Position paper: A systematic framework for categorising IoT device fingerprinting mechanisms
The popularity of the Internet of Things (IoT) devices makes it increasingly important to be
able to fingerprint them, for example in order to detect if there are misbehaving or even …
able to fingerprint them, for example in order to detect if there are misbehaving or even …
Flexfringe: a passive automaton learning package
S Verwer, CA Hammerschmidt - 2017 IEEE international …, 2017 - ieeexplore.ieee.org
Finite state models, such as Mealy machines or state charts, are often used to express and
specify protocol and software behavior. Consequently, these models are often used in …
specify protocol and software behavior. Consequently, these models are often used in …
BotGM: Unsupervised graph mining to detect botnets in traffic flows
S Lagraa, J François, A Lahmadi… - 2017 1st Cyber …, 2017 - ieeexplore.ieee.org
Botnets are one of the most dangerous and serious cybersecurity threats since they are a
major vector of large-scale attack campaigns such as phishing, distributed denial-of-service …
major vector of large-scale attack campaigns such as phishing, distributed denial-of-service …
Cbam: A contextual model for network anomaly detection
Anomaly-based intrusion detection methods aim to combat the increasing rate of zero-day
attacks, however, their success is currently restricted to the detection of high-volume attacks …
attacks, however, their success is currently restricted to the detection of high-volume attacks …
Flexfringe: Modeling software behavior by learning probabilistic automata
S Verwer, C Hammerschmidt - arXiv preprint arXiv:2203.16331, 2022 - arxiv.org
We present the efficient implementations of probabilistic deterministic finite automaton
learning methods available in FlexFringe. These implement well-known strategies for state …
learning methods available in FlexFringe. These implement well-known strategies for state …
Beyond labeling: Using clustering to build network behavioral profiles of malware families
Malware family labels are known to be inconsistent. They are also black-box since they do
not represent the capabilities of malware. The current state of the art in malware capability …
not represent the capabilities of malware. The current state of the art in malware capability …
A flow-based multi-agent data exfiltration detection architecture for ultra-low latency networks
RS Marques, G Epiphaniou, H Al-Khateeb… - ACM Transactions on …, 2021 - dl.acm.org
Modern network infrastructures host converged applications that demand rapid elasticity of
services, increased security, and ultra-fast reaction times. The Tactile Internet promises to …
services, increased security, and ultra-fast reaction times. The Tactile Internet promises to …
Cluster analysis of malware family relationships
In this chapter, we use K-means clustering to analyze various relationships between
malware samples. We consider a dataset comprising 20 malware families with 1000 …
malware samples. We consider a dataset comprising 20 malware families with 1000 …
Intelligent malware defenses
With rapidly evolving threat landscape surrounding malware, intelligent defenses based on
machine learning are paramount. In this chapter, we review the literature proposed in the …
machine learning are paramount. In this chapter, we review the literature proposed in the …
Encoding NetFlows for State-Machine Learning
NetFlow data is a well-known network log format used by many network analysts and
researchers. The advantages of using this format compared to pcap are that it contains fewer …
researchers. The advantages of using this format compared to pcap are that it contains fewer …