Home‎ > ‎

Publications

Copyright Notice:
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

2011
  • Nathaniel Boggs, Sharath Hiremagalore, Angelos Stavrou, Salvatore J. Stolfo, "Cross-domain Collaborative Anomaly Detection: So Far Yet So Close",  Proceedings of 14th International Symposium on Recent Advances in Intrusion Detection (RAID)  September 2011.
  • Malek Ben Salem and Salvatore J. Stolfo. "A Comparison of One-Class Bag-of-Words User Behavior Modeling Techniques for Masquerade Detection", To Appear in the Journal of Security and Communications Networks, Vol. 4, March 2011, Wiley InterScience.
  • Salvatore J. Stolfo, Brian M. Bowen, and Malek Ben Salem, "Insider Threat Defense" In Encyclopedia of Cryptography and Security (2nd Ed.), Springer. (To appear 2011)
2010
  • Brian M. Bowen, Malek Ben Salem, Angelos D. Keromytis, and Salvatore J. Stolfo. "Monitoring Technologies for Mitigating Insider Threats" in Insider Threats in Cyber Security and Beyond, Springer Publishing Company, In Print, pp. 197-218.
  • Brian M. Bowen, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis, and Salvatore J. Stolfo. "BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection," To appear in Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID). September 2010, Ottawa, Canada. [PDF]
  • Ang Cui, Salvatore J. Stolfo, "A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan", In Proccedings of Annual Computer Security Applications Conference (ACSAC), 2010. (Best Paper Award)
  • Nathaniel Boggs, Sharath Hiremagalore, Angelos Stavrou, Salvatore J. Stolfo, "Experimental Results of Cross-Site Exchange of Web Content Anomaly Detector Alerts", IEEE International Conference on Technologies for Homeland Security, November 2010. [PDF]
  • Malek Ben Salem and Salvatore J. Stolfo, "Malek Ben Salem and Salvatore J. Stolfo. "Detecting Masqueraders: A Comparison of One-Class Bag-of-Words User Behavior Modeling Techniques", In Proceedings of the Second International Workshop on Managing Insider Security Threats, MIST'10, Morioka, Iwate, Japan. June 2010. (Best Paper Award). [PDF]
  • Brian M. Bowen, Vasilis Kemerlis, Pratap Prabhu, Angelos D. Keromytis, and Salvatore J. Stolfo. "Automating the Injection of Believable Decoys to Detect Snooping (Short Paper)", In Proceedings of the 3rd ACM Conference on Wireless Network Security (WiSec), pp. 81-86, March 2010, Hoboken, NJ. [PDF]
  • A. Matwyshyn, A. Cui, and A. D. Keromytis, "Ethics in Security Vulnerability Research"  IEEE Security and Privacy, Basic Training (R. Ford and D. Frincke, Eds.), Spring 2010.
2009
  • Venessa Frias-Martinez, Joseph Sherrick, Angelos D.Keromytis, Salvatore J. Stolfo, "A Network Access Control Mechanism Based on Behavior Profiles" Annual Computer Security Applications Conference, December 2009. [PDF]
  • Shari Lawrence-Pfleeger, Salvatore J Stolfo, “Addressing the Insider Threat”, IEEE Security and Privacy Magazine, December 2009. [PDF]
  • Brian M. Bowen, Malek Ben Salem, Shlomo Hershkop, Angelos D. Keromytis, and Salvatore J. Stolfo "Designing Host and Network Sensors to Mitigate the Insider Threat" IEEE Security & Privacy Magazine, Special Issue on Insider Threat, November 2009. [PDF]
  • Angelos Stavrou, Gabriela F. Cretu, Michael E. Locasto and Salvatore J. Stolfo "Keep Your Friends Close: The Necessity for Updating an Anomaly Sensor with Legitimate Environment Changes" Proceedings of ACM/CCS AISec Workshop, 2009. 
  • Yingbo Song, Michael Locasto, Angelos Stavrou, Angelos D. Keromytis and Salvatore J. Stolfo "On the Infeasibility of Modeling Polymorphic Shellcode: Re-thinking the Role of Learning in Intrusion Detection Systems" Machine Learning Journal. Special issue on adversarial learning., 2009. 
  • Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, Salvatore J. Stolfo "Baiting Inside Attackers Using Decoy Documents" Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm, 2009. [PDF]
  • Vanessa Frias-Martinez, Joseph Sherrick, Angelos Keromytis, and Salvatore J. Stolfo "A Network Access Control Mechanism Based on Behavior Profiles" Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2009. 
  • Gabriela F. Cretu-Ciocarlie, Angelos Stavrou, Michael E. Locasto and Salvatore J. Stolfo, "Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating"Proceedings of 12th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2009, Saint-Malo, Brittany, France.
  • Ang Cui, Yingbo Song, Pratap V. Prahbu and Salvatore J. Stolfo "Brave New World: Pervasive Insecurity of Embedded Network Devices" Poster in the 12th Annual International Symposium on Advances in Intrusion Detection (RAID), September 2009, Saint-Malo, Brittany, France. [PDF]
  • Yingbo Song, Angelos D. Keromytis and Salvatore J. Stolfo "Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic." In the Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS), February 2009, San Diego, CA, USA. [PDF] [Slides]
    2008
    • Vanessa Frias-Martinez, Salvatore J. Stolfo, Angelos D. Keromytis "Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors" In the Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2008. [PDF]
    • Vanessa Frias-Martinez, Salvatore J. Stolfo, Angelos D. Keromytis "Behavior-Based Network Access Control: A Proof-of-Concept" In the Proceedings of the 11th Information Security Conference (ISC), 2008. [PDF]
    • Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis, and Salvatore J. Stolfo, "Return Value Predictability for Self-Healing". In the Proceedings of the 3rd International Workshop on Security (IWSEC), November 2008, Kagawa, Japan  [PDF]
    • Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis "Casting out Demons: Sanitizing Training Data for Anomaly Sensors"In the Proceedings of the IEEE Symposium on Security & Privacy. May 2008, Oakland, CA. [PDF]
    • Germán Creamer, and S. J. Stolfo, "A link mining algorithm for earnings forecast and trading" Preliminary version appeared in International Conference on Knowledge Discovery and Data Mining (KDD 2006), 2008. [Springer]
    2007
    • Gabriela F. Cretu, Angelos Stavrou, Salvatore J. Stolfo, Angelos D. Keromytis "Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems" In the Proceedings of the Third Workshop on Hot Topics in System Dependability, June 2007, Edinburgh, UK [PDF]
    • Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, and Angelos D. Keromytis "From STEM to SEAD: Speculative Execution for Automated Defense" In the Proceedings of the USENIX Annual Technical Conference. June 2007, Santa Clara, CA. [PDF]
    • Wei-Jen Li, Salvatore J. Stolfo, Angelos Stavrou, Elli Androulaki, Angelos Keromytis "A Study of Malcode-Bearing Documents" In the Proceedings of 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, July 2007, Lucerne, Switzerland. [PDF]
    • Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis and Salvatore J. Stolfo "On the Infeasibility of Modeling Polymorphic Shellcode"" In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS). October 2007, Alexandria, Virginia, USA.  [PDF]
    • Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo "Extended Abstract: Online Training and Sanitization of AD Systems" NIPS Workshop on Machine Learning in Adversarial Environments for Computer Security, December 2007, Vancouver, B.C., Canada  [PDF]

    2006
    • Ke Wang, Janak J. Parekh, Salvatore J. Stolfo "Anagram: A Content Anomaly Detector Resistant To Mimicry Attack" In Proceedings of the Nineth International Symposium on Recent Advances in Intrusion Detection(RAID 2006) [PDF]
    • Janak J. Parekh, Ke Wang, Salvatore J. Stolfo " Privacy-Preserving Payload-Based Correlation for Accurate Malicious Traffic Detection " In SIGCOMM Workshop on Large Scale Attack Defence 2006  [PDF]
    • Salvatore J. Stolfo, Shlomo Hershkop, Chia-Wei Hu, Wei-Jen Li, Olivier Nimeskern, Ke Wang "Behavior-based Modeling and its Application to Email Analysis" ACM Transactions on Internet Technology (TOIT) , Feb 2006.  [PDF]
    • Gabriela F. Cretu, Janak J. Parekh, Ke Wang, Salvatore J. Stolfo "Intrusion and Anomaly Detection Model Exchange for Mobile Ad-Hoc Networks" In Proceddings of IEEE Consumer Communications and Networking Conference. Jan 2006 [PDF]
    2005
    • Salvatore J. Stolfo, Frank Apap, Eleazar Eskin, Katherine Heller, Shlomo Hershkop, Andrew Honig, and Krysta Svore. "A comparative Evaluation of Two Algorithms for Windows Registry Anomaly Detection". Journal of Computer Security, Vol 13, No. 4, 2005 [PDF]
    • Salvatore J. Stolfo, L. Bui, Shlomo. Hershkop,"Unsupervised Anomaly Detection in Computer Security and an Application to File System Access", Proc. ISMIS, 2005 [PDF]
    • Ke Wang, Gabriela Cretu, Salvatore J. Stolfo "Anomalous Payload-based Worm Detection and Signature Generation" Proceedings of the Eighth International Symposium on Recent Advances in Intrusion Detection(RAID 2005) [PDF]
    • Wei-Jen Li, Ke Wang, Salvatore J. Stolfo, "Fileprints: Identifying File Types by n-gram Analysis." 2005 IEEE Information Assurance Workshop  [PDF]
    • M. Locasto, J. Parekh, A. Keromytis, S. Stolfo. "Towards Collaborative Security and P2P Intrusion Detection." In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, June 2005 [PDF]
    • Michael Locasto, Ke Wang, Angelos Keromytis, Sal Stolfo. "FLIPS: Hybrid Adaptive Intrusion Prevention", Recent Advance in Intrusion Detection (RAID), Sept. 2005. [PDF]
    • “Privacy preserving sequential pattern mining in distributed databases”, V. Kapoor, P. Poncelet, M. Teisseire, F. Trousset, ACM Fifteenth Conference on Information and Knowledge Management, 2006 and Bases des Données Avancées, 2006. [PDF]
    •  “Utilizing Network Features for Privacy Violation Detection”, S.K. Gupta,V. Kapoor, J. Bhattacharya, R. Dass , First International Conference on Communication Systems Software and Middleware (COMSWARE), 2006 [PDF]
    2004
    • Wei-Jen Li, Shlomo Hershkop, Salvatore J. Stolfo, "Email Archive Analysis Through Graphical Visualization." ACM CCS VizSEC/DMSEC'04  [PDF]
    • Michael E. Locasto, Janak J. Parekh, Salvatore J. Stolfo, Angelos D. Keromytis, Tal Malkin, Vishal Misra. "Collaborative Distributive Intrusion Detection". CU Tech Report CUCS-012-04, 2004.  [PDF]
    • Steve Ulfelder. "Spam-busters". Network World March 22, 2004  [HTML, DOC]
    • Salvatore J. Stolfo, Frank Apap, Eleazar Eskin, Katherine Heller, Shlomo Hershkop, Andrew Honig, and Krysta Svore. "A comparative Evaluation of Two Algorithms for Windows Registry Anomaly Detection". CU Tech Report Feb. 23, 2004.  [PDF]
    • Ke Wang, Salvatore J. Stolfo. "Anomalous Payload-based Network Intrusion Detection". RAID, Sept., 2004.  [PDF]
    • Shlomo Hershkop, Ryan Ferster, Linh H. Bui, Ke Wang and Salvatore J. Stolfo. "Host-based Anomaly Detection Using Wrapping File Systems". CU Tech Report April 2004.  [PDF]
    2003
    • Eric Roston. "The Code Warriors". Time Magazine Nov. 10, 2003 Vol. 162, Iss. 19; pg. S2.  [HTML, DOC]
    • Salvatore J. Stolfo, Wei-Jen Li, Shlomo Hershkop, Ke Wang, Chia-Wei Hu, Olivier Nimeskern. "Detecting Viral Propagations Using Email Behavior Profiles". CU Tech Report 2003.  [PDF]
    • Salvatore J. Stolfo,Shlomo Hershkop, Ke Wang, Olivier Nimeskern and Chia-Wei Hu. "A Behavior-based Approach to Securing Email Systems". "Mathematical Methods, Models and Architectures for Computer Networks Security", Proceedings published by Springer Verlag, Sept. 2003.  [PDF]
    • Salvatore J. Stolfo, Chia-Wei Hu, Wei-Jen Li, Shlomo Hershkop, Ke Wang, and Olivier Nimeskern. "Combining Behavior Models to Secure Email Systems". CU Tech Report April 2003.  [PDF]
    • Ke Wang, Salvatore J. Stolfo. "One Class Training for Masquerade Detection ". 3rd IEEE Conf Data Mining Workshop on Data Mining for Computer Security, Florida, Nov. 19, 2003  [PDF]
    • Katherine A Heller, Krysta M Svore, Angelos D. Keromytis, and Salvatore J. Stolfo. "One Class Support Vector Machines for Detecting Anomalous Window Registry Accesses". 3rd IEEE Conference Data Mining Workshop on Data Mining for Computer Security, Florida, November 19, 2003.  [PDF]
    • Salvatore J. Stolfo, Shlomo Hershkop, Ke Wang, Olivier Nimeskern, and Chia-Wei Hu. ``Behavior Profiling of Email" 1st NSF/NIJ Symposium on Intelligence & Security Informatics(ISI 2003). June 2-3,2003,Tucson,Arizona,USA. [full paper, PDF]
    • Salvatore J. Stolfo, Eric Johnson, Tomislav Pavlicic, and Stephen Jan. ``Citizen's Attitudes about Privacy While Accessing Government Websites: Results of an Online Study" [PDF]
    • Seth Robertson, Eric V. Siegel, Matt Miller, and Salvatore J. Stolfo. ``Surveillance Detection in High Bandwidth Environments.'' In Proceedings of the 2003 DARPA DISCEX III Conference. April, 2003.  [PDF]
    2002
    • Manasi Bhattacharyya, Shlomo Hershkop, Eleazar Eskin, and Salvatore J. Stolfo. ``MET: An Experimental System for Malicious Email Tracking.'' In Proceedings of the 2002 New Security Paradigms Workshop (NSPW-2002). Virginia Beach, VA: September 23rd - 26th, 2002.  [full paper, PDF]
    • Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin, Salvatore J. Stolfo. ``Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses.'' In Proceedings of the Fifth International Symposium on Recent Advances in Intrusion Detection (RAID-2002). Zurich, Switzerland: October 16-18, 2002.  [full paper, PDF]
    • Suhail Mohiuddin, Shlomo Hershkop, Rahul Bhan, Salvatore J. Stolfo. ``Defending against a large Scale Denial of Service Attack'' In Proceedings of the 3rd Annual IEEE Information Assurance Workshop . United States Military Academy West Point, New York: June 17-19, 2002.  [full paper, PDF]
    • Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy and Salvatore Stolfo. ``A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data.'' Data Mining for Security Applications. Kluwer 2002. [full paper, PDF]
    • Andrew Honig, Andrew Howard, Eleazar Eskin, and Salvatore Stolfo. ``Adaptive Model Generation: An Architecture for the Deployment of Data Mining-based Intrusion Detection Systems.'' Data Mining for Security Applications. Kluwer 2002.  [full paper, PDF]
    2001
    • Salvatore J. Stolfo, Wenke Lee, Philip K. Chan, Wei Fan, Eleazar Eskin. "Data mining-based intrusion detectors: an overview of the columbia IDS project". ACM Portal, 2001  [HTML, PDF]
    • Adhitya Chittur. ``Model Generation for an Intrusion Detection System Using Genetic Algorithms.'' High School Honors Thesis.  [full paper, PDF]
    • Leonid Portnoy, Eleazar Eskin and Salvatore J. Stolfo. ``Intrusion detection with unlabeled data using clustering'' Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001). Philadelphia, PA: November 5-8, 2001.  [full paper, PDF]
    • Eleazar Eskin, Wenke Lee and Salvatore J. Stolfo. ``Modeling System Calls for Intrusion Detection with Dynamic Window Sizes.'' Proceedings of DISCEX II. June 2001.  [full paper, PDF]
    • Wenke Lee, Salvatore J. Stolfo, Philip K. Chan, Eleazar Eskin, Wei Fan, Matthew Miller, Shlomo Hershkop and Junxin Zhang. ``Real Time Data Mining-based Intrusion Detection.'' Proceedings of DISCEX II. June 2001.  [full paper, PDF]
    • Matthew G. Schultz, Eleazar Eskin, and Salvatore J. Stolfo. ``Malicious Email Filter - A UNIX Mail Filter that Detects Malicious Windows Executables.'' Proceedings of USENIX Annual Technical Conference - FREENIX Track. Boston, MA: June 2001. (Best Student Paper Award)  [full paper, PDF]
    • Matthew G. Schultz, Eleazar Eskin, Erez Zadok, and Salvatore J. Stolfo. ``Data Mining Methods for Detection of New Malicious Executables'' Proceedings of IEEE Symposium on Security and Privacy. Oakland, CA: May 2001.  [full paper, PDF]
    2000
    • Leonid Portnoy. ``Intrusion Detection with Unlabeled Data using Clustering'' Undergraduate Thesis. Columbia University: December, 2000.  [full paper, PDF]
    • Eleazar Eskin, Matthew Miller, Zhi-Da Zhong, George Yi, Wei-Ang Lee, Sal Stolfo. ``Adaptive Model Generation for Intrusion Detection Systems'' Workshop on Intrusion Detection and Prevention, 7th ACM Conference on Computer Security, Athens, GR: November, 2000.  [full paper]
    • Wenke Lee, Wei Fan, Matthew Miller, Sal Stolfo, and Erez Zadok. ``Toward Cost-Sensitive Modeling for Intrusion Detection and Response'' Workshop on Intrusion Detection and Prevention, 7th ACM Conference on Computer Security, Athens, GR: November, 2000.  [full paper]
    • Eskin, Eleazar. ``Anomaly Detection over Noisy Data using Learned Probability Distributions'' ICML00, Palo Alto, CA: July, 2000.  [abstract, full paper]
    • Wei Fan, Wenke Lee, Sal Stolfo, and Matthew Miller. ``A Multiple Model Cost-Sensitive Approach for Intrusion Detection'' Eleventh European Conference on Machine Learning (ECML '00) 2000.  [full paper]
    • Sal Stolfo, Wei Fan, Wenke Lee, Andreas Prodromidis, and Phil Chan. ``Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project'' In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX '00), 2000  [full paper]
    • Wenke Lee, Matthew Miller, Sal Stolfo, Kahil Jallad, Christoper Park, Erez Zadok, and Vijay Prabhakar. ``Toward Cost-Sensitive Modeling for Intrusion Detection'' Columbia University Computer Science Technical Report CUCS-002-00.  [full paper]
    Older publications
    • Matthew Miller. ``Learning Cost-Sensitive Classification Rules for Network Intrusion Detection using RIPPER'' Columbia University Computer Science Technical Report CUCS-035-1999.  [full paper]
    • Wenke Lee, Sal Stolfo, and Kui Mok. ``Mining in a Data-flow Environment: Experience in Network Intrusion Detection'' In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD '99), San Diego, CA, August, 1999  [full paper]
    • Wenke Lee, Sal Stolfo, and Kui Mok. ``A Data Mining Framework for Building Intrusion Detection Models'' In Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA, May 1999  [full paper]
    • Wenke Lee, Chris Park, and Sal Stolfo. ``Towards Automatic Intrusion Detection using NFR'' In Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, April 1999  [full paper]
    • Wenke Lee, Sal Stolfo, and Kui Mok. ``Mining Audit Data to Build Intrusion Detection Models'' In Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (KDD '98), New York, NY, August 1998  [full paper]
    • Wenke Lee and Sal Stolfo. ``Data Mining Approaches for Intrusion Detection'' In Proceedings of the Seventh USENIX Security Symposium (SECURITY '98), San Antonio, TX, January 1998  [full paper]
    • Wenke Lee, Sal Stolfo, and Phil Chan. ``Learning Patterns from Unix Process Execution Traces for Intrusion Detection'' AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, July 1997  [full paper]
    Subpages (1): Documents
    Ċ
    10-13.pdf
    (4835k)
    Ang Cui,
    Jan 7, 2010, 1:03 PM
    v.1
    Ċ
    RouterScan-RAID09-Poster.pdf
    (151k)
    Ang Cui,
    Oct 13, 2009, 9:23 AM
    v.1
    Ċ
    acsac09.pdf
    (194k)
    Ang Cui,
    Jan 21, 2010, 9:13 AM
    v.1
    Comments