Search For:

Displaying 1-35 out of 35 total
A Lightweight Algorithm for Message Type Extraction in System Application Logs
Found in: IEEE Transactions on Knowledge and Data Engineering
By Adetokunbo Makanju,A. Nur Zincir-Heywood,Evangelos E. Milios
Issue Date:November 2012
pp. 1921-1936
Message type or message cluster extraction is an important task in the analysis of system logs in computer networks. Defining these message types automatically facilitates the automatic analysis of system logs. When the message types that exist in a log fi...
 
Performance Comparison of Four Rule Sets: An Example for Encrypted Traffic Classification
Found in: Privacy, Security, Trust and the Management of e-Business, World Congress on
By Riyad Alshammari, A. Nur Zincir-Heywood, Abdel Aziz Farrag
Issue Date:August 2009
pp. 21-28
The objective of this work is the classification of encrypted traffic where SSH is taken as an example application. To this end, four learning algorithms AdaBoost, RIPPER, C4.5 and Rough Set are evaluated using flow based features to extract the minimum fe...
 
Fast entropy based alert detection in super computer logs
Found in: Dependable Systems and Networks Workshops
By Adetokunbo Makanju, A. Nur Zincir-Heywood, Evangelos E. Milios
Issue Date:July 2010
pp. 52-58
The task of alert detection in event logs is very important in preventing or recovering from downtime events. The ability to do this automatically and accurately provides significant savings in the time and cost of downtime events. The Nodeinfo algorithm, ...
 
One Size Fits None: The Importance of Detector Parameterization
Found in: Availability, Reliability and Security, International Conference on
By Natasha Bodorik, A. Nur Zincir-Heywood
Issue Date:February 2010
pp. 487-494
The parameterization of an administrator's intrusion detection system (IDS) is as crucial as the IDS itself. The difference between sufficient and insufficient parameterization can be the difference between a detected and undetected attack. This work focus...
 
Incorporating Temporal Information for Document Classification
Found in: Data Engineering Workshops, 22nd International Conference on
By Xiao Luo, Nur Zincir-Heywood
Issue Date:April 2007
pp. 780-789
In this paper, we propose a novel document classification system where the Recurrent Linear Genetic Programming is employed to classify documents that are represented in encoded word sequences by Self Organizing feature Maps. The results using different fe...
 
Evolving Successful Stack Overflow Attacks for Vulnerability Testing
Found in: Computer Security Applications Conference, Annual
By H. Gunes Kayacyk, A. Nur Zincir-Heywood, Malcolm Heywood
Issue Date:December 2005
pp. 225-234
The work presented in this paper is intended to test crucial system services against stack overflow vulnerabilities. The focus of the test is the user-accessible variables, that is to say, the inputs from the user as specified at the command line or in a c...
 
System State Discovery Via Information Content Clustering of System Logs
Found in: Availability, Reliability and Security, International Conference on
By Adetokunbo Makanju,A. Nur Zincir-Heywood,Evangelos E. Milios
Issue Date:August 2011
pp. 301-306
Self-awareness is an important attribute for any system to have before it is capable of self-management. A system needs to have a continuous stream of real-time data to analyze to allow it be aware of its internal state. To this end, previous approaches ha...
 
An Evaluation of Entropy Based Approaches to Alert Detection in High Performance Cluster Logs
Found in: Quantitative Evaluation of Systems, International Conference on
By Adetokunbo Makanju, A. Nur Zincir-Heywood, Evangelos E. Milios
Issue Date:September 2010
pp. 69-78
Manual alert detection on modern high performance clusters (HPC) is cumbersome given their increasing complexity and size of their logs. The ability to automatically detect such alerts quickly and accurately with little or no human intervention is therefor...
 
Adaptabilty of a GP Based IDS on Wireless Networks
Found in: Availability, Reliability and Security, International Conference on
By Adetokunbo Makanju, Nur Zincir-Heywood, Evangelos Milios
Issue Date:March 2008
pp. 310-318
Abstract—Security and Intrusion detection in WiFi networks is currently an active area of research where WiFi specific Data Link layer attacks are an area of focus; particularly recent work has focused on producing machine learning based IDSs for these WiF...
 
Deterministic and Authenticated Flow Marking for IP Traceback
Found in: 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA)
By Vahid Aghaei Foroushani,A. Nur Zincir-Heywood
Issue Date:March 2013
pp. 397-404
In this paper, we present a novel approach to IP trace back - Deterministic Flow Marking (DFM) - which allows the victim to trace back the origin of incorrect or spoofed source addresses up to the attacker node, even if the attack has been originated from ...
 
LogView: Visualizing Event Log Clusters
Found in: Privacy, Security and Trust, Annual Conference on
By Adetokunbo Makanju, Stephen Brooks, A. Nur Zincir-Heywood, Evangelos E. Milios
Issue Date:October 2008
pp. 99-108
Event logs or log files form an essential part of any network management and administration setup. While log files are invaluable to a network administrator, the vast amount of data they sometimes contain can be overwhelming and can sometimes hinder rather...
 
Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?
Found in: Privacy, Security and Trust, Annual Conference on
By Hilmi Günes Kayacik, A. Nur Zincir-Heywood
Issue Date:October 2008
pp. 213-223
Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attacker’s goals. If such an attack can be found, it implies that the target detector is vulnera...
 
Information Retrieval in Network Administration
Found in: Communication Networks and Services Research, Annual Conference on
By Ashley George, Adetokunbo Makanju, A. Nur Zincir-Heywood, Evangelos E. Milios
Issue Date:May 2008
pp. 561-568
Network administration is a task that requires experience in relating symptoms of network problems with possible causes and corrective actions. We describe the design of a system and more specifically its information retrieval component, which aims to retr...
 
VEA-bility Security Metric: A Network Security Analysis Tool
Found in: Availability, Reliability and Security, International Conference on
By Melanie Tupper, A. Nur Zincir-Heywood
Issue Date:March 2008
pp. 950-957
In this work, we propose a novel quantitative security metric, VEA-bility, which measures the desirability of different network configurations. An administrator can then use the VEA-bility scores of different configurations to configure a secure network. B...
 
A Preliminary Investigation of Skype Traffic Classification Using a Minimalist Feature Set
Found in: Availability, Reliability and Security, International Conference on
By Duffy Angevine, Nur Zincir-Heywood
Issue Date:March 2008
pp. 1075-1079
In this work, AdaBoost and C4.5, are employed for classifying Skype direct (UDP and TCP) communications from traffic log files. Pre-processing is applied to the traffic data to express it as flows, which is later converted into a descriptive feature set. T...
 
On the Contribution of Preamble to Information Hiding in Mimicry Attacks
Found in: Advanced Information Networking and Applications Workshops, International Conference on
By H. Gunes Kayacik, A. Nur Zincir-Heywood
Issue Date:May 2007
pp. 632-638
In this paper, we aim to determine the significance of different stages of an attack, namely the preamble and the exploit, on an achieved anomaly rate. To this end, we analyze four UNIX applications that have been used by the previous researchers against S...
 
Genetic Programming Based WiFi Data Link Layer Attack Detection
Found in: Communication Networks and Services Research, Annual Conference on
By Patrick LaRoche, A. Nur Zincir-Heywood
Issue Date:May 2006
pp. 285-292
This paper presents a genetic programming based detection system for Data Link layer attacks on a WiFi network. We explore the use of two different fitness functions in order to achieve both a high detection rate and a low false positive rate. Results show...
 
Modeling User Behaviors from FTP Server Logs
Found in: Communication Networks and Services Research, Annual Conference on
By Yeming Hu, A. Nur Zincir-Heywood
Issue Date:May 2006
pp. 320-322
In this paper, a modeling toolkit is proposed for modeling user behavior from FTP server log files. This toolkit can develop analytical models from the data at hand with minimum assumptions. Analytic models are intended to be data driven, which means users...
 
Understanding the Performance of Cooperative Web Caching Systems
Found in: Communication Networks and Services Research, Annual Conference on
By Xiaosong Hu, A. Nur Zincir-Heywood
Issue Date:May 2005
pp. 183-188
Web caching has been recognized as an effective scheme to alleviate the service bottleneck and reduce the network traffic, thereby minimizing the user access latency on the Internet. To maximize the performance of caching, cache cooperation systems such as...
 
Generating Representative Traffic for Intrusion Detection System Benchmarking
Found in: Communication Networks and Services Research, Annual Conference on
By H. Güneş Kayacík, Nur Zincir-Heywood
Issue Date:May 2005
pp. 112-117
In this paper, a modeling and simulation framework is proposed for generating data for training and testing intrusion detection systems. The framework can develop models of web usage from web server logs in a data driven fashion and the actual traffic is g...
 
Investigating Two Different Approaches for Encrypted Traffic Classification
Found in: Privacy, Security and Trust, Annual Conference on
By Riyad Alshammari, A. Nur Zincir-Heywood
Issue Date:October 2008
pp. 156-166
The basic objective of this work is to compare the utility of an expert driven system and a data driven system for classifying encrypted network traffic,specifically SSH traffic from traffic log files. Pre-processing is applied to the traffic data to repre...
 
Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers
Found in: 2014 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA)
By Fariba Haddadi,Jillian Morgan,Eduardo Gomes Filho,A. Nur Zincir-Heywood
Issue Date:May 2014
pp. 7-12
Botnets are one of the most destructive threats against the cyber security. Recently, HTTP protocol is frequently utilized by botnets as the Command and Communication (C&C) protocol. In this work, we aim to detect HTTP based botnet activity based o...
 
TDFA: Traceback-Based Defense against DDoS Flooding Attacks
Found in: 2014 IEEE 28th International Conference on Advanced Information Networking and Applications (AINA)
By Vahid Aghaei Foroushani,A. Nur Zincir-Heywood
Issue Date:May 2014
pp. 597-604
Distributed Denial of Service (DDoS) attacks are one of the challenging network security problems to address. The existing defense mechanisms against DDoS attacks usually filter the attack traffic at the victim side. The problem is exacerbated when there a...
 
On Evaluating IP Traceback Schemes: A Practical Perspective
Found in: 2013 IEEE CS Security and Privacy Workshops (SPW2013)
By Vahid Aghaei-Foroushani,A. Nur Zincir-Heywood
Issue Date:May 2013
pp. 127-134
This paper presents an evaluation of two promising schemes for tracing cyber-attacks, the well-known Deterministic Packet Marking, DPM, and a novel marking scheme for IP traceback, Deterministic Flow Marking, DFM. First of all we explore the DPM in detail ...
   
Label free change detection on streaming data with cooperative multi-objective genetic programming
Found in: Proceeding of the fifteenth annual conference companion on Genetic and evolutionary computation conference companion (GECCO '13 Companion)
By Andrew R. McIntyre, Malcolm I. Heywood, Nur Zincir-Heywood, Sara Rahimi
Issue Date:July 2013
pp. 159-160
Classification under streaming data conditions requires that the machine learning (ML) approach operate interactively with the stream content. Thus, given some initial ML classification capability, it is not possible to assume that stream content will be s...
     
GP under streaming data constraints: a case for pareto archiving?
Found in: Proceedings of the fourteenth international conference on Genetic and evolutionary computation conference (GECCO '12)
By Aaron Atwater, Malcolm I. Heywood, Nur Zincir-Heywood
Issue Date:July 2012
pp. 703-710
Classification as applied to streaming data implies that only a small number of new training instances appear at each generation and are never explicitly reintroduced by the stream. Pareto competitive coevolution provides a potential framework for archivin...
     
Classifying SSH encrypted traffic with minimum packet header features using genetic programming
Found in: Proceedings of the 11th annual conference companion on Genetic and evolutionary computation conference (GECCO '09)
By A. Nur Zincir-Heywood, Malcolm Heywood, Peter I. Lichodzijewski, Riyad Alshammari
Issue Date:July 2009
pp. 1-8
The classification of Encrypted Traffic, namely Secure Shell (SSH), on the fly from network TCP traffic represents a particularly challenging application domain for machine learning. Solutions should ideally be both simple - therefore efficient to deploy -...
     
On evolving buffer overflow attacks using genetic programming
Found in: Proceedings of the 8th annual conference on Genetic and evolutionary computation (GECCO '06)
By Hilmi Gunes Kayacik, Malcolm Heywood, Nur Zincir-Heywood
Issue Date:July 2006
pp. 1667-1674
In this work, we employed genetic programming to evolve a "white hat" attacker; that is to say, we evolve variants of an attack with the objective of providing better detectors. Assuming a generic buffer overflow exploit, we evolve variants of the generic ...
     
Evolving recurrent models using linear GP
Found in: Proceedings of the 2005 conference on Genetic and evolutionary computation (GECCO '05)
By A. Nur Zincir-Heywood, Malcolm I. Heywood, Xiao Luo
Issue Date:June 2005
pp. 1787-1788
Turing complete Genetic Programming (GP) models introduce the concept of internal state, and therefore have the capacity for identifying interesting temporal properties. Surprisingly, there is little evidence of the application of such models to problems f...
     
Storage and retrieval of system log events using a structured schema based on message type transformation
Found in: Proceedings of the 2011 ACM Symposium on Applied Computing (SAC '11)
By A. Nur Zincir-Heywood, Adetokunbo Makanju, Evangelos E. Milios
Issue Date:March 2011
pp. 528-533
Message types are semantic groupings of the free form messages in system log events. The message types that exist in a log file, if known, can be used in several log management and analysis tasks. In this work, we explore the use of message types as a sche...
     
Multi-document summarization of scientific corpora
Found in: Proceedings of the 2011 ACM Symposium on Applied Computing (SAC '11)
By Evangelos Milios, Nur Zincir-Heywood, Ozge Yeloglu
Issue Date:March 2011
pp. 252-258
In this paper, we investigated four approaches for scientific corpora summarization when only gold-standard keyterms available. MEAD with built-in default vocabulary, MEAD with corpus specific vocabulary extracted by Keyphrase Extraction Algorithm (KEA), L...
     
Clustering event logs using iterative partitioning
Found in: Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining (KDD '09)
By A. Nur Zincir-Heywood, Adetokunbo A.O. Makanju, Evangelos E. Milios
Issue Date:June 2009
pp. 1-24
The importance of event logs, as a source of information in systems and network management cannot be overemphasized. With the ever increasing size and complexity of today's event logs, the task of analyzing event logs has become cumbersome to carry out man...
     
NetPal: a dynamic network administration knowledge base
Found in: Proceedings of the 2008 conference of the center for advanced studies on collaborative research: meeting of minds (CASCON '08)
By Adetokunbo Makanju, Ashley George, Evangelos Milios, Markus Latzel, Nur Zincir-Heywood, Sotirios Stergiopoulos
Issue Date:October 2008
pp. 77-81
Netpal is a web-based dynamic knowledge base system designed to assist network administrators in their troubleshooting tasks, in recalling and storing experience, and in identifying new failure cases and their symptoms. In the context of web hosting enviro...
     
Using self-organizing maps to build an attack map for forensic analysis
Found in: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services (PST '06)
By A. Nur Zincir-Heywood, H. Gunes Kayacik
Issue Date:October 2006
pp. 263-266
In this work, we focus on developing behavioral models of known attacks to help security experts to identify the similarities between attacks. Furthermore, these attack behavior models can be used to analyze zero-day attacks, which security experts have li...
     
802.11 network intrusion detection using genetic programming
Found in: Proceedings of the 2005 workshops on Genetic and evolutionary computation (GECCO '05)
By A. Nur Zincir-Heywood, Patrick LaRoche
Issue Date:June 2005
pp. 170-171
Genetic Programming (GP) based Intrusion Detection Systems (IDS) use connection state network data during their training phase. These connection states are recorded as a set of features that the GP uses to train and test solutions which allow for the effic...
     
 1