Process Query Systems -- Publications

• Glenn Nofsinger
  "Tracking Based Plume Detection." PDF
  Draft for PhD Thesis Proposal at Dartmouth College, April 5, 2006
  
  
• Vincent Berk and George Cybenko
  File Sharing Protocols: A Tutorial on Gnutella PS PDF
  Inventorisation of file sharing protocols, in-depth description of the Gnutella architecture.
  
  
• George Bakos and Vincent Berk
  Early Detection of Internet Worm Activity by Metering ICMP Destination Unreachable Messages PS PDF
  Proceedings of the SPIE Aerosense 2002
  The initial proof of concept of our DIB:S Active Worm tracking system. See: here
  
  
• Vincent Berk and George Bakos and Robert Morris
  Designing a Framework for Active Worm Detection on Global Networks PS PDF
  Proceedings of the IEEE International Workshop on Information Assurance, Darmstadt Germany, March 2003
  This paper describes the processing framework as well as some initial results obtained from the correlation system.
  
  
• Vincent H. Berk and Robert S. Gray and George Bakos
  Using Sensor Networks and Data Fusion for Early Detection of Active Worms PS PDF
  Proceedings of the SPIE Aerosense conference, Orlando Florida, April 2003
  Description of the TRAFEN system used for processing the Alerts generated by DIB:S. Estimates for router coverage are based on our mathematical worm model used in a network simulation environment.
  
  
• Michael Liljenstam and David M. Nicol and Vincent H. Berk and Robert S. Gray
  Simulating Realistic Network Worm Traffc for Worm Warning System Design and Testing PS PDF
  ACM Workshop on Rapid Malcode, Washington DC, Orlando Florida, Oktober 2003
  This paper discusses the use of Process Query Systems for use in detection and tracking of arbitrary events. Focus is on the easy development of tracking algorithms based on the properties of the process.
  
  
• Christopher Roblee and Vincent Berk and George Cybenko
  Implementing Self-Awareness in Large-Scale Server Farms PS PDF
  Proceedings of the 2005 IEEE International Conference on Autonomic Computing
  In this paper we present a new server monitoring method based on a new and powerful approach to dynamic data analysis: Process Query Systems (PQS). PQS enables user-space monitoring of servers and, by using advanced behavioral models, makes accurate and fast decisions regarding server and service state.
  
  
• Vincent Berk and George Cybenko and Annarita Giani
  Detection of Covert Channel Encoding in Network Packet Delays PDF
  Proceedings of the Flocon, Pittsburg Pennsylvania, September 2005
  In this paper we use traffic analysis to investigate a stealthy form of data exfiltration. We present an approach to detect covert channels based on a Process Query System (PQS), a new type of information retrieval technology in which queries are expressed as process descriptions.
  
  
• Vincent Berk, Annarita Giani, George Cybenko, Ian Gregorio-DeSouza
  Network Flow Evaluator for Security Analysis PS PDF
  Proceedings of the Flocon, Seattle Washington, October 2006
  In this paper we apply the Process Query System (PQS) infrastructure to build a complex network flow analyzer capable of attribution and aggregation of different flows into single activity events for the purpose of identifying illegitimate "activities".



• Vincent H. Berk, Wayne W. Chung, Valentino Crespi, George Cybenko, Robert Gray, Diego Hernando, Guofei Jiang, Han Li and YongSheng, "Process Query Systems for Surveillance and Awareness", in Proceedings of Systemics, Cybernetics and Informatics (SCI2003) , Orlando, Florida, July 2003. [pdf], [ps]



• George Cybenko, Vincent H. Berk, Valentino Crespi, Robert S. Gray and Guofei Jiang, "An Overview of Process Query Systems", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III [pdf]



• Yong Sheng, "User Interfaces for Process Modeling and Detection Systems", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004. [pdf], [ps]



• Glenn T. Nofsinger and Keston W. Smith, "Plume Source Detection Using a Process Query System", in Proceedings of the SPIE Vol. 5416 Chemical and Biological Sensing V Orlando, Florida, April 2004. [pdf]



• Annarita Giani, "Efficiency and Accuracy Trade-Offs in Process Detection", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004. [pdf]



• Guofei Jiang, "Weak process models for robust process detection", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004. [pdf]



• Guofei Jiang, George Cybenko "Temporal and Spatial Distributed Event Correlation for Network Security", in Proceedings of the IEEE, 2004 IEEE American Control Conference, Boston, MA June 30-July 2, 2004. [pdf]



• Diego Hernando, Valentino Crespi, "Sampling theory for process detection with applications to surveillance and tracking", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004. [pdf], [ps]



• Han Li, Guofei Jiang, "Semantic message oriented middleware for publish/subscribe networks", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004. [pdf]



• Robert S. Gray, "Rapid detection of worms using ICMP-T3 analysis", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004.



• Valentino Crespi, Wayne Chung, and Alex B. Jordan, "Decentralized Sensing and Tracking for UAV Scheduling", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004. [pdf]



• George Cybenko, Vincent Berk, and Christopher Roblee, "Large-Scale Autonomic Server Monitoring Using Process Query Systems", in Proceedings of the SPIE Vol. xxxx, Defense and Security Symposium, Orlando, Florida, March/April 2005. [pdf]



• Vincent Berk and Naomi Fox, "Process Query Systems for Network Security Monitoring", in Proceedings of the SPIE Vol. xxxx, Defense and Security Symposium, Orlando, Florida, March/April 2005. [pdf], [ps]



• Vincent Berk, Annarita Giani, George Cybenko "Covert Channel detection using Process Query Systems", in Proceedings of FLOCON - CERT, 2nd Annual Workshop on Flow Analysis, Pittsburgh, PA, 20-22 September 2005. Paper: [pdf], Presentation: [pdf]



• Glenn Nofsinger and George Cybenko ""Distributed Chemical Plume Process Detection", IEEE MILCOM 2005. [pdf]



• Paul Thompson "Weak Models for Insider Threat Detection", in Proceedings of the SPIE Vol. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III Orlando, Florida, April 2004. [pdf]



• Glenn Nofsinger and George V. Cybenko "Airborne Plume Tracking With Sensor Networks", in Proceedings of the SPIE Vol. 6201, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV Orlando, Florida, April 2006. [pdf]



• Wayne Chung, Robert Cavell, Jan-Peter Schütt, and George V. Cybenko "Identifying and Tracking Dynamic Processes in Social Networks", in Proceedings of the SPIE Vol. 6201, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV Orlando, Florida, April 2006. [pdf]



• Annarita Giani, Vincent H. Berk, and George V. Cybenko "Data Exfiltration and Covert Channels", in Proceedings of the SPIE Vol. 6201, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV Orlando, Florida, April 2006. [pdf]



• Alex Barsamian, Vincent H. Berk, and George V. Cybenko "Targer tracking and localization using infrared video imagery", in Proceedings of the SPIE Vol. 6231, Unattended Ground, Sea, and Air Sensor Technologies and Applications VIII Orlando, Florida, April 2006. [pdf]



• Ian Gregorio-de Souza, Vincent H. Berk, Annarita Giani, George Bakos, Marion Bates, and George V. Cybenko "Detection of Complex Cyber Attacks", in Proceedings of the SPIE Vol. 6201, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV Orlando, Florida, April 2006. [pdf], [ps]



• George Cybenko, Valentino Crespi, and Guofei Jiang "What is Trackable?", in Proceedings of the SPIE Vol. 6201, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV Orlando, Florida, April 2006. [pdf]



• George Cybenko and Vincent Berk "Process Detection in Defense and Homeland Security", in Proceedings of the SPIE Vol. 6201, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV Orlando, Florida, April 2006. [pdf]



• Diego Hernando, Valentino Crespi, and George Cybenko "Efficient Computation of the Hidden Markov Model Entropy for a Given Observation Sequence", in IEEE Transactions on Information Theory Vol. 51, No. 7, July 2005. [pdf]



• Valentino Crespi, George Cybenko, Guofei Jiang "The Theory of Trackability with Applications to Sensor Networks", submitted to ACM Transactions on Sensor Networks, July 2006. [pdf]