Anil Somayaji's Publications

Refereed Conference Publications

N. Mansourzadeh, A. Somayaji. "Towards Foundational Security Metrics." 2024 New Security Paradigms Workshop (NSPW), Bedford, PA (2020). [PDF]

N. Mansourzadeh, A. Somayaji, J. Jaskolka, "A Fragility Metric for Software Diversity." 19th Annual Symposium on Information Assurance (ASIA'24), Albany, NY (2024). [PDF]

W. Findlay, A. Somayaji, D. Barrera. "bpfbox: Simple Precise Process Confinement with eBPF." 2020 {ACM} SIGSAC Conference on Cloud Computing Security Workshop (CCSW), Virtual Conference (2020). [PDF]

N. Dabbour, A. Somayaji. "Towards In-Band Non-Cryptographic Authentication." 2020 New Security Paradigms Workshop (NSPW), Virtual Conference (2020). [PDF]

M. Burgess, A. Somayaji. "After the BlockCloud Apocalypse." 2018 New Security Paradigms Workshop (NSPW), Windsor, UK (2018). [PDF]

B. Obada-Obieh, A. Somayaji. "Can I believe you?: Establishing Trust in Computer Mediated Introductions." 2017 New Security Paradigms Workshop (NSPW), Santa Cruz, CA USA (2017). [PDF]

B. Obada-Obieh, S. Chiasson, A. Somayaji. "“Don’t Break My Heart!”: User Security Strategies for Online Dating." Workshop on Usable Security (USEC), San Diego, CA USA (2017). [PDF]

F.L. Lévesque, J.M. Fernandez, A. Somayaji, D. Batchelder, "National-level risk assessment: A multi-country study of malware infections." 15th Annual Workshop on the Economics of Information Security (WEIS), Berkeley, CA USA (2016). [PDF]

F.L. Lévesque, A. Somayaji, D. Batchelder, J.M. Fernandez, "Measuring the health of antivirus ecosystems." Malicious and Unwanted Software (MALWARE), Puerto Rico, USA (2015). [PDF]

F.L. Lévesque, JM Fernandez, A Somayaji, "Risk prediction of malware victimization based on user behavior." Workshop on Anti-Malware Testing Research (WaTER), Puerto Rico, USA (2014). [PDF]

T Moni, S Salahudeen, A Somayaji, "The Malware Author Testing Challenge." Workshop on Anti-Malware Testing Research (WaTER), Cantebury, UK (2014). [PDF]

M. Bingham, A. Skillen, A. Somayaji, "Even Hackers Deserve Usability: An Expert Evaluation of Penetration Testing Tools." 9th Annual Symposium on Information Assurance (ASIA'14), Albany, NY (2014) [PDF]

J. Aycock, A. Somayaji, J. Sullins, "The Ethics of Coexistence: Can I Learn to Stop Worrying and Love the Logic Bomb?" IEEE International Symposium on Ethics in Science, Technology and Engineering, Chicago, USA (2014). [PDF]

F.L. Lévesque, J. Nsiempba, J.M. Fernandez, S. Chiasson, A. Somayaji, "A clinical study of risk factors related to malware infections." ACM Computer and Communications Security (CCS'13), Berlin, Germany (2013). [PDF]

A. Somayaji, D. Mould, C. Brown, "Towards narrative authentication: or, against boring authentication." 2013 New Security Paradigms Workshop (NSPW), Banff, AB (2013). [PDF]

G. Booth, A. Soknacki, A. Somayaji, "Cloud Security: Attacks and Current Defenses." 8th Annual Symposium on Information Assurance (ASIA'13), Albany, NY (2013). [PDF]

S. Neti, A. Somayaji, M.E. Locasto, "Software diversity: Security, Entropy, and Game Theory." 7th USENIX Workshop on Hot Topics in Security (HotSec'12), Bellevue, WA (2012). [PDF]

F.L. Lévesque, C.R. Davis, J.M. Fernandez, S. Chiasson, A. Somayaji, "Methodology for a Field Study of Anti-Malware Software." Workshop on Usable Security (USEC'12), Bonaire (2012). [PDF]

P. Raman, H.G. Kayacik, A. Somayaji, "Understanding Data Leak Prevention." 6th Annual Symposium on Information Assurance (ASIA'11), Albany, NY (2011). [PDF]

J. Calvet, C.R. Davis, J.M. Fernandez, J.-Y. Marion, P.-L. St-Onge, W. Guizani, P.-M. Bureau, A. Somayaji, "The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet." Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10), Austin, TX (2010). [PDF]

D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji, "A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android." ACM Computer and Communications Security (CCS'10), Chicago, Illinois (2010). [PDF]

T. Oda, A. Somayaji, "Visual Security Policy for the Web." USENIX Workshop on Hot Topics in Security (HotSec '10), Washington, DC (2010). [PDF]

B. Foster, A. Somayaji, "Object-Level Recombination of Commodity Applications." Genetic and Evolutionary Computation Conference (GECCO), Portland, OR (2010). [PDF]

A. Cowperthwaite, A. Somayaji, "The Futility of DNSSec." 5th Annual Symposium on Information Assurance (ASIA'10), Albany, NY (2010). [PDF]

T. Oda, A. Somayaji, "No Web Site Left Behind: Are We Making Web Security Only for the Elite?" Web 2.0 Security and Privacy (W2SP), Berkeley, CA (2010). [PDF]

A Somayaji, Y. Li, H. Inoue, J.M. Fernandez, R. Ford, "Evaluating Security Products with Clinical Trials." 2nd Workshop on Cyber Security Experimentation and Test (CSET '09) Montreal, QC (2009). [PDF]

C. Brown, A. Cowperthwaite, A. Hijazi, and A. Somayaji, "Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT." IEEE Symposium: Computational Intelligence for Security and Defence Applications (CISDA), Ottawa, ON (2009). [PDF]

T. Oda, G. Wurster, P.C. van Oorschot, A. Somayaji, "SOMA: Mutual Approval for Included Content in Web Pages." ACM Computer and Communications Security (CCS'08), Alexandria, VA. Oct. 2008. [PDF]

T. Oda, A. Somayaji, T. White, "Content Provider Conflict on the Modern Web." 3rd Annual Symposium on Information Assurance (ASIA'08), Albany, NY. June 2008. [PDF]

A. Hijazi, H. Inoue, A. Matrawy, P.C. van Oorschot, A. Somayaji, "Discovering Packet Structure through Lightweight Hierarchical Clustering." IEEE International Conference on Communications (ICC'08), Beijing, China. May 2008. [PDF]

H. Inoue, D. Jansens, A. Hijazi, and A. Somayaji, "NetADHICT: A Tool for Understanding Network Traffic." Proceedings of the 21st Large Installation Systems Administration Conference (LISA 2007), The USENIX Association, Berkeley, CA, pp. 39-47 (2007).[PDF]

K. L. Ingham and A. Somayaji, "A Methodology for Designing Accurate Anomaly Detection Systems." IFIP/ACM Latin American Networking Conference (LANC 2007), San Jose, Costa Rica. October 2007. [PDF]

H. Inoue and A. Somayaji, "Lookahead Pairs and Full Sequences: A Tale of Two Anomaly Detection Methods." 2nd Annual Symposium on Information Assurance (academic track of the 10th NYS Cyber Security Conference), Albany, NY. June 2007. Best Paper Award. [PDF]

Y. Li and A. Somayaji, "Securing Email Archives through User Modeling." Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC'05), IEEE Computer Society, pp. 547-556 (2005). [PDF]

E. Hughes and A. Somayaji, "Towards Network Awareness." Proceedings of the 19th Large Installation System Administration Conference (LISA'05), The USENIX Association, Berkeley, CA, pp. 113-124 (2005). [PDF]

J. Thorpe, P. C. van Oorschot, and A. Somayaji, "Pass-thoughts: Authenticating With Our Minds." Proceedings of the 2005 Workshop on New Security, The Association for Computing Machinery, New York, NY (2006). [PDF]

A. Matrawy, P. C. van Oorschot, and A. Somayaji, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." Applied Cryptography and Network Security (ACNS'05), Springer Science+Business Media, pp. 104-121 (2005). [PDF]

G. Wurster, P. van Oorschot, and A. Somayaji, "A generic attack on checksumming-based software tamper resistance." Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA, pp. 127-138 (2005). [PDF]

A. Somayaji and S. Forrest, "Automated Response Using System-Call Delays." Proceedings of the 9th USENIX Security Symposium, The USENIX Association, Berkeley, CA (2000). [PS] [PDF]

A. Somayaji, S. Hofmeyr, and S. Forrest, "Principles of a Computer Immune System." Proceedings of the 1997 Workshop on New Security, The Association for Computing Machinery, New York, NY, pp. 75-82 (1997). [PS] [PDF]

S. Forrest, A. Somayaji, and D. H. Ackley, "Building diverse computer systems." In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, IEEE Computer Society Press, Los Alamitos, CA, pp. 67-72 (1997).  [PS] [PDF]

S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for Unix processes." Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA, pp. 120-128 (1996). [PS] [PDF]

P. M. Todd, S. W. Wilson, A. B. Somayaji, and H. A. Yanco, "The blind breeding the blind: adaptive behavior without looking." In D. Cliff, P. Husbands, J.-A. Meyer, S. W. Wilson (Eds.) From Animals to Animats 3: Proceedings of the Third International Conference on Simulation of Adaptive Behavior, MIT Press, Cambridge, MA, pp. 228-237 (1994). [PS] [PDF]

Refereed Journal Publications

F.L. Lévesque, S. Chiasson, A. Somayaji, J.M. Fernandez. "Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach." ACM Transactions on Privacy and Security (TOPS), Vol. 21, Issue 4, Article No. 18 (2018). [PDF]

S. Sharma, A. Somayaji, N. Japkowicz. "Learning over subconcepts: Strategies for 1-class classification." Computational Intelligence, Vol.~34, Issue 2, pp. 440--467 (2018). [PDF]

Y. Li, A. Somayaji, C. Gates. "Fine-grained Access Control using Email Social Networks." CA Technology Exchange (CATX), Vol.~4, Issue~1, pp.~29--41 (2013). [PDF]

K.L. Ingham, A. Somayaji, J. Burge, and Stephanie Forrest, "Learning DFA representations of HTTP for protecting web applications." Computer Networks, Vol. 51, No. 5, pp. 1239-1255 (2007). [HTML & PDF]

P. van Oorschot, A. Somayaji, and G. Wurster, "Hardware-assisted circumvention of self-hashing software tamper resistance." IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp. 82-92 (2005). [PDF]

S. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls."  Journal of Computer Security, Vol. 6, No. 3, pp. 151-180 (1998). [PS] [PDF]

S. Forrest, S. Hofmeyr, and A. Somayaji, "Computer immunology" Communications of the ACM, Vol. 40, No. 10, pp. 88-96 (1997). [ACM]

Invited Publications

B. Persaud, B. Obada-Obieh, N. Mansourzadeh, A. Moni, A. Somayaji. "FrankenSSL: Recombining Cryptographic Libraries for Software Diversity." 11th Annual Symposium on Information Assurance (ASIA'16), Albany, NY (2016). [PDF]

A. Fry, S. Chiasson, A. Somayaji, "Not Sealed But Delivered: The (Un)Usability of S/MIME Today." 7th Annual Symposium on Information Assurance (ASIA'12), Albany, NY (2012). [PDF]

S. Forrest, S. Hofmeyr, and A. Somayaji, "The Evolution of System-call Monitoring." Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC 24), Anaheim, CA (2008). [PDF]

A. Somayaji, Michael Locasto, Jan Feyereisl, "Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?" Proceedings of the 2007 Workshop on New Security, The Association for Computing Machinery, New York, NY (2008). [PDF]

A. Somayaji, "Immunology, Diversity, and Homeostasis: The Past and Future of Biologically-Inspired Computer Defenses." Information Security Technical Report (ISTR), Vol. 12, No. 4, pp. 228-234 (2007). [PDF]

Anil Somayaji, "How to Win and Evolutionary Arms Race." IEEE Security and Privacy, Vol. 2, No. 6, pp. 70-72 (November-December 2004). [PDF] [copyright notice]

Technical Reports

W. Findlay, D. Barrera, and A. Somayaji, "Bpfcontain: Fixing the soft underbelly of container security." arXiv preprint arXiv:2102.06972 (2021). [PDF]

W. A. Amai, E. A. Walther, and A. Somayaji, "An Immunological Basis for High-Reliability Systems Control." Sandia National Laboratories (SNL), Albuquerque, NM (2005). [PDF]

Dissertation

Anil B. Somayaji,  Operating System Stability and Security through Process Homeostasis.  Ph.D. thesis, University of New Mexico, July 2002.  [1-sided PDF] [2-sided PDF]

Student Theses

Mohamed Alsharnouby,  Thread homeostasis - Real-Time Anomalous Behavior Detection Using Short Sequences of Messages for Safety-Critical Software.  MCS thesis, Carleton University, September 2019. [PDF]

Michael Bingham,  Towards Effective Behavioural Biometrics for Mobile Devices.   MCS thesis, Carleton University, May 2016.  [PDF]

Carson Brown,  A Meta-Scheme for Authentication Using Text Adventures.  MCS thesis, Carleton University, December 2010.  [PDF]

Alex Cowperthwaite,  Trust Models for Remote Hosts.  MCS thesis, Carleton University, September 2011.  [PDF]

Nour Dabbour,  Do I know you? Evaluating Human-to-Human Authentication via Conversational Interfaces.   MAsc (HCI) thesis, Carleton University, May 2019.  [PDF]

William Findlay,   A Practical, Lightweight, and Flexible Confinement Framework in eBPF.   MCS thesis, Carleton University, August 2021.  [PDF]

Blair Foster,  Object File Program Recombination of Existing Software Programs Using Genetic Algorithms.  MCS thesis, Carleton University, February 2011.  [PDF]

Anis Ghazvinian,  Understanding User Trust Processes in Internet Applications.  MASc (HCI) thesis, Carleton University, January 2020.  [PDF]

Abdulrahman Hijazi,  Network Traffic Characterization Using (p,n)-grams Packet Representation.   Ph.D. thesis, Carleton University, January 2014.  [PDF]

Evan Hughes,  Parsing Streaming Network Protocols.  MCS thesis, Carleton University, September 2006.  [PDF]

Yiru Li,  Toward Email Archive Intrusion Detection.  MCS thesis, Carleton University, December 2005.  [PDF]

Nilofar Mansourzadeh,  Knowledge Reuse as a Foundation for Security Metrics. &nbps;PhD thesis, Carleton University, May 2024.  [PDF]

Saran Neti,  Towards a Theory of Software Diversity for Security.  MCS thesis, Carleton University, September 2012.  [PDF]

Borke Obada-Obieh,  The Issue of Trust in Computer Mediated Introductions (CMI).   MCS thesis, Carleton University, September 2017.  [PDF]

Terri Oda,  Simple Security Policy for the Web.   Ph.D. thesis, Carleton University, December 2011.  [PDF]

Preeti Raman,  JaSPIn: JavaScript based Anomaly Detection of Cross-site scripting attacks.   MCS thesis, Carleton University, September 2008.  [PDF]

Emma Sewell,  Hy2: A Hybrid Vulnerability Analysis Method.  MCS thesis, Carleton University, August 2023.  [PDF]

Vidhi Kirit Shah,  User Acceptance of Online Tracking If ‘Forgetting’ Was An Option.   MCS thesis, Carleton University, January 2020.  [PDF]

Shiven Sharma,  Learning the sub-conceptual layer: A Framework for One-Class Classification.   Ph.D. thesis, University of Ottawa, 2016.   [PDF]

John Shortt,  A System for Bounding the Execution Cost of WebAssembly Functions.   MCS thesis, Carleton University, January 2023.  [PDF]



soma at scs.carleton.ca
[Home] Last modified: December 2, 2024