—Validating function pointers dynamically is very useful for intrusion detection since many runtime attacks exploit function pointer vulnerabilities. Most current solutions tackl...
Novelty detection is concerned with identifying abnormal system behaviours and abrupt changes from one regime to another. This paper proposes an on-line (causal) novelty detection...
Models based on system calls are a popular and common approach to characterize the run-time behavior of programs. For example, system calls are used by intrusion detection systems...
Andrea Lanzi, Davide Balzarotti, Christopher Krueg...
In this work we consider the problem of monitoring information streams for anomalies in a scalable and efficient manner. We study the problem in the context of network streams wher...
The state-of-the-art object detection algorithm learns a binary classifier to differentiate the foreground object from the background. Since the detection algorithm exhaustively s...