local.bib

@article{shackleford2017cyber,
  title={Cyber threat intelligence uses, successes and failures: The sans 2017 cti survey},
  author={Shackleford, Dave},
  journal={SANS, Tech. Rep.},
  year={2017}
}


@misc{firehol,
    title = {{FireHOL IP Lists | All Cybercrime IP Feeds}},
    howpublished = {\url{http://iplists.firehol.org/}},
    key = "FireHOL"
}

@misc{censys,
    title = {{Censys | Public Internet Search Engine}},
    howpublished = {\url{https://censys.io/}},
    key = "Censys"
}


@misc{netacuity,
    title = {{NetAcuity Industry-Standard Geolocation}},
    howpublished = {\url{https://www.digitalelement.com/solutions/}},
    key = "netacuity"
}


@misc{ciscotalos,
  title = {{Cisco Talos Threat Intelligence}},
  howpublished = {\url{https://www.cisco.com/c/en/us/products/security/talos.html}},
  _note = {Accessed: 2019-10-20},
  key = "Cisco Talos Threat Intelligence",
}

@misc{panautofocus,
  title = {{Palo Alto Networks AutoFocus}},
  howpublished = {\url{https://www.paloaltonetworks.com/cortex/threat-intelligence}},
  _note = {Accessed: 2019-10-20},
  key = "Palo Alto Networks AutoFocus",
}

@misc{fortinet,
  title = {{Fortinet FortiGuard Threat Intelligence}},
  howpublished = {\url{https://www.fortinet.com/fortiguard/threat-intelligence/threat-research.html}},
  _note = {Accessed: 2019-10-20},
  key = "Fortinet FortiGuard Threat Intelligence",
}

@misc{crowdstrike,
  title = {{CrowdStrike Cyber Threat Intelligence Platform Falcon X}},
  howpublished = {\url{https://www.crowdstrike.com/endpoint-security-products/falcon-x-threat-intelligence/}},
  _note = {Accessed: 2019-10-20},
  key = "Cyber Threat Intelligence Platform: Falcon X",
}

@misc{anomali,
  title = {{Anomali ThreatStream Threat Intelligence}},
  howpublished = {\url{https://www.anomali.com/products}},
  _note = {Accessed: 2019-10-20},
  key = "Anomali ThreatStream Threat Intelligence",
}

@misc{recordedfuture,
  title = {{Recorded Future Security Intelligence}},
  howpublished = {\url{https://www.recordedfuture.com/}},
  _note = {Accessed: 2019-10-20},
  key = "Recorded Future Security Intelligence",
}

@article{ponemon2018cti,
  title={Third Annual Study on Changing Cyber Threat Intelligence: There Has to Be a Better Way},
  author={Ponemon Institute LLC},
  year={January 2018}
}

@article{tounsi2018survey,
  title={A survey on technical threat intelligence in the age of sophisticated cyber attacks},
  author={Tounsi, Wiem and Rais, Helmi},
  journal={Computers \& security},
  volume={72},
  pages={212--233},
  year={2018},
  publisher={Elsevier}
}

@inproceedings{lever2017lustrum,
  title={A lustrum of malware network communication: Evolution and insights},
  author={Lever, Chaz and Kotzias, Platon and Balzarotti, Davide and Caballero, Juan and Antonakakis, Manos},
  booktitle={2017 IEEE Symposium on Security and Privacy (SP)},
  pages={788--804},
  year={2017},
  organization={IEEE}
}


@article{spring2002measuring,
  title={Measuring ISP topologies with Rocketfuel},
  author={Spring, Neil and Mahajan, Ratul and Wetherall, David},
  journal={ACM SIGCOMM Computer Communication Review},
  volume={32},
  number={4},
  pages={133--145},
  year={2002},
  publisher={ACM New York, NY, USA}
}

@inproceedings{bellovin2002technique,
  title={A technique for counting NATted hosts},
  author={Bellovin, Steven M},
  booktitle={Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment},
  pages={267--272},
  year={2002}
}


@misc{ferguson2000rfc2827,
  title={rfc2827: network ingress filtering: defeating denial of service attacks which employ ip source address spoofing},
  author={Ferguson, Paul and Senie, Daniel},
  year={2000},
  publisher={RFC Editor}
}

@misc{postel1981rfc0791,
  title={{RFC0791: Internet Protocol}},
  author={Postel, Jon},
  year={1981},
  publisher={RFC Editor}
}

@misc{tipredict2018,
  title = {Threat Intelligence Market Size By Component, By Format Type,
  By Deployment Type, By Application, Industry Analysis Report, Regional Outlook,
  Growth Potential, Competitive Market Share and Forecast, 2019 – 2025},
  howpublished = {\url{https://www.gminsights.com/industry-analysis/threat-intelligence-market}},
  key = "Threat Intelligence Market Prediction"
}


@inproceedings{hao2016predator,
  title={PREDATOR: proactive recognition and elimination of domain abuse at time-of-registration},
  author={Hao, Shuang and Kantchelian, Alex and Miller, Brad and Paxson, Vern and Feamster, Nick},
  booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security},
  pages={1568--1579},
  year={2016},
  organization={ACM}
}

@inproceedings{hao2013understanding,
  title={Understanding the domain registration behavior of spammers},
  author={Hao, Shuang and Thomas, Matthew and Paxson, Vern and Feamster, Nick and Kreibich, Christian and Grier, Chris and Hollenbeck, Scott},
  booktitle={Proceedings of the 2013 conference on Internet measurement conference},
  pages={63--76},
  year={2013},
  organization={ACM}
}

@inproceedings {li2019reading,
author = {Vector Guo Li and Matthew Dunn and Paul Pearce and Damon McCoy and Geoffrey M. Voelker and Stefan Savage},
title = {Reading the Tea leaves: A Comparative Analysis of Threat Intelligence},
booktitle = {28th {USENIX} Security Symposium ({USENIX} Security 19)},
year = {2019},
isbn = {978-1-939133-06-9},
address = {Santa Clara, CA},
pages = {851--867},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/li},
publisher = {{USENIX} Association},
month = aug,
}

@inproceedings{pearce2017augur,
  title={Augur: Internet-wide detection of connectivity disruptions},
  author={Pearce, Paul and Ensafi, Roya and Li, Frank and Feamster, Nick and Paxson, Vern},
  booktitle={2017 IEEE Symposium on Security and Privacy (SP)},
  pages={427--443},
  year={2017},
  organization={IEEE}
}

@inproceedings{mcdonald2018403,
  title={403 forbidden: A global view of cdn geoblocking},
  author={McDonald, Allison and Bernhard, Matthew and Valenta, Luke and VanderSloot, Benjamin and Scott, Will and Sullivan, Nick and Halderman, J Alex and Ensafi, Roya},
  booktitle={Proceedings of the Internet Measurement Conference 2018},
  pages={218--230},
  year={2018}
}

@inproceedings{ensafi2014detecting,
  title={Detecting intentional packet drops on the Internet via TCP/IP side channels},
  author={Ensafi, Roya and Knockel, Jeffrey and Alexander, Geoffrey and Crandall, Jedidiah R},
  booktitle={International Conference on Passive and Active Network Measurement},
  pages={109--118},
  year={2014},
  organization={Springer}
}

@inproceedings{lemon2002resisting,
  title={Resisting SYN Flood DoS Attacks with a SYN Cache.},
  author={Lemon, Jonathan},
  booktitle={BSDCon},
  volume={2002},
  pages={89--97},
  year={2002}
}

@inproceedings{klein2019ip,
  title={From {IP ID} to Device ID and {KASLR} Bypass},
  author={Klein, Amit and Pinkas, Benny},
  booktitle={28th $USENIX$ Security Symposium ($USENIX$ Security 19)},
  pages={1063--1080},
  year={2019}
}

@inproceedings{dekoven2017malicious,
  title={Malicious browser extensions at scale: Bridging the observability gap between web site and browser},
  author={DeKoven, Louis F and Savage, Stefan and Voelker, Geoffrey M and Leontiadis, Nektarios},
  booktitle={10th $USENIX$ Workshop on Cyber Security Experimentation and Test ($CSET$ 17)},
  year={2017},
  organization={USENIX}
}

@inproceedings{pang2004characteristics,
  title={Characteristics of internet background radiation},
  author={Pang, Ruoming and Yegneswaran, Vinod and Barford, Paul and Paxson, Vern and Peterson, Larry},
  booktitle={Proceedings of the 4th ACM SIGCOMM conference on Internet measurement},
  year={2004},
  organization={ACM}
}


@inproceedings{wagner2016misp,
  title={Misp: The design and implementation of a collaborative threat intelligence sharing platform},
  author={Wagner, Cynthia and Dulaunoy, Alexandre and Wagener, G{\'e}rard and Iklody, Andras},
  booktitle={Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security},
  pages={49--56},
  year={2016}
}

@article{barnum2012standardizing,
  title={Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX)},
  author={Barnum, Sean},
  journal={Mitre Corporation},
  volume={11},
  pages={1--22},
  year={2012}
}

@inproceedings{mavroeidis2017cyber,
  title={Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence},
  author={Mavroeidis, Vasileios and Bromander, Siri},
  booktitle={2017 European Intelligence and Security Informatics Conference (EISIC)},
  pages={91--98},
  year={2017},
  organization={IEEE}
}

@inproceedings{burger2014taxonomy,
  title={Taxonomy model for cyber threat intelligence information exchange technologies},
  author={Burger, Eric W and Goodman, Michael D and Kampanakis, Panos and Zhu, Kevin A},
  booktitle={Proceedings of the 2014 ACM Workshop on Information Sharing \& Collaborative Security},
  pages={51--60},
  year={2014}
}


@misc{bbcnews,
    title = {{BBC News. GDPR: US news sites unavailable to EU users under new rules}},
    howpublished = {\url{https://www.bbc.com/news/world-europe-44248448}},
    year={May 2018},
    key= "BBC News"
}

@misc{exportcontrol,
    title = {{U.S. Department of the Treasury. Office of Foreign Assets Control(OFAC)}},
    howpublished = {\url{https://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets-Control.aspx}},
    key = "US Export control"
}

@misc{china2news,
    title = {{China Blocks Access to The Times’s Web Site}},
    howpublished = {\url{https://www.nytimes.com/2008/12/20/world/asia/20china.html?ref=todayspaper}},
    year={Dec 2008},
    key = "China Blocks Times"
}

@misc{greatfire,
    title ={{GreatFire: Online Censorship In China}},
    howpublished = {\url{https://en.greatfire.org/analyzer}},
    key = "GreatFire"
}

@misc{maxmind,
    title = {{MaxMind: IP Geolocation and Online Fraud Prevention}},
    howpublished = {\url{https://www.maxmind.com/en/home}},
    key = "MaxMind"
}

@misc{ip2location,
    title = {{IP2Location: IP Address to Identify Geolocation Information}},
    howpublished = {\url{https://www.ip2location.com/}},
    key = "ip2location"
}

@misc{ipdeny,
    title = {{IPdeny IP country blocks}},
    howpublished = {\url{https://www.ipdeny.com/}},
    key = "ipdeny"
}

@misc{ipip,
    title = {{IPIP.net: The only IP Database based on real time BGP/ASN data analytics}},
    howpublished = {\url{https://en.ipip.net/}},
    key = "ipip"
}

@misc{caida_as_org,
    title = {Inferred AS to Organization Mapping Dataset},
    howpublished = {\url{https://www.caida.org/data/as_organizations.xml}},
    key = "caida-as-arg"
}

@inproceedings{aryan2013internet,
  title={Internet censorship in Iran: A first look},
  author={Aryan, Simurgh and Aryan, Homa and Halderman, J Alex},
  booktitle={Presented as part of the 3rd $\{$USENIX$\}$ Workshop on Free and Open Communications on the Internet},
  year={2013}
}

@inproceedings{park2010empirical,
  title={Empirical study of a national-scale distributed intrusion detection system: Backbone-level filtering of HTML responses in China},
  author={Park, Jong Chun and Crandall, Jedidiah R},
  booktitle={2010 IEEE 30th International Conference on Distributed Computing Systems},
  pages={315--326},
  year={2010},
  organization={IEEE}
}

@article{anderson2012splinternet,
  title={Splinternet behind the great firewall of china},
  author={Anderson, Daniel},
  journal={Queue},
  volume={10},
  number={11},
  pages={40--49},
  year={2012},
  publisher={ACM New York, NY, USA}
}

@inproceedings{clayton2006ignoring,
  title={Ignoring the great firewall of china},
  author={Clayton, Richard and Murdoch, Steven J and Watson, Robert NM},
  booktitle={International Workshop on Privacy Enhancing Technologies},
  pages={20--35},
  year={2006},
  organization={Springer}
}

@article{zittrain2003internet,
  title={Internet filtering in China},
  author={Zittrain, Jonathan and Edelman, Benjamin},
  journal={IEEE Internet Computing},
  volume={7},
  number={2},
  pages={70--77},
  year={2003},
  publisher={IEEE}
}

@misc{opennetsurvey,
  title={Survey of government Internet filtering practices indicates increasing internet censorship, May 2007},
  author={OpenNet Initiative},
  key = "Survey of government"
}

@article{mazziotti2015geo,
  title={Is geo-blocking a real cause for concern in Europe?},
  author={Mazziotti, Giuseppe},
  journal={EUI Department of Law Research Paper},
  number={2015/43},
  year={2015}
}

@article{trimble2016geoblocking,
  title={Geoblocking, technical standards and the law},
  author={Trimble, Marketa},
  year={2016}
}

@misc{usnewsranking,
    title = {{2020 Best National University Rankings}},
    howpublished = {\url{https://www.usnews.com/best-colleges/rankings/national-universities}},
    year={Jan 2020},
    key = "us news ranking"
}

@inproceedings{singh2017characterizing,
  title={Characterizing the nature and dynamics of Tor exit blocking},
  author={Singh, Rachee and Nithyanand, Rishab and Afroz, Sadia and Pearce, Paul and Tschantz, Michael Carl and Gill, Phillipa and Paxson, Vern},
  booktitle={26th $\{$USENIX$\}$ Security Symposium ($\{$USENIX$\}$ Security 17)},
  pages={325--341},
  year={2017}
}

@article{afroz2018exploring,
  title={Exploring server-side blocking of regions},
  author={Afroz, Sadia and Tschantz, Michael Carl and Sajid, Shaarif and Qazi, Shoaib Asif and Javed, Mobin and Paxson, Vern},
  journal={arXiv preprint arXiv:1805.11606},
  year={2018}
}

@inproceedings{khattak2016you,
  title={Do you see what I see? differential treatment of anonymous users},
  author={Khattak, Sheharbano and Fifield, David and Afroz, Sadia and Javed, Mobin and Sundaresan, Srikanth and Paxson, Vern and Murdoch, Steven J and McCoy, Damon},
  year={2016},
  organization={Internet Society}
}

@misc{ripeatlas,
    title={{RIPE Atlas - RIPE Network Coordination Centre}},
    howpublished={\url{https://atlas.ripe.net/}},
    key = "RIPE Atlas"
}

@misc{iclab,
    title={Information Controls Lab},
    howpublished={\url{https://iclab.org/}},
    key = "Information Lab"
}

@misc{ooni,
    title={{OONI - Open Observatory of Network Interference}},
    howpublished={\url{https://ooni.org/}},
    key = "OONI"
}

@misc{timarket,
  title = {{Threat Intelligence Market Analysis By Solution,
  By Services, By Deployment, By Application And Segment
  Forecast, 2018 - 2025}},
  howpublished = {\url{https://www.grandviewresearch.com/industry-analysis/threat-intelligence-market}},
  key = "Threat Intelligence Market Analysis",
}


@misc{BroNetwork,
  title = {{The Bro Network Security Monitor}},
  howpublished = {\url{https://www.bro.org/index.html}},
  _note = {Accessed: 2019-10-20},
  key = "Bro Network Security Monitor",
}

@misc{DShield,
  title = {{DShield Scanning IPs}},
  howpublished = {\url{https://dshield.org/feeds_doc.html}},
  _note = {Accessed: 2019-10-30},
  key = "DShield Scanning IPs",
}

@misc{Abuse-ch,
  title = {Abuse.ch},
  howpublished = {\url{https://abuse.ch/}},
  _note = {Accessed: 2019-10-30},
  key = "Abuse.ch",
}

@misc{Feodo,
  title = {{Feodo IP Blocklist}},
  howpublished = {\url{https://feodotracker.abuse.ch/blocklist/}},
  _note = {Accessed: 2019-10-30},
  key = "Feodo IP Blocklist",
}

@misc{Feodo-Tracker,
  title = {Feodo Tracker},
  howpublished = {\url{https://feodotracker.abuse.ch/}},
  _note = {Accessed: 2019-10-30},
  key = "Feodo Tracker",
}

@misc{Openbl,
  title = {{OpenBL IP Blacklist}},
  howpublished = {\url{https://www.openbl.org/}},
  _note = {Accessed: 2017-04-30},
  key = "OpenBL IP Blacklist",
}

@misc{Badips,
  title = {Badips},
  howpublished = {\url{https://www.badips.com/}},
  _note = {Accessed: 2019-10-20},
  key = "Badips",
}

@misc{shadowserver,
  title = {ShadowServer},
  howpublished = {\url{https://www.shadowserver.org/}},
  _note = {Accessed: 2019-10-20},
  key = "ShadowServer",
}

@misc{cloudfront,
  title = {{AWS CloudFront}, fast, highly secure and programmable content delivery network},
  howpublished = {\url{https://aws.amazon.com/cloudfront/}},
  _note = {Accessed: 2019-10-20},
  key = "cloudfront",
}

@misc{fastly,
  title = {Fastly Managed {CDN}},
  howpublished = {\url{https://www.fastly.com/products/fastly-managed-cdn}},
  _note = {Accessed: 2019-10-20},
  key = "fastly",
}

@misc{edgecast,
  title = {EdgeCast {CDN}, {Verizon} Digital and Media Services},
  howpublished = {\url{https://www.verizondigitalmedia.com/platform/edgecast-cdn/}},
  _note = {Accessed: 2019-10-20},
  key = "edgecast",
}

https://krebsonsecurity.com/2015/01/spreading-the-disease-and-selling-the-cure/
@misc{cdnabuse,
  title = {Spreading the Disease and Selling the Cure},
  howpublished = {\url{https://krebsonsecurity.com/2015/01/spreading-the-disease-and-selling-the-cure/}},
  _note = {Accessed: 2019-10-20},
  key = "cdnabuse",
}


@misc{maxcdn,
  title = {Max{CDN}},
  howpublished = {\url{https://www.maxcdn.com/one/}},
  _note = {Accessed: 2019-10-20},
  key = "maxcdn",
}


@misc{cloudflare,
  title = {Cloudflare, Fast, Global Content Delivery Network},
  howpublished = {\url{https://www.cloudflare.com/cdn/}},
  _note = {Accessed: 2019-10-20},
  key = "cloudflare",
}

@misc{Alexa,
  title = {Top {Alexa} Domains},
  howpublished = {\url{https://www.alexa.com/topsites/}},
  _note = {Accessed: 2019-10-20},
  key = "Alexa",
}

@misc{telescope,
  title = {{UCSD} Network Telescope},
  howpublished = {\url{https://www.caida.org/projects/network_telescope/}},
  _note = {Accessed: 2019-10-20},
  key = "telescope",
}

@misc{Packetmail,
  title = {PacketMail.net},
  howpublished = {\url{https://www.packetmail.net/}},
  _note = {Accessed: 2019-10-20},
  key = "PacketMail.net",
}

@misc{FBThreatExchange,
  title = {Facebook Threat Exchange},
  howpublished = {\url{https://developers.facebook.com/programs/threatexchange}},
  _note = {Accessed: 2019-10-20},
  key = "Facebook Threat Exchange",
}

@misc{Virustotal,
  title = {{VirusTotal}},
  howpublished = {\url{https://www.virustotal.com/#/home/upload}},
  _note = {Accessed: 2019-10-23},
  key = "VirusTotal",
}

@misc{Alienvault,
  title = {AlienVault {IP} Reputation},
  howpublished = {\url{http://reputation.alienvault.com/reputation.data}},
  _note = {Accessed: 2019-10-20},
  key = "AlienVault IP Reputation",
}



@misc{Malcode,
  title = {Malc0de Blacklist},
  howpublished = {\url{http://malc0de.com/bl/}},
  _note = {Accessed: 2019-10-20},
  key = "Malc0de Blacklist",
}


@misc{SpamhausSBL,
  title = {The {Spamhaus} Block List},
  howpublished = {\url{https://www.spamhaus.org/sbl/}},
  _note = {Accessed: 2019-10-20},
  key = "The Spamhaus Block List",
}

@misc{CBL,
  title = {{Composite Blocking List}},
  howpublished = {\url{https://www.abuseat.org/}},
  _note = {Accessed: 2019-10-20},
  key = "CBL, Complete Blocking List",
}

@misc{SORBS,
  title = {The Spam and Open Relay Blocking System},
  howpublished = {\url{http://www.sorbs.net/}},
  _note = {Accessed: 2019-10-20},
  key = "The Spam and Open Relay Blocking System",
}


@misc{Spamhaus,
  title = {{The Spamhaus Don't Route Or Peer Lists}},
  howpublished = {\url{https://www.spamhaus.org/drop/}},
  _note = {Accessed: 2019-10-20},
  key = "The Spamhaus Don't Route Or Peer Lists",
}


@misc{Nothink,
  title = {Nothink Honeypot {SSH}},
  howpublished = {\url{http://www.nothink.org/honeypot_ssh.php}},
  _note = {Accessed: 2019-10-20},
  key = "Nothink Honeypot SSH",
}


@misc{IODEF,
  title = {{Incident Object Description Exchange Format}},
  howpublished = {\url{https://tools.ietf.org/html/rfc5070}},
  _note = {Accessed: 2019-01-20},
  key = "IODEF",
}


@misc{CybOX,
  title = {{Cyber Observable eXpression}},
  howpublished = {\url{http://cyboxproject.github.io/documentation/}},
  _note = {Accessed: 2019-01-20},
  key = "CybOX",
}


@misc{STIX,
  title = {{Structured Threat Information eXpression}},
  howpublished = {\url{https://stixproject.github.io/}},
  _note = {Accessed: 2019-01-20},
  key = "STIX",
}


@misc{Routeview,
  title = {{University of Oregon Route Views Project}},
  howpublished = {\url{http://www.routeviews.org/routeviews/}},
  _note = {Accessed: 2019-10-20},
  key = "University of Oregon Route Views Project"
}

@inproceedings{scheitle2018long,
  title={A long way to the top: Significance, structure, and stability of Internet top lists},
  author={Scheitle, Quirin and Hohlfeld, Oliver and Gamba, Julien and Jelten, Jonas and Zimmermann, Torsten and Strowes, Stephen D and Vallina-Rodriguez, Narseo},
  booktitle={Proceedings of the Internet Measurement Conference},
  year={2018},
  organization={ACM}
}


@article{moore2006inferring,
  title={Inferring internet denial-of-service activity},
  author={Moore, David and Shannon, Colleen and Brown, Douglas J and Voelker, Geoffrey M and Savage, Stefan},
  journal={ACM Transactions on Computer Systems (TOCS)},
  year={2006},
  publisher={ACM}
}

@inproceedings{jagpal2015trends,
  title={Trends and Lessons from Three Years Fighting Malicious Extensions.},
  author={Jagpal, Nav and Dingle, Eric and Gravel, Jean-Philippe and Mavrommatis, Panayiotis and Provos, Niels and Rajab, Moheeb Abu and Thomas, Kurt},
  booktitle={USENIX Security Symposium},
  year={2015}
}


@inproceedings{kapravelos2014hulk,
  title={Hulk: Eliciting Malicious Behavior in Browser Extensions.},
  author={Kapravelos, Alexandros and Grier, Chris and Chachra, Neha and Kruegel, Christopher and Vigna, Giovanni and Paxson, Vern},
  booktitle={USENIX Security Symposium},
  year={2014},
  organization={San Diego, CA}
}


@misc{antirez1998,
  author = antirez,
  title = {new tcp scan method},
  howpublished = {\url{https://seclists.org/bugtraq/1998/Dec/79}},
  key = "Bugtraq list"
}

@inproceedings{thomas2016abuse,
  title={The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges},
  author={Thomas, Kurt and Amira, Rony and Ben-Yoash, Adi and Folger, Ori and Hardon, Amir and Berger, Ari and Bursztein, Elie and Bailey, Michael},
  booktitle={International Symposium on Research in Attacks, Intrusions, and Defenses},
  year={2016},
  organization={Springer}
}

@inproceedings{metcalf2015blacklist,
  title={Blacklist ecosystem analysis: Spanning Jan 2012 to Jun 2014},
  author={Metcalf, Leigh and Spring, Jonathan M},
  booktitle={Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security},
  year={2015},
  organization={ACM}
}

@inproceedings{ramachandran2007filtering,
  title={Filtering Spam with Behavioral Blacklisting},
  author={Ramachandran, Anirudh and Feamster, Nick and Vempala, Santosh},
  booktitle={Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS)},
  year={2007},
}

@inproceedings{sheng2009empirical,
  title={An Empirical Analysis of Phishing Blacklists},
  author={Sheng, Steve and Wardman, Brad and Warner, Gary and Cranor, Lorrie Faith and Hong, Jason and Zhang, Chengshan},
  booktitle={Proceedings of the Conference on Email and Anti-Spam (CEAS)},
  year={2009}
}

@inproceedings{jung2004empirical,
  title={An empirical study of spam traffic and the use of DNS black lists},
  author={Jung, Jaeyeon and Sit, Emil},
  booktitle={Proceedings of the ACM Conference on Internet Measurement},
  year={2004}
}

@inproceedings{ramachandran2006can,
  title={Can DNS-Based Blacklists Keep Up With Bots?},
  author={Ramachandran, Anirudh and Dagon, David and Feamster, Nick},
  booktitle={Proceedings of the Conference on Email and Anti-Spam (CEAS)},
  year={2006}
}

@inproceedings{sinha2008shades,
  title={Shades of Grey: On the effectiveness of reputation-based ``blacklists''},
  author={Sinha, Sushant and Bailey, Michael and Jahanian, Farnam},
  booktitle={2008 3rd International Conference on Malicious and Unwanted Software (MALWARE)},
  _pages={57--64},
  _year={2008},
  organization={IEEE}
}

@article{ramachandran2006revealing,
  title={Revealing Botnet Membership Using DNSBL Counter-Intelligence.},
  author={Ramachandran, Anirudh and Feamster, Nick and Dagon, David},
  journal={SRUTI},
  volume={6},
  year={2006}
}

@inproceedings{kuhrer2014paint,
  title={Paint it black: Evaluating the effectiveness of malware blacklists},
  author={K{\"u}hrer, Marc and Rossow, Christian and Holz, Thorsten},
  booktitle={International Workshop on Recent Advances in Intrusion Detection},
  year={2014},
  organization={Springer}
}


@inproceedings{durumeric2014internet,
  title={An Internet-Wide View of Internet-Wide Scanning.},
  author={Durumeric, Zakir and Bailey, Michael and Halderman, J Alex},
  booktitle={USENIX Security Symposium},
  year={2014}
}


@inproceedings{benson2015leveraging,
  title={Leveraging internet background radiation for opportunistic network analysis},
  author={Benson, Karyn and Dainotti, Alberto and Snoeren, Alex C and Kallitsis, Michael},
  booktitle={Proceedings of the 2015 Internet Measurement Conference},
  year={2015},
  organization={ACM}
}

@inproceedings{antonakakis2017understanding,
  title={Understanding the mirai botnet},
  author={Antonakakis, Manos and April, Tim and Bailey, Michael and Bernhard, Matt and Bursztein, Elie and Cochran, Jaime and Durumeric, Zakir and Halderman, J Alex and Invernizzi, Luca and Kallitsis, Michalis},
  booktitle={USENIX Security Symposium},
  year={2017}
}