An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

News | Feb. 14, 2024

NSA Awards Authors of Study of Automated Attacks on New Webservers

The National Security Agency (NSA) Research Directorate recently selected “Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots,” as the winner of its 11th Annual Best Scientific Cybersecurity Paper Competition.

The winning paper, authored by Stony Brook University researchers Brian Kondracki, Johnny So, and professor Nick Nikiforakis, examined a study of automated attacks on new webservers, and explored how a web browser can trust an organization’s publicly issued cryptographic credentials. At the heart of their investigation was a simple question: What happens when you setup a new encrypted website?

“This paper was selected as the winner because the researchers performed high-level, clearly written, and impactful science,” said NSA’s Director of Research, Gil Herrera. "It is the cutting-edge and relatable research that has made the paper stand out as the winner of this year's competition."

NSA’s Laboratory for Advanced Cybersecurity Research established the annual Best Cybersecurity Paper Competition in 2013 to encourage the development of scientific foundations in cybersecurity, and to support the enhancement of cybersecurity within devices, computers, and systems through rigorous research, solid scientific methodology, documentation, and publishing. Herrera, along with NSA cybersecurity experts and external authorities in the field, selected the winning paper from 30 studies nominated by the public on the Science of Security website.

The winning researchers studied autonomous systems which probe newly instantiated encrypted websites. They identified 105 malicious security bots attempting to perform nefarious actions such as data exfiltration, reconnaissance, and vulnerability exploitation. They also identified security systems examining sites to identify new phishing attacks. These profiles provide new insights into these autonomous actions happening on the Internet. This data can be used by both system administrators and developers to protect systems from compromise.

The research team collected this data by creating the Certificate Transparency Honeypot (CTPOT), a system that obtains new certificates and monitors web bots for potential targets. CTPOT allows researchers to trick web bots, isolate them, and identify if they are malicious.

“Beyond the technical merit of this paper, this paper is noteworthy because the high quality of documentation allows for others to verify and build upon this research advancement,” said Adam Tagert, Technical Director of NSA’s Science of Security Initiative. “Clear and available documentation are key components for advancing science, a primary goal of the NSA Science of Security Program”

Nominations are now open for the 12th annual Best Scientific Cybersecurity Paper Competition. NSA welcomes nominations of papers published in 2023 in peer-reviewed journals and technical conferences that show an outstanding contribution to cybersecurity science. Winners will be announced at the end of 2024.

Visit the Best Scientific Cybersecurity Paper webpage for more information on the competition and to nominate a paper.