An independent test of APT attack detection appliances; 2014; url: https://blog.mrg-effitas, 2014. ,
A Pearson-type goodness-of-fit test for stationary and time-continuous Markov regression models " ; Statistics in medicine 21, pp.1899-1911, 2002. ,
Capturing Android malware behaviour using system flow graph " ; Network and System Security, pp.534-541, 2014. ,
DOI : 10.1007/978-3-319-11698-3_43
A quick malware detection algorithm using a suspiciousness score of binaries, Preprint, vol.2017 ,
Using hidden Markov models to evaluate the risks of intrusions: system architecture and model validation " ; Recent Advances in Intrusion Detection, pp.145-164, 2006. ,
Beyond kappa: A review of interrater agreement measures, Canadian Journal of Statistics, vol.103, issue.1, pp.3-23, 1999. ,
DOI : 10.1093/aje/126.2.161
Red queen's race: APT win-win game " ; Cambridge International Workshop on Security Protocols ,
DOI : 10.1007/978-3-319-12400-1_8
An efficient classification model for detecting advanced persistent threat, 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp.2001-2009 ,
DOI : 10.1109/ICACCI.2015.7275911
Attack Sequence Detection in Cloud Using Hidden Markov Model " ; Information Security, Seventh Asia Joint Conference on, pp.100-103, 2012. ,
DOI : 10.1109/asiajcis.2012.24
Defending malicious attacks in cyber physical systems, Cyber-Physical Systems, Networks, and Applications (CPSNA), 2013 IEEE 1st International Conference on, pp.13-18 ,
Targeted Attack Prevention at Early Stage " ; Advanced Information Networking and Applications Workshops (WAINA), 28th International Conference on, pp.866-870, 2014. ,
DOI : 10.1109/waina.2014.134
Combining MIC feature selection and feature-based MSPCA for network traffic anomaly detection, 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC), pp.176-181, 2016. ,
DOI : 10.1109/DIPDMWC.2016.7529385
ID2T: A DIY dataset creation toolkit for Intrusion Detection Systems " ; Communications and Network Security (CNS), IEEE Conference, pp.739-740, 2015. ,
DOI : 10.1109/cns.2015.7346912
Raksha, ACM SIGARCH Computer Architecture News, vol.35, issue.2, pp.482-493, 2007. ,
DOI : 10.1145/1273440.1250722
Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data, 2012 International Conference on, pp.54-61 ,
Baum's forward-backward algorithm revisited " ; Pattern Recognition Letters 3, pp.369-373, 1985. ,
DOI : 10.1016/0167-8655(85)90023-6
TaintDroid, ACM Transactions on Computer Systems, vol.32, issue.2, p.5, 2014. ,
DOI : 10.1145/1629575.1629604
Evolving Hidden Markov Models For Network Anomaly Detection " ; Book: Artificial Intelligence & Applications: Hybrid Intelligent Systems, pp.978-607, 2009. ,
Network Anomaly Detection by Continuous Hidden Markov Models: An Evolutionary Programming Approach, Intelligent Data Analysis, vol.1, issue.1, 2015. ,
The Viterbi algorithm " ; Proceedings of the IEEE 61, pp.268-278, 1973. ,
Combating advanced persistent threats: From network event correlation to incident detection, Computers & Security, vol.48, pp.35-57, 2015. ,
DOI : 10.1016/j.cose.2014.09.006
The prediction role of hidden Markov model in intrusion detection, 2003. ,
A cyber-physical experimentation environment for the security analysis of networked industrial control systems, Computers & Electrical Engineering, vol.38, issue.5, pp.1146-1161, 2012. ,
DOI : 10.1016/j.compeleceng.2012.06.015
Learning and selection of dynamic Bayesian Networks for non-stationary processes in real time " ; 30th International Florida AI Research Society Conference, FLAIRS-30, 2017. ,
Real Time Learning of Non-stationary Processes with Dynamic Bayesian Networks " ; International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, pp.338-350 ,
Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains " ; Leading Issues in Information Warfare, Security Research, vol.1, p.80, 2011. ,
A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs " ; Information Fusion (FUSION), 16th International Conference on, pp.842-849, 2013. ,
Hidden Markov model based anomaly intrusion detection " ; Internet Technology And Secured Transactions, International Conference, vol.2012, pp.528-533, 2012. ,
Attacker behavior analysis in multi-stage attack detection system, Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW '11, p.63, 2011. ,
DOI : 10.1145/2179298.2179369
Control theoretic approach to intrusion detection using a distributed hidden Markov model " ; Wireless Communications, IEEE, vol.154, pp.24-33, 2008. ,
DOI : 10.1109/mwc.2008.4599218
System approach to intrusion detection using hidden Markov model, Proceeding of the 2006 international conference on Communications and mobile computing , IWCMC '06, pp.349-354, 2006. ,
DOI : 10.1145/1143549.1143619
Towards Comparability of Intrusion Detection Systems: New Data Sets " ; TERENA Networking Conference, p.7 ,
A general dynamic information flow tracking framework for security applications " ; Computer Security Estimating the dimension of a model " ; The annals of statistics 6, pp.461-464, 1978. ,
List Viterbi decoding algorithms with applications " ; Communications, IEEE Transactions on, vol.42234, pp.313-323, 1994. ,
DOI : 10.1109/tcomm.1994.577040
Attack chain detection " ; Statistical Analysis and Data Mining: The ASA, Data Science Journal, vol.8, issue.20, pp.5-6, 2015. ,
EPIC: a testbed for scientifically rigorous cyber-physical security experimentation " ; Emerging Topics in Computing, IEEE Transactions on, vol.1, issue.2, pp.319-330, 2013. ,
DOI : 10.1109/tetc.2013.2287188
URL : http://ieeexplore.ieee.org:80/stamp/stamp.jsp?tp=&arnumber=6646193
Fast state discovery for HMM model selection and learning, International Conference on Artificial Intelligence and Statistics, pp.492-499, 2007. ,
A framework for malicious workload generation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement , IMC '04, pp.82-87, 2004. ,
DOI : 10.1145/1028788.1028799
URL : http://www.cs.wisc.edu/~jsommers/pubs/p82-sommers.pdf
Targeted cyberattacks: a superset of advanced persistent threats " ; IEEE security & privacy 1, pp.54-61, 2013. ,
DOI : 10.1109/msp.2012.90
Secure program execution via dynamic information flow tracking, ACM SIGPLAN Notices, vol.39, issue.11, pp.85-96, 2004. ,
DOI : 10.1145/1037187.1024404
URL : http://www.cs.umn.edu/~zhai/courses/5980/readings/lec3/flow.pdf
The Baum-Welch algorithm; tech. rep, 2000. ,
A general goodness-of-fit test for Markov and hidden Markov models " ; Statistics in medicine 27, pp.2177-2195, 2008. ,
Determination of the order of a Markov chain by Akaike's information criterion ", Journal of Applied Probability, pp.488-497, 1975. ,
Using HMM for intent recognition in cyber security situation awareness " ; Knowledge Acquisition and Modeling, KAM'09. Second International Symposium on, pp.166-169, 2009. ,
DOI : 10.1109/kam.2009.315