Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Research on Intrusion and Anomaly Detection

Related Publications

[1]  Sealing the Window: Efficient Tamper Protection for Provenance Logs
Sagar Mishra and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2026.
(With minor revisions to the conference version. Software release).
[2]  Minding the Gap: Bridging Causal Disconnects in System Provenance
Hanke Kimm, Sagar Mishra and R. Sekar
Workshop on Attack Provenance, Reasoning, and Investigation for Security in the Monitored Environment (PRISM) February, 2026.
Palo Alto Networks Best Paper Award (Software release).
[3]  Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection
Lingzhi Wang, XiangminShen, Weijian Li, Zhenyuan Li, R. Sekar, Han Liu and Yan Chen
ISOC Network and Distributed Systems Symposium (NDSS) February, 2025.
[4]  eAudit: A Fast, Scalable and Deployable Audit Data Collection System
R. Sekar, Hanke Kimm and Rohit Aich
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2024. (Software release).
[5]  A New Tag-Based Approach for Real-Time Detection of Advanced Cyber Attacks
Md Nahid Hossain
PhD Dissertation (Stony Brook University) January, 2022.
[6]  Efficient Audit Data Collection for Linux
Rohit Aich
Master's Thesis (Stony Brook University) August, 2021.
[7]  On the Effectiveness of Cyber-Attack Campaign Investigation with Reduced Audit Logs
Maggie Zhou
Undergraduate (Honors) Thesis (Stony Brook University) January, 2021.
[8]  Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics
Md Nahid Hossain, Sanaz Sheikhi and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2020.
(A 2-minute demo and the conference presentation are also available.).
[9]  HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows
Sadegh Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar and V.N. Venkatakrishnan
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2019.
[10]  Dependence-Preserving Data Compaction for Scalable Forensic Analysis
Md Nahid Hossain, Junao Wang, R. Sekar and Scott D. Stoller
USENIX Security Symposium (USENIX Security) August, 2018. (Talk).
[11]  Hardening OpenStack Cloud Platforms against Compute Node Compromises
Wai-Kit Sze, Abhinav Srivastava and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2016.
[12]  Condition Factorization: A Technique for Building Fast and Compact Packet Matching Automata
Alok Tongaonkar and R. Sekar
IEEE Transactions on Information Forensics and Security (IEEE TIFS) March, 2016.
[13]  Squeezing the Dynamic Loader For Fun And Profit
Mingwei Zhang and R. Sekar
Technical Report (TR) December, 2015.
[14]  Taint-Enhanced Anomaly Detection
Lorenzo Cavallaro and R. Sekar
International Conference on Information Systems Security (ICISS) December, 2011.
[15]  Efficient Techniques for Fast Packet Classification
Alok Tongaonkar
PhD Dissertation (Stony Brook University) August, 2009.
[16]  Fast Packet Classification using Condition Factorization
Alok Tongaonkar, R. Sekar and Sreenaath Vasudevan
Applied Cryptography and Network Security (ACNS) June, 2009.
[17]  Fast Packet Classification for Snort
Alok Tongaonkar, Sreenaath Vasudevan and R. Sekar
USENIX Large Installation System Administration Conference (LISA) November, 2008.
[18]  Anomalous Taint Detection (Extended Abstract)
Lorenzo Cavallaro and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06).
[19]  A Practical Mimicry Attack Against Powerful System-Call Monitors
Chetan Parampalli, R. Sekar and Rob Johnson
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2008. (Supercedes Technical Report SECLAB07-01).
[20]  Comprehensive Memory Error Protection via Diversity and Taint-Tracking
Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.
[21]  Dataflow Anomaly Detection
Sandeep Bhatkar, Abhishek Chaturvedi and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2006. (Supercedes Technical Report SECLAB-05-03 Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments, July 2005.).
[22]  Using Predators to Combat Worms and Viruses: A Simulation-Based Study
Ajay Gupta and Daniel DuVarney
Annual Computer Security Applications Conference (ACSAC) December, 2004.
[23]  An Approach for Detecting Self-Propagating Email Using Anomaly Detection
Ajay Gupta and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2003.
[24]  Specification-based anomaly detection: a new approach for detecting network intrusions
R. Sekar, Ajay Gupta, James Frullo, Tushar Shanbhag, Abhishek Tiwari, Henglin Yang and Sheng Zhou
ACM Conference on Computer and Communications Security (CCS) October, 2002.
[25]  Model-Based Analysis of Configuration Vulnerabilities
C.R. Ramakrishnan and R. Sekar
Journal of Computer Security (JCS) January, 2002.
[26]  Experiences with Specification Based Intrusion Detection System
Prem Uppuluri and R. Sekar
Recent Advances in Intrusion Detection (RAID) October, 2001.
[27]  A Fast Automaton-Based~Method for Detecting Anomalous Program Behaviors
R. Sekar, Mugdha Bendre, Pradeep Bollineni and Dinakar Dhurjati
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2001.
[28]  Model-Based Analysis of Configuration Vulnerabilities
C.R. Ramakrishnan and R. Sekar
ACM CCS Workshop on Intrusion Detection Systems (WIDS) October, 2000.
[29]  Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment
Thomas Bowen, Dana Chee, Mark Segal, R. Sekar, Tushar Shanbhag and Prem Uppuluri
DISCEX (DISCEX) February, 2000.
[30]  User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement
Kapil Jain and R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2000.
[31]  A High-Performance Network Intrusion Detection System
R. Sekar, Guang Yang, Shobhit Verma and Tushar Shanbhag
ACM Conference on Computer and Communications Security (CCS) November, 1999.
[32]  Synthesizing Fast Intrusion Detection/Prevention Systems from High-Level Specifications
R. Sekar and Prem Uppuluri
USENIX Security Symposium (USENIX Security) August, 1999.
[33]  On Preventing Intrusions by Process Behavior Monitoring
R. Sekar, Thomas Bowen and Mark Segal
USENIX Intrusion Detection Workshop () April, 1999.
[34]  A Specification-Based Approach for Building Survivable Systems
R. Sekar, Yong Cai and Mark Segal
National Information Systems Security Conference (NISSC) October, 1998.
[35]  Model-Based Vulnerability Analysis of Computer Systems
C.R. Ramakrishnan and R. Sekar
Verification, Model Checking, and Abstract Interpretation (VMCAI) September, 1998.
Overview

Research Areas

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations

Research Problems

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools

Local Search


Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.