Gabriela F. Ciocarlie scite author profile

Gabriela F. Ciocarlie

4Publications

131Citation Statements Received

83Citation Statements Given

How they've been cited

226

131

How they cite others

Affiliations

The University of Texas at San Antonio, SRI International, Menlo School

Publications

Order By: Most citations

MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation

Kwon

Wang

et al. 2018

View full text Add to dashboard Cite

In this paper, we develop a model based causality inference technique for audit logging that does not require any application instrumentation or kernel modification. It leverages a recent dynamic analysis, dual execution (LDX), that can infer precise causality between system calls but unfortunately requires doubling the resource consumption such as CPU time and memory consumption. For each application, we use LDX to acquire precise causal models for a set of primitive operations. Each model is a sequence of system calls that have interdependences , some of them caused by memory operations and hence implicit at the system call level. These models are described by a language that supports various complexity such as regular, context-free, and even context-sensitive. In production run, a novel parser is deployed to parse audit logs (without any enhancement) to model instances and hence derive causality. Our evaluation on a set of real-world programs shows that the technique is highly effective. The generated models can recover causality with 0% false-positives (FP) and false-negatives (FN) for most programs and only 8.3% FP and 5.2% FN in the worst cases. The models also feature excellent composibility, meaning that the models derived from primitive operations can be composed together to describe causality for large and complex real world missions. Applying our technique to attack investigation shows that the system-wide attack causal graphs are highly precise and concise, having better quality than the state-of-the-art.

show abstract

Detecting anomalies in cellular networks using an ensemble method

Ciocarlie

Lindqvist

Nováczki³

et al. 2013

View full text Add to dashboard Cite

Abstract-The Self-Organizing Networks (SON) concept includes the functional area known as self-healing, which aims to automate the detection and diagnosis of, and recovery from, network degradations and outages. This paper focuses on the problem of cell anomaly detection, addressing partial and complete degradations in cell-service performance, and it proposes an adaptive ensemble method framework for modeling cell behavior. The framework uses Key Performance Indicators (KPIs) to determine cell-performance status and is able to cope with legitimate system changes (i.e., concept drift). The results, generated using real cellular network data, suggest that the proposed ensemble method automatically and significantly improves the detection quality over univariate and multivariate methods, while using intrinsic system knowledge to enhance performance.

show abstract

Communication Pattern Monitoring: Improving the Utility of Anomaly Detection for Industrial Control Systems

Yoon¹,

Ciocarlie²

2014

View full text Add to dashboard Cite

Attacks on Industrial Control Systems (ICS) continue to grow in number and complexity, and well-crafted cyber attacks are aimed at both commodity and ICS-specific contexts. It has become imperative to create efficient ICS-specific defense mechanisms that complement traditional enterprise solutions. Most commercial solutions are not designed for ICS environments, rely only on pre-defined signatures and do not handle zeroday attacks. We propose a threat detection framework that aims to detect zero-day attacks by creating models of legitimate, rather than malicious ICS traffic. Our approach employs a contentbased analysis that characterizes normal command and data sequences applied at the network level, while proposing mechanisms for achieving a low false positive rate. Our preliminary results show that we can reliably model normal behavior, while reducing the false positive rate, increasing confidence in the anomaly detection alerts.

show abstract

TRACE: Enterprise-Wide Provenance Tracking for Real-Time APT Detection

Irshad

Ciocarlie

Gehani

et al. 2021

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.