Search For:

Displaying 1-40 out of 40 total
An overview of the DADO parallel computer
Found in: Managing Requirements Knowledge, International Workshop on
By Mark D. Lerner, Gerald Q. Maguire Jr., and Salvatore J. Stolfo
Issue Date:July 1985
pp. 297
No summary available.
   
Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors
Found in: Computer Security Applications Conference, Annual
By Vanessa Frias-Martinez, Salvatore J. Stolfo, Angelos D. Keromytis
Issue Date:December 2008
pp. 367-376
Anomaly Detection (AD) sensors compute behavior profiles to recognize malicious or anomalous activities. The behavior of a host is checked continuously by the AD sensor and an alert is raised when the behavior deviates from its behavior profile. Unfortunat...
 
Ethics in Security Vulnerability Research
Found in: IEEE Security and Privacy
By Andrea M. Matwyshyn, Ang Cui, Angelos D. Keromytis, Salvatore J. Stolfo
Issue Date:March 2010
pp. 67-72
The authors provide the articulation of the ethical argument for the role of vulnerability researchers and security practitioners. They argue that, provided that these researchers don't themselves engage in conduct that causes harm, their conduct doesn't n...
 
Addressing the Insider Threat
Found in: IEEE Security and Privacy
By Shari Lawrence Pfleeger, Salvatore J. Stolfo
Issue Date:November 2009
pp. 10-13
In their guest editors' introduction to the special issue on Insider Threat, Shari Lawrence Pfleeger and Salvatore Stolfo describe a taxonomy of insiders and their unwelcome actions, as well as the need for credible data to document the size and nature of ...
 
Casting out Demons: Sanitizing Training Data for Anomaly Sensors
Found in: Security and Privacy, IEEE Symposium on
By Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis
Issue Date:May 2008
pp. 81-95
The efficacy of Anomaly Detection (AD) sensors depends heavily on the quality of the data used to train them. Artificial or contrived training data may not provide a realistic view of the deployment environment. Most realistic data sets are dirty; that is,...
 
Usable, Secure, Private Search
Found in: IEEE Security & Privacy
By Mariana Raykova,Ang Cui,Binh Vo,Bin Liu,Tal Malkin,Steven M. Bellovin,Salvatore J. Stolfo
Issue Date:September 2012
pp. 53-60
Real-world applications commonly require untrusting parties to share sensitive information securely. This article describes a secure anonymous database search (SADS) system that provides exact keyword match capability. Using a new reroutable encryption and...
 
Real Time Data Mining-Based Intrusion Detection
Found in: DARPA Information Survivability Conference and Exposition,
By Wenke Lee, Salvatore J. Stolfo, Eleazar Eskin, Matthew Miller, Shlomo Hershkop, Junxin Zhang, Philip K. Chan, Wei Fan
Issue Date:June 2001
pp. 0089
Abstract: In this paper, we present an overview of our research in real time data mining-based intrusion detection systems (IDSs). We focus on issues related to deploying a data mining-based IDS in a real time environment. We describe our approaches to add...
 
The MEERKATS Cloud Security Architecture
Found in: 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCS Workshops)
By Angelos D. Keromytis,Roxana Geambasu,Simha Sethumadhavan,Salvatore J. Stolfo,Junfeng Yang,Azzedine Benameur,Marc Dacier,Matthew Elder,Darrell Kienzle,Angelos Stavrou
Issue Date:June 2012
pp. 446-450
MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward c...
 
The MINESTRONE Architecture Combining Static and Dynamic Analysis Techniques for Software Security
Found in: SysSec Workshop
By Angelos D. Keromytis,Salvatore J. Stolfo,Junfeng Yang,Angelos Stavrou,Anup Ghosh,Dawson Engler,Marc Dacier,Matthew Elder,Darrell Kienzle
Issue Date:July 2011
pp. 53-56
We present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities in third-party softw...
 
The SPARCHS Project: Hardware Support for Software Security
Found in: SysSec Workshop
By Simha Sethumadhavan,Salvatore J. Stolfo,Angelos Keromytis,Junfeng Yang,David August
Issue Date:July 2011
pp. 119-122
This paper describes the SPARCHS project at Columbia and Princeton Universities. Drawing inspiration from biological defenses, this project aims to enhance security with clean-slate design of hardware. The ideas to be explored in the project and current st...
 
Privacy-Preserving Sharing of Sensitive Information
Found in: IEEE Security and Privacy
By Salvatore J. Stolfo, Gene Tsudik
Issue Date:July 2010
pp. 16-17
Privacy-preserving sharing of sensitive information (PPSSI) is motivated by the increasing need for entities (organizations or individuals) that don't fully trust each other to share sensitive information. Many types of entities need to collect, analyze, a...
 
A Network Access Control Mechanism Based on Behavior Profiles
Found in: Computer Security Applications Conference, Annual
By Vanessa Frias-Martinez, Joseph Sherrick, Salvatore J. Stolfo, Angelos D. Keromytis
Issue Date:December 2009
pp. 3-12
Current Network Access Control (NAC) technologies manage the access of new devices into a network to prevent rogue devices from attacking network hosts or services. Typically, new devices are checked against a set of manually defined policies (rules) befor...
 
Worm and Attack Early Warning
Found in: IEEE Security and Privacy
By Salvatore J. Stolfo
Issue Date:May 2004
pp. 73-75
The author describes the Worminator project (http://worminator.cs.columbia.edu), a collaboration of academic institutions pursuing R&D of intelligent predictive and proactive technologies that detect, report, and defend against early preattack cybereve...
 
EMT/MET: Systems for Modeling and Detecting Errant Email
Found in: DARPA Information Survivability Conference and Exposition,
By Salvatore J. Stolfo, Shlomo Hershkop, Ke Wang, Olivier Nimeskern
Issue Date:April 2003
pp. 290
No summary available.
 
Surveillance Detection in High Bandwidth Environments
Found in: DARPA Information Survivability Conference and Exposition,
By Seth Robertson, Eric V. Siegel, Matt Miller, Salvatore J. Stolfo
Issue Date:April 2003
pp. 130
In this paper, we describe System Detection?s surveillance detection techniques for enclave environments (ESD) and peering center environments (PSD) and evaluate each technique over data gathered from two different network environments. ESD is evaluated ov...
 
A Fully Distributed Framework for Cost-Sensitive Data Mining
Found in: Distributed Computing Systems, International Conference on
By Wei Fan, Haixun Wang, Philip S. Yu, Salvatore J. Stolfo
Issue Date:July 2002
pp. 445
No summary available.
   
Using Artificial Anomalies to Detect Unknown and Known Network Intrusions
Found in: Data Mining, IEEE International Conference on
By Wei Fan, Matthew Miller, Salvatore J. Stolfo, Wenke Lee, Philip K. Chan
Issue Date:December 2001
pp. 123
Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both know...
 
Modeling System Calls for Intrusion Detection with Dynamic Window Sizes
Found in: DARPA Information Survivability Conference and Exposition,
By Eleazar Eskin, Salvatore J. Stolfo, Wenke Lee
Issue Date:June 2001
pp. 0165
Abstract: We extend prior research on system call anomaly detection modeling methods for intrusion detection by incorporating dynamic window sizes. The window size is the length of the subsequence of a system call trace which is used as the basic unit for ...
 
Data Mining Methods for Detection of New Malicious Executables
Found in: Security and Privacy, IEEE Symposium on
By Matthew G. Schultz, Eleazar Eskin, Erez Zadok, Salvatore J. Stolfo
Issue Date:May 2001
pp. 0038
Abstract: A serious security threat today is malicious executables, especially new, unseen malicious executables often arriving as email attachments. These new malicious executables are created at the rate of thousands every year and pose a serious securit...
 
Cost-Based Modeling for Fraud and Intrusion Detection: Results from the JAM Project
Found in: DARPA Information Survivability Conference and Exposition,
By Salvatore J. Stolfo, Wei Fan, Wenke Lee, Andreas Prodromidis, Philip K. Chan
Issue Date:January 2000
pp. 1130
In this paper we describe the results achieved using the JAM distributed data mining system for the real world problem of fraud detection in financial information systems. For this domain we provide clear evidence that state-of-the-art commercial fraud det...
 
Distributed Data Mining in Credit Card Fraud Detection
Found in: IEEE Intelligent Systems
By Philip K. Chan, Wei Fan, Andreas L. Prodromidis, Salvatore J. Stolfo
Issue Date:November 1999
pp. 67-74
Credit card transactions continue to grow in number, taking a larger share of the US payment system, and have led to a higher rate of stolen account numbers and subsequent losses by banks. Hence, improved fraud detection has become essential to maintain th...
 
A Data Mining Framework for Building Intrusion Detection Models
Found in: Security and Privacy, IEEE Symposium on
By Wenke Lee, Salvatore J. Stolfo, Kui W. Mok
Issue Date:May 1999
pp. 0120
There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changes to IDSs are expensive and ...
 
System Level User Behavior Biometrics using Fisher Features and Gaussian Mixture Models
Found in: 2013 IEEE CS Security and Privacy Workshops (SPW2013)
By Yingbo Song,Malek Ben Salem,Shlomo Hershkop,Salvatore J. Stolfo
Issue Date:May 2013
pp. 52-59
We propose a machine learning-based method for biometric identification of user behavior, for the purpose of masquerade and insider threat detection. We designed a sensor that captures system-level events such as process creation, registry key changes, and...
   
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Found in: Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense (LSAD '06)
By Janak J. Parekh, Ke Wang, Salvatore J. Stolfo
Issue Date:September 2006
pp. 99-106
With the increased use of botnets and other techniques to obfuscate attackers' command-and-control centers, Distributed Intrusion Detection Systems (DIDS) that focus on attack source IP addresses or other header information can only portray a limited view ...
     
Reflections on the engineering and operation of a large-scale embedded device vulnerability scanner
Found in: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS '11)
By Ang Cui, Salvatore J. Stolfo
Issue Date:April 2011
pp. 8-18
We present important lessons learned from the engineering and operation of a large-scale embedded device vulnerability scanner infrastructure. Developed and refined over the period of one year, our vulnerability scanner monitored large portions of the Inte...
     
A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan
Found in: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10)
By Ang Cui, Salvatore J. Stolfo
Issue Date:December 2010
pp. 97-106
We present a quantitative lower bound on the number of vulnerable embedded device on a global scale. Over the past year, we have systematically scanned large portions of the internet to monitor the presence of trivially vulnerable embedded devices. At the ...
     
Automating the injection of believable decoys to detect snooping
Found in: Proceedings of the third ACM conference on Wireless network security (WiSec '10)
By Angelos D. Keromytis, Brian M. Bowen, Pratap Prabhu, Salvatore J. Stolfo, Vasileios P. Kemerlis
Issue Date:March 2010
pp. 81-86
We propose a novel trap-based architecture for enterprise networks that detects "silent" attackers who are eavesdropping network traffic. The primary contributions of our work are the ease of injecting, automatically, large amounts of believable bait, and ...
     
Keep your friends close: the necessity for updating an anomaly sensor with legitimate environment changes
Found in: Proceedings of the 2nd ACM workshop on Security and artificial intelligence (AISec '09)
By Angelos Stavrou, Gabriela F. Cretu-Ciocarlie, Michael E. Locasto, Salvatore J. Stolfo
Issue Date:November 2009
pp. 39-46
Large-scale distributed systems have dense, complex code-bases that are assumed to perform multiple and inter-dependent tasks while user interaction is present. The way users interact with systems can differ and evolve over time, as can the systems themsel...
     
Polymorphic shellcode: the demise of signature-based detection
Found in: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (CSIIRW '09)
By Salvatore J. Stolfo
Issue Date:April 2009
pp. 1-7
Option pricing is one of the challenging areas of computational finance. In this paper an attempt is made to apply Particle Swarm Optimization (PSO) for pricing options. PSO is one of the novel global search algorithm based on swarm intelligence. It is sho...
     
Automated social hierarchy detection through email network analysis
Found in: Proceedings of the 9th WebKDD and 1st SNA-KDD 2007 workshop on Web mining and social network analysis (WebKDD/SNA-KDD '07)
By German Creamer, Ryan Rowe, Salvatore J Stolfo, Shlomo Hershkop
Issue Date:August 2007
pp. 109-117
This paper provides a novel algorithm for automatically extracting social hierarchy data from electronic communication behavior. The algorithm is based on data mining user behaviors to automatically analyze and catalog patterns of communications between en...
     
Behavior-based modeling and its application to Email analysis
Found in: ACM Transactions on Internet Technology (TOIT)
By Chia-Wei Hu, Ke Wang, Olivier Nimeskern, Salvatore J. Stolfo, Shlomo Hershkop, Wei-Jen Li
Issue Date:May 2006
pp. 187-221
The Email Mining Toolkit (EMT) is a data mining system that computes behavior profiles or models of user email accounts. These models may be used for a multitude of tasks including forensic analyses and detection tasks of value to law enforcement and intel...
     
Combining email models for false positive reduction
Found in: Proceeding of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining (KDD '05)
By Salvatore J. Stolfo, Shlomo Hershkop
Issue Date:August 2005
pp. 98-107
Machine learning and data mining can be effectively used to model, classify and discover interesting information for a wide variety of data including email. The Email Mining Toolkit, EMT, has been designed to provide a wide range of analyses for arbitrary ...
     
Email archive analysis through graphical visualization
Found in: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security (VizSEC/DMSEC '04)
By Salvatore J. Stolfo, Shlomo Hershkop, Wei-Jen Li
Issue Date:October 2004
pp. 128-132
The analysis of the vast storehouse of email content accumulated or produced by individual users has received relatively little attention other than for specific tasks such as spam and virus filtering. Current email analysis in standard client applications...
     
The application of AdaBoost for distributed, scalable and on-line learning
Found in: Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining (KDD '99)
By Junxin Zhang, Salvatore J. Stolfo, Wei Fan
Issue Date:August 1999
pp. 362-366
This talk is an interim report on the 5 year plan launched in 1996 to provide a theoretical and computational foundation of Statistics for massive data sets. The plan coincided with the formation of AT&T Labs and the proposed research agenda of the In...
     
Mining in a data-flow environment: experience in network intrusion detection
Found in: Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining (KDD '99)
By Kui W. Mok, Salvatore J. Stolfo, Wenke Lee
Issue Date:August 1999
pp. 114-124
This talk is an interim report on the 5 year plan launched in 1996 to provide a theoretical and computational foundation of Statistics for massive data sets. The plan coincided with the formation of AT&T Labs and the proposed research agenda of the In...
     
A framework for constructing features and models for intrusion detection systems
Found in: ACM Transactions on Information and System Security (TISSEC)
By Salvatore J. Stolfo, Wenke Lee
Issue Date:November 1998
pp. 227-261
Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today's network environments, we ...
     
Dynamic neighborhood bounding for Monte Carlo simulation
Found in: Proceedings of the 25th conference on Winter simulation (WSC '93)
By Jason S. Glazier, Salvatore J. Stolfo
Issue Date:December 1993
pp. 466-473
This paper describes the CONVERSIM simulation language. CONVERSIM is a developmental general-purpose, discrete-event language which has been used in the classroom to introduce the use and operation of simulators prior to the introduction of languages such ...
     
Experiments on multistrategy learning by meta-learning
Found in: Proceedings of the second international conference on Information and knowledge management (CIKM '93)
By Philip K. Chan, Salvatore J. Stolfo
Issue Date:November 1993
pp. 314-323
The people who run large-scale computer systems deserve the attention of the HCI community. These professionals work with increasingly diverse and complex hardware and software, large systems often characterized as "unknowable" by a single person. Relying ...
     
Incremental evaluation of rules and its relationship to parallelism
Found in: Proceedings of the 1991 ACM SIGMOD international conference on Management of data (SIGMOD '91)
By Hasanat M. Dewan, Ouri Wolfson, Salvatore J. Stolfo, Yechiam Yemini
Issue Date:May 1991
pp. 328-340
Iris is an object-oriented database management system being developed at Hewlett-Packard Laboratories [1], [3]. This videotape provides an overview of the Iris data model and a summary of our experiences in converting a computer-integrated manufacturing ap...
     
A digital government for the 21st century
Found in: Communications of the ACM
By Herbert Schorr, Salvatore J. Stolfo
Issue Date:January 1988
pp. 15-19
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.
     
 1