Share This Author
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
The main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively.
Enhancing byte-level network intrusion detection signatures with context
This work greatly enhance the signature's expressiveness and hence the ability to reduce false positives, and converts the comprehensive signature set of the popular freeware NIDS snort into bro's language.
Exploiting innocuous activity for correlating users across sites
- Oana Goga, Howard Lei, S. Parthasarathi, G. Friedland, Robin Sommer, Renata Teixeira
- Computer ScienceWWW
- 13 May 2013
The results have significant privacy implications as they present a novel class of attacks that exploit users' tendency to assume that, if they maintain different personas with different names, the accounts cannot be linked together; whereas it is shown that the posts themselves can provide enough information to correlate the accounts.
Through the eye of the PLC: semantic security monitoring for industrial processes
It is shown that the proposed approach can detect direct attacks on process control, and its potential to identify more sophisticated indirect attacks on field device measurements as well is explored.
On the Reliability of Profile Matching Across Large Online Social Networks
The extent to which the accuracy in practice is significantly lower than the one reported in prior literature is studied, by exploiting public attributes, i.e., information users publicly provide about themselves.
binpac: a yacc for writing application protocol parsers
Binpac is presented, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols and can then be used to express application-level analysis of network traffic in high-level terms that are both concise and expressive.
Cybercasing the Joint: On the Privacy Implications of Geo-Tagging
It is argued that the security and privacy community needs to shape the further development of geo-location technology for better protecting users from the consequences of using geo-tagged information to mount real-world attacks.
Here's my cert, so trust me, maybe?: understanding TLS errors on the web
This work identifies low-risk scenarios that consume a large chunk of the user attention budget and makes concrete recommendations to browser vendors that will help maintain user attention in high-risk situations.
Enriching network security analysis with time travel
- Gregor Maier, Robin Sommer, H. Dreger, A. Feldmann, V. Paxson, F. Schneider
- Computer ScienceSIGCOMM '08
- 17 August 2008
A Time Machine for network traffic that leverages the heavy-tailed nature of network flows to capture nearly all of the likely-interesting traffic while storing only a small fraction of the total volume is presented.
Predicting the resource consumption of network intrusion detection systems
This work sets out to assist network intrusion detection systems by understanding and predicting the CPU and memory consumption of such systems, and to assist operators with tuning trade-offs between detection accuracy versus resource requirements.