no code implementations • 7 Jan 2022 • Pablo Moriano, Robert A. Bridges, Michael D. Iannacone
Specifically, we demonstrate that masquerade attacks can be detected by computing time series clustering similarity using hierarchical clustering on the vehicle's CAN signals (time series) and comparing the clustering similarity across CAN captures with and without attacks.
no code implementations • 14 Jan 2021 • Deborah H. Blevins, Pablo Moriano, Robert A. Bridges, Miki E. Verma, Michael D. Iannacone, Samuel C Hollifield
Modern vehicles are complex cyber-physical systems made of hundreds of electronic control units (ECUs) that communicate over controller area networks (CANs).
no code implementations • 29 Dec 2020 • Miki E. Verma, Robert A. Bridges, Michael D. Iannacone, Samuel C. Hollifield, Pablo Moriano, Steven C. Hespeler, Bill Kay, Frank L. Combs
Current public CAN IDS datasets are limited to real fabrication (simple message injection) attacks and simulated attacks often in synthetic data, which lack fidelity.
1 code implementation • 16 Dec 2020 • Robert A. Bridges, Sean Oesch, Miki E. Verma, Michael D. Iannacone, Kelly M. T. Huffer, Brian Jewell, Jeff A. Nichols, Brian Weber, Justin M. Beaver, Jared M. Smith, Daniel Scofield, Craig Miles, Thomas Plummer, Mark Daniell, Anne M. Tall
In this paper, we present a scientific evaluation of four prominent malware detection tools to assist an organization with two primary questions: To what extent do ML-based tools accurately classify previously- and never-before-seen files?
no code implementations • 2 Feb 2016 • Christopher R. Harshaw, Robert A. Bridges, Michael D. Iannacone, Joel W. Reed, John R. Goodall
This paper introduces a novel graph-analytic approach for detecting anomalies in network flow data called GraphPrints.
3 code implementations • 22 Aug 2013 • Robert A. Bridges, Corinne L. Jones, Michael D. Iannacone, Kelly M. Testa, John R. Goodall
Timely analysis of cyber-security information necessitates automated information extraction from unstructured text.
no code implementations • 21 Aug 2013 • Nikki McNeil, Robert A. Bridges, Michael D. Iannacone, Bogdan Czejdo, Nicolas Perez, John R. Goodall
Public disclosure of important security information, such as knowledge of vulnerabilities or exploits, often occurs in blogs, tweets, mailing lists, and other online sources months before proper classification into structured databases.