Gabriela F. Ciocarlie

TL;DR: A model based causality inference technique for audit logging that does not require any application instrumentation or kernel modification is developed and applied to attack investigation shows that the system-wide attack causal graphs are highly precise and concise, having better quality than the state-of-the-art.

TL;DR: The results suggest that the proposed ensemble method automatically and significantly improves the detection quality over univariate and multivariate methods, while using intrinsic system knowledge to enhance performance.

TL;DR: This work proposes a threat detection framework that aims to detect zero-day attacks by creating models of legitimate, rather than malicious ICS traffic, and shows that it can reliably model normal behavior, while reducing the false positive rate, increasing confidence in the anomaly detection alerts.

TL;DR: In this article, the authors present methods, media, and systems for securing communications between a first node and a second node, in which the first node is authorized to receive traffic from the second node based on the difference between the at least one model of behavior of the second user and at least the first user's behavior.

TL;DR: This work proposes an in-kernel cache-based online log-reduction system to enable high-performance audit logging that features a multi-layer caching scheme distributed in various kernel data structures, and uses the caches to detect and suppress redundant events.