Ken Chiang

Learn More
Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations mitigate the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting(More)
Steganography can be used to hide information in audio media both for the purposes of digital watermarking and establishing covert communication channels. Digital audio provides a suitable cover for high-throughput steganography as a result of its transient and unpredictable characteristics. Distortion measure plays an important role in audio(More)
Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations avoid the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting(More)
We present the forensic analysis repository for malware (FARM), a system for automating malware analysis. FARM leverages existing dynamic and static analysis tools and is designed in a modular fashion to provide future extensibility. We present our motivations for designing the system and give an overview of the system architecture. We also present several(More)
Malware, or malicious software, is capable of performing any action or command that can be expressed in code and is typically used for illicit activities, such as e-mail spamming, corporate espionage, and identity theft. Most organizations rely on anti-virus software to identifymalware, which typically utilize signatures that can only identify(More)
Anomaly detection is a crucial part of computer-security. This paper presents various host based anomaly detection techniques. One technique uses clustering with markov network (CMN). In CMN we first cluster the benign training data and then from each cluster we build a separate markov network to model the benign behavior. During testing, each Markov(More)
  • 1