Intrusion Detection and Network Monitoring

• Network Worms and Scanning

  • D. Whyte, P.C. van Oorschot, E. Kranakis. Tracking Darkports for Network Defense. 23rd Annual Computer Security Applications Conference (ACSAC'07), Dec. 2007, Miami Beach, FL, USA.
  • D. Whyte, P.C. van Oorschot, E. Kranakis. Addressing SMTP-based Mass-Mailing Activity Within an Enterprise Network. 22nd Annual Computer Security Applications Conference (2006 ACSAC), Dec. 11-15, 2006, Miami Beach, FL, USA.
  • D. Whyte, P.C. van Oorschot, E. Kranakis. Exposure Maps: Removing Reliance on Attribution During Scan Detection. USENIX HotSec'06 (1st Workshop on Hot Topics in Security), July 31 2006, Vancouver, Canada.
  • D. Whyte, P.C. van Oorschot, E. Kranakis. Detecting Intra-Enterprise Scanning Worms Based on Address Resolution. Annual Computer Security Applications Conference (ACSAC'05), Dec. 2005, Tucson, AZ, USA.
  • M. Mannan, P. C. van Oorschot. On Instant Messaging Worms, Analysis and Countermeasures. ACM Workshop on Rapid Malcode (WORM'05), Nov. 2005, Fairfax, VA, USA.
  • D. Whyte, E. Kranakis, P.C. van Oorschot. DNS-based Detection of Scanning Worms in an Enterprise Network. Network and Distributed System Security Symposium (NDSS'05), Feb. 2005, San Diego, CA, USA.

• Intrusion Detection

  • K.L. Ingham, A. Somayaji. A Methodology for Designing Accurate Anomaly Detection Systems. IFIP/ACM Latin American Networking Conference (LANC'07), Oct. 2007, San Jose, Costa Rica.
  • K. Ingham, H. Inoue. Comparing Anomaly Detection Techniques for HTTP. International Symposium on Recent Advances in Intrusion Detection (RAID'07), Sep. 2007, Gold Coast, Queensland, Australia.
  • H. Inoue, A. Somayaji. Lookahead Pairs and Full Sequences: A Tale of Two Anomaly Detection Methods. 2nd Annual Symposium on Information Assurance, June, 2007, Albany, NY, USA.
  • P. C. van Oorschot, J.M. Robert, M. Vargas Martin. A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms. International Journal of Information Security, Vol. 9, No. 1, Feb. 2006.
  • Y. Li, A. Somayaji. Securing Email Archives through User Modeling. Annual Computer Security Applications Conference (ACSAC'05), Dec. 2005, Tucson, AZ, USA.

• Network Awareness, Traffic Classification and Visualization

  • D. Barrera and P.C. van Oorschot. Security Visualization Tools and IPv6 Addresses. Short paper. VizSec 2009: Workshop on Visualization for Cyber Security, Atlantic City, New Jersey, Oct. 2009.
  • M. Alsaleh, D. Barrera, P.C. van Oorschot. Improving Security Visualization with Exposure Map Filtering. 24th Annual Computer Security Applications Conference (ACSAC'08). Dec. 2008, Anaheim, CA, USA. Technical Report (June 2008): TR-08-13.
  • A. Hijazi, H. Inoue, A. Matrawy, P.C. van Oorschot, A. Somayaji. Discovering Packet Structure through Lightweight Hierarchical Clustering. IEEE International Conference on Communications (ICC'08), May, 2008, Beijing, China.
  • H. Inoue, D. Jansens, A. Hijazi, A. Somayaji. NetADHICT: A Tool for Understanding Network Traffic. Large Installation System Administration Conference (LISA'07), Nov. 2007, Dallas, TX, USA.
  • Abdulrahman Hijazi, Hajime Inoue, Ashraf Matrawy, P.C. van Oorschot, Anil Somayaji. Towards Understanding Network Traffic Through Whole Packet Analysis. Technical Report TR-07-06 (February 26, 2007), School of Computer Science, Carleton University.
  • E. Hughes, A. Somayaji. Towards Network Awareness. Large Installation System Administration Conference (LISA'05). Dec. 2005, San Diego, CA, USA.
  • A. Matrawy, P. C. van Oorschot, A. Somayaji. Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management. Applied Cryptography and Network Security (ACNS'05). June 2005, New York, NY, USA.