-
1
Anomaly detection using pattern-of-life visual metaphors
Published 2019“…Similar to other anomaly-detection techniques, false positives do exist in our general approach as well. …”
Journal article -
2
Modeling Advanced Persistent Threats to enhance anomaly detection techniques
Published 2018“…We find that attributes from the Command and Control phase of these attacks provide unique features that can be used by any anomaly detection systems. We further validate how expressive our abstract models are by formalizing a fifth APT and examining the behavior that was not captured.…”
Journal article -
3
A state machine system for insider threat detection
Published 2019“…Research has focused on providing rule-based detection systems or anomaly detection tools which use features indicative of malicious insider activity. …”
Conference item -
4
A Tripwire Grammar for Insider Threat Detection
Published 2016“…We then orchestrate these tripwires in conjunction with an anomaly detection system and present an approach to formalising tripwires of both categories. …”
Conference item -
5
Reflecting on the use of sonification for network monitoring
Published 2016“…In Security Operations Centres (SOCs), computer networks are generally monitored using a combination of anomaly detection techniques, Intrusion Detection Systems (IDS) and data presented in visual and text-based forms. …”
Conference item -
6
Insider-threat detection: Lessons from deploying the CITD tool in three multinational organisations
Published 2022“…In order to fill this gap, we collaborated with three multinational commercial organisations who trialled our anomaly detection system, and worked with us to understand performance constraints for insider threat detection deployment and innate weaknesses in their operational contexts. …”
Journal article -
7
A formalised approach to designing sonification systems for network-security monitoring
Published 2017“…Security analysts working in SOCs generally monitor networks using a combination of anomaly-detection techniques, Intrusion Detection Systems and data presented in visual and text-based forms. …”
Journal article -
8
Formalising policies for insider-threat detection: A tripwire grammar
Published 2017“…We then orchestrate these tripwires in conjunction with an anomaly detection system. We present a review of the security policies organisation apply and a grammar to describe tripwires. …”
Journal article -
9
Data presentation in security operations centres: exploring the potential for sonification to enhance existing practice
Published 2020“…Participants saw potential value in using sonification systems to aid in anomaly detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC. …”
Journal article -
10
Sonification for network-security monitoring
Published 2018“…Sonification has been shown to have advantages for presenting data to humans in other fields, such as medicine and astronomy, for monitoring data and for anomaly detection. In theory, some of the known properties of sonification make it a promising data-presentation approach for SOCs. …”
Thesis