Efficient Algorithms for Security Applications
Although we don't pursue purely algorithmic research, we work on a number of problems where efficient algorithms are required for addressing security problems. For instance, our work on specification-based intrusion detection was based on algorithms for constructing efficient automata for matching regular expressions over events . Our work on anomaly detection relies on automata-based models of program behavior. We have relied on efficient string-matching algorithms for efficiently learning dataflow relationships between system call events that represent the transitions in this automata .
Our network anomaly detection work develops linear-time algorithms for computing several statistical measures on network packets so as to scale to high-speed networks [17, 18]. More recently, we have developed efficient algorithms for network packet classification, a central problem in the context of signature-based network intrusion detection systems [14, 15].
Recently, we have started investigating the use of approximate string matching algorithms in the context of taint analysis, and reasoning about privacy leaks .
-  A New Tag-Based Approach for Real-Time Detection of Advanced Cyber Attacks
PhD Dissertation (Stony Brook University) January, 2022.
-  On the Effectiveness of Cyber-Attack Campaign Investigation with Reduced Audit Logs
Undergraduate (Honors) Thesis (Stony Brook University) January, 2021.
-  Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2020.
(A 2-minute demo and the conference presentation are also available.).
-  HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2019.
, , , and
-  Dependence-Preserving Data Compaction for Scalable Forensic Analysis
USENIX Security Symposium (USENIX Security) August, 2018. (Talk).
, , and
-  SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data
USENIX Security Symposium (USENIX Security) August, 2017. (Talk).
, , , , , , and
-  Lifting Assembly to Intermediate Representation: A Novel Approach Leveraging Compilers
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) April, 2016.
-  Condition Factorization: A Technique for Building Fast and Compact Packet Matching Automata
IEEE Transactions on Information Forensics and Security (IEEE TIFS) March, 2016.
-  Automatic Synthesis of Instruction Set Semantics
PhD Dissertation (Stony Brook University) July, 2015.
-  Protection, Usability and Improvements in Reflected XSS Filters
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.
-  Efficient Techniques for Fast Packet Classification
PhD Dissertation (Stony Brook University) August, 2009.
-  Fast Packet Classification using Condition Factorization
Applied Cryptography and Network Security (ACNS) June, 2009.
-  An Efficient Black-box Technique for Defeating Web Application Attacks
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
-  Fast Packet Classification for Snort
USENIX Large Installation System Administration Conference (LISA) November, 2008.
-  Inferring Higher Level Policies from Firewall Rules
USENIX Large Installation System Administration Conference (LISA) November, 2007.
-  Dataflow Anomaly Detection
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2006. (Supercedes Technical Report SECLAB-05-03 Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments, July 2005.).
-  Specification-based anomaly detection: a new approach for detecting network intrusions
ACM Conference on Computer and Communications Security (CCS) October, 2002.
, , , , , and
-  A High-Performance Network Intrusion Detection System
ACM Conference on Computer and Communications Security (CCS) November, 1999.
, , and
-  Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications
USENIX Security Symposium (USENIX Security) August, 1999.