Despite significant effort in improving software quality, vulnerabilities and bugs persist in applications. Attackers remotely exploit vulnerabilities in network-facing applications and then disclose and corrupt users’ sensitive information that these applications process. Reducing privilege of application components helps to limit the harm that an attacker may cause if she exploits an applicat...

In this paper, we present recent contributions for the battle against one of the main problems faced by search engines: the spamdexing or web spamming. They are malicious techniques used in web pages with the purpose of circumvent the search engines in order to achieve good visibility in search results. To better understand the problem and finding the best setup and methods to avoid such virtua...

All mobile devices are energy-constrained. They use batteries that allows using the device for a limited amount of time. In general, energy attacks on mobile devices are denial of service (DoS) type of attacks. While previous studies have analyzed the energy attacks in servers, no existing work has analyzed the energy attacks on mobile devices. As such, in this paper, we present the first syste...

This paper describes an attack concept termed Drive-by Pharming where an attacker sets up a web page that, when simply viewed by the victim (on a JavaScript-enabled browser), attempts to change the DNS server settings on the victim’s home broadband router. As a result, future DNS queries are resolved by a DNS server of the attacker’s choice. The attacker can direct the victim’s Internet traffic...

the enormous growth of the world wide web in recent years has made it necessary to perform resource discovery efficiently. for a crawler it is not an simple task to download the domain specific web pages. this unfocused approach often shows undesired results. therefore, several new ideas have been proposed, among them a key technique is focused crawling which is able to crawl particular topical...

Œe safety, reliability and usability of web platforms are o‰en compromised by malicious entities, such as vandals on Wikipedia, bot connections on TwiŠer, fake likes on Facebook, and several more. Computational models developed with large-scale real-world behavioral data have shown signi€cant progress in identifying these malicious entities. Œis tutorial discusses three broad directions of stat...

In today’s constantly connected world, the dependence on web-based technologies is ubiquitous, creating opportunities for both malicious and benign activity. As a result, it is essential that we be able to identify users on the web. Although simple methods, such as tracking a user by userid or by IP address exist, these methods can easily be evaded if the user so desires, by creating multiple i...