N. Mansourzadeh, A. Somayaji, J. Jaskolka, "A Fragility Metric for Software Diversity." 19th Annual Symposium on Information Assurance (ASIA'24), Albany, NY (2024). [PDF]
W. Findlay, A. Somayaji, D. Barrera. "bpfbox: Simple Precise Process Confinement with eBPF." 2020 {ACM} SIGSAC Conference on Cloud Computing Security Workshop (CCSW), Virtual Conference (2020). [PDF]
N. Dabbour, A. Somayaji. "Towards In-Band Non-Cryptographic Authentication." 2020 New Security Paradigms Workshop (NSPW), Virtual Conference (2020). [PDF]
M. Burgess, A. Somayaji. "After the BlockCloud Apocalypse." 2018 New Security Paradigms Workshop (NSPW), Windsor, UK (2018). [PDF]
B. Obada-Obieh, A. Somayaji. "Can I believe you?: Establishing Trust in Computer Mediated Introductions." 2017 New Security Paradigms Workshop (NSPW), Santa Cruz, CA USA (2017). [PDF]
B. Obada-Obieh, S. Chiasson, A. Somayaji. "“Don’t Break My Heart!”: User Security Strategies for Online Dating." Workshop on Usable Security (USEC), San Diego, CA USA (2017). [PDF]
F.L. Lévesque, J.M. Fernandez, A. Somayaji, D. Batchelder, "National-level risk assessment: A multi-country study of malware infections." 15th Annual Workshop on the Economics of Information Security (WEIS), Berkeley, CA USA (2016). [PDF]
F.L. Lévesque, A. Somayaji, D. Batchelder, J.M. Fernandez, "Measuring the health of antivirus ecosystems." Malicious and Unwanted Software (MALWARE), Puerto Rico, USA (2015). [PDF]
F.L. Lévesque, JM Fernandez, A Somayaji, "Risk prediction of malware victimization based on user behavior." Workshop on Anti-Malware Testing Research (WaTER), Puerto Rico, USA (2014). [PDF]
T Moni, S Salahudeen, A Somayaji, "The Malware Author Testing Challenge." Workshop on Anti-Malware Testing Research (WaTER), Cantebury, UK (2014). [PDF]
M. Bingham, A. Skillen, A. Somayaji, "Even Hackers Deserve Usability: An Expert Evaluation of Penetration Testing Tools." 9th Annual Symposium on Information Assurance (ASIA'14), Albany, NY (2014) [PDF]
J. Aycock, A. Somayaji, J. Sullins, "The Ethics of Coexistence: Can I Learn to Stop Worrying and Love the Logic Bomb?" IEEE International Symposium on Ethics in Science, Technology and Engineering, Chicago, USA (2014). [PDF]
F.L. Lévesque, J. Nsiempba, J.M. Fernandez, S. Chiasson, A. Somayaji, "A clinical study of risk factors related to malware infections." ACM Computer and Communications Security (CCS'13), Berlin, Germany (2013). [PDF]
A. Somayaji, D. Mould, C. Brown, "Towards narrative authentication: or, against boring authentication." 2013 New Security Paradigms Workshop (NSPW), Banff, AB (2013). [PDF]
G. Booth, A. Soknacki, A. Somayaji, "Cloud Security: Attacks and Current Defenses." 8th Annual Symposium on Information Assurance (ASIA'13), Albany, NY (2013). [PDF]
S. Neti, A. Somayaji, M.E. Locasto, "Software diversity: Security, Entropy, and Game Theory." 7th USENIX Workshop on Hot Topics in Security (HotSec'12), Bellevue, WA (2012). [PDF]
F.L. Lévesque, C.R. Davis, J.M. Fernandez, S. Chiasson, A. Somayaji, "Methodology for a Field Study of Anti-Malware Software." Workshop on Usable Security (USEC'12), Bonaire (2012). [PDF]
P. Raman, H.G. Kayacik, A. Somayaji, "Understanding Data Leak Prevention." 6th Annual Symposium on Information Assurance (ASIA'11), Albany, NY (2011). [PDF]
J. Calvet, C.R. Davis, J.M. Fernandez, J.-Y. Marion, P.-L. St-Onge, W. Guizani, P.-M. Bureau, A. Somayaji, "The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet." Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10), Austin, TX (2010). [PDF]
D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji, "A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android." ACM Computer and Communications Security (CCS'10), Chicago, Illinois (2010). [PDF]
T. Oda, A. Somayaji, "Visual Security Policy for the Web." USENIX Workshop on Hot Topics in Security (HotSec '10), Washington, DC (2010). [PDF]
B. Foster, A. Somayaji, "Object-Level Recombination of Commodity Applications." Genetic and Evolutionary Computation Conference (GECCO), Portland, OR (2010). [PDF]
A. Cowperthwaite, A. Somayaji, "The Futility of DNSSec." 5th Annual Symposium on Information Assurance (ASIA'10), Albany, NY (2010). [PDF]
T. Oda, A. Somayaji, "No Web Site Left Behind: Are We Making Web Security Only for the Elite?" Web 2.0 Security and Privacy (W2SP), Berkeley, CA (2010). [PDF]
A Somayaji, Y. Li, H. Inoue, J.M. Fernandez, R. Ford, "Evaluating Security Products with Clinical Trials." 2nd Workshop on Cyber Security Experimentation and Test (CSET '09) Montreal, QC (2009). [PDF]
C. Brown, A. Cowperthwaite, A. Hijazi, and A. Somayaji, "Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT." IEEE Symposium: Computational Intelligence for Security and Defence Applications (CISDA), Ottawa, ON (2009). [PDF]
T. Oda, G. Wurster, P.C. van Oorschot, A. Somayaji, "SOMA: Mutual Approval for Included Content in Web Pages." ACM Computer and Communications Security (CCS'08), Alexandria, VA. Oct. 2008. [PDF]
T. Oda, A. Somayaji, T. White, "Content Provider Conflict on the Modern Web." 3rd Annual Symposium on Information Assurance (ASIA'08), Albany, NY. June 2008. [PDF]
A. Hijazi, H. Inoue, A. Matrawy, P.C. van Oorschot, A. Somayaji, "Discovering Packet Structure through Lightweight Hierarchical Clustering." IEEE International Conference on Communications (ICC'08), Beijing, China. May 2008. [PDF]
H. Inoue, D. Jansens, A. Hijazi, and A. Somayaji, "NetADHICT: A Tool for Understanding Network Traffic." Proceedings of the 21st Large Installation Systems Administration Conference (LISA 2007), The USENIX Association, Berkeley, CA, pp. 39-47 (2007).[PDF]
K. L. Ingham and A. Somayaji, "A Methodology for Designing Accurate Anomaly Detection Systems." IFIP/ACM Latin American Networking Conference (LANC 2007), San Jose, Costa Rica. October 2007. [PDF]
H. Inoue and A. Somayaji, "Lookahead Pairs and Full Sequences: A Tale of Two Anomaly Detection Methods." 2nd Annual Symposium on Information Assurance (academic track of the 10th NYS Cyber Security Conference), Albany, NY. June 2007. Best Paper Award. [PDF]
Y. Li and A. Somayaji, "Securing Email Archives through User Modeling." Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC'05), IEEE Computer Society, pp. 547-556 (2005). [PDF]
E. Hughes and A. Somayaji, "Towards Network Awareness." Proceedings of the 19th Large Installation System Administration Conference (LISA'05), The USENIX Association, Berkeley, CA, pp. 113-124 (2005). [PDF]
J. Thorpe, P. C. van Oorschot, and A. Somayaji, "Pass-thoughts: Authenticating With Our Minds." Proceedings of the 2005 Workshop on New Security, The Association for Computing Machinery, New York, NY (2006). [PDF]
A. Matrawy, P. C. van Oorschot, and A. Somayaji, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." Applied Cryptography and Network Security (ACNS'05), Springer Science+Business Media, pp. 104-121 (2005). [PDF]
G. Wurster, P. van Oorschot, and A. Somayaji, "A generic attack on checksumming-based software tamper resistance." Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA, pp. 127-138 (2005). [PDF]
A. Somayaji and S. Forrest, "Automated Response Using System-Call Delays." Proceedings of the 9th USENIX Security Symposium, The USENIX Association, Berkeley, CA (2000). [PS] [PDF]
A. Somayaji, S. Hofmeyr, and S. Forrest, "Principles of a Computer Immune System." Proceedings of the 1997 Workshop on New Security, The Association for Computing Machinery, New York, NY, pp. 75-82 (1997). [PS] [PDF]
S. Forrest, A. Somayaji, and D. H. Ackley, "Building diverse computer systems." In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, IEEE Computer Society Press, Los Alamitos, CA, pp. 67-72 (1997). [PS] [PDF]
S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for Unix processes." Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA, pp. 120-128 (1996). [PS] [PDF]
P. M. Todd, S. W. Wilson, A. B. Somayaji, and H. A. Yanco, "The
blind breeding the blind: adaptive behavior without looking." In
D. Cliff, P. Husbands, J.-A. Meyer, S. W. Wilson (Eds.) From
Animals to Animats 3: Proceedings of the Third International
Conference on Simulation of Adaptive Behavior, MIT Press,
Cambridge, MA, pp. 228-237 (1994). [PS] [PDF]
F.L. Lévesque, S. Chiasson, A. Somayaji, J.M. Fernandez. "Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach." ACM Transactions on Privacy and Security (TOPS), Vol. 21, Issue 4, Article No. 18 (2018). [PDF]
S. Sharma, A. Somayaji, N. Japkowicz. "Learning over subconcepts: Strategies for 1-class classification." Computational Intelligence, Vol.~34, Issue 2, pp. 440--467 (2018). [PDF]
Y. Li, A. Somayaji, C. Gates. "Fine-grained Access Control using Email Social Networks." CA Technology Exchange (CATX), Vol.~4, Issue~1, pp.~29--41 (2013). [PDF]
K.L. Ingham, A. Somayaji, J. Burge, and Stephanie Forrest, "Learning DFA representations of HTTP for protecting web applications." Computer Networks, Vol. 51, No. 5, pp. 1239-1255 (2007). [HTML & PDF]
P. van Oorschot, A. Somayaji, and G. Wurster, "Hardware-assisted circumvention of self-hashing software tamper resistance." IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp. 82-92 (2005). [PDF]
S. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls." Journal of Computer Security, Vol. 6, No. 3, pp. 151-180 (1998). [PS] [PDF]
S. Forrest, S. Hofmeyr, and A. Somayaji, "Computer immunology" Communications of the ACM, Vol. 40, No. 10, pp. 88-96 (1997). [ACM]
B. Persaud, B. Obada-Obieh, N. Mansourzadeh, A. Moni, A. Somayaji. "FrankenSSL: Recombining Cryptographic Libraries for Software Diversity." 11th Annual Symposium on Information Assurance (ASIA'16), Albany, NY (2016). [PDF]
A. Fry, S. Chiasson, A. Somayaji, "Not Sealed But Delivered: The (Un)Usability of S/MIME Today." 7th Annual Symposium on Information Assurance (ASIA'12), Albany, NY (2012). [PDF]
S. Forrest, S. Hofmeyr, and A. Somayaji, "The Evolution of System-call Monitoring." Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC 24), Anaheim, CA (2008). [PDF]
A. Somayaji, Michael Locasto, Jan Feyereisl, "Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?" Proceedings of the 2007 Workshop on New Security, The Association for Computing Machinery, New York, NY (2008). [PDF]
A. Somayaji, "Immunology, Diversity, and Homeostasis: The Past and Future of Biologically-Inspired Computer Defenses." Information Security Technical Report (ISTR), Vol. 12, No. 4, pp. 228-234 (2007). [PDF]
Anil Somayaji, "How to Win and Evolutionary Arms Race." IEEE Security and Privacy, Vol. 2, No. 6, pp. 70-72 (November-December 2004). [PDF] [copyright notice]
W. Findlay, D. Barrera, and A. Somayaji, "Bpfcontain: Fixing the soft underbelly of container security." arXiv preprint arXiv:2102.06972 (2021). [PDF]
W. A. Amai, E. A. Walther, and A. Somayaji, "An Immunological Basis for High-Reliability Systems Control." Sandia National Laboratories (SNL), Albuquerque, NM (2005). [PDF]
Anil B. Somayaji, Operating System Stability and Security through Process Homeostasis. Ph.D. thesis, University of New Mexico, July 2002. [1-sided PDF] [2-sided PDF]
Mohamed Alsharnouby, Thread homeostasis - Real-Time Anomalous Behavior Detection Using Short Sequences of Messages for Safety-Critical Software. MCS thesis, Carleton University, September 2019. [PDF]
Borke Obada-Obieh, The Issue of Trust in Computer Mediated Introductions (CMI). MCS thesis, Carleton University, September 2017. [PDF]
Michael Bingham, Towards Effective Behavioural Biometrics for Mobile Devices. MCS thesis, Carleton University, May 2016. [PDF]
Carson Brown, A Meta-Scheme for Authentication Using Text Adventures. MCS thesis, Carleton University, December 2010. [PDF]
Alex Cowperthwaite, Trust Models for Remote Hosts. MCS thesis, Carleton University, September 2011. [PDF]
Nour Dabbour, Do I know you? Evaluating Human-to-Human Authentication via Conversational Interfaces. MAsc (HCI) thesis, Carleton University, May 2019. [PDF]
William Findlay, A Practical, Lightweight, and Flexible Confinement Framework in eBPF. MCS thesis, Carleton University, August 2021. [PDF]
Blair Foster, Object File Program Recombination of Existing Software Programs Using Genetic Algorithms. MCS thesis, Carleton University, February 2011. [PDF]
Anis Ghazvinian, Understanding User Trust Processes in Internet Applications. MASc (HCI) thesis, Carleton University, January 2020. [PDF]
Abdulrahman Hijazi, Network Traffic Characterization Using (p,n)-grams Packet Representation. Ph.D. thesis, Carleton University, January 2014. [PDF]
Evan Hughes, Parsing Streaming Network Protocols. MCS thesis, Carleton University, September 2006. [PDF]
Yiru Li, Toward Email Archive Intrusion Detection. MCS thesis, Carleton University, December 2005. [PDF]
Saran Neti, Towards a Theory of Software Diversity for Security. MCS thesis, Carleton University, September 2012. [PDF]
Terri Oda, Simple Security Policy for the Web. Ph.D. thesis, Carleton University, December 2011. [PDF]
Preeti Raman, JaSPIn: JavaScript based Anomaly Detection of Cross-site scripting attacks. MCS thesis, Carleton University, September 2008. [PDF]
John Shortt, A System for Bounding the Execution Cost of WebAssembly Functions. MCS thesis, Carleton University, January 2023. [PDF]
Vidhi Kirit Shah, User Acceptance of Online Tracking If ‘Forgetting’ Was An Option. MCS thesis, Carleton University, January 2020. [PDF]
Emma Sewell, Hy2: A Hybrid Vulnerability Analysis Method. MCS thesis, Carleton University, August 2023. [PDF]
Shiven Sharma, Learning the sub-conceptual layer: A Framework for One-Class Classification. Ph.D. thesis, University of Ottawa, 2016. [PDF]