We argue in favor of the explicit inclusion of suspicion as a concrete concept to be used in the analysis of audit data in order to guide the search for evidence of misuse. Our ap...
The Domain Name System (DNS) is an essential protocol used by both legitimate Internet applications and cyber attacks. For example, botnets rely on DNS to support agile command an...
Manos Antonakakis, Roberto Perdisci, David Dagon, ...
In this paper, we study the impact of today’s IT policies, defined based upon a monoculture approach, on the performance of endhost anomaly detectors. This approach leads to th...
Anomaly detection in IP networks, detection of deviations from what is considered normal, is an important complement to misuse detection based on known attack descriptions. Perfor...
Large scale distributed systems typically have interactions among different services that create an avenue for propagation of a failure from one service to another. The failures ...