| Toward automated dynamic malware analysis using CWSandbox C Willems, T Holz, F Freiling IEEE Security & Privacy 5 (2), 32-39, 2007 | 893 | 2007 |
| Learning and classification of malware behavior K Rieck, T Holz, C Willems, P Düssel, P Laskov Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA …, 2008 | 610 | 2008 |
| Automatic Analysis of Malware Behavior Using Machine Learning K Rieck, P Trinius, C Willems, T Holz Journal of Computer Security 19 (4), 639-668, 2009 | 587 | 2009 |
| Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm Worm T Holz, M Steiner, F Dahl, E Biersack, F Freiling 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008 | 519 | 2008 |
| Virtual Honeypots: From Botnet Tracking to Intrusion Detection N Provos, T Holz Addison-Wesley Professional, 2007 | 496 | 2007 |
| Measuring and detecting fast-flux service networks T Holz, C Gorecki, K Rieck, FC Freiling 15th Network and Distributed System Security Symposium (NDSS), 2008 | 479* | 2008 |
| Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation J Goebel, T Holz 1st Workshop on Hot Topics in Understanding Botnets (HotBots), 2007 | 479 | 2007 |
| The Nepenthes platform: An efficient approach to collect malware P Baecher, M Koetter, T Holz, M Dornseif, F Freiling Recent Advances in Intrusion Detection (RAID), 165-184, 2006 | 449 | 2006 |
| Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks F Freiling, T Holz, G Wicherski European Symposium on Research in Computer Security (ESORICS), 319-335, 2005 | 407 | 2005 |
| A practical attack to de-anonymize social network users G Wondracek, T Holz, E Kirda, C Kruegel 2010 IEEE Symposium on Security and Privacy (Oakland), 223-238, 2010 | 396 | 2010 |
| Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms R Hund, T Holz, FC Freiling 18th USENIX Security Symposium, 383-398, 2009 | 306 | 2009 |
| Practical timing side channel attacks against kernel space ASLR R Hund, C Willems, T Holz 2013 IEEE Symposium on Security and Privacy, 191-205, 2013 | 302 | 2013 |
| Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications F Schuster, T Tendyck, C Liebchen, L Davi, AR Sadeghi, T Holz 2015 IEEE Symposium on Security and Privacy, 745-762, 2015 | 285 | 2015 |
| Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices M Becher, FC Freiling, J Hoffmann, T Holz, S Uellenbeck, C Wolf 2011 IEEE Symposium on Security and Privacy (Oakland), 96-111, 2011 | 262 | 2011 |
| Learning more about the underground economy: A case-study of keyloggers and dropzones T Holz, M Engelberth, F Freiling European Symposium on Research in Computer Security (ESORICS), 1-18, 2009 | 253 | 2009 |
| Know your enemy: Tracking botnets P Bacher, T Holz, M Kotter, G Wicherski The Honeynet Project & Research Alliance, 2005 | 250 | 2005 |
| Automatically generating models for botnet detection P Wurzinger, L Bilge, T Holz, J Goebel, C Kruegel, E Kirda European Symposium on Research in Computer Security (ESORICS), 232-249, 2009 | 224 | 2009 |
| As the net churns: Fast-flux botnet observations J Nazario, T Holz 3rd International Conference on Malicious and Unwanted Software (Malware), 24-31, 2008 | 223 | 2008 |
| Detecting honeypots and other suspicious environments T Holz, F Raynal Information Assurance Workshop (IAW), 29-36, 2005 | 195 | 2005 |
| Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns S Uellenbeck, M Dürmuth, C Wolf, T Holz Proceedings of the 2013 ACM Conference on Computer & Communications Security …, 2013 | 188 | 2013 |
