• Publications
  • Influence
Clustering event logs using iterative partitioning
TLDR
This paper presents IPLoM (Iterative Partitioning Log Mining), a novel algorithm for the mining of clusters from event logs that outperforms the other algorithms statistically significantly, and is also able to achieve an average F- Measure performance 78% when the closest other algorithm achieves an F-Measure performance of 10%.
A Lightweight Algorithm for Message Type Extraction in System Application Logs
TLDR
A novel algorithm for carrying out message type extraction from event log files, IPLoM, which stands for Iterative Partitioning Log Mining, works through a 4-step process and outperforms similar algorithms statistically significantly.
Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99
TLDR
To substantiate the performance of machine learning based detectors that are trained on KDD 99 training data, the relevance of each feature is investigated and information gain is employed to determine the most discriminating features for each class.
Intrusion Detection Systems
Along with its numerous benefits, the Internet also created numerous ways to compromise the security and stability of the systems connected to it. In 2003, 137529 incidents were reported to CERT/CC ©
Machine learning based encrypted traffic classification: Identifying SSH and Skype
TLDR
Assessment of the robustness of machine learning based traffic classification for classifying encrypted traffic where SSH and Skype are taken as good representatives of encrypted traffic indicates the C4.5 based approach performs much better than other algorithms on the identification of both SSH andSkype traffic on totally different networks.
On the capability of an SOM based intrusion detection system
TLDR
An approach to network intrusion detection is investigated, based purely on a hierarchy of Self-Organizing Feature Maps, which is capable of detection (false positive) rates of 89% and is at least as good as the alternative data-mining approaches that require all 41 features.
A flow based approach for SSH traffic detection
TLDR
It is possible to detect SSH traffic with high accuracy without using features such as payload, IP addresses and source/destination ports, where this represents a particularly useful characteristic when requiring generic, scalable solutions.
Training genetic programming on half a million patterns: an example from anomaly detection
The hierarchical RSS-DSS algorithm is introduced for dynamically filtering large datasets based on the concepts of training pattern age and difficulty, while utilizing a data structure to facilitate
Packet Momentum for Identification of Anonymity Networks
TLDR
Packet Momentum is a novel approach proposed to identify multilayer-encryption anonymity networks efficiently and accurately and the obfuscations techniques they use.
...
...