K
Ke Wang
Researcher at Columbia University
Publications - 33
Citations - 3617
Ke Wang is an academic researcher from Columbia University. The author has contributed to research in topics: Intrusion detection system & Anomaly detection. The author has an hindex of 21, co-authored 31 publications receiving 3558 citations. Previous affiliations of Ke Wang include Cornell University.
Papers
More filters
Book ChapterDOI
Anomalous Payload-Based Network Intrusion Detection
Ke Wang,Salvatore J. Stolfo +1 more
TL;DR: A payload-based anomaly detector, called PAYL, for intrusion detection that demonstrates the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset the authors collected on the Columbia CS department network.
Book ChapterDOI
Anagram: a content anomaly detector resistant to mimicry attack
TL;DR: Anagram is presented, a content anomaly detector that models a mixture of high-order n-grams (n > 1) designed to detect anomalous and “suspicious” network packet payloads and is demonstrated that Anagram can identify anomalous traffic with high accuracy and low false positive rates.
Proceedings ArticleDOI
Fileprints: identifying file types by n-gram analysis
TL;DR: A method to analyze files to categorize their type using efficient 1-gram analysis of their binary contents using a compact representation the authors call a fileprint, effectively a simple means of representing all members of the same file type by a set of statistical1-gram models.
Journal Article
Anomalous payload-based worm detection and signature generation
TL;DR: In this article, the PAYL anomalous payload detection sensor is demonstrated to accurately detect and generate signatures for zero-day worms and a collaborative privacy-preserving security strategy is proposed to increase accuracy and mitigate against false positives.
Patent
Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
Salvatore J. Stolfo,Ke Wang +1 more
TL;DR: In this paper, a statistical distribution is generated for data contained in each payload received within the network, and compared to a selected model distribution representative of normal payloads transmitted through the network.