| Static disassembly of obfuscated binaries C Kruegel, W Robertson, F Valeur, G Vigna USENIX security Symposium 13, 18-18, 2004 | 667* | 2004 |
| Polymorphic worm detection using structural information of executables C Kruegel, E Kirda, D Mutz, W Robertson, G Vigna RAID 5, 207-226, 2005 | 566 | 2005 |
| Bayesian event classification for intrusion detection C Kruegel, D Mutz, W Robertson, F Valeur 19th Annual Computer Security Applications Conference, 2003. Proceedings., 14-23, 2003 | 554 | 2003 |
| Cutting the gordian knot: A look under the hood of ransomware attacks A Kharraz, W Robertson, D Balzarotti, L Bilge, E Kirda Detection of Intrusions and Malware, and Vulnerability Assessment: 12th …, 2015 | 516 | 2015 |
| Unveil: a large-scale, automated approach to detecting ransomware. A Kharraz, S Arshad, C Mulliner, WK Robertson, E Kirda USENIX Security symposium 25, 2016 | 418 | 2016 |
| A multi-model approach to the detection of web-based attacks C Kruegel, G Vigna, W Robertson Computer Networks 48 (5), 717-738, 2005 | 382 | 2005 |
| Disclosure: detecting botnet command and control servers through large-scale netflow analysis L Bilge, D Balzarotti, W Robertson, E Kirda, C Kruegel Proceedings of the 28th Annual Computer Security Applications Conference …, 2012 | 359 | 2012 |
| Beehive: Large-scale log analysis for detecting suspicious activity in enterprise networks TF Yen, A Oprea, K Onarlioglu, T Leetham, W Robertson, A Juels, E Kirda Proceedings of the 29th annual computer security applications conference …, 2013 | 343 | 2013 |
| Detecting kernel-level rootkits through binary analysis C Kruegel, W Robertson, G Vigna 20th Annual Computer Security Applications Conference, 91-100, 2004 | 340 | 2004 |
| Lava: Large-scale automated vulnerability addition B Dolan-Gavitt, P Hulin, E Kirda, T Leek, A Mambretti, W Robertson, ... 2016 IEEE symposium on security and privacy (SP), 110-121, 2016 | 334 | 2016 |
| Testing network-based intrusion detection signatures using mutant exploits G Vigna, W Robertson, D Balzarotti Proceedings of the 11th ACM conference on Computer and communications …, 2004 | 269 | 2004 |
| Automating mimicry attacks using static binary analysis C Kruegel, E Kirda, D Mutz, W Robertson, G Vigna USENIX Security Symposium 14, 11-11, 2005 | 264 | 2005 |
| Using generalization and characterization techniques in the anomaly-based detection of web attacks W Robertson, G Vigna, C Kruegel, RA Kemmerer NDSS, 2006 | 230 | 2006 |
| A stateful intrusion detection system for world-wide web servers G Vigna, W Robertson, V Kher, RA Kemmerer 19th Annual Computer Security Applications Conference, 2003. Proceedings., 34-43, 2003 | 203 | 2003 |
| Triggerscope: Towards detecting logic bombs in android applications Y Fratantonio, A Bianchi, W Robertson, E Kirda, C Kruegel, G Vigna 2016 IEEE symposium on security and privacy (SP), 377-396, 2016 | 186 | 2016 |
| Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web T Lauinger, A Chaabane, S Arshad, W Robertson, C Wilson, E Kirda arXiv preprint arXiv:1811.00918, 2018 | 161 | 2018 |
| Alert verification determining the success of intrusion attempts C Kruegel, W Robertson Detection of intrusions and malware & vulnerability assessment, GI SIG SIDAR …, 2004 | 137 | 2004 |
| Tracing Information Flows Between Ad Exchanges Using Retargeted Ads. MA Bashir, S Arshad, WK Robertson, C Wilson USENIX Security Symposium 16, 481-96, 2016 | 136 | 2016 |
| Run-time Detection of Heap-based Overflows. WK Robertson, C Kruegel, D Mutz, F Valeur LISA 3, 51-60, 2003 | 130 | 2003 |
| Topology-based detection of anomalous BGP messages C Kruegel, D Mutz, W Robertson, F Valeur Recent Advances in Intrusion Detection: 6th International Symposium, RAID …, 2003 | 126 | 2003 |
