2017

  • A. Yichiet, S. Manickam, and S. Karuppayah, “A review on features’ robustness in high diversity mobile traffic classifications.,” Ijcnis, vol. 9, iss. 2, 2017.
    [Bibtex]
    @article{journals/ijcnis/YichietMK17,
    added-at = {2017-12-27T09:59:44.000+0100},
    author = {Yichiet, Aun and Manickam, Selvakumar and Karuppayah, Shankar},
    biburl = {https://www.bibsonomy.org/bibtex/25aa7098cfe574efb5ba2dbfb4411d225/kshankar},
    ee = {http://www.ijcnis.org/index.php/ijcnis/article/view/2368},
    interhash = {4add5ec0aec6cc44c5f282048263807c},
    intrahash = {5aa7098cfe574efb5ba2dbfb4411d225},
    journal = {IJCNIS},
    keywords = {myown security},
    number = 2,
    timestamp = {2017-12-27T09:59:44.000+0100},
    title = {A Review on Features' Robustness in High Diversity Mobile Traffic Classifications.},
    url = {http://dblp.uni-trier.de/db/journals/ijcnis/ijcnis9.html#YichietMK17},
    volume = 9,
    year = 2017
    }
  • S. Karuppayah, L. Böck, T. Grube, S. Manickam, M. Mühlhäuser, and M. Fischer, “Sensorbuster: on identifying sensor nodes in p2p botnets.,” in Ares, 2017, p. 34:1-34:6.
    [Bibtex]
    @inproceedings{conf/IEEEares/KaruppayahBGMMF17,
    added-at = {2017-12-27T09:59:12.000+0100},
    author = {Karuppayah, Shankar and Böck, Leon and Grube, Tim and Manickam, Selvakumar and Mühlhäuser, Max and Fischer, Mathias},
    biburl = {https://www.bibsonomy.org/bibtex/26b94be6b7000d4aa7bebb76fb8cfe8e6/kshankar},
    booktitle = {ARES},
    ee = {http://doi.acm.org/10.1145/3098954.3098991},
    interhash = {a161a4e10fb85eff09a7e50e780ed88e},
    intrahash = {6b94be6b7000d4aa7bebb76fb8cfe8e6},
    isbn = {978-1-4503-5257-4},
    keywords = {botnet monitoring myown p2p security sensors},
    pages = {34:1-34:6},
    publisher = {ACM},
    timestamp = {2017-12-29T05:59:29.000+0100},
    title = {SensorBuster: On Identifying Sensor Nodes in P2P Botnets.},
    url = {http://dblp.uni-trier.de/db/conf/IEEEares/ares2017.html#KaruppayahBGMMF17},
    year = 2017
    }

2016

  • S. Karuppayah, “Advanced monitoring in p2p botnets.,” PhD Thesis, 2016.
    [Bibtex]
    @phdthesis{phd/dnb/Karuppayah16,
    added-at = {2017-12-27T10:13:36.000+0100},
    author = {Karuppayah, Shankar},
    biburl = {https://www.bibsonomy.org/bibtex/2e33a21745ee8f4654f58ffccabd83a6a/kshankar},
    ee = {http://d-nb.info/1112269568},
    interhash = {34ae87e4d5e07266d97536227630346a},
    intrahash = {e33a21745ee8f4654f58ffccabd83a6a},
    keywords = {botnet myown p2p security},
    pages = {1-147},
    school = {Technische Universität Darmstadt},
    timestamp = {2017-12-29T07:35:40.000+0100},
    title = {Advanced monitoring in P2P botnets.},
    year = 2016
    }
  • S. Karuppayah, E. Vasilomanolakis, S. Haas, M. Mühlhäuser, and M. Fischer, “BoobyTrap: On Autonomously Detecting and Characterizing Crawlers in P2P Botnets,” in Ieee international conference on communications (icc),, 2016.
    [Bibtex]
    @inproceedings{karuppayah2016boobytrap,
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Karuppayah, Shankar and Vasilomanolakis, Emmanouil and Haas, Steffen and M{\"{u}}hlh{\"{a}}user, Max and Fischer, Mathias},
    biburl = {https://www.bibsonomy.org/bibtex/2094d3c7bc4d9f4106f4826611bc14cf6/kshankar},
    booktitle = {IEEE International Conference on Communications (ICC),},
    interhash = {09477f762ef16c0eefcb06ba8ce5bdcc},
    intrahash = {094d3c7bc4d9f4106f4826611bc14cf6},
    keywords = {anti-monitoring boobytrap botnet crawler detection myown p2p},
    timestamp = {2017-12-27T09:56:32.000+0100},
    title = {{BoobyTrap: On Autonomously Detecting and Characterizing Crawlers in P2P Botnets}},
    year = 2016
    }
  • S. Haas, S. Karuppayah, S. Manickam, M. Mühlhäuser, and M. Fischer, “On the Resilience of P2P-based Botnet Graphs,” in Ieee conference on communications and network security (cns), 2016.
    [Bibtex]
    @inproceedings{haas2016resilience,
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Haas, Steffen and Karuppayah, Shankar and Manickam, Selvakumar and M{\"{u}}hlh{\"{a}}user, Max and Fischer, Mathias},
    biburl = {https://www.bibsonomy.org/bibtex/2c76296536ba09f6231df4ea79bdcb535/kshankar},
    booktitle = {IEEE Conference on Communications and Network Security (CNS)},
    interhash = {f791f46cfd891c1e2decc4c12e50d1ff},
    intrahash = {c76296536ba09f6231df4ea79bdcb535},
    keywords = {correlation honeypot incident invasive myown server},
    timestamp = {2017-01-05T12:19:54.000+0100},
    title = {{On the Resilience of P2P-based Botnet Graphs}},
    year = 2016
    }

2015

  • E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer, “Taxonomy and Survey of Collaborative Intrusion Detection,” Acm computing surveys, vol. 47, iss. 4, 2015.
    [Bibtex]
    @article{vasilomanolakis2015taxonomy,
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Vasilomanolakis, Emmanouil and Karuppayah, Shankar and M{\"{u}}hlh{\"{a}}user, Max and Fischer, Mathias},
    biburl = {https://www.bibsonomy.org/bibtex/254c38766dcecfd08b113b52b69a853dd/kshankar},
    interhash = {c148bf2b89e6bb2c3997900015f02ccb},
    intrahash = {54c38766dcecfd08b113b52b69a853dd},
    journal = {ACM Computing Surveys},
    keywords = {cids distributed ids myown survey},
    number = 4,
    timestamp = {2017-01-05T12:32:15.000+0100},
    title = {{Taxonomy and Survey of Collaborative Intrusion Detection}},
    volume = 47,
    year = 2015
    }
  • E. Vasilomanolakis, S. Karuppayah, P. Kikiras, and M. Mühlhäuser, “A honeypot-driven cyber incident monitor: lessons learned and steps ahead,” in International conference on security of information and networks, 2015.
    [Bibtex]
    @inproceedings{vasilomanolakis2015honeypotdriven,
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Vasilomanolakis, Emmanouil and Karuppayah, Shankar and Kikiras, Panayotis and M{\"{u}}hlh{\"{a}}user, Max},
    biburl = {https://www.bibsonomy.org/bibtex/2bf7262b283a540b4e3dd65d5812b6ee4/kshankar},
    booktitle = {International Conference on Security of Information and Networks},
    interhash = {522b15de741627d8d45537108ce04638},
    intrahash = {bf7262b283a540b4e3dd65d5812b6ee4},
    keywords = {alert correlation honeypot incident monitor myown security},
    timestamp = {2017-01-05T12:24:42.000+0100},
    title = {{A honeypot-driven cyber incident monitor: lessons learned and steps ahead}},
    year = 2015
    }
  • S. Karuppayah, S. Roos, C. Rossow, M. Mühlhäuser, and M. Fischer, “ZeusMilker: Circumventing the P2P Zeus Neighbor List Restriction Mechanism,” in Ieee international conference on distributed computing systems (icdcs), 2015.
    [Bibtex]
    @inproceedings{karuppayah2015zeusmilker,
    abstract = {The emerging trend of highly-resilient P2P botnets poses a huge security threat to our modern society. Carefully designed countermeasures as applied in sophisticated P2P botnets such as P2P Zeus impede botnet monitoring and successive takedown. These countermeasures reduce the accuracy of the monitored data, such that an exact reconstruction of the botnet's topology is hard to obtain efficiently.However, an accurate topology snapshot, revealing particularly the identities of all bots, is crucial to execute effective botnet takedown operations. With the goal of obtaining the required snapshot in an efficient manner, we provide a detailed description and analysis of the P2P Zeus neighbor list restriction mechanism. As our main contribution, we propose ZeusMilker, a mechanism for circumventing the existing anti-monitoring countermeasures of P2P Zeus. In contrast to existing approaches, our mechanism deterministically reveals the complete neighbor lists of bots and hence can efficiently provide a reliable topology snapshot of P2P Zeus. We evaluated ZeusMilker on a real-world dataset and found that it outperforms state-of-the-art techniques for botnet monitoring with regard to the number of queries needed to retrieve a bot's complete neighbor list. Furthermore, ZeusMilker is provably optimal in retrieving the complete neighbor list, requiring at most 2n queries for an n-elemental list. Moreover, we also evaluated how the performance of ZeusMilker is impacted by various protocol changes designed to undermine its provable performance bounds.},
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Karuppayah, Shankar and Roos, Stefanie and Rossow, Christian and M{\"{u}}hlh{\"{a}}user, Max and Fischer, Mathias},
    biburl = {https://www.bibsonomy.org/bibtex/235ee23a1c58d7ec95a333187d3bf447e/kshankar},
    booktitle = {IEEE International Conference on Distributed Computing Systems (ICDCS)},
    interhash = {97107d783afe57b602ba956d5bf070e2},
    intrahash = {35ee23a1c58d7ec95a333187d3bf447e},
    keywords = {anti-monitoring crawling goz myown p2p zeus},
    timestamp = {2017-01-05T12:22:19.000+0100},
    title = {{ZeusMilker: Circumventing the P2P Zeus Neighbor List Restriction Mechanism}},
    year = 2015
    }
  • L. Böck, S. Karuppayah, T. Grube, M. Mühlhäuser, and M. Fischer, “Hide And Seek: Detecting Sensors In P2P Botnets,” in Ieee conference on communications and network security, 2015, p. 731–732.
    [Bibtex]
    @inproceedings{bock2015detecting,
    abstract = {Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20{\%}.},
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {B{\"{o}}ck, Leon and Karuppayah, Shankar and Grube, Tim and M{\"{u}}hlh{\"{a}}user, Max and Fischer, Mathias},
    biburl = {https://www.bibsonomy.org/bibtex/2cfd02c173720be76cb3e5e6dd6d7b825/kshankar},
    booktitle = {IEEE Conference on Communications and Network Security},
    interhash = {fa3ffc679ef430ed3f2cfce14a3cab0f},
    intrahash = {cfd02c173720be76cb3e5e6dd6d7b825},
    keywords = {botnet detection myown p2p sensor},
    pages = {731--732},
    timestamp = {2017-01-05T12:20:46.000+0100},
    title = {{Hide And Seek: Detecting Sensors In P2P Botnets}},
    year = 2015
    }

2014

  • S. Karuppayah, M. Fischer, C. Rossow, and M. Mühlhäuser, “On Advanced Monitoring in Resilient and Unstructured P2P Botnets,” in Ieee international conference on communications (icc), 2014.
    [Bibtex]
    @inproceedings{karuppayah2014advanced,
    abstract = {Botnets are a serious threat to Internet-based services and end users. The recent paradigm shift from centralized to more sophisticated Peer-to-Peer (P2P)-based botnets introduces new challenges for security researchers. Centralized botnets can be easily monitored, and once their command and control server is identified, easily be taken down. However, P2P-based botnets are much more resilient against such attempts. To make it worse, botnets like P2P Zeus include additional countermeasures to make monitoring and crawling more difficult for the defenders. In this paper, we discuss in detail the problems of P2P botnet monitoring. As our main contribution, we introduce the Less Invasive Crawling Algorithm (LICA) for efficiently crawling unstructured P2P botnets and utilize only local information. We compare the performance of LICA with other known crawling methods such as Depth-first and Breadth-first search. This is achieved by simulating these methods on not only a real-world botnet dataset, but also on an unstructured P2P file sharing network dataset. Our analysis results indicate that LICA significantly outperforms the other known crawling methods.},
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Karuppayah, Shankar and Fischer, Mathias and Rossow, Christian and M{\"{u}}hlh{\"{a}}user, Max},
    biburl = {https://www.bibsonomy.org/bibtex/273f1a58ec92b6ef6655fba4eee8aec51/kshankar},
    booktitle = {IEEE International Conference on Communications (ICC)},
    interhash = {513bc88da9f97c842fc2a511dfbcfe1d},
    intrahash = {73f1a58ec92b6ef6655fba4eee8aec51},
    keywords = {Approximation P2P Zeus algorithm botnet computing myown security unstructured},
    timestamp = {2017-01-05T12:26:00.000+0100},
    title = {{On Advanced Monitoring in Resilient and Unstructured P2P Botnets}},
    year = 2014
    }
  • E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer, “HosTaGe: a Mobile Honeypot for Collaborative Defense,” in International conference on security of information and networks, 2014.
    [Bibtex]
    @inproceedings{vasilomanolakis2014hostage,
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Vasilomanolakis, Emmanouil and Karuppayah, Shankar and M{\"{u}}hlh{\"{a}}user, Max and Fischer, Mathias},
    biburl = {https://www.bibsonomy.org/bibtex/287964bbea24384eb4a5e2566728a83a6/kshankar},
    booktitle = {International Conference on Security of Information and Networks},
    interhash = {c438bf41e63c241a37c677660cf82446},
    intrahash = {87964bbea24384eb4a5e2566728a83a6},
    keywords = {android honeypot mobile myown},
    timestamp = {2017-01-05T12:22:54.000+0100},
    title = {{HosTaGe: a Mobile Honeypot for Collaborative Defense}},
    year = 2014
    }

2013

  • E. Vasilomanolakis, S. Karuppayah, M. Fischer, M. Mühlhäuser, M. Plasoianu, L. Pandikow, and W. Pfeiffer, “This Network is Infected : HosTaGe – a Low-Interaction Honeypot for Mobile Devices,” in Security and privacy in smartphones & mobile devices, 2013, p. 43–48.
    [Bibtex]
    @inproceedings{vasilomanolakis2013network,
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Vasilomanolakis, Emmanouil and Karuppayah, Shankar and Fischer, Mathias and M{\"{u}}hlh{\"{a}}user, Max and Plasoianu, Mihai and Pandikow, Lars and Pfeiffer, Wulf},
    biburl = {https://www.bibsonomy.org/bibtex/2f347af95965b70600b469a7d3a0ab5de/kshankar},
    booktitle = {Security and Privacy in Smartphones {\&} Mobile Devices},
    interhash = {72842ad058b187bcb5625e06ceb6bfdc},
    intrahash = {f347af95965b70600b469a7d3a0ab5de},
    keywords = {android honeypot malware mobile myown security},
    pages = {43--48},
    timestamp = {2017-01-05T12:26:36.000+0100},
    title = {{This Network is Infected : HosTaGe - a Low-Interaction Honeypot for Mobile Devices}},
    year = 2013
    }

2012

  • E. Alomari, S. Manickam, B. {B. Gupta}, S. Karuppayah, and R. Alfaris, “Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art,” International journal of computer applications, vol. 49, iss. 7, p. 24–32, 2012.
    [Bibtex]
    @article{alomari2012botnetbased,
    added-at = {2016-11-25T13:45:41.000+0100},
    author = {Alomari, Esraa and Manickam, Selvakumar and {B. Gupta}, B. and Karuppayah, Shankar and Alfaris, Rafeef},
    biburl = {https://www.bibsonomy.org/bibtex/2422ece50576835004402815be392989a/kshankar},
    interhash = {310c41edc9d126588364022efe0b8dc0},
    intrahash = {422ece50576835004402815be392989a},
    journal = {International Journal of Computer Applications},
    keywords = {attacks botnet ddos information irc myown security server web},
    month = jul,
    number = 7,
    pages = {24--32},
    timestamp = {2017-01-05T12:27:40.000+0100},
    title = {{Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art}},
    volume = 49,
    year = 2012
    }

2011

  • S. Karuppayah and F. Samad, “Cad+: detecting colluding nodes in gray hole attacks,” in Informatiktage 2011, 2011, pp. 279-282.
    [Bibtex]
    @conference{karuppayahshankarsamad2011detecting,
    added-at = {2017-12-29T05:58:43.000+0100},
    author = {Karuppayah, Shankar and Samad, Fahad},
    biburl = {https://www.bibsonomy.org/bibtex/2a1ee91b06d6d876690b10e28ad0da945/kshankar},
    booktitle = { Informatiktage 2011},
    editor = {Porada, Ludger},
    interhash = {537bcb8a6b76eabfecd0e7e8f0233d4e},
    intrahash = {a1ee91b06d6d876690b10e28ad0da945},
    isbn = {978-3-88579-444-8},
    issn = {1614-3213},
    keywords = {myown},
    pages = {279-282},
    publisher = {Gesellschaft für Informatik (GI)},
    series = {Lecture Notes in Informatics},
    timestamp = {2017-12-29T06:09:11.000+0100},
    title = {CAD+: Detecting Colluding Nodes in Gray Hole Attacks},
    volume = 10,
    year = 2011
    }
  • S. Karuppayah, “Selective forwarding attack: detecting colluding nodes in wireless mesh networks,” Master Thesis, 2011.
    [Bibtex]
    @mastersthesis{karuppayah2011selective,
    added-at = {2017-12-29T05:47:33.000+0100},
    author = {Karuppayah, Shankar},
    biburl = {https://www.bibsonomy.org/bibtex/2f87d134b912073f7b15e771ebdd4de66/kshankar},
    interhash = {a35855a114bddd5321880c3faa018a29},
    intrahash = {f87d134b912073f7b15e771ebdd4de66},
    keywords = {myown},
    school = {RWTH Aachen University},
    timestamp = {2017-12-29T06:04:14.000+0100},
    title = {Selective Forwarding Attack: Detecting Colluding Nodes in Wireless Mesh Networks},
    year = 2011
    }