Chattopadhyay, Alberto Dainotti, Anna Sperotto, Mattijs Jonker

• Abstract: This paper characterizes recent DDoS attacks on authoritative DNS infrastructure by combining two existing datasets. Millions of domains (up to 5% of the DNS namespace) experienced a DoS attack, but known best practices like anycast and topological redundancy can improve DNS resilience to attacks.

• Link to paper: https://dl.acm.org/doi/abs/10.1145/3517745.3561458

2.【论文分享】ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing

• Presenter: 李哲铭

• Conference: S&P 2023

• Authors: Sicong Cao, Biao He, Xiaobing Sun, Yu Ouyang, Chao Zhang, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li, Chuanlei Ma, Jiajia Li, Tao Wei

• Abstract: The paper presents a new method called ODDFUZZ to efficiently find Java deserialization vulnerabilities by combining static analysis with directed fuzzing. ODDFUZZ outperformed existing solutions in discovering known and previously unreported gadget chains in popular Java libraries and real-world applications.

• Link to paper: https://arxiv.org/abs/2304.04233

• 本文不公开分享