• Publications
  • Influence
A detailed analysis of the KDD CUP 99 data set
A new data set is proposed, NSL-KDD, which consists of selected records of the complete KDD data set and does not suffer from any of mentioned shortcomings.
Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization
A reliable dataset is produced that contains benign and seven common attack network flows, which meets real world criteria and is publicly avaliable and evaluates the performance of a comprehensive set of network traffic features and machine learning algorithms to indicate the best set of features for detecting the certain attack categories.
Toward developing a systematic approach to generate benchmark datasets for intrusion detection
The intent for this dataset is to assist various researchers in acquiring datasets of this kind for testing, evaluation, and comparison purposes, through sharing the generated datasets and profiles.
Weighted PageRank algorithm
  • W. Xing, A. Ghorbani
  • Computer Science
    Proceedings. Second Annual Conference on…
  • 19 May 2004
The weighted PageRank algorithms (WPR), an extension to the standard PageRank algorithm, is introduced, which takes into account the importance of both the inlinks and the outlinks of the pages and distributes rank scores based on the popularity of thepages.
Characterization of Encrypted and VPN Traffic using Time-related Features
This paper studies the effectiveness of flow-based time-related features to detect VPN traffic and to characterize encrypted traffic into different categories, according to the type of traffic e.g., browsing, streaming, etc.
Characterization of Tor Traffic using Time based Features
A time analysis on Tor traffic flows is presented, captured between the client and the entry node, to detect the application type: Browsing, Chat, Streaming, Mail, Voip, P2P or File Transfer.
Detecting P2P botnets through network behavior analysis and machine learning
This paper proposes a new approach for characterizing and detecting botnets using network traffic behaviors, and focuses on detecting P2P bots, which represent the newest and most challenging types of botnets currently available.
Botnet detection based on traffic behavior analysis and flow intervals
This paper shows experimentally that it is possible to identify the presence of existing and unknown botnets activity with high accuracy even with very small time windows by classifying behavior based on time intervals.
Alert Correlation for Extracting Attack Strategies
This paper focuses on developing a new alert correlation technique that can help to automatically extract attack strategies from a large volume of intrusion alerts, without specific prior knowledge about these alerts.
A Survey of Visualization Systems for Network Security
A comprehensive review of network security visualization is offered and a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area is provided.