Suggested Reads

Read these first

• How to read a paper (2007)
• How (and how not) to write a good systems paper
• Writing a Problem Statement
• Writing a Thesis Statement
• Research as a Stochastic Decision Process

Papers

You can find all of these on Google Scholar

• Computer security threat monitoring and surveillance (1980)
• Requirements and model for IDES - a real-time intrusion detection expert system (1985)
• An intrusion-detection model (1987) - Denning
• The SRI IDES statistical anomaly detector (1991) - Javitz and Valdes
• USTAT: A real-time intrusion detection system for UNIX (1993)
• Self-nonself discrimination in a computer (1994)
• Next-generation intrusion detection expert system (NIDES): A summary (1995)
• A sense of self for unix processes (1996) - Forrest
• Role-based access control models (1996) - Sandhu
• The base-rate fallacy and its implications for the difficulty of intrusion detection (1999) - Axelsson
• Bro: a system for detecting network intruders in real-time (1999) - Paxson
• Intrusion detection via static analysis (2001) - Wagner and Dean
• How to Own the Internet in Your Spare Time (2002) - Staniford
• Mimicry attacks on host-based intrusion detection systems (2002)
• "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector (2002)
• Optical time-domain eavesdropping risks of CRT displays (2002)
• Formalizing sensitivity in static analysis for intrusion detection (2004) - Feng
• Polygraph: Automatically Generating Signatures for Polymorphic Worms (2005)
• Semantics-aware malware detection (2005)
• Automating mimicry attacks using static binary analysis (2005)
• Modeling Botnet Propagation Using Time Zones (2006) - Dagon
• Polymorphic Blending Attacks (2006) - Fogla
• Misleading worm signature generators using deliberate noise injection (2006)
• Paragraph: Thwarting signature learning by training maliciously (2006)
• Allergy attack against automatic signature generation (2006)
• A taxonomy of botnet structures (2007)
• Exploring multiple execution paths for malware analysis (2007)
• Limits of static analysis for malware detection (2007)
• BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection (2008) - Gu
• All your iframes point to us (2008)
• Increased DNS Forgery Resistance Through 0x20-Bit Encoding (2008)
• Impeding Malware Analysis Using Conditional Code Obfuscation (2008)
• BitBlaze: A new approach to computer security via binary analysis (2008)
• Ether: malware analysis via hardware virtualization extensions (2008)
• Active botnet probing to identify obscure command and control channels (2009)
• Effective and Efficient Malware Detection at the End Host (2009)
• Emulating emulation-resistant malware (2009)
• Scalable, Behavior-Based Malware Clustering (2009)
• Outside the Closed World: On Using Machine Learning for Network Intrusion Detection (2010)
• Synthesizing near-optimal malware specifications from suspicious behaviors (2010)
• Efficient Detection of Split Personalities in Malware (2010)
• Identifying dormant functionality in malware programs (2010)
• Bitshred: Fast, scalable malware triage (2010)
• Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces (2010)
• Detecting environment-sensitive malware (2011)
• Outside the Closed World: On Using Machine Learning for Network Intrusion Detection (2010)
• Detecting Malware Domains at the Upper DNS Hierarchy (2011)
• GQ: Practical containment for measuring modern malware systems (2011)
• The power of procrastination: detection and mitigation of execution-stalling malicious code (2011)
• Impeding Automated Malware Analysis with Environment-sensitive Malware (2012)
• From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware (2012)
• Scalable fine-grained behavioral clustering of HTTP-based malware (2013)
• A11y Attacks: Exploiting Accessibility in Operating Systems (2014)
• Gyrus: A framework for user-intent monitoring of text-based networked applications (2014)
• Barecloud: bare-metal analysis-based evasive malware detection (2014)
• Guilt by association: large scale malware detection by mining file-relation graphs (2014)
• Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence (2015)
• WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths (2015)
• Towards Making Systems Forget with Machine Unlearning (2015)
• Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers (2016)
• Helping johnny to analyze malware: A usability-optimized decompiler and malware analysis user study (2016)
• Towards evaluating the robustness of neural networks (2017)
• Feature Squeezing Mitigates and Detects Carlini/Wagner Adversarial Examples (2017)
• Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts (2017)
• The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level (2018)
• Enforcing unique code target property for control-flow integrity (2018)
• TESSERACT: Eliminating experimental bias in malware classification across space and time (2019)
• When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features (2020)
• An Observational Investigation of Reverse Engineers’ Processes (2020)
• When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World (2021)
• Arbitrar: User-guided api misuse detection (2021)
• An Inside Look into the Practice of Malware Analysis (2021)
• BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware (2021)
• CADE: Detecting and Explaining Concept Drift Samples for Security Applications (2021)
• Proof-of-Learning: Definitions and Practice (2021)
• RE-Mind: a First Look Inside the Mind of a Reverse Engineer (2022)
• DEEPDI: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly (2022)
• Transcending transcend: Revisiting malware classification in the presence of concept drift (2022)
• 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms (2022)
• Dos and Don'ts of Machine Learning in Computer Security (2022)
• DnD: A Cross-Architecture Deep Neural Network Decompiler (2022)
• Ground Truth for Binary Disassembly is Not Easy (2022)
• Everybody’s Got ML, Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and Explanations (2023)
• Humans vs. Machines in Malware Classification (2023)
• No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability Information (2023)

Academic cybersecurity conferences

Tier 1: source1 & source2

• S&P: https://www.ieee-security.org/TC/SP-Index.html
• USENIX Security Symposium: https://www.usenix.org/conferences
• CCS: https://www.sigsac.org/ccs.html
• NDSS: https://www.ndss-symposium.org/

Talks

• James Mickens: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?
• Wenke Lee: Machine Learning and Security: The Good, The Bad, and The Ugly

Blog Posts

Machine Learning

• What is the Difference Between Test and Validation Datasets?
• A Gentle Introduction to k-fold Cross-Validation
• How to Configure k-Fold Cross-Validation

Machine Learning for Security

• Machine learning by ESET: The road to Augur
• Fighting post-truth with reality in cybersecurity
• Machine learning is not magic
• When PR and reality collide
• Machine learning and math can’t trump smart attackers
• A single protective technology means a single point of failure
• False positives can be more costly than a malware infection

Software Supply Chain

• I am not a supplier

Mailing lists

• https://devblogs.microsoft.com/oldnewthing/
• https://krebsonsecurity.com/
• https://unit42.paloaltonetworks.com/
• https://cloud.google.com/blog/products/identity-security
• https://machinelearningmastery.com/
• https://www.internetgovernance.org/
• https://www.crossborderdataforum.org/
• https://0x00sec.org/
• https://www.welivesecurity.com/
• https://any.run/cybersecurity-blog/
• https://www.vmray.com/cyber-security-blog/
• https://redcanary.com/blog/

RSS feeds

• https://exploit.in/
• https://ctftime.org/
• https://www.mandiant.com/
• https://www.microsoft.com/en-us/security/blog/
• https://googleprojectzero.blogspot.com/
• https://signal.org/blog/
• https://blog.virustotal.com/
• https://blogs.vmware.com/security/
• https://blog.trailofbits.com/
• https://reverse.put.as/

Books

• Practical Malware Analysis (Sikorski and Honig)
• Linkers & Loaders (Levine)
• Rootkits (Butler and Hoglund)
• Machine Learning (Mitchell)
• Deep Learning with Python (Chollet)
• Introduction to Modern Cryptography (Katz and Lindell)
• Computer Networking (Kurose and Ross)
• Introduction to the Theory of Computation (Sipser)
• Compilers: Principles, Techniques, and Tools (Aho, Lam, Sethi, Ullman)
• Qualitative Analysis: Constructing Grounded Theory (Charmaz)
• The Shellcoder's Handbook: Discovering and Exploiting Security Holes (Anley, Heasman, Linder, Richarte)
• The Hacker Playbook 3: Practical Guide to Penetration Testing (Kim)
• Style: Lessons in Clarity and Grace (Colomb)
• The Lean Startup (Eric Ries)
• Pro Git (Chacon and Straub)
• Fluent Python (Ramalho)
• Mini Farming: Self-Sufficiency on 1/4 Acre (Brett Markham)