The ZMap Project

More than five hundred academic papers have used ZMap measurement tools for data collection. Below, we show a sample of the types of research that ZMap has enabled.

Understanding the Mirai Botnet
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran,
Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever,
Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou
26th USENIX Security Symposium (SEC'17), August 2017
Global Measurement of DNS Manipulation
Paul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Weaver, Nick Feamster, Vern Paxson
26th USENIX Security Symposium (SEC'17), August 2017
Augur: Internet-Wide Detection of Connectivity Disruptions
Paul Pearce, Roya Ensafi, Frank Li, Nick Feamster, Vern Paxson
38th IEEE Symposium on Security and Privacy (Oakland'17), May 2017
To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild
Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharmdasani,
Haikuo Yiny, Stevens Le Blond, Damon McCoy, Kirill Levchenko
38th IEEE Symposium on Security and Privacy (Oakland'17), May 2017
An Internet-Wide View of ICS Devices
Ariana Mirian, Zane Ma, David Adrian, Matthew Tischer, Thasphon Chuenchujit, Tim Yardley,
Robin Berthier, Josh Mason, Zakir Durumeric, J. Alex Halderman and Michael Bailey
IEEE Conference on Privacy, Security and Trust (PST'16), December 2016
DROWN: Breaking TLS using SSLv2
Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube,
Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,
Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt
25th USENIX Security Symposium (SEC'16), August 2016
You've Got Vulnerability: Exploring Effective Vulnerability Notifications
Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey,
Damon McCoy, Stefan Savage, and Vern Paxson
25th USENIX Security Symposium (SEC'16), August 2016
FTP: The Forgotten Cloud
Drew Springall, Zakir Durumeric, and J. Alex Halderman
EEE/IFIP Conference on Dependable Systems and Networks (DSN'16), June 2016
Do You See What I See? Differential Treatment of Anonymous Users
Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan,
Vern Paxson, Steven J. Murdoch, and Damon McCoy
23rd Network and Distributed System Security Symposium (NDSS'16), February 2016
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti,
Nicholas Lidzborski, Elie Bursztein, Michael Bailey, and J. Alex Halderman
ACM Internet Measurement Conference (IMC'15), October 2015
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green,
J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta,
Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
ACM Computer and Communications Security (CCS'15), October 2015
A Messy State of the Union: Taming the Composite State Machines of TLS
Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud,
Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue
IEEE Symposium on Security and Privacy(Oakland'15), 2015
The Matter of Heartbleed
Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer,
Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman
14th Internet Measurement Conference (IMC'14), October 2014
When Governments Hack Opponents: A Look at Actors and Technology
William Marczak, John Scott-Railton, Morgan Marquis-Boire, Vern Paxson
23rd USENIX Security Symposium (SEC'14), August 2014
An Internet-Wide View of Internet-Wide Scanning
Zakir Durumeric, Michael Bailey, and J. Alex Halderman
23rd USENIX Security Symposium (SEC'14), August 2014
TapDance: End-to-Middle Anticensorship without Flow Blocking
Eric Wustrow, Colleen M. Swanson, and J. Alex Halderman
23rd USENIX Security Symposium (SEC'14), August 2014
Zippier ZMap: Internet-Wide Scanning at 10 Gbps
David Adrian, Zakir Durumeric, Gulshan Singh, J. Alex Halderman
8th USENIX Workshop on Offensive Technologies (WOOT'14), AUgust 2014
On the Mismanagement and Maliciousness of Networks
Jing Zhang, Zakir Durumeric, Michael Bailey, Manish Karir, and Mingyan Liu
Network and Distributed System Security Symposium (NDSS), February 2014
Analysis of the HTTPS Certificate Ecosystem
Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman
Internet Measurement Conference (IMC '13), Barcelona, Spain, October 2013
On the Practical Exploitability of Dual EC in TLS Implementations
Stephen Checkoway, Matt Fredrikson, Ruben Niederhagen, Matt Green, Tanja Lange,
Tom Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, and Hovav Shacham
Illuminating the Security Issues Surrounding Lights-Out Server Management
Anthony Bonkoski, Russ Bielawski, and J. Alex Halderman
7th USENIX Workshop on Offensive Technologies (WOOT'13), August 2013
CAge: Taming Certificate Authorities by Inferring Restricted Scopes
James Kasten, Eric Wustrow, and J. Alex Halderman
17th Conference on Financial Cryptography and Data Security (FC'13), April 2013
Elliptic Curve Cryptography in Practice
Joppe W Bos, J Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig, Eric Wustrow
18th Conference Financial Cryptography and Data Security (FC'14), March 2014
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
21st USENIX Security Symposium (SEC'12), August 2012
Internet Heartbleed Bug Health Report
Zakir Durumeric, David Adrian, Michael Bailey, and J. Alex Halderman
Hacking Team and the Targeting of Ethiopian Journalists
Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John Scott-Railton
Hunting Botnets with ZMap
Ricky Lawshae, HP Security Research

Research