Publications in Intrusion/Anomaly detection

[1]  eAudit: A Fast, Scalable and Deployable Audit Data Collection System

R. Sekar, Hanke Kimm and Rohit Aich
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2024. (Software release).

[2]  A New Tag-Based Approach for Real-Time Detection of Advanced Cyber Attacks

Md Nahid Hossain
PhD Dissertation (Stony Brook University) January, 2022.

[3]  Efficient Audit Data Collection for Linux

Rohit Aich
Master's Thesis (Stony Brook University) August, 2021.

[4]  On the Effectiveness of Cyber-Attack Campaign Investigation with Reduced Audit Logs

Maggie Zhou
Undergraduate (Honors) Thesis (Stony Brook University) January, 2021.

[5]  Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics

Md Nahid Hossain, Sanaz Sheikhi and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2020.
(A 2-minute demo and the conference presentation are also available.).

[6]  HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows

Sadegh Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar and V.N. Venkatakrishnan
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2019.

[7]  Dependence-Preserving Data Compaction for Scalable Forensic Analysis

Md Nahid Hossain, Junao Wang, R. Sekar and Scott D. Stoller
USENIX Security Symposium (USENIX Security) August, 2018. (Talk).

[8]  Hardening OpenStack Cloud Platforms against Compute Node Compromises

Wai-Kit Sze, Abhinav Srivastava and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2016.

[9]  Condition Factorization: A Technique for Building Fast and Compact Packet Matching Automata

Alok Tongaonkar and R. Sekar
IEEE Transactions on Information Forensics and Security (IEEE TIFS) March, 2016.

[10]  Squeezing the Dynamic Loader For Fun And Profit

Mingwei Zhang and R. Sekar
Technical Report (TR) December, 2015.

[11]  Taint-Enhanced Anomaly Detection

Lorenzo Cavallaro and R. Sekar
International Conference on Information Systems Security (ICISS) December, 2011.

[12]  Efficient Techniques for Fast Packet Classification

Alok Tongaonkar
PhD Dissertation (Stony Brook University) August, 2009.

[13]  Fast Packet Classification using Condition Factorization

Alok Tongaonkar, R. Sekar and Sreenaath Vasudevan
Applied Cryptography and Network Security (ACNS) June, 2009.

[14]  Fast Packet Classification for Snort

Alok Tongaonkar, Sreenaath Vasudevan and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2008.

[15]  Anomalous Taint Detection (Extended Abstract)

Lorenzo Cavallaro and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06).

[16]  A Practical Mimicry Attack Against Powerful System-Call Monitors

Chetan Parampalli, R. Sekar and Rob Johnson
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2008. (Supercedes Technical Report SECLAB07-01).

[17]  Comprehensive Memory Error Protection via Diversity and Taint-Tracking

Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.

[18]  Dataflow Anomaly Detection

Sandeep Bhatkar, Abhishek Chaturvedi and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2006. (Supercedes Technical Report SECLAB-05-03 Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments, July 2005.).

[19]  Using Predators to Combat Worms and Viruses: A Simulation-Based Study

Ajay Gupta and Daniel DuVarney
Annual Computer Security Applications Conference (ACSAC) December, 2004.

[20]  An Approach for Detecting Self-Propagating Email Using Anomaly Detection

Ajay Gupta and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2003.

[21]  Specification-based anomaly detection: a new approach for detecting network intrusions

R. Sekar, Ajay Gupta, James Frullo, Tushar Shanbhag, Abhishek Tiwari, Henglin Yang and Sheng Zhou
ACM Conference on Computer and Communications Security (CCS) October, 2002.

[22]  Model-Based Analysis of Configuration Vulnerabilities

C.R. Ramakrishnan and R. Sekar
Journal of Computer Security (JCS) January, 2002.

[23]  Experiences with Specification Based Intrusion Detection System

Prem Uppuluri and R. Sekar
Recent Advances in Intrusion Detection (RAID) October, 2001.

[24]  A Fast Automaton-Based~Method for Detecting Anomalous Program Behaviors

R. Sekar, Mugdha Bendre, Pradeep Bollineni and Dinakar Dhurjati
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2001.

[25]  Model-Based Analysis of Configuration Vulnerabilities

C.R. Ramakrishnan and R. Sekar
ACM CCS Workshop on Intrusion Detection Systems (WIDS) October, 2000.

[26]  Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment

Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
DISCEX (DISCEX) February, 2000.

[27]  User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement

Kapil Jain and R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2000.

[28]  A High-Performance Network Intrusion Detection System

R. Sekar, Guang Yang, Shobhit Verma and Tushar Shanbhag
ACM Conference on Computer and Communications Security (CCS) November, 1999.

[29]  Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications

R. Sekar and Prem Uppuluri
USENIX Security Symposium (USENIX Security) August, 1999.

[30]  On Preventing Intrusions by Process Behavior Monitoring

R. Sekar, Thomas Bowen and Mark Segal
USENIX Intrusion Detection Workshop () April, 1999.

[31]  A Specification-Based Approach for Building Survivable Systems

R. Sekar, Yong Cai and Mark Segal
National Information Systems Security Conference (NISSC) October, 1998.

[32]  Model-Based Vulnerability Analysis of Computer Systems

C.R. Ramakrishnan and R. Sekar
Verification, Model Checking, and Abstract Interpretation (VMCAI) September, 1998.

By Area

By Problem

Local Search