-
1
Anomaly detection using pattern-of-life visual metaphors
Published 2019“…Similar to other anomaly-detection techniques, false positives do exist in our general approach as well. …”
Journal article -
2
A state machine system for insider threat detection
Published 2019“…Research has focused on providing rule-based detection systems or anomaly detection tools which use features indicative of malicious insider activity. …”
Conference item -
3
A Tripwire Grammar for Insider Threat Detection
Published 2016“…We then orchestrate these tripwires in conjunction with an anomaly detection system and present an approach to formalising tripwires of both categories. …”
Conference item -
4
Reflecting on the use of sonification for network monitoring
Published 2016“…In Security Operations Centres (SOCs), computer networks are generally monitored using a combination of anomaly detection techniques, Intrusion Detection Systems (IDS) and data presented in visual and text-based forms. …”
Conference item -
5
Insider-threat detection: Lessons from deploying the CITD tool in three multinational organisations
Published 2022“…In order to fill this gap, we collaborated with three multinational commercial organisations who trialled our anomaly detection system, and worked with us to understand performance constraints for insider threat detection deployment and innate weaknesses in their operational contexts. …”
Journal article -
6
A formalised approach to designing sonification systems for network-security monitoring
Published 2017“…Security analysts working in SOCs generally monitor networks using a combination of anomaly-detection techniques, Intrusion Detection Systems and data presented in visual and text-based forms. …”
Journal article -
7
Formalising policies for insider-threat detection: A tripwire grammar
Published 2017“…We then orchestrate these tripwires in conjunction with an anomaly detection system. We present a review of the security policies organisation apply and a grammar to describe tripwires. …”
Journal article -
8
Data presentation in security operations centres: exploring the potential for sonification to enhance existing practice
Published 2020“…Participants saw potential value in using sonification systems to aid in anomaly detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC. …”
Journal article