Differences between revisions 4 and 5
Revision 4 as of 2010-03-04 17:00:23
Size: 1455
Editor: KonradRieck
Comment:
Revision 5 as of 2010-03-04 17:28:55
Size: 3639
Editor: KonradRieck
Comment:
Deletions are marked like this. Additions are marked like this.
Line 25: Line 25:
 * '''Detection of Web-based Attacks'''
Line 26: Line 27:
   * Anomaly Detection of Web-based Attacks. Kruegel, Vigna. ''Proceedings of CCS'' 2003

   * Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic. Song, Keromytis, Stolfo. ''Proceedings of NDSS'' 2009

----

 * '''Network Intrusion Detection'''

   * Detecting Unknown Network Attacks Using Language Models. Rieck, Laskov. ''Proceedings of DIMVA'' 2006

   * McPAD: A Multiple Classifier System for Accurate Payload-Based Anomaly Detection. Perdisci, Ariu, Fogla, Giacinto, Lee. ''Computer Networks'' 2009

----

 * '''Analysis of Malicious Program Behavior'''

   * Scalable, Behavior-Based Malware Clustering. Bayer, Comparetti, Hlauscheck, Kruegel, Krida. ''Proceedings of NDSS'' 2009

   * Learning and Classification of Malware Behavior. Rieck, Holz, Willems, Düssel, Laskov. ''Proceedings of DIMVA'' 2008

----
 
 * '''Analysis of Malicious Executables'''

   * Learning to Detect and Classify Malicious Executables in the Wild. Kolter and Maloof. ''Journal of Machine Learning Research'' 2006.

   * McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. Perdisci, Lanzi, Lee. ''Proceeding of ACSAC'' 2008
  
----

 * '''Mimicry Attacks'''

   * Polymorphic Blending Attacks. Fogla, Sharif, Perdisci, Kolesnikov, Lee. ''Proceedings of USENIX SS'' 2006

   * English Shellcode. Mason, Small, Monrose, Macmanus. ''Proceedings of CCS'' 2009

----

 * '''Automatic Signature Generation'''

   * Polygraph: Automatically Generating Signatures for Polymorphic Worms. Newsome, Karp, Song. ''Proceedings of IEEE S&P'' 2005

   * Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience. Li, Sanghi, Chen, Kao, Chavez. ''Proceedings of IEEE S&P'' 2006

----

 * '''Attacks against Signature Generation'''

   * Limits of Learning-based Signature Generation with Adversaries. Blum, Song. ''Proceedings of NDSS'' 2008

   * Misleading Worm Signature Generators Using Deliberate Noise Injection. Perdicsi, Dagon, Lee, Fogla, Sharif. ''Proceedings of IEEE S&P'' 2006

Seminar: Machinelles Lernen in der IT-Sicherheit

Termine und Dozenten

Termin

Vorbesprechung und Themenvergabe am X.X.2010 um 14:00 Uhr im Raum FR 6046

Blockseminar am X.X.2010 von 10:00 bis 16:00 Uhr im Raum FR 6046

Verantwortlich

Prof. Dr. Klaus-Robert Müller

Ansprechpartner

Dr. Konrad Rieck

Inhalt

In diesem Seminar beschäftigen wir uns mit Anwendungen des maschinellen Lernens in der IT-Sicherheit.

Ablauf

  • Die Vorbesprechung findet am X.X.2010 statt.
  • Die Teilnehmer wählen bis spätestens X.X.2010 ein Thema in Absprache mit dem Betreuer (siehe Themenliste).
  • Die Teilnehmer legen bis spätestens X.X.2010 einen Entwurf des Vortrages vor und besprechen diesen mit dem Betreuer.
  • Das Seminar findet als Blockveranstaltung am X.X.2.2010 statt.

Themen

Die Vorträge sollen jeweils 35 Minuten (+ 10 Minuten Diskussion) dauern.

  • Detection of Web-based Attacks

    • Anomaly Detection of Web-based Attacks. Kruegel, Vigna. Proceedings of CCS 2003

    • Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic. Song, Keromytis, Stolfo. Proceedings of NDSS 2009

  • Network Intrusion Detection

    • Detecting Unknown Network Attacks Using Language Models. Rieck, Laskov. Proceedings of DIMVA 2006

    • McPAD: A Multiple Classifier System for Accurate Payload-Based Anomaly Detection. Perdisci, Ariu, Fogla, Giacinto, Lee. Computer Networks 2009

  • Analysis of Malicious Program Behavior

    • Scalable, Behavior-Based Malware Clustering. Bayer, Comparetti, Hlauscheck, Kruegel, Krida. Proceedings of NDSS 2009

    • Learning and Classification of Malware Behavior. Rieck, Holz, Willems, Düssel, Laskov. Proceedings of DIMVA 2008

  • Analysis of Malicious Executables

    • Learning to Detect and Classify Malicious Executables in the Wild. Kolter and Maloof. Journal of Machine Learning Research 2006.

    • McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. Perdisci, Lanzi, Lee. Proceeding of ACSAC 2008

  • Mimicry Attacks

    • Polymorphic Blending Attacks. Fogla, Sharif, Perdisci, Kolesnikov, Lee. Proceedings of USENIX SS 2006

    • English Shellcode. Mason, Small, Monrose, Macmanus. Proceedings of CCS 2009

  • Automatic Signature Generation

    • Polygraph: Automatically Generating Signatures for Polymorphic Worms. Newsome, Karp, Song. Proceedings of IEEE S&P 2005

    • Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience. Li, Sanghi, Chen, Kao, Chavez. Proceedings of IEEE S&P 2006

  • Attacks against Signature Generation

    • Limits of Learning-based Signature Generation with Adversaries. Blum, Song. Proceedings of NDSS 2008

    • Misleading Worm Signature Generators Using Deliberate Noise Injection. Perdicsi, Dagon, Lee, Fogla, Sharif. Proceedings of IEEE S&P 2006

Leistungsnachweis, Anrechenbarkeit, Voraussetzungen

Die Note wird anhand des Vortrages und der Folien festgelegt. Das Seminar ist Wahlpflichtbestandteil der Master-Module "Maschinelles Lernen 1" und "Maschinelles Lernen 2". Bachelor-Studenten können diese Master-Module auf Antrag ebenfalls belegen. Wir empfehlen den vorherigen Besuch der Vorlesung "Maschinelles Lernen 1".

IDA Wiki: Main/SS10_SeminarMLSec (last edited 2010-06-28 07:06:20 by KonradRieck)