G
Gabriela F. Ciocarlie
Researcher at SRI International
Publications - 40
Citations - 585
Gabriela F. Ciocarlie is an academic researcher from SRI International. The author has contributed to research in topics: Anomaly detection & Computer science. The author has an hindex of 12, co-authored 34 publications receiving 458 citations. Previous affiliations of Gabriela F. Ciocarlie include Columbia University.
Papers
More filters
Proceedings ArticleDOI
MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation.
Yonghwi Kwon,Fei Wang,Weihang Wang,Kyu Hyung Lee,Wen-Chuan Lee,Shiqing Ma,Xiangyu Zhang,Dongyan Xu,Somesh Jha,Gabriela F. Ciocarlie,Ashish Gehani,Vinod Yegneswaran +11 more
TL;DR: A model based causality inference technique for audit logging that does not require any application instrumentation or kernel modification is developed and applied to attack investigation shows that the system-wide attack causal graphs are highly precise and concise, having better quality than the state-of-the-art.
Proceedings ArticleDOI
Detecting anomalies in cellular networks using an ensemble method
TL;DR: The results suggest that the proposed ensemble method automatically and significantly improves the detection quality over univariate and multivariate methods, while using intrinsic system knowledge to enhance performance.
Proceedings ArticleDOI
Communication Pattern Monitoring: Improving the Utility of Anomaly Detection for Industrial Control Systems
TL;DR: This work proposes a threat detection framework that aims to detect zero-day attacks by creating models of legitimate, rather than malicious ICS traffic, and shows that it can reliably model normal behavior, while reducing the false positive rate, increasing confidence in the anomaly detection alerts.
Patent
Methods, media, and systems for securing communications between a first node and a second node
Salvatore J. Stolfo,Gabriela F. Ciocarlie,Vanessa Frias-Martinez,Janak Parekh,Angelos D. Keromytis,Joseph Sherrick +5 more
TL;DR: In this article, the authors present methods, media, and systems for securing communications between a first node and a second node, in which the first node is authorized to receive traffic from the second node based on the difference between the at least one model of behavior of the second user and at least the first user's behavior.
Proceedings Article
Kernel-supported cost-effective audit logging for causality tracking
Shiqing Ma,Juan Zhai,Yonghwi Kwon,Kyu Hyung Lee,Xiangyu Zhang,Gabriela F. Ciocarlie,Ashish Gehani,Vinod Yegneswaran,Dongyan Xu,Somesh Jha +9 more
TL;DR: This work proposes an in-kernel cache-based online log-reduction system to enable high-performance audit logging that features a multi-layer caching scheme distributed in various kernel data structures, and uses the caches to detect and suppress redundant events.