var bibbase_data = {"data":"<img src=\"//bibbase.org/img/ajax-loader.gif\" id=\"spinner\"\n  style=\"display: none;\" alt=\"Loading..\" />\n\n<div id=\"bibbase\">\n\n  <script type=\"text/javascript\">\n    var bibbase = {\n      params: {\"bib\":\"https://web.cs.dal.ca/~lcd/pubs/lcd.bib\",\"jsonp\":\"1\",\"host\":\"bibbase.org\"},\n      data: [{\"bibtype\":\"article\",\"type\":\"article\",\"abstract\":\"Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. This paper investigates the capability of the Self Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, the aim is to understand how far such an approach could be pushed to analyze the network traffic, and to detect malicious behaviours in the wild. To this end, three different unsupervised SOM training scenarios for different data acquisition conditions are designed, implemented and evaluated. The approach is evaluated on publicly available network traffic (flows) and web server access (web requests) datasets. The results show that the approach has a high potential as a data analytics tool on unknown traffic/web service requests, and unseen attack behaviours. Malicious behaviours both on network and service datasets used could be identified with a high accuracy. Furthermore, the approach achieves comparable performances to that of popular supervised and unsupervised learning methods in the literature. Last but not the least, it provides unique visualization capabilities for enabling a simple yet effective network/service data analytics for security management.\",\"author\":[{\"firstnames\":[\"Duc\",\"C.\"],\"propositions\":[],\"lastnames\":[\"Le\"],\"suffixes\":[]},{\"firstnames\":[\"A.\",\"Nur\"],\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"suffixes\":[]},{\"firstnames\":[\"Malcolm\",\"I.\"],\"propositions\":[],\"lastnames\":[\"Heywood\"],\"suffixes\":[]}],\"journal\":\"Journal of Cyber Security and Mobility\",\"keywords\":\"network and service data analysis, unsupervised learning, malicious behaviour analysis\",\"number\":\"2\",\"pages\":\"15–52\",\"title\":\"Unsupervised Monitoring of Network and Service Behaviour Using Self Organizing Maps\",\"volume\":\"8\",\"issue\":\"1\",\"year\":\"2018\",\"url\":\"https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2\",\"doi\":\"10.13052/jcsm2245-1439.812\",\"bibtex\":\"@article{Le_jcsm2018,\\nabstract = {Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. This paper investigates the capability of the Self Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, the aim is to understand how far such an approach could be pushed to analyze the network traffic, and to detect malicious behaviours in the wild. To this end, three different unsupervised SOM training scenarios for different data acquisition conditions are designed, implemented and evaluated. The approach is evaluated on publicly available network traffic (flows) and web server access (web requests) datasets. The results show that the approach has a high potential as a data analytics tool on unknown traffic/web service requests, and unseen attack behaviours. Malicious behaviours both on network and service datasets used could be identified with a high accuracy. Furthermore, the approach achieves comparable performances to that of popular supervised and unsupervised learning methods in the literature. Last but not the least, it provides unique visualization capabilities for enabling a simple yet effective network/service data analytics for security management.},\\nauthor = {Duc C. Le and A. Nur Zincir-Heywood and Malcolm I. Heywood},\\njournal = {Journal of Cyber Security and Mobility},\\nkeywords = {network and service data analysis, unsupervised learning, malicious behaviour analysis},\\nnumber = {2},\\npages = {15--52},\\ntitle = {Unsupervised Monitoring of Network and Service Behaviour Using Self Organizing Maps},\\nvolume = {8},\\nissue = {1},\\nyear = {2018},\\nurl = {https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2},\\ndoi = {10.13052/jcsm2245-1439.812}\\n}\\n\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\",\"Heywood, M. I.\"],\"key\":\"Le_jcsm2018\",\"id\":\"Le_jcsm2018\",\"bibbaseid\":\"le-zincirheywood-heywood-unsupervisedmonitoringofnetworkandservicebehaviourusingselforganizingmaps-2018\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2\"},\"keyword\":[\"network and service data analysis\",\"unsupervised learning\",\"malicious behaviour analysis\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":2,\"html\":\"\"},{\"bibtype\":\"article\",\"type\":\"article\",\"abstract\":\"The IEEE 802.11e standard has been introduced to support service differentiation for wireless local area networks. In wireless multi-hop networks, the performance of IEEE 802.11e EDCA has to confront with some practical problems such as unsaturation traffic and hidden node problem. Hence, this problem has attracted numerous studies in recent years, in which several investigations use analytic model to evaluate the performance due to its accuracy aspect. However, the accuracy and complexity of analytical model depends on a range of assumed parameters. The complexity caused by the introduction of realistic conditions in wireless multi-hop networks is the major challenge of current studies in this field. To overcome this challenge, this paper proposes an analytical model which covers full specification of IEEE 802.11e EDCA. To reduce the complexity, the model is simplified by decomposing the problem in two models based on Markov chain that can be easily solved by numerical method. The proposed model is presented in the theoretical aspect as well as numerical results to clarify its accuracy.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Hoang\"],\"firstnames\":[\"Minh\",\"Trong\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Hoang\"],\"firstnames\":[\"Minh\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]}],\"journal\":\"VNU Journal of Science: Comp. Science & Com. Eng\",\"keywords\":\"Hidden node,IEEE 80211e EDCA,Markov chain,Multi-hop network,Virtual collision\",\"number\":\"1\",\"pages\":\"45–54\",\"title\":\"A Contribution to Performance Analysis Approach of the IEEE 802.11 EDCA in Wireless Multi-hop Networks\",\"volume\":\"31\",\"year\":\"2015\",\"bibtex\":\"@article{Hoang2015,\\nabstract = {The IEEE 802.11e standard has been introduced to support service differentiation for wireless local area networks. In wireless multi-hop networks, the performance of IEEE 802.11e EDCA has to confront with some practical problems such as unsaturation traffic and hidden node problem. Hence, this problem has attracted numerous studies in recent years, in which several investigations use analytic model to evaluate the performance due to its accuracy aspect. However, the accuracy and complexity of analytical model depends on a range of assumed parameters. The complexity caused by the introduction of realistic conditions in wireless multi-hop networks is the major challenge of current studies in this field. To overcome this challenge, this paper proposes an analytical model which covers full specification of IEEE 802.11e EDCA. To reduce the complexity, the model is simplified by decomposing the problem in two models based on Markov chain that can be easily solved by numerical method. The proposed model is presented in the theoretical aspect as well as numerical results to clarify its accuracy.},\\nauthor = {Hoang, Minh Trong and Hoang, Minh and Le, Duc C.},\\njournal = {VNU Journal of Science: Comp. Science {\\\\&} Com. Eng},\\nkeywords = {Hidden node,IEEE 80211e EDCA,Markov chain,Multi-hop network,Virtual collision},\\nnumber = {1},\\npages = {45--54},\\ntitle = {A Contribution to Performance Analysis Approach of the IEEE 802.11 EDCA in Wireless Multi-hop Networks},\\nvolume = {31},\\nyear = {2015}\\n}\\n\\n\\n\",\"author_short\":[\"Hoang, M. T.\",\"Hoang, M.\",\"Le, D. C.\"],\"key\":\"Hoang2015\",\"id\":\"Hoang2015\",\"bibbaseid\":\"hoang-hoang-le-acontributiontoperformanceanalysisapproachoftheieee80211edcainwirelessmultihopnetworks-2015\",\"role\":\"author\",\"urls\":{},\"keyword\":[\"Hidden node\",\"IEEE 80211e EDCA\",\"Markov chain\",\"Multi-hop network\",\"Virtual collision\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":0,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"abstract\":\"Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. In this paper, we investigate the capability of employing the Self-Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, our aim is to understand how far such an approach could be pushed to analyze unknown traffic to detect botnets. To this end, we employed three different unsupervised training schemes using publicly available botnet data sets. Our results show that SOMs possess high potential as a data analytics tool on unknown traffic. They can identify the botnet and normal flows with high confidence approximately 99% of the time on the data sets employed in this work.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Heywood\"],\"firstnames\":[\"Malcolm\",\"I.\"],\"suffixes\":[]}],\"booktitle\":\"IEEE Symposium Series on Computational Intelligence (SSCI '16)\",\"doi\":\"10.1109/SSCI.2016.7850078\",\"isbn\":\"9781509042401\",\"keywords\":\"anomaly detection systems,botnet behaviour detection,computer network security,data analytics,self-organising feature maps,unsupervised learning\",\"title\":\"Data analytics on network traffic flows for botnet behaviour detection\",\"year\":\"2016\",\"url_paper\":\"SSCI16_paper_229.pdf\",\"bibtex\":\"@inproceedings{Le_ssci2016,\\nabstract = {Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. In this paper, we investigate the capability of employing the Self-Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, our aim is to understand how far such an approach could be pushed to analyze unknown traffic to detect botnets. To this end, we employed three different unsupervised training schemes using publicly available botnet data sets. Our results show that SOMs possess high potential as a data analytics tool on unknown traffic. They can identify the botnet and normal flows with high confidence approximately 99{\\\\%} of the time on the data sets employed in this work.},\\nauthor = {Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\\nbooktitle = {IEEE Symposium Series on Computational Intelligence (SSCI '16)},\\ndoi = {10.1109/SSCI.2016.7850078},\\nisbn = {9781509042401},\\nkeywords = {anomaly detection systems,botnet behaviour detection,computer network security,data analytics,self-organising feature maps,unsupervised learning},\\ntitle = {Data analytics on network traffic flows for botnet behaviour detection},\\nyear = {2016},\\nurl_Paper = {SSCI16_paper_229.pdf}\\n}\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\",\"Heywood, M. I.\"],\"key\":\"Le_ssci2016\",\"id\":\"Le_ssci2016\",\"bibbaseid\":\"le-zincirheywood-heywood-dataanalyticsonnetworktrafficflowsforbotnetbehaviourdetection-2016\",\"role\":\"author\",\"urls\":{\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/SSCI16_paper_229.pdf\"},\"keyword\":[\"anomaly detection systems\",\"botnet behaviour detection\",\"computer network security\",\"data analytics\",\"self-organising feature maps\",\"unsupervised learning\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":3,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"abstract\":\"Botnets represent one of the most significant threats against cyber security. They employ different techniques, topologies and commu-nication protocols in different stages of their lifecycle. Hence, identifying botnets have become very challenging specifically given that they can upgrade their methodology at any time. In this work, we investigate four different botnet detection approaches based on the technique used and type of data employed. Two of them are public rule based systems (BotHunter and Snort) and the other two are data mining based tech-niques with different feature extraction methods (packet payload based and traffic flow based). The performance of these systems range from 0% to 100% on the five publicly available botnet data sets employed in this work. We discuss the evaluation results for these different systems, their features and the models learned by the data mining based techniques.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Haddadi\"],\"firstnames\":[\"Fariba\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Porter\"],\"firstnames\":[\"Laura\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]}],\"title\":\"On the Effectiveness of Different Botnet Detection Approaches\",\"booktitle\":\"11th International Conference on Information Security Practice and Experience (ISPEC '15)\",\"keywords\":\"Botnet detection,Feature extraction,Traffic analysis\",\"pages\":\"121–135\",\"year\":\"2015\",\"doi\":\"10.1007/978-3-319-17533-1_9\",\"bibtex\":\"@inproceedings{Haddadi,\\nabstract = {Botnets represent one of the most significant threats against cyber security. They employ different techniques, topologies and commu-nication protocols in different stages of their lifecycle. Hence, identifying botnets have become very challenging specifically given that they can upgrade their methodology at any time. In this work, we investigate four different botnet detection approaches based on the technique used and type of data employed. Two of them are public rule based systems (BotHunter and Snort) and the other two are data mining based tech-niques with different feature extraction methods (packet payload based and traffic flow based). The performance of these systems range from 0{\\\\%} to 100{\\\\%} on the five publicly available botnet data sets employed in this work. We discuss the evaluation results for these different systems, their features and the models learned by the data mining based techniques.},\\nauthor = {Haddadi, Fariba and Le, Duc C. and Porter, Laura and Zincir-Heywood, A. Nur},\\ntitle     = {On the Effectiveness of Different Botnet Detection Approaches},\\nbooktitle = {11th International Conference on Information Security Practice and Experience ({ISPEC} '15)}, \\nkeywords = {Botnet detection,Feature extraction,Traffic analysis},\\npages = {121--135},\\nyear = {2015},\\ndoi = {10.1007/978-3-319-17533-1_9}\\n}\\n\\n\",\"author_short\":[\"Haddadi, F.\",\"Le, D. C.\",\"Porter, L.\",\"Zincir-Heywood, A. N.\"],\"key\":\"Haddadi\",\"id\":\"Haddadi\",\"bibbaseid\":\"haddadi-le-porter-zincirheywood-ontheeffectivenessofdifferentbotnetdetectionapproaches-2015\",\"role\":\"author\",\"urls\":{},\"keyword\":[\"Botnet detection\",\"Feature extraction\",\"Traffic analysis\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":0,\"html\":\"\"},{\"bibtype\":\"incollection\",\"type\":\"incollection\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"Nur\"],\"suffixes\":[]}],\"editor\":[{\"propositions\":[],\"lastnames\":[\"Sakr\"],\"firstnames\":[\"Sherif\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zomaya\"],\"firstnames\":[\"Albert\"],\"suffixes\":[]}],\"title\":\"Big Data in Network Anomaly Detection\",\"booktitle\":\"Encyclopedia of Big Data Technologies\",\"year\":\"2018\",\"publisher\":\"Springer International Publishing\",\"pages\":\"1–9\",\"isbn\":\"978-3-319-63962-8\",\"doi\":\"10.1007/978-3-319-63962-8_161-1\",\"_url\":\"https://doi.org/10.1007/978-3-319-63962-8_161-1\",\"bibtex\":\"@incollection{Le_2018,\\nauthor=\\\"Le, Duc C.\\nand Zincir-Heywood, Nur\\\",\\neditor=\\\"Sakr, Sherif\\nand Zomaya, Albert\\\",\\ntitle=\\\"Big Data in Network Anomaly Detection\\\",\\nbookTitle=\\\"Encyclopedia of Big Data Technologies\\\",\\nyear=\\\"2018\\\",\\npublisher=\\\"Springer International Publishing\\\",\\npages=\\\"1--9\\\",\\nisbn=\\\"978-3-319-63962-8\\\",\\ndoi=\\\"10.1007/978-3-319-63962-8_161-1\\\",\\n_url=\\\"https://doi.org/10.1007/978-3-319-63962-8_161-1\\\"\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, N.\"],\"editor_short\":[\"Sakr, S.\",\"Zomaya, A.\"],\"key\":\"Le_2018\",\"id\":\"Le_2018\",\"bibbaseid\":\"le-zincirheywood-bigdatainnetworkanomalydetection-2018\",\"role\":\"author\",\"urls\":{},\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":1,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"abstract\":\"Insider threat detection represents a challenging problem to compa- nies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. In this work, applications of genetic programming (GP) and stream active learning are evaluated for insider threat detection. Linear GP with lexicase/multi-objective selection is employed to address the problem under a stationary data assumption. Moreover, streaming GP is employed to address the problem under a non-stationary data assumption. Experiments conducted on a publicly available corporate data set show the capa- bility of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Khanchi\"],\"firstnames\":[\"Sara\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Heywood\"],\"firstnames\":[\"Malcolm\",\"I.\"],\"suffixes\":[]}],\"title\":\"Benchmarking Evolutionary Computation Approaches to Insider Threat Detection\",\"booktitle\":\"Genetic and Evolutionary Computation Conference (GECCO '18)\",\"year\":\"2018\",\"pages\":\"1286–1293\",\"_url\":\"http://doi.acm.org/10.1145/3205455.3205612\",\"doi\":\"10.1145/3205455.3205612\",\"keywords\":\"cyber-security, insider threat detection\",\"url_paper\":\"lcd_gecco18.pdf\",\"note\":\"Best paper award - RWA track\",\"bibtex\":\"@inproceedings{Le_gecco2018,\\n abstract = {Insider threat detection represents a challenging problem to compa- nies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. In this work, applications of genetic programming (GP) and stream active learning are evaluated for insider threat detection. Linear GP with lexicase/multi-objective selection is employed to address the problem under a stationary data assumption. Moreover, streaming GP is employed to address the problem under a non-stationary data assumption. Experiments conducted on a publicly available corporate data set show the capa- bility of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.},\\n author = {Le, Duc C. and Khanchi, Sara and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\\n title = {Benchmarking Evolutionary Computation Approaches to Insider Threat Detection},\\n booktitle = {Genetic and Evolutionary Computation Conference (GECCO '18)},\\n year = {2018},\\n pages = {1286--1293},\\n _url = {http://doi.acm.org/10.1145/3205455.3205612},\\n doi = {10.1145/3205455.3205612},\\n keywords = {cyber-security, insider threat detection},\\n url_Paper = {lcd_gecco18.pdf},\\n note = {Best paper award - RWA track},\\n} \\n\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Khanchi, S.\",\"Zincir-Heywood, A. N.\",\"Heywood, M. I.\"],\"key\":\"Le_gecco2018\",\"id\":\"Le_gecco2018\",\"bibbaseid\":\"le-khanchi-zincirheywood-heywood-benchmarkingevolutionarycomputationapproachestoinsiderthreatdetection-2018\",\"role\":\"author\",\"urls\":{\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/lcd_gecco18.pdf\"},\"keyword\":[\"cyber-security\",\"insider threat detection\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":4,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"abstract\":\"Insider threat is a prominent cyber-security dan- ger faced by organizations and companies. In this research, we study and evaluate an insider threat detection workflow using supervised and unsupervised learning algorithms. To this end, we study data exploration and analysis, anomaly detection and malicious behaviour classification on a publicly available data set. We evaluate several supervised and unsupervised learning algorithms - HMM, SOM, and DT - using this workflow.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]}],\"title\":\"Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning\",\"booktitle\":\"IEEE Security and Privacy Workshops (SPW '18)\",\"year\":\"2018\",\"address\":\"San Francisco, CA, USA\",\"pages\":\"270-275\",\"doi\":\"10.1109/SPW.2018.00043\",\"keywords\":\"Insider Threat Detection, Unsupervised Machine Learning, Supervised Machine Learning, Anomaly detection, Behaviour Classification\",\"url\":\"https://ieeexplore.ieee.org/abstract/document/8424659/\",\"url_paper\":\"lcd_spw2018.pdf\",\"bibtex\":\"@inproceedings{Le_spw2018,\\n abstract = {Insider threat is a prominent cyber-security dan- ger faced by organizations and companies. In this research, we study and evaluate an insider threat detection workflow using supervised and unsupervised learning algorithms. To this end, we study data exploration and analysis, anomaly detection and malicious behaviour classification on a publicly available data set. We evaluate several supervised and unsupervised learning algorithms - HMM, SOM, and DT - using this workflow.},\\n author = {Le, Duc C. and Zincir-Heywood, A. Nur},\\n title = {Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning},\\n booktitle = {IEEE Security and Privacy Workshops (SPW '18)},\\n year = {2018},\\n address = {San Francisco, CA, USA},\\n pages = {270-275},\\n doi = {10.1109/SPW.2018.00043},\\n keywords = {Insider Threat Detection, Unsupervised Machine Learning, Supervised Machine Learning, Anomaly detection, Behaviour Classification},\\n url = {https://ieeexplore.ieee.org/abstract/document/8424659/},\\n url_Paper = {lcd_spw2018.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\"],\"key\":\"Le_spw2018\",\"id\":\"Le_spw2018\",\"bibbaseid\":\"le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://ieeexplore.ieee.org/abstract/document/8424659/\",\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/lcd_spw2018.pdf\"},\"keyword\":[\"Insider Threat Detection\",\"Unsupervised Machine Learning\",\"Supervised Machine Learning\",\"Anomaly detection\",\"Behaviour Classification\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":2,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"abstract\":\"Recently, malicious insider attacks represent one of the most damaging threats to companies and government agencies. This paper proposes a new framework in constructing a user-centered machine learning based insider threat detection system on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious insiders, where insider scenario specific results and delay in detection are reported and discussed. Our results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders with a high accuracy.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]}],\"booktitle\":\"IFIP/IEEE International Symposium on Integrated Network Management\",\"title\":\"Machine learning based Insider Threat Modelling and Detection\",\"year\":\"2019\",\"month\":\"April\",\"address\":\"Washington DC, USA\",\"url_paper\":\"http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf\",\"bibtex\":\"@inproceedings{Le_dissect2019,\\nabstract = {Recently, malicious insider attacks represent one of the most damaging threats to companies and government agencies. This paper proposes  a new framework in constructing a user-centered machine learning based insider threat detection system on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious insiders, where insider scenario specific results and delay in detection are reported and discussed. Our results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders with a high accuracy.},\\nauthor = {Le, Duc C. and Zincir-Heywood, A. Nur},\\nbooktitle={IFIP/IEEE International Symposium on Integrated Network Management}, \\ntitle={Machine learning based Insider Threat Modelling and Detection}, \\nyear={2019},\\nmonth=apr,\\naddress = {Washington DC, USA},\\nurl_paper = {http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\"],\"key\":\"Le_dissect2019\",\"id\":\"Le_dissect2019\",\"bibbaseid\":\"le-zincirheywood-machinelearningbasedinsiderthreatmodellinganddetection-2019\",\"role\":\"author\",\"urls\":{\" paper\":\"http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf\"},\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":2,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Heywood\"],\"firstnames\":[\"Malcolm\",\"I.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"Nur\"],\"suffixes\":[]}],\"title\":\"Benchmarking Genetic Programming in Dynamic Insider Threat Detection\",\"booktitle\":\"Proceedings of the Genetic and Evolutionary Computation Conference Companion\",\"_series\":\"GECCO '19\",\"year\":\"2019\",\"month\":\"July\",\"isbn\":\"978-1-4503-6748-6\",\"location\":\"Prague, Czech Republic\",\"pages\":\"385–386\",\"numpages\":\"2\",\"url\":\"http://doi.acm.org/10.1145/3319619.3322029\",\"doi\":\"10.1145/3319619.3322029\",\"acmid\":\"3322029\",\"_publisher\":\"ACM\",\"_address\":\"New York, NY, USA\",\"keywords\":\"cyber-security, dynamic environment, insider threat detection\",\"url_paper\":\"le_gecco2019.pdf\",\"bibtex\":\"@inproceedings{Le_Gecco2019,\\n author = {Le, Duc C. and Heywood, Malcolm I. and Zincir-Heywood, Nur},\\n title = {Benchmarking Genetic Programming in Dynamic Insider Threat Detection},\\n booktitle = {Proceedings of the Genetic and Evolutionary Computation Conference Companion},\\n _series = {GECCO '19},\\n year = {2019},\\n month=jul,\\n isbn = {978-1-4503-6748-6},\\n location = {Prague, Czech Republic},\\n pages = {385--386},\\n numpages = {2},\\n url = {http://doi.acm.org/10.1145/3319619.3322029},\\n doi = {10.1145/3319619.3322029},\\n acmid = {3322029},\\n _publisher = {ACM},\\n _address = {New York, NY, USA},\\n keywords = {cyber-security, dynamic environment, insider threat detection},\\n url_paper = {le_gecco2019.pdf}\\n} \\n\\n\",\"author_short\":[\"Le, D. C.\",\"Heywood, M. I.\",\"Zincir-Heywood, N.\"],\"key\":\"Le_Gecco2019\",\"id\":\"Le_Gecco2019\",\"bibbaseid\":\"le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019\",\"role\":\"author\",\"urls\":{\"Paper\":\"http://doi.acm.org/10.1145/3319619.3322029\",\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/le_gecco2019.pdf\"},\"keyword\":[\"cyber-security\",\"dynamic environment\",\"insider threat detection\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":3,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"author\":[{\"firstnames\":[\"Duc\",\"C.\"],\"propositions\":[],\"lastnames\":[\"Le\"],\"suffixes\":[]},{\"firstnames\":[\"Nur\"],\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"suffixes\":[]}],\"title\":\"Learning From Evolving Network Data for Dependable Botnet Detection\",\"booktitle\":\"International Conference on Network and Service Management (CNSM 2019)\",\"address\":\"Halifax, Canada\",\"days\":\"21\",\"month\":\"October\",\"year\":\"2019\",\"url_paper\":\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf\",\"abstract\":\"This work presents an emerging problem in real-world applications of machine learning (ML) in cybersecurity, particularly in botnet detection, where the dynamics and the evolution in the deployment environments may render the ML solutions inadequate. We propose an approach to tackle this challenge using Genetic Programming (GP) - an evolutionary computation based approach. Preliminary results show that GP is able to evolve pre-trained classifiers to work under evolved (expanded) feature space conditions. This indicates the potential use of such an approach for botnet detection under non-stationary environments, where much less data and training time are required to obtain a reliable classifier as new network conditions arise.\",\"bibtex\":\"@INPROCEEDINGS{Le_cnsm2019,\\nAUTHOR=\\\"Duc C. Le and Nur Zincir-Heywood\\\",\\nTITLE=\\\"Learning From Evolving Network Data for Dependable Botnet Detection\\\",\\nBOOKTITLE=\\\"International Conference on Network and Service Management (CNSM 2019)\\\",\\nADDRESS=\\\"Halifax, Canada\\\",\\nDAYS=21,\\nMONTH=oct,\\nYEAR=2019,\\nurl_Paper = {http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf},\\nABSTRACT=\\\"This work presents an emerging problem in real-world applications of\\nmachine learning (ML) in cybersecurity, particularly in botnet detection,\\nwhere the dynamics and the evolution in the deployment environments may\\nrender the ML solutions inadequate. We propose an approach to tackle this\\nchallenge using Genetic Programming (GP) - an evolutionary computation\\nbased approach. Preliminary results show that GP is able to evolve\\npre-trained classifiers to work under evolved (expanded) feature space\\nconditions. This indicates the potential use of such an approach for botnet\\ndetection under non-stationary environments, where much less data and\\ntraining time are required to obtain a reliable classifier as new network\\nconditions arise.\\\"\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, N.\"],\"key\":\"Le_cnsm2019\",\"id\":\"Le_cnsm2019\",\"bibbaseid\":\"le-zincirheywood-learningfromevolvingnetworkdatafordependablebotnetdetection-2019\",\"role\":\"author\",\"urls\":{\" paper\":\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf\"},\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":1,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"author\":[{\"firstnames\":[\"Pedro\"],\"propositions\":[],\"lastnames\":[\"Ferreira\"],\"suffixes\":[]},{\"firstnames\":[\"Duc\",\"C.\"],\"propositions\":[],\"lastnames\":[\"Le\"],\"suffixes\":[]},{\"firstnames\":[\"Nur\"],\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"suffixes\":[]}],\"title\":\"Exploring Feature Normalization and Temporal Information for Machine Learning Based Insider Threat Detection\",\"booktitle\":\"International Conference on Network and Service Management (CNSM 2019)\",\"address\":\"Halifax, Canada\",\"url_paper\":\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf\",\"days\":\"21\",\"month\":\"October\",\"year\":\"2019\",\"keywords\":\"Insider Threat Detection; data normalization; temporal information\",\"abstract\":\"Insider threat is one of the most damaging cybersecurity attacks to companies and organizations. The threats are also hard to detect, largely due to its nature that malicious actions are performed by the insiders. In this paper, we explore different techniques to leverage spatial and temporal characteristics of user behaviours (actions). In particular, feature normalization (scaling) techniques and a scheme for representing explicit temporal information are explored to improve the performance of the machine learning based insider threat detection systems. The obtained results show that these data characteristics have different effects on different insider threat classifiers. This shows a promising future research direction for further analysis of different user behaviours.\",\"bibtex\":\"@INPROCEEDINGS{Ferreira_cnsm2019,\\nAUTHOR=\\\"Pedro Ferreira and Duc C. Le and Nur Zincir-Heywood\\\",\\nTITLE=\\\"Exploring Feature Normalization and Temporal Information for Machine\\nLearning Based Insider Threat Detection\\\",\\nBOOKTITLE=\\\"International Conference on Network and Service Management (CNSM 2019)\\\",\\nADDRESS=\\\"Halifax, Canada\\\",\\nurl_Paper = {http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf},\\nDAYS=21,\\nMONTH=oct,\\nYEAR=2019,\\nKEYWORDS=\\\"Insider Threat Detection; data normalization; temporal information\\\",\\nABSTRACT=\\\"Insider threat is one of the most damaging cybersecurity attacks to\\ncompanies and organizations. The threats are also hard to detect, largely\\ndue to its nature that malicious actions are performed by the insiders. In\\nthis paper, we explore different techniques to leverage spatial and\\ntemporal characteristics of user behaviours (actions). In particular,\\nfeature normalization (scaling) techniques and a scheme for representing\\nexplicit temporal information are explored to improve the performance of\\nthe machine learning based insider threat detection systems. The obtained\\nresults show that these data characteristics have different effects on\\ndifferent insider threat classifiers. This shows a promising future\\nresearch direction for further analysis of different user behaviours.\\\"\\n}\\n\\n\",\"author_short\":[\"Ferreira, P.\",\"Le, D. C.\",\"Zincir-Heywood, N.\"],\"key\":\"Ferreira_cnsm2019\",\"id\":\"Ferreira_cnsm2019\",\"bibbaseid\":\"ferreira-le-zincirheywood-exploringfeaturenormalizationandtemporalinformationformachinelearningbasedinsiderthreatdetection-2019\",\"role\":\"author\",\"urls\":{\" paper\":\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf\"},\"keyword\":[\"Insider Threat Detection; data normalization; temporal information\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":0,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"abstract\":\"Different variations in deployment environments of machine learning techniques may affect the performance of the implemented systems. The variations may cause changes in the data for machine learning solutions, such as in the number of classes and the extracted features. This paper investigates the capabilities of Genetic Programming (GP) for malicious insider detection in corporate environments under such changes. Assuming a Linear GP detector, techniques are introduced to allow a previously trained GP population to adapt to different changes in the data. The experiments and evaluation results show promising insider threat detection performances of the techniques in comparison with training machine learning classifiers from scratch. This reduces the amount of data needed and computation requirements for obtaining dependable insider threat detectors under new conditions.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Heywood\"],\"firstnames\":[\"Malcolm\",\"I.\"],\"suffixes\":[]}],\"booktitle\":\"IEEE Symposium Series on Computational Intelligence (SSCI '19)\",\"_doi\":\"10.1109/SSCI.2016.7850078\",\"keywords\":\"insider threat detection, cyber-security, dynamic environment\",\"title\":\"Dynamic Insider Threat Detection Based on Adaptable Genetic Programming\",\"year\":\"2019\",\"url_paper\":\"2019_CISDA.pdf\",\"bibtex\":\"@inproceedings{Le_ssci2019,\\nabstract = {Different variations in deployment environments of machine learning techniques may affect the performance of the implemented systems. The variations may cause changes in the data for machine learning solutions, such as in the number of classes and the extracted features. This paper investigates the capabilities of Genetic Programming (GP) for malicious insider detection in corporate environments under such changes. Assuming a Linear GP detector, techniques are introduced to allow a previously trained GP population to adapt to different changes in the data. The experiments and evaluation results show promising insider threat detection performances of the techniques in comparison with training machine learning classifiers from scratch. This reduces the amount of data needed and computation requirements for obtaining dependable insider threat detectors under new conditions.},\\nauthor = {Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\\nbooktitle = {IEEE Symposium Series on Computational Intelligence (SSCI '19)},\\n_doi = {10.1109/SSCI.2016.7850078},\\nkeywords = {insider threat detection, cyber-security, dynamic environment},\\ntitle = {Dynamic Insider Threat Detection Based on Adaptable Genetic Programming},\\nyear = {2019},\\nurl_Paper = {2019_CISDA.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\",\"Heywood, M. I.\"],\"key\":\"Le_ssci2019\",\"id\":\"Le_ssci2019\",\"bibbaseid\":\"le-zincirheywood-heywood-dynamicinsiderthreatdetectionbasedonadaptablegeneticprogramming-2019\",\"role\":\"author\",\"urls\":{\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/2019_CISDA.pdf\"},\"keyword\":[\"insider threat detection\",\"cyber-security\",\"dynamic environment\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":2,\"html\":\"\"},{\"bibtype\":\"article\",\"type\":\"article\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Heywood\"],\"firstnames\":[\"Malcolm\",\"I.\"],\"suffixes\":[]}],\"journal\":\"IEEE Transactions on Network and Service Management\",\"title\":\"Analyzing Data Granularity Levels for Insider Threat Detection using Machine Learning\",\"abstract\":\"Malicious insider attacks represent one of the most damaging threats to networked systems of companies and government agencies. There is a unique set of challenges that come with insider threat detection in terms of hugely unbalanced data, limited ground truth, as well as behaviour drifts and shifts. This work proposes and evaluates a machine learning based system for user-centered insider threat detection. Using machine learning, analysis of data is performed on multiple levels of granularity under realistic conditions for identifying not only malicious behaviours, but also malicious insiders. Detailed analysis of popular insider threat scenarios with different performance measures are presented to facilitate the realistic estimation of system performance. Evaluation results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders in unseen data with a high accuracy. Specifically, up to 85% of malicious insiders are detected at only 0.78% false positive rate. The system is also able to quickly detect the malicious behaviours, as low as 14 minutes after the first malicious action. Comprehensive result reporting allows the system to provide valuable insights to analysts in investigating insider threat cases.\",\"year\":\"2020\",\"volume\":\"17\",\"number\":\"1\",\"pages\":\"30–44\",\"keywords\":\"Insider threat;machine learning;data granularity.\",\"doi\":\"10.1109/TNSM.2020.2967721\",\"issn\":\"2373-7379\",\"month\":\"March\",\"url_paper\":\"TNSM2020.pdf\",\"bibtex\":\"@ARTICLE{Le_tnsm2020,\\nauthor={Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\\njournal={IEEE Transactions on Network and Service Management},\\ntitle={Analyzing Data Granularity Levels for Insider Threat Detection using Machine Learning},\\nabstract = {Malicious insider attacks represent one of the most damaging threats to networked systems of companies and government agencies. There is a unique set of challenges that come with insider threat detection in terms of hugely unbalanced data, limited ground truth, as well as behaviour drifts and shifts. This work proposes and evaluates a machine learning based system for user-centered insider threat detection. Using machine learning, analysis of data is performed on multiple levels of granularity under realistic conditions for identifying not only malicious behaviours, but also malicious insiders. Detailed analysis of popular insider threat scenarios with different performance measures are presented to facilitate the realistic estimation of system performance. Evaluation results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders in unseen data with a high accuracy. Specifically, up to 85\\\\% of malicious insiders are detected at only 0.78\\\\% false positive rate. The system is also able to quickly detect the malicious behaviours, as low as 14 minutes after the first malicious action. Comprehensive result reporting allows the system to provide valuable insights to analysts in investigating insider threat cases.},\\nyear={2020},\\nvolume={17},\\nnumber={1},\\npages={30--44},\\nkeywords={Insider threat;machine learning;data granularity.},\\ndoi={10.1109/TNSM.2020.2967721},\\nISSN={2373-7379},\\nmonth=mar,\\nurl_Paper = {TNSM2020.pdf}\\n}\\n\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\",\"Heywood, M. I.\"],\"key\":\"Le_tnsm2020\",\"id\":\"Le_tnsm2020\",\"bibbaseid\":\"le-zincirheywood-heywood-analyzingdatagranularitylevelsforinsiderthreatdetectionusingmachinelearning-2020\",\"role\":\"author\",\"urls\":{\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/TNSM2020.pdf\"},\"keyword\":[\"Insider threat;machine learning;data granularity.\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":8,\"html\":\"\"},{\"bibtype\":\"article\",\"type\":\"article\",\"abstract\":\"Modern networks and systems pose many challenges to traditional management approaches. Not only the number of devices and the volume of network traffic are increasing exponentially, but also new network protocols and technologies require new techniques and strategies for monitoring controlling and managing up and coming networks and systems. Moreover, machine learning has recently found its successful applications in many fields due to its capability to learn from data to automatically infer patterns for network analytics. Thus, the deployment of machine learning in network and system management has become imminent. This work provides a review of the applications of machine learning in network and system management. Based on this review, we aim to present the current opportunities and challenges in and highlight the need for dependable, reliable and secure machine learning for network and system management.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"Nur\"],\"suffixes\":[]}],\"doi\":\"10.1007/s10922-020-09512-5\",\"issn\":\"15737705\",\"journal\":\"Journal of Network and Systems Management\",\"keywords\":\"Network and system management,Reliable and dependable machine learning,Secure machine learning\",\"month\":\"October\",\"number\":\"4\",\"pages\":\"827–849\",\"publisher\":\"Springer\",\"title\":\"A Frontier: Dependable, Reliable and Secure Machine Learning for Network/System Management\",\"volume\":\"28\",\"year\":\"2020\",\"url\":\"https://rdcu.be/b00ac\",\"url_paper\":\"Le_SpringerJNSM2020.pdf\",\"bibtex\":\"@Article{Le_jnsm2020,\\nabstract = {Modern networks and systems pose many challenges to traditional management approaches. Not only the number of devices and the volume of network traffic are increasing exponentially, but also new network protocols and technologies require new techniques and strategies for monitoring controlling and managing up and coming networks and systems. Moreover, machine learning has recently found its successful applications in many fields due to its capability to learn from data to automatically infer patterns for network analytics. Thus, the deployment of machine learning in network and system management has become imminent. This work provides a review of the applications of machine learning in network and system management. Based on this review, we aim to present the current opportunities and challenges in and highlight the need for dependable, reliable and secure machine learning for network and system management.},\\nauthor = {Le, Duc C. and Zincir-Heywood, Nur},\\ndoi = {10.1007/s10922-020-09512-5},\\nissn = {15737705},\\njournal = {Journal of Network and Systems Management},\\nkeywords = {Network and system management,Reliable and dependable machine learning,Secure machine learning},\\nmonth = oct,\\nnumber = {4},\\npages = {827--849},\\npublisher = {Springer},\\ntitle = {{A Frontier: Dependable, Reliable and Secure Machine Learning for Network/System Management}},\\nvolume = {28},\\nyear = {2020},\\nurl = {https://rdcu.be/b00ac},\\nurl_paper={Le_SpringerJNSM2020.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, N.\"],\"key\":\"Le_jnsm2020\",\"id\":\"Le_jnsm2020\",\"bibbaseid\":\"le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://rdcu.be/b00ac\",\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/Le_SpringerJNSM2020.pdf\"},\"keyword\":[\"Network and system management\",\"Reliable and dependable machine learning\",\"Secure machine learning\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":2,\"html\":\"\"},{\"bibtype\":\"article\",\"type\":\"article\",\"author\":[{\"firstnames\":[\"Duc\",\"C.\"],\"propositions\":[],\"lastnames\":[\"Le\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"Nur\"],\"suffixes\":[]}],\"title\":\"Exploring anomalous behaviour detection and classification for insider threat identification\",\"journal\":\"International Journal of Network Management\",\"volume\":\"Early access\",\"year\":\"2020\",\"month\":\"March\",\"abstract\":\"Recently, malicious insider threats represent one of the most damaging threats to companies and government agencies. Insider threat detection is a highly skewed data analysis problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. This study proposes a new system for user-centered machine learning based anomaly behaviour and insider threat detection on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious users. Our results show that the proposed system, which is a combination of unsupervised anomaly detection and supervised machine learning methods, can learn from unlabelled data and a very small amount of labelled data. Furthermore, it can generalize to bigger datasets for detecting anomalous behaviours and unseen malicious insiders with a high detection and a low false positive rate.\",\"doi\":\"10.1002/nem.2109\",\"url_paper\":\"IJNM_e2109.pdf\",\"bibtex\":\"@Article{Le_ijnm2020,\\nauthor=\\\"Duc C. Le and Zincir-Heywood, Nur\\\",\\ntitle=\\\"Exploring anomalous behaviour detection and classification for insider threat identification\\\",\\njournal=\\\"International Journal of Network Management\\\",\\nvolume=\\\"Early access\\\",\\nyear=\\\"2020\\\",\\nmonth=mar,\\nabstract=\\\"Recently, malicious insider threats represent one of the most damaging threats to companies and government agencies. Insider threat detection is a highly skewed data analysis problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. This study proposes a new system for user-centered machine learning based anomaly behaviour and insider threat detection on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious users. Our results show that the proposed system, which is a combination of unsupervised anomaly detection and supervised machine learning methods, can learn from unlabelled data and a very small amount of labelled data. Furthermore, it can generalize to bigger datasets for detecting anomalous behaviours and unseen malicious insiders with a high detection and a low false positive rate.\\\",\\ndoi=\\\"10.1002/nem.2109\\\",\\nurl_Paper = {IJNM_e2109.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, N.\"],\"key\":\"Le_ijnm2020\",\"id\":\"Le_ijnm2020\",\"bibbaseid\":\"le-zincirheywood-exploringanomalousbehaviourdetectionandclassificationforinsiderthreatidentification-2020\",\"role\":\"author\",\"urls\":{\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/IJNM_e2109.pdf\"},\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":7,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"author\":[{\"firstnames\":[\"Duc\",\"C.\"],\"propositions\":[],\"lastnames\":[\"Le\"],\"suffixes\":[]},{\"firstnames\":[\"Nur\"],\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"suffixes\":[]}],\"title\":\"Exploring Adversarial Properties of Insider Threat Detection\",\"booktitle\":\"2020 IEEE Conference on Communications and Network Security (CNS)\",\"month\":\"June\",\"year\":\"2020\",\"abstract\":\"Insider threat represents a major cybersecurity challenge to companies and government agencies. The challenges in insider threat detection, includes unbalanced data, limited ground truth, and possible user behaviour changes. This research presents an unsupervised machine learning (ML) based anomaly detection approach for insider threat detection. We employ two ML methods with different working principles, specifically autoencoder and isolation forest, and explore various representations of data with temporal information. Evaluation results show that the approach allows learning from unlabelled data in under adversarial conditions for insider threat detection with a high detection and a low false positive rate. For example, 60% of malicious insiders are detected under 0.1% investigation budget. Furthermore, we explore the ability of the proposed approach to generalize for detecting unseen anomalous behaviours in different datasets, i.e. robustness. Comparisons with other work in the literature confirm the effectiveness of the proposed approach.\",\"url_paper\":\"CNS20.pdf\",\"bibtex\":\"@INPROCEEDINGS{Le_CNS2020,\\nAUTHOR=\\\"Duc C. Le and Nur Zincir-Heywood\\\",\\nTITLE=\\\"Exploring Adversarial Properties of Insider Threat Detection\\\",\\nBOOKTITLE=\\\"2020 IEEE Conference on Communications and Network Security (CNS)\\\",\\nMONTH=jun,\\nYEAR=2020,\\nABSTRACT=\\\"Insider threat represents a major cybersecurity challenge to companies and\\ngovernment agencies. The challenges in insider threat detection, includes\\nunbalanced data, limited ground truth, and possible user behaviour changes.\\nThis research presents an unsupervised machine learning (ML) based anomaly\\ndetection approach for insider threat detection. We employ two ML methods\\nwith different working principles, specifically autoencoder and isolation\\nforest, and explore various representations of data with temporal\\ninformation. Evaluation results show that the approach allows learning from\\nunlabelled data in under adversarial conditions for insider threat\\ndetection with a high detection and a low false positive rate. For example,\\n60\\\\% of malicious insiders are detected under 0.1\\\\% investigation budget.\\nFurthermore, we explore the ability of the proposed approach to generalize\\nfor detecting unseen anomalous behaviours in different datasets, i.e.\\nrobustness. Comparisons with other work in the literature confirm the\\neffectiveness of the proposed approach.\\\",\\nurl_Paper = {CNS20.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, N.\"],\"key\":\"Le_CNS2020\",\"id\":\"Le_CNS2020\",\"bibbaseid\":\"le-zincirheywood-exploringadversarialpropertiesofinsiderthreatdetection-2020\",\"role\":\"author\",\"urls\":{\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/CNS20.pdf\"},\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":1,\"html\":\"\"},{\"bibtype\":\"article\",\"type\":\"article\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]}],\"journal\":\"IEEE Transactions on Network and Service Management\",\"title\":\"Anomaly Detection for Insider Threats Using Unsupervised Ensembles\",\"abstract\":\"Insider threat represents a major cybersecurity challenge to companies, organizations, and government agencies. Insider threat detection involves many challenges, including unbalanced data, limited ground truth, and possible user behaviour changes. This research presents an unsupervised learning based anomaly detection approach for insider threat detection. We employ four unsupervised learning methods with different working principles, and explore various representations of data with temporal information. Furthermore, different computational intelligence schemes are explored to combine these models to create anomaly detection ensembles for improving the detection performance. Evaluation results show that the approach allows learning from unlabelled data under challenging conditions for insider threat detection. Insider threats are detected with high detection and low false positive rates. For example, 60% of malicious insiders are detected under 0.1% investigation budget, and all malicious insiders are detected at at less than 5% investigation budget. Furthermore, we explore the ability of the proposed approach to generalize for detecting new anomalous behaviours in different datasets, i.e. robustness. Finally, results demonstrate that a voting-based ensemble of anomaly detection can be used to improve detection performance as well as the robustness. Comparisons with the state-of-the-art confirm the effectiveness of the proposed approach.\",\"month\":\"June\",\"year\":\"2021\",\"volume\":\"18\",\"number\":\"2\",\"pages\":\"1152–1164\",\"keywords\":\"insider threat detection,anomaly detection,ensemble learning,unsupervised learning,temporal data,dependable and robust learning.\",\"doi\":\"10.1109/TNSM.2021.3071928\",\"issn\":\"1932-4537\",\"url\":\"https://ieeexplore.ieee.org/document/9399116\",\"url_paper\":\"TNSM2021.pdf\",\"bibtex\":\"@ARTICLE{Le_tnsm2021,\\nauthor={Le, Duc C. and Zincir-Heywood, A. Nur},\\njournal={IEEE Transactions on Network and Service Management},\\ntitle={Anomaly Detection for Insider Threats Using Unsupervised Ensembles},\\nabstract = {Insider threat represents a major cybersecurity challenge to companies, organizations, and government agencies. Insider threat detection involves many challenges, including unbalanced data, limited ground truth, and possible user behaviour changes. This research presents an unsupervised learning based anomaly detection approach for insider threat detection. We employ four unsupervised learning methods with different working principles, and explore various representations of data with temporal information. Furthermore, different computational intelligence schemes are explored to combine these models to create anomaly detection ensembles for improving the detection performance. Evaluation results show that the approach allows learning from unlabelled data under challenging conditions for insider threat detection. Insider threats are detected with high detection and low false positive rates. For example, 60\\\\% of malicious insiders are detected under 0.1\\\\% investigation budget, and all malicious insiders are detected at at less than 5\\\\% investigation budget. Furthermore, we explore the ability of the proposed approach to generalize for detecting new anomalous behaviours in different datasets, i.e. robustness. Finally, results demonstrate that a voting-based ensemble of anomaly detection can be used to improve detection performance as well as the robustness. Comparisons with the state-of-the-art confirm the effectiveness of the proposed approach.},\\nmonth=jun,\\nyear={2021},\\nvolume={18},\\nnumber={2},\\npages={1152--1164},\\nkeywords={insider threat detection,anomaly detection,ensemble learning,unsupervised learning,temporal data,dependable and robust learning.},\\ndoi={10.1109/TNSM.2021.3071928},\\nISSN={1932-4537},\\nurl = {https://ieeexplore.ieee.org/document/9399116},\\nurl_Paper = {TNSM2021.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\"],\"key\":\"Le_tnsm2021\",\"id\":\"Le_tnsm2021\",\"bibbaseid\":\"le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://ieeexplore.ieee.org/document/9399116\",\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/TNSM2021.pdf\"},\"keyword\":[\"insider threat detection\",\"anomaly detection\",\"ensemble learning\",\"unsupervised learning\",\"temporal data\",\"dependable and robust learning.\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":4,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"abstract\":\"A malicious insider is one of the most damaging threats to any organization from industry to government agencies. Many challenges from insider threat detection come from the fact that the ground truth is very limited and costly to acquire. This paper presents a semi-supervised learning approach to insider threat detection. We employ three machine learning methods under different real-world conditions. These include obtaining the initial ground truth training data randomly or via a certain type of insider malicious behavior or by anomaly detection system scores. Evaluation results show that the approach allows learning from very limited data for insider threat detection at high precision. 90% of malicious data instances are detected under 1% false positive rate.\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Le\"],\"firstnames\":[\"Duc\",\"C.\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Zincir-Heywood\"],\"firstnames\":[\"A.\",\"Nur\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Heywood\"],\"firstnames\":[\"Malcolm\",\"I.\"],\"suffixes\":[]}],\"title\":\"Training regime influences to semi-supervised learning for insider threat detection\",\"booktitle\":\"IEEE Security and Privacy Workshops (SPW '21)\",\"year\":\"2021\",\"_pages\":\"270-275\",\"_doi\":\"10.1109/SPW.2018.00043\",\"keywords\":\"semi-supervised learning, insider threat, malicious behavior, anomaly detection, data availability\",\"_url\":\"\",\"url_paper\":\"wtmc2021.pdf\",\"bibtex\":\"@inproceedings{Le_spw2021,\\n abstract = {A malicious insider is one of the most damaging threats to any organization from industry to government agencies. Many challenges from insider threat detection come from the fact that the ground truth is very limited and costly to acquire. This paper presents a semi-supervised learning approach to insider threat detection. We employ three machine learning methods under different real-world conditions. These include obtaining the initial ground truth training data randomly or via a certain type of insider malicious behavior or by anomaly detection system scores. Evaluation results show that the approach allows learning from very limited data for insider threat detection at high precision. 90\\\\% of malicious data instances are detected under 1\\\\% false positive rate.},\\n author = {Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\\n title = {Training regime influences to semi-supervised learning for insider threat detection},\\n booktitle = {IEEE Security and Privacy Workshops (SPW '21)},\\n year = {2021},\\n _pages = {270-275},\\n _doi = {10.1109/SPW.2018.00043},\\n keywords = {semi-supervised learning, insider threat, malicious behavior, anomaly detection, data availability},\\n _url = {},\\n url_Paper = {wtmc2021.pdf}\\n}\\n\\n\",\"author_short\":[\"Le, D. C.\",\"Zincir-Heywood, A. N.\",\"Heywood, M. I.\"],\"key\":\"Le_spw2021\",\"id\":\"Le_spw2021\",\"bibbaseid\":\"le-zincirheywood-heywood-trainingregimeinfluencestosemisupervisedlearningforinsiderthreatdetection-2021\",\"role\":\"author\",\"urls\":{\" paper\":\"https://web.cs.dal.ca/~lcd/pubs/wtmc2021.pdf\"},\"keyword\":[\"semi-supervised learning\",\"insider threat\",\"malicious behavior\",\"anomaly detection\",\"data availability\"],\"metadata\":{\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\"downloads\":3,\"html\":\"\"}],\n      metadata: {\"owner\":\"le, d\",\"authorlinks\":{\"le, d\":\"https://web.cs.dal.ca/~lcd/\"}},\n      ownerID: \"smijjbJmCAJ9HX2aK\"\n    };\n  </script>\n\n  <script type=\"text/javascript\">\n  var site$;\n  if (typeof $ != 'undefined') {\n    console.log('existing jquery: storing and then restoring');\n    site$ = $;\n    $ = null;\n  }\n  </script>\n\n  <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js\">\n  </script>\n  <script type=\"text/javascript\">\n  if (site$) {\n    console.log('existing jquery: avoiding conflict and restoring');\n    bb$ = $.noConflict(true);\n    $ = site$;\n  } else {\n    bb$ = $;\n  }\n  </script>\n\n  <script src=\"//bibbase.org/js/bibbase.min.js\"\n          type=\"text/javascript\">\n  </script>\n\n  <script type=\"text/javascript\"\n          src=\"https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML\">\n  </script>\n  <script type=\"text/x-mathjax-config\">\n    MathJax.Hub.Config({tex2jax: {inlineMath: [['$','$'], ['\\\\(','\\\\)']]},\n                        skipTags: [\"body\"],\n                        processClass: \"bibbase_paper\"});\n  </script>\n\n  <style>\n  @media print {\n    .dontprint {\n        display: none !important;\n    }\n\n  .bibbase_group {\n    background-color: #E0E0E0;\n    font-style: italic;\n    font-size: larger;\n    text-shadow: 0px 0px 3px #FFFFFF;\n    border-radius: 4px 4px 4px 4px;\n    -moz-border-radius: 4px 4px 4px 4px;\n    -webkit-border-radius: 4px;\n    padding: 5px 40px 5px;\n    margin-top: 10px;\n    margin-bottom: 5px;\n    cursor: pointer;\n  }\n\n  .bibbase_paper {\n    margin-bottom: 5px;\n  }\n\n  }\n  </style>\n\n  \n  <div style=\"float: right; margin-right: 10px; margin-top: 10px; text-align: right; font-size: 12px\">\n    generated by\n    <a href=\"//bibbase.org\"\n       onclick=\"trackOutboundLink('bibbase', 'logo clicked', window.location.href, '//bibbase.org'); return false;\">\n      <img src=\"//bibbase.org/img/logo.svg\"\n           style=\"vertical-align: middle; margin-left: 3px; height: 16px;\"/\n           alt=\"bibbase.org\"\n           title=\"BibBase – The easiest way to maintain your publications page.\"\n        ></a>\n    \n  </div>\n  \n\n  <div id=\"bibbase_header\" class=\"dontprint\" style=\"\">\n\n    <ul class=\"nav nav-pills\" style=\"margin: 0px;\">\n\n      <li class=\"dropdown\" id=\"groupby_dropdown\">\n      <a class=\"dropdown-toggle\"\n         data-toggle=\"dropdown\"\n         href=\"#\">\n          Group by\n          <b class=\"caret\"></b>\n      </a>\n      <ul class=\"dropdown-menu\">\n        <li class=\"groupby year\"><a onclick=\"groupby('year')\">\n            Year</a>\n        </li>\n        <li class=\"groupby author\"><a onclick=\"groupby('author_short')\">\n            Author</a>\n        </li>\n        <li class=\"groupby type\"><a onclick=\"groupby('type')\">\n            Type</a>\n        </li>\n        <li class=\"groupby keyword\"><a onclick=\"groupby('keyword')\">\n            Keyword</a>\n        </li>\n        <li class=\"groupby downloads\"><a onclick=\"groupby('downloads')\">\n            Downloads</a>\n        </li>\n      </ul>\n      </li>\n\n\n      <li class=\"dropdown\" id=\"menu_dropdown\">\n      <a class=\"dropdown-toggle\"\n         data-toggle=\"dropdown\"\n         href=\"#\" alt=\"controls\">\n          <i class=\"fa fa-reorder\" alt=\"controls\"></i>\n          <b class=\"caret\"></b>\n      </a>\n      <ul class=\"dropdown-menu\">\n        <li>\n          <a onclick=\"toggleAll()\">\n            <i class=\"fa fa-chevron-down fa-fw\"></i> Expand/Collapse All\n          </a>\n        </li>\n        <li>\n          <a download=\"lcd.bib\" href=\"data:text/bibtex;base64,QGFydGljbGV7TGVfamNzbTIwMTgsCmFic3RyYWN0ID0ge0JvdG5ldHMgcmVwcmVzZW50IG9uZSBvZiB0aGUgbW9zdCBkZXN0cnVjdGl2ZSBjeWJlcnNlY3VyaXR5IHRocmVhdHMuIEdpdmVuIHRoZSBldm9sdXRpb24gb2YgdGhlIHN0cnVjdHVyZXMgYW5kIHByb3RvY29scyBib3RuZXRzIHVzZSwgbWFueSBtYWNoaW5lIGxlYXJuaW5nIGFwcHJvYWNoZXMgaGF2ZSBiZWVuIHByb3Bvc2VkIGZvciBib3RuZXQgYW5hbHlzaXMgYW5kIGRldGVjdGlvbi4gSW4gdGhlIGxpdGVyYXR1cmUsIGludHJ1c2lvbiBhbmQgYW5vbWFseSBkZXRlY3Rpb24gc3lzdGVtcyBiYXNlZCBvbiB1bnN1cGVydmlzZWQgbGVhcm5pbmcgdGVjaG5pcXVlcyBzaG93ZWQgcHJvbWlzaW5nIHBlcmZvcm1hbmNlcy4gVGhpcyBwYXBlciBpbnZlc3RpZ2F0ZXMgdGhlIGNhcGFiaWxpdHkgb2YgdGhlIFNlbGYgT3JnYW5pemluZyBNYXAgKFNPTSksIGFuIHVuc3VwZXJ2aXNlZCBsZWFybmluZyB0ZWNobmlxdWUgYXMgYSBkYXRhIGFuYWx5dGljcyBzeXN0ZW0uIEluIGRvaW5nIHNvLCB0aGUgYWltIGlzIHRvIHVuZGVyc3RhbmQgaG93IGZhciBzdWNoIGFuIGFwcHJvYWNoIGNvdWxkIGJlIHB1c2hlZCB0byBhbmFseXplIHRoZSBuZXR3b3JrIHRyYWZmaWMsIGFuZCB0byBkZXRlY3QgbWFsaWNpb3VzIGJlaGF2aW91cnMgaW4gdGhlIHdpbGQuIFRvIHRoaXMgZW5kLCB0aHJlZSBkaWZmZXJlbnQgdW5zdXBlcnZpc2VkIFNPTSB0cmFpbmluZyBzY2VuYXJpb3MgZm9yIGRpZmZlcmVudCBkYXRhIGFjcXVpc2l0aW9uIGNvbmRpdGlvbnMgYXJlIGRlc2lnbmVkLCBpbXBsZW1lbnRlZCBhbmQgZXZhbHVhdGVkLiBUaGUgYXBwcm9hY2ggaXMgZXZhbHVhdGVkIG9uIHB1YmxpY2x5IGF2YWlsYWJsZSBuZXR3b3JrIHRyYWZmaWMgKGZsb3dzKSBhbmQgd2ViIHNlcnZlciBhY2Nlc3MgKHdlYiByZXF1ZXN0cykgZGF0YXNldHMuIFRoZSByZXN1bHRzIHNob3cgdGhhdCB0aGUgYXBwcm9hY2ggaGFzIGEgaGlnaCBwb3RlbnRpYWwgYXMgYSBkYXRhIGFuYWx5dGljcyB0b29sIG9uIHVua25vd24gdHJhZmZpYy93ZWIgc2VydmljZSByZXF1ZXN0cywgYW5kIHVuc2VlbiBhdHRhY2sgYmVoYXZpb3Vycy4gTWFsaWNpb3VzIGJlaGF2aW91cnMgYm90aCBvbiBuZXR3b3JrIGFuZCBzZXJ2aWNlIGRhdGFzZXRzIHVzZWQgY291bGQgYmUgaWRlbnRpZmllZCB3aXRoIGEgaGlnaCBhY2N1cmFjeS4gRnVydGhlcm1vcmUsIHRoZSBhcHByb2FjaCBhY2hpZXZlcyBjb21wYXJhYmxlIHBlcmZvcm1hbmNlcyB0byB0aGF0IG9mIHBvcHVsYXIgc3VwZXJ2aXNlZCBhbmQgdW5zdXBlcnZpc2VkIGxlYXJuaW5nIG1ldGhvZHMgaW4gdGhlIGxpdGVyYXR1cmUuIExhc3QgYnV0IG5vdCB0aGUgbGVhc3QsIGl0IHByb3ZpZGVzIHVuaXF1ZSB2aXN1YWxpemF0aW9uIGNhcGFiaWxpdGllcyBmb3IgZW5hYmxpbmcgYSBzaW1wbGUgeWV0IGVmZmVjdGl2ZSBuZXR3b3JrL3NlcnZpY2UgZGF0YSBhbmFseXRpY3MgZm9yIHNlY3VyaXR5IG1hbmFnZW1lbnQufSwKYXV0aG9yID0ge0R1YyBDLiBMZSBhbmQgQS4gTnVyIFppbmNpci1IZXl3b29kIGFuZCBNYWxjb2xtIEkuIEhleXdvb2R9LApqb3VybmFsID0ge0pvdXJuYWwgb2YgQ3liZXIgU2VjdXJpdHkgYW5kIE1vYmlsaXR5fSwKa2V5d29yZHMgPSB7bmV0d29yayBhbmQgc2VydmljZSBkYXRhIGFuYWx5c2lzLCB1bnN1cGVydmlzZWQgbGVhcm5pbmcsIG1hbGljaW91cyBiZWhhdmlvdXIgYW5hbHlzaXN9LApudW1iZXIgPSB7Mn0sCnBhZ2VzID0gezE1LS01Mn0sCnRpdGxlID0ge1Vuc3VwZXJ2aXNlZCBNb25pdG9yaW5nIG9mIE5ldHdvcmsgYW5kIFNlcnZpY2UgQmVoYXZpb3VyIFVzaW5nIFNlbGYgT3JnYW5pemluZyBNYXBzfSwKdm9sdW1lID0gezh9LAppc3N1ZSA9IHsxfSwKeWVhciA9IHsyMDE4fSwKdXJsID0ge2h0dHBzOi8vd3d3LnJpdmVycHVibGlzaGVycy5jb20vam91cm5hbF9yZWFkX2h0bWxfYXJ0aWNsZS5waHA/aj1KQ1NNLzgvMS8yfSwKZG9pID0gezEwLjEzMDUyL2pjc20yMjQ1LTE0MzkuODEyfQp9CgoKCgpAYXJ0aWNsZXtIb2FuZzIwMTUsCmFic3RyYWN0ID0ge1RoZSBJRUVFIDgwMi4xMWUgc3RhbmRhcmQgaGFzIGJlZW4gaW50cm9kdWNlZCB0byBzdXBwb3J0IHNlcnZpY2UgZGlmZmVyZW50aWF0aW9uIGZvciB3aXJlbGVzcyBsb2NhbCBhcmVhIG5ldHdvcmtzLiBJbiB3aXJlbGVzcyBtdWx0aS1ob3AgbmV0d29ya3MsIHRoZSBwZXJmb3JtYW5jZSBvZiBJRUVFIDgwMi4xMWUgRURDQSBoYXMgdG8gY29uZnJvbnQgd2l0aCBzb21lIHByYWN0aWNhbCBwcm9ibGVtcyBzdWNoIGFzIHVuc2F0dXJhdGlvbiB0cmFmZmljIGFuZCBoaWRkZW4gbm9kZSBwcm9ibGVtLiBIZW5jZSwgdGhpcyBwcm9ibGVtIGhhcyBhdHRyYWN0ZWQgbnVtZXJvdXMgc3R1ZGllcyBpbiByZWNlbnQgeWVhcnMsIGluIHdoaWNoIHNldmVyYWwgaW52ZXN0aWdhdGlvbnMgdXNlIGFuYWx5dGljIG1vZGVsIHRvIGV2YWx1YXRlIHRoZSBwZXJmb3JtYW5jZSBkdWUgdG8gaXRzIGFjY3VyYWN5IGFzcGVjdC4gSG93ZXZlciwgdGhlIGFjY3VyYWN5IGFuZCBjb21wbGV4aXR5IG9mIGFuYWx5dGljYWwgbW9kZWwgZGVwZW5kcyBvbiBhIHJhbmdlIG9mIGFzc3VtZWQgcGFyYW1ldGVycy4gVGhlIGNvbXBsZXhpdHkgY2F1c2VkIGJ5IHRoZSBpbnRyb2R1Y3Rpb24gb2YgcmVhbGlzdGljIGNvbmRpdGlvbnMgaW4gd2lyZWxlc3MgbXVsdGktaG9wIG5ldHdvcmtzIGlzIHRoZSBtYWpvciBjaGFsbGVuZ2Ugb2YgY3VycmVudCBzdHVkaWVzIGluIHRoaXMgZmllbGQuIFRvIG92ZXJjb21lIHRoaXMgY2hhbGxlbmdlLCB0aGlzIHBhcGVyIHByb3Bvc2VzIGFuIGFuYWx5dGljYWwgbW9kZWwgd2hpY2ggY292ZXJzIGZ1bGwgc3BlY2lmaWNhdGlvbiBvZiBJRUVFIDgwMi4xMWUgRURDQS4gVG8gcmVkdWNlIHRoZSBjb21wbGV4aXR5LCB0aGUgbW9kZWwgaXMgc2ltcGxpZmllZCBieSBkZWNvbXBvc2luZyB0aGUgcHJvYmxlbSBpbiB0d28gbW9kZWxzIGJhc2VkIG9uIE1hcmtvdiBjaGFpbiB0aGF0IGNhbiBiZSBlYXNpbHkgc29sdmVkIGJ5IG51bWVyaWNhbCBtZXRob2QuIFRoZSBwcm9wb3NlZCBtb2RlbCBpcyBwcmVzZW50ZWQgaW4gdGhlIHRoZW9yZXRpY2FsIGFzcGVjdCBhcyB3ZWxsIGFzIG51bWVyaWNhbCByZXN1bHRzIHRvIGNsYXJpZnkgaXRzIGFjY3VyYWN5Ln0sCmF1dGhvciA9IHtIb2FuZywgTWluaCBUcm9uZyBhbmQgSG9hbmcsIE1pbmggYW5kIExlLCBEdWMgQy59LApqb3VybmFsID0ge1ZOVSBKb3VybmFsIG9mIFNjaWVuY2U6IENvbXAuIFNjaWVuY2Uge1wmfSBDb20uIEVuZ30sCmtleXdvcmRzID0ge0hpZGRlbiBub2RlLElFRUUgODAyMTFlIEVEQ0EsTWFya292IGNoYWluLE11bHRpLWhvcCBuZXR3b3JrLFZpcnR1YWwgY29sbGlzaW9ufSwKbnVtYmVyID0gezF9LApwYWdlcyA9IHs0NS0tNTR9LAp0aXRsZSA9IHtBIENvbnRyaWJ1dGlvbiB0byBQZXJmb3JtYW5jZSBBbmFseXNpcyBBcHByb2FjaCBvZiB0aGUgSUVFRSA4MDIuMTEgRURDQSBpbiBXaXJlbGVzcyBNdWx0aS1ob3AgTmV0d29ya3N9LAp2b2x1bWUgPSB7MzF9LAp5ZWFyID0gezIwMTV9Cn0KCgoKCkBpbnByb2NlZWRpbmdze0xlX3NzY2kyMDE2LAphYnN0cmFjdCA9IHtCb3RuZXRzIHJlcHJlc2VudCBvbmUgb2YgdGhlIG1vc3QgZGVzdHJ1Y3RpdmUgY3liZXJzZWN1cml0eSB0aHJlYXRzLiBHaXZlbiB0aGUgZXZvbHV0aW9uIG9mIHRoZSBzdHJ1Y3R1cmVzIGFuZCBwcm90b2NvbHMgYm90bmV0cyB1c2UsIG1hbnkgbWFjaGluZSBsZWFybmluZyBhcHByb2FjaGVzIGhhdmUgYmVlbiBwcm9wb3NlZCBmb3IgYm90bmV0IGFuYWx5c2lzIGFuZCBkZXRlY3Rpb24uIEluIHRoZSBsaXRlcmF0dXJlLCBpbnRydXNpb24gYW5kIGFub21hbHkgZGV0ZWN0aW9uIHN5c3RlbXMgYmFzZWQgb24gdW5zdXBlcnZpc2VkIGxlYXJuaW5nIHRlY2huaXF1ZXMgc2hvd2VkIHByb21pc2luZyBwZXJmb3JtYW5jZXMuIEluIHRoaXMgcGFwZXIsIHdlIGludmVzdGlnYXRlIHRoZSBjYXBhYmlsaXR5IG9mIGVtcGxveWluZyB0aGUgU2VsZi1Pcmdhbml6aW5nIE1hcCAoU09NKSwgYW4gdW5zdXBlcnZpc2VkIGxlYXJuaW5nIHRlY2huaXF1ZSBhcyBhIGRhdGEgYW5hbHl0aWNzIHN5c3RlbS4gSW4gZG9pbmcgc28sIG91ciBhaW0gaXMgdG8gdW5kZXJzdGFuZCBob3cgZmFyIHN1Y2ggYW4gYXBwcm9hY2ggY291bGQgYmUgcHVzaGVkIHRvIGFuYWx5emUgdW5rbm93biB0cmFmZmljIHRvIGRldGVjdCBib3RuZXRzLiBUbyB0aGlzIGVuZCwgd2UgZW1wbG95ZWQgdGhyZWUgZGlmZmVyZW50IHVuc3VwZXJ2aXNlZCB0cmFpbmluZyBzY2hlbWVzIHVzaW5nIHB1YmxpY2x5IGF2YWlsYWJsZSBib3RuZXQgZGF0YSBzZXRzLiBPdXIgcmVzdWx0cyBzaG93IHRoYXQgU09NcyBwb3NzZXNzIGhpZ2ggcG90ZW50aWFsIGFzIGEgZGF0YSBhbmFseXRpY3MgdG9vbCBvbiB1bmtub3duIHRyYWZmaWMuIFRoZXkgY2FuIGlkZW50aWZ5IHRoZSBib3RuZXQgYW5kIG5vcm1hbCBmbG93cyB3aXRoIGhpZ2ggY29uZmlkZW5jZSBhcHByb3hpbWF0ZWx5IDk5e1wlfSBvZiB0aGUgdGltZSBvbiB0aGUgZGF0YSBzZXRzIGVtcGxveWVkIGluIHRoaXMgd29yay59LAphdXRob3IgPSB7TGUsIER1YyBDLiBhbmQgWmluY2lyLUhleXdvb2QsIEEuIE51ciBhbmQgSGV5d29vZCwgTWFsY29sbSBJLn0sCmJvb2t0aXRsZSA9IHtJRUVFIFN5bXBvc2l1bSBTZXJpZXMgb24gQ29tcHV0YXRpb25hbCBJbnRlbGxpZ2VuY2UgKFNTQ0kgJzE2KX0sCmRvaSA9IHsxMC4xMTA5L1NTQ0kuMjAxNi43ODUwMDc4fSwKaXNibiA9IHs5NzgxNTA5MDQyNDAxfSwKa2V5d29yZHMgPSB7YW5vbWFseSBkZXRlY3Rpb24gc3lzdGVtcyxib3RuZXQgYmVoYXZpb3VyIGRldGVjdGlvbixjb21wdXRlciBuZXR3b3JrIHNlY3VyaXR5LGRhdGEgYW5hbHl0aWNzLHNlbGYtb3JnYW5pc2luZyBmZWF0dXJlIG1hcHMsdW5zdXBlcnZpc2VkIGxlYXJuaW5nfSwKdGl0bGUgPSB7RGF0YSBhbmFseXRpY3Mgb24gbmV0d29yayB0cmFmZmljIGZsb3dzIGZvciBib3RuZXQgYmVoYXZpb3VyIGRldGVjdGlvbn0sCnllYXIgPSB7MjAxNn0sCnVybF9QYXBlciA9IHtTU0NJMTZfcGFwZXJfMjI5LnBkZn0KfQoKCkBpbnByb2NlZWRpbmdze0hhZGRhZGksCmFic3RyYWN0ID0ge0JvdG5ldHMgcmVwcmVzZW50IG9uZSBvZiB0aGUgbW9zdCBzaWduaWZpY2FudCB0aHJlYXRzIGFnYWluc3QgY3liZXIgc2VjdXJpdHkuIFRoZXkgZW1wbG95IGRpZmZlcmVudCB0ZWNobmlxdWVzLCB0b3BvbG9naWVzIGFuZCBjb21tdS1uaWNhdGlvbiBwcm90b2NvbHMgaW4gZGlmZmVyZW50IHN0YWdlcyBvZiB0aGVpciBsaWZlY3ljbGUuIEhlbmNlLCBpZGVudGlmeWluZyBib3RuZXRzIGhhdmUgYmVjb21lIHZlcnkgY2hhbGxlbmdpbmcgc3BlY2lmaWNhbGx5IGdpdmVuIHRoYXQgdGhleSBjYW4gdXBncmFkZSB0aGVpciBtZXRob2RvbG9neSBhdCBhbnkgdGltZS4gSW4gdGhpcyB3b3JrLCB3ZSBpbnZlc3RpZ2F0ZSBmb3VyIGRpZmZlcmVudCBib3RuZXQgZGV0ZWN0aW9uIGFwcHJvYWNoZXMgYmFzZWQgb24gdGhlIHRlY2huaXF1ZSB1c2VkIGFuZCB0eXBlIG9mIGRhdGEgZW1wbG95ZWQuIFR3byBvZiB0aGVtIGFyZSBwdWJsaWMgcnVsZSBiYXNlZCBzeXN0ZW1zIChCb3RIdW50ZXIgYW5kIFNub3J0KSBhbmQgdGhlIG90aGVyIHR3byBhcmUgZGF0YSBtaW5pbmcgYmFzZWQgdGVjaC1uaXF1ZXMgd2l0aCBkaWZmZXJlbnQgZmVhdHVyZSBleHRyYWN0aW9uIG1ldGhvZHMgKHBhY2tldCBwYXlsb2FkIGJhc2VkIGFuZCB0cmFmZmljIGZsb3cgYmFzZWQpLiBUaGUgcGVyZm9ybWFuY2Ugb2YgdGhlc2Ugc3lzdGVtcyByYW5nZSBmcm9tIDB7XCV9IHRvIDEwMHtcJX0gb24gdGhlIGZpdmUgcHVibGljbHkgYXZhaWxhYmxlIGJvdG5ldCBkYXRhIHNldHMgZW1wbG95ZWQgaW4gdGhpcyB3b3JrLiBXZSBkaXNjdXNzIHRoZSBldmFsdWF0aW9uIHJlc3VsdHMgZm9yIHRoZXNlIGRpZmZlcmVudCBzeXN0ZW1zLCB0aGVpciBmZWF0dXJlcyBhbmQgdGhlIG1vZGVscyBsZWFybmVkIGJ5IHRoZSBkYXRhIG1pbmluZyBiYXNlZCB0ZWNobmlxdWVzLn0sCmF1dGhvciA9IHtIYWRkYWRpLCBGYXJpYmEgYW5kIExlLCBEdWMgQy4gYW5kIFBvcnRlciwgTGF1cmEgYW5kIFppbmNpci1IZXl3b29kLCBBLiBOdXJ9LAp0aXRsZSAgICAgPSB7T24gdGhlIEVmZmVjdGl2ZW5lc3Mgb2YgRGlmZmVyZW50IEJvdG5ldCBEZXRlY3Rpb24gQXBwcm9hY2hlc30sCmJvb2t0aXRsZSA9IHsxMXRoIEludGVybmF0aW9uYWwgQ29uZmVyZW5jZSBvbiBJbmZvcm1hdGlvbiBTZWN1cml0eSBQcmFjdGljZSBhbmQgRXhwZXJpZW5jZSAoe0lTUEVDfSAnMTUpfSwgCmtleXdvcmRzID0ge0JvdG5ldCBkZXRlY3Rpb24sRmVhdHVyZSBleHRyYWN0aW9uLFRyYWZmaWMgYW5hbHlzaXN9LApwYWdlcyA9IHsxMjEtLTEzNX0sCnllYXIgPSB7MjAxNX0sCmRvaSA9IHsxMC4xMDA3Lzk3OC0zLTMxOS0xNzUzMy0xXzl9Cn0KCgoKQGluY29sbGVjdGlvbntMZV8yMDE4LAphdXRob3I9IkxlLCBEdWMgQy4KYW5kIFppbmNpci1IZXl3b29kLCBOdXIiLAplZGl0b3I9IlNha3IsIFNoZXJpZgphbmQgWm9tYXlhLCBBbGJlcnQiLAp0aXRsZT0iQmlnIERhdGEgaW4gTmV0d29yayBBbm9tYWx5IERldGVjdGlvbiIsCmJvb2tUaXRsZT0iRW5jeWNsb3BlZGlhIG9mIEJpZyBEYXRhIFRlY2hub2xvZ2llcyIsCnllYXI9IjIwMTgiLApwdWJsaXNoZXI9IlNwcmluZ2VyIEludGVybmF0aW9uYWwgUHVibGlzaGluZyIsCnBhZ2VzPSIxLS05IiwKaXNibj0iOTc4LTMtMzE5LTYzOTYyLTgiLApkb2k9IjEwLjEwMDcvOTc4LTMtMzE5LTYzOTYyLThfMTYxLTEiLApfdXJsPSJodHRwczovL2RvaS5vcmcvMTAuMTAwNy85NzgtMy0zMTktNjM5NjItOF8xNjEtMSIKfQoKCgpAaW5wcm9jZWVkaW5nc3tMZV9nZWNjbzIwMTgsCiBhYnN0cmFjdCA9IHtJbnNpZGVyIHRocmVhdCBkZXRlY3Rpb24gcmVwcmVzZW50cyBhIGNoYWxsZW5naW5nIHByb2JsZW0gdG8gY29tcGEtIG5pZXMgYW5kIG9yZ2FuaXphdGlvbnMgd2hlcmUgbWFsaWNpb3VzIGFjdGlvbnMgYXJlIHBlcmZvcm1lZCBieSBhdXRob3JpemVkIHVzZXJzLiBUaGlzIGlzIGEgaGlnaGx5IHNrZXdlZCBkYXRhIHByb2JsZW0sIHdoZXJlIHRoZSBodWdlIGNsYXNzIGltYmFsYW5jZSBtYWtlcyB0aGUgYWRhcHRhdGlvbiBvZiBsZWFybmluZyBhbGdvcml0aG1zIHRvIHRoZSByZWFsIHdvcmxkIGNvbnRleHQgdmVyeSBkaWZmaWN1bHQuIEluIHRoaXMgd29yaywgYXBwbGljYXRpb25zIG9mIGdlbmV0aWMgcHJvZ3JhbW1pbmcgKEdQKSBhbmQgc3RyZWFtIGFjdGl2ZSBsZWFybmluZyBhcmUgZXZhbHVhdGVkIGZvciBpbnNpZGVyIHRocmVhdCBkZXRlY3Rpb24uIExpbmVhciBHUCB3aXRoIGxleGljYXNlL211bHRpLW9iamVjdGl2ZSBzZWxlY3Rpb24gaXMgZW1wbG95ZWQgdG8gYWRkcmVzcyB0aGUgcHJvYmxlbSB1bmRlciBhIHN0YXRpb25hcnkgZGF0YSBhc3N1bXB0aW9uLiBNb3Jlb3Zlciwgc3RyZWFtaW5nIEdQIGlzIGVtcGxveWVkIHRvIGFkZHJlc3MgdGhlIHByb2JsZW0gdW5kZXIgYSBub24tc3RhdGlvbmFyeSBkYXRhIGFzc3VtcHRpb24uIEV4cGVyaW1lbnRzIGNvbmR1Y3RlZCBvbiBhIHB1YmxpY2x5IGF2YWlsYWJsZSBjb3Jwb3JhdGUgZGF0YSBzZXQgc2hvdyB0aGUgY2FwYS0gYmlsaXR5IG9mIHRoZSBhcHByb2FjaGVzIGluIGRlYWxpbmcgd2l0aCBleHRyZW1lIGNsYXNzIGltYmFsYW5jZSwgc3RyZWFtIGxlYXJuaW5nIGFuZCBhZGFwdGF0aW9uIHRvIHRoZSByZWFsIHdvcmxkIGNvbnRleHQufSwKIGF1dGhvciA9IHtMZSwgRHVjIEMuIGFuZCBLaGFuY2hpLCBTYXJhIGFuZCBaaW5jaXItSGV5d29vZCwgQS4gTnVyIGFuZCBIZXl3b29kLCBNYWxjb2xtIEkufSwKIHRpdGxlID0ge0JlbmNobWFya2luZyBFdm9sdXRpb25hcnkgQ29tcHV0YXRpb24gQXBwcm9hY2hlcyB0byBJbnNpZGVyIFRocmVhdCBEZXRlY3Rpb259LAogYm9va3RpdGxlID0ge0dlbmV0aWMgYW5kIEV2b2x1dGlvbmFyeSBDb21wdXRhdGlvbiBDb25mZXJlbmNlIChHRUNDTyAnMTgpfSwKIHllYXIgPSB7MjAxOH0sCiBwYWdlcyA9IHsxMjg2LS0xMjkzfSwKIF91cmwgPSB7aHR0cDovL2RvaS5hY20ub3JnLzEwLjExNDUvMzIwNTQ1NS4zMjA1NjEyfSwKIGRvaSA9IHsxMC4xMTQ1LzMyMDU0NTUuMzIwNTYxMn0sCiBrZXl3b3JkcyA9IHtjeWJlci1zZWN1cml0eSwgaW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9ufSwKIHVybF9QYXBlciA9IHtsY2RfZ2VjY28xOC5wZGZ9LAogbm90ZSA9IHtCZXN0IHBhcGVyIGF3YXJkIC0gUldBIHRyYWNrfSwKfSAKCgoKCkBpbnByb2NlZWRpbmdze0xlX3NwdzIwMTgsCiBhYnN0cmFjdCA9IHtJbnNpZGVyIHRocmVhdCBpcyBhIHByb21pbmVudCBjeWJlci1zZWN1cml0eSBkYW4tIGdlciBmYWNlZCBieSBvcmdhbml6YXRpb25zIGFuZCBjb21wYW5pZXMuIEluIHRoaXMgcmVzZWFyY2gsIHdlIHN0dWR5IGFuZCBldmFsdWF0ZSBhbiBpbnNpZGVyIHRocmVhdCBkZXRlY3Rpb24gd29ya2Zsb3cgdXNpbmcgc3VwZXJ2aXNlZCBhbmQgdW5zdXBlcnZpc2VkIGxlYXJuaW5nIGFsZ29yaXRobXMuIFRvIHRoaXMgZW5kLCB3ZSBzdHVkeSBkYXRhIGV4cGxvcmF0aW9uIGFuZCBhbmFseXNpcywgYW5vbWFseSBkZXRlY3Rpb24gYW5kIG1hbGljaW91cyBiZWhhdmlvdXIgY2xhc3NpZmljYXRpb24gb24gYSBwdWJsaWNseSBhdmFpbGFibGUgZGF0YSBzZXQuIFdlIGV2YWx1YXRlIHNldmVyYWwgc3VwZXJ2aXNlZCBhbmQgdW5zdXBlcnZpc2VkIGxlYXJuaW5nIGFsZ29yaXRobXMgLSBITU0sIFNPTSwgYW5kIERUIC0gdXNpbmcgdGhpcyB3b3JrZmxvdy59LAogYXV0aG9yID0ge0xlLCBEdWMgQy4gYW5kIFppbmNpci1IZXl3b29kLCBBLiBOdXJ9LAogdGl0bGUgPSB7RXZhbHVhdGluZyBJbnNpZGVyIFRocmVhdCBEZXRlY3Rpb24gV29ya2Zsb3cgVXNpbmcgU3VwZXJ2aXNlZCBhbmQgVW5zdXBlcnZpc2VkIExlYXJuaW5nfSwKIGJvb2t0aXRsZSA9IHtJRUVFIFNlY3VyaXR5IGFuZCBQcml2YWN5IFdvcmtzaG9wcyAoU1BXICcxOCl9LAogeWVhciA9IHsyMDE4fSwKIGFkZHJlc3MgPSB7U2FuIEZyYW5jaXNjbywgQ0EsIFVTQX0sCiBwYWdlcyA9IHsyNzAtMjc1fSwKIGRvaSA9IHsxMC4xMTA5L1NQVy4yMDE4LjAwMDQzfSwKIGtleXdvcmRzID0ge0luc2lkZXIgVGhyZWF0IERldGVjdGlvbiwgVW5zdXBlcnZpc2VkIE1hY2hpbmUgTGVhcm5pbmcsIFN1cGVydmlzZWQgTWFjaGluZSBMZWFybmluZywgQW5vbWFseSBkZXRlY3Rpb24sIEJlaGF2aW91ciBDbGFzc2lmaWNhdGlvbn0sCiB1cmwgPSB7aHR0cHM6Ly9pZWVleHBsb3JlLmllZWUub3JnL2Fic3RyYWN0L2RvY3VtZW50Lzg0MjQ2NTkvfSwKIHVybF9QYXBlciA9IHtsY2Rfc3B3MjAxOC5wZGZ9Cn0KCgoKQGlucHJvY2VlZGluZ3N7TGVfZGlzc2VjdDIwMTksCmFic3RyYWN0ID0ge1JlY2VudGx5LCBtYWxpY2lvdXMgaW5zaWRlciBhdHRhY2tzIHJlcHJlc2VudCBvbmUgb2YgdGhlIG1vc3QgZGFtYWdpbmcgdGhyZWF0cyB0byBjb21wYW5pZXMgYW5kIGdvdmVybm1lbnQgYWdlbmNpZXMuIFRoaXMgcGFwZXIgcHJvcG9zZXMgIGEgbmV3IGZyYW1ld29yayBpbiBjb25zdHJ1Y3RpbmcgYSB1c2VyLWNlbnRlcmVkIG1hY2hpbmUgbGVhcm5pbmcgYmFzZWQgaW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9uIHN5c3RlbSBvbiBtdWx0aXBsZSBkYXRhIGdyYW51bGFyaXR5IGxldmVscy4gU3lzdGVtIGV2YWx1YXRpb25zIGFuZCBhbmFseXNpcyBhcmUgcGVyZm9ybWVkIG5vdCBvbmx5IG9uIGluZGl2aWR1YWwgZGF0YSBpbnN0YW5jZXMgYnV0IGFsc28gb24gbm9ybWFsIGFuZCBtYWxpY2lvdXMgaW5zaWRlcnMsIHdoZXJlIGluc2lkZXIgc2NlbmFyaW8gc3BlY2lmaWMgcmVzdWx0cyBhbmQgZGVsYXkgaW4gZGV0ZWN0aW9uIGFyZSByZXBvcnRlZCBhbmQgZGlzY3Vzc2VkLiBPdXIgcmVzdWx0cyBzaG93IHRoYXQgdGhlIG1hY2hpbmUgbGVhcm5pbmcgYmFzZWQgZGV0ZWN0aW9uIHN5c3RlbSBjYW4gbGVhcm4gZnJvbSBsaW1pdGVkIGdyb3VuZCB0cnV0aCBhbmQgZGV0ZWN0IG5ldyBtYWxpY2lvdXMgaW5zaWRlcnMgd2l0aCBhIGhpZ2ggYWNjdXJhY3kufSwKYXV0aG9yID0ge0xlLCBEdWMgQy4gYW5kIFppbmNpci1IZXl3b29kLCBBLiBOdXJ9LApib29rdGl0bGU9e0lGSVAvSUVFRSBJbnRlcm5hdGlvbmFsIFN5bXBvc2l1bSBvbiBJbnRlZ3JhdGVkIE5ldHdvcmsgTWFuYWdlbWVudH0sIAp0aXRsZT17TWFjaGluZSBsZWFybmluZyBiYXNlZCBJbnNpZGVyIFRocmVhdCBNb2RlbGxpbmcgYW5kIERldGVjdGlvbn0sIAp5ZWFyPXsyMDE5fSwKbW9udGg9YXByLAphZGRyZXNzID0ge1dhc2hpbmd0b24gREMsIFVTQX0sCnVybF9wYXBlciA9IHtodHRwOi8vZGwuaWZpcC5vcmcvZGIvY29uZi9pbS9pbTIwMTktd3MyLWRpc3NlY3QvMTkxODA1LnBkZn0KfQoKCgpAaW5wcm9jZWVkaW5nc3tMZV9HZWNjbzIwMTksCiBhdXRob3IgPSB7TGUsIER1YyBDLiBhbmQgSGV5d29vZCwgTWFsY29sbSBJLiBhbmQgWmluY2lyLUhleXdvb2QsIE51cn0sCiB0aXRsZSA9IHtCZW5jaG1hcmtpbmcgR2VuZXRpYyBQcm9ncmFtbWluZyBpbiBEeW5hbWljIEluc2lkZXIgVGhyZWF0IERldGVjdGlvbn0sCiBib29rdGl0bGUgPSB7UHJvY2VlZGluZ3Mgb2YgdGhlIEdlbmV0aWMgYW5kIEV2b2x1dGlvbmFyeSBDb21wdXRhdGlvbiBDb25mZXJlbmNlIENvbXBhbmlvbn0sCiBfc2VyaWVzID0ge0dFQ0NPICcxOX0sCiB5ZWFyID0gezIwMTl9LAogbW9udGg9anVsLAogaXNibiA9IHs5NzgtMS00NTAzLTY3NDgtNn0sCiBsb2NhdGlvbiA9IHtQcmFndWUsIEN6ZWNoIFJlcHVibGljfSwKIHBhZ2VzID0gezM4NS0tMzg2fSwKIG51bXBhZ2VzID0gezJ9LAogdXJsID0ge2h0dHA6Ly9kb2kuYWNtLm9yZy8xMC4xMTQ1LzMzMTk2MTkuMzMyMjAyOX0sCiBkb2kgPSB7MTAuMTE0NS8zMzE5NjE5LjMzMjIwMjl9LAogYWNtaWQgPSB7MzMyMjAyOX0sCiBfcHVibGlzaGVyID0ge0FDTX0sCiBfYWRkcmVzcyA9IHtOZXcgWW9yaywgTlksIFVTQX0sCiBrZXl3b3JkcyA9IHtjeWJlci1zZWN1cml0eSwgZHluYW1pYyBlbnZpcm9ubWVudCwgaW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9ufSwKIHVybF9wYXBlciA9IHtsZV9nZWNjbzIwMTkucGRmfQp9IAoKCgpASU5QUk9DRUVESU5HU3tMZV9jbnNtMjAxOSwKQVVUSE9SPSJEdWMgQy4gTGUgYW5kIE51ciBaaW5jaXItSGV5d29vZCIsClRJVExFPSJMZWFybmluZyBGcm9tIEV2b2x2aW5nIE5ldHdvcmsgRGF0YSBmb3IgRGVwZW5kYWJsZSBCb3RuZXQgRGV0ZWN0aW9uIiwKQk9PS1RJVExFPSJJbnRlcm5hdGlvbmFsIENvbmZlcmVuY2Ugb24gTmV0d29yayBhbmQgU2VydmljZSBNYW5hZ2VtZW50IChDTlNNIDIwMTkpIiwKQUREUkVTUz0iSGFsaWZheCwgQ2FuYWRhIiwKREFZUz0yMSwKTU9OVEg9b2N0LApZRUFSPTIwMTksCnVybF9QYXBlciA9IHtodHRwOi8vZGwuaWZpcC5vcmcvZGIvY29uZi9jbnNtL2Nuc20yMDE5LzE1NzA1NjQ5NTMucGRmfSwKQUJTVFJBQ1Q9IlRoaXMgd29yayBwcmVzZW50cyBhbiBlbWVyZ2luZyBwcm9ibGVtIGluIHJlYWwtd29ybGQgYXBwbGljYXRpb25zIG9mCm1hY2hpbmUgbGVhcm5pbmcgKE1MKSBpbiBjeWJlcnNlY3VyaXR5LCBwYXJ0aWN1bGFybHkgaW4gYm90bmV0IGRldGVjdGlvbiwKd2hlcmUgdGhlIGR5bmFtaWNzIGFuZCB0aGUgZXZvbHV0aW9uIGluIHRoZSBkZXBsb3ltZW50IGVudmlyb25tZW50cyBtYXkKcmVuZGVyIHRoZSBNTCBzb2x1dGlvbnMgaW5hZGVxdWF0ZS4gV2UgcHJvcG9zZSBhbiBhcHByb2FjaCB0byB0YWNrbGUgdGhpcwpjaGFsbGVuZ2UgdXNpbmcgR2VuZXRpYyBQcm9ncmFtbWluZyAoR1ApIC0gYW4gZXZvbHV0aW9uYXJ5IGNvbXB1dGF0aW9uCmJhc2VkIGFwcHJvYWNoLiBQcmVsaW1pbmFyeSByZXN1bHRzIHNob3cgdGhhdCBHUCBpcyBhYmxlIHRvIGV2b2x2ZQpwcmUtdHJhaW5lZCBjbGFzc2lmaWVycyB0byB3b3JrIHVuZGVyIGV2b2x2ZWQgKGV4cGFuZGVkKSBmZWF0dXJlIHNwYWNlCmNvbmRpdGlvbnMuIFRoaXMgaW5kaWNhdGVzIHRoZSBwb3RlbnRpYWwgdXNlIG9mIHN1Y2ggYW4gYXBwcm9hY2ggZm9yIGJvdG5ldApkZXRlY3Rpb24gdW5kZXIgbm9uLXN0YXRpb25hcnkgZW52aXJvbm1lbnRzLCB3aGVyZSBtdWNoIGxlc3MgZGF0YSBhbmQKdHJhaW5pbmcgdGltZSBhcmUgcmVxdWlyZWQgdG8gb2J0YWluIGEgcmVsaWFibGUgY2xhc3NpZmllciBhcyBuZXcgbmV0d29yawpjb25kaXRpb25zIGFyaXNlLiIKfQoKCgpASU5QUk9DRUVESU5HU3tGZXJyZWlyYV9jbnNtMjAxOSwKQVVUSE9SPSJQZWRybyBGZXJyZWlyYSBhbmQgRHVjIEMuIExlIGFuZCBOdXIgWmluY2lyLUhleXdvb2QiLApUSVRMRT0iRXhwbG9yaW5nIEZlYXR1cmUgTm9ybWFsaXphdGlvbiBhbmQgVGVtcG9yYWwgSW5mb3JtYXRpb24gZm9yIE1hY2hpbmUKTGVhcm5pbmcgQmFzZWQgSW5zaWRlciBUaHJlYXQgRGV0ZWN0aW9uIiwKQk9PS1RJVExFPSJJbnRlcm5hdGlvbmFsIENvbmZlcmVuY2Ugb24gTmV0d29yayBhbmQgU2VydmljZSBNYW5hZ2VtZW50IChDTlNNIDIwMTkpIiwKQUREUkVTUz0iSGFsaWZheCwgQ2FuYWRhIiwKdXJsX1BhcGVyID0ge2h0dHA6Ly9kbC5pZmlwLm9yZy9kYi9jb25mL2Nuc20vY25zbTIwMTkvMTU3MDU2NjA2Ni5wZGZ9LApEQVlTPTIxLApNT05USD1vY3QsCllFQVI9MjAxOSwKS0VZV09SRFM9Ikluc2lkZXIgVGhyZWF0IERldGVjdGlvbjsgZGF0YSBub3JtYWxpemF0aW9uOyB0ZW1wb3JhbCBpbmZvcm1hdGlvbiIsCkFCU1RSQUNUPSJJbnNpZGVyIHRocmVhdCBpcyBvbmUgb2YgdGhlIG1vc3QgZGFtYWdpbmcgY3liZXJzZWN1cml0eSBhdHRhY2tzIHRvCmNvbXBhbmllcyBhbmQgb3JnYW5pemF0aW9ucy4gVGhlIHRocmVhdHMgYXJlIGFsc28gaGFyZCB0byBkZXRlY3QsIGxhcmdlbHkKZHVlIHRvIGl0cyBuYXR1cmUgdGhhdCBtYWxpY2lvdXMgYWN0aW9ucyBhcmUgcGVyZm9ybWVkIGJ5IHRoZSBpbnNpZGVycy4gSW4KdGhpcyBwYXBlciwgd2UgZXhwbG9yZSBkaWZmZXJlbnQgdGVjaG5pcXVlcyB0byBsZXZlcmFnZSBzcGF0aWFsIGFuZAp0ZW1wb3JhbCBjaGFyYWN0ZXJpc3RpY3Mgb2YgdXNlciBiZWhhdmlvdXJzIChhY3Rpb25zKS4gSW4gcGFydGljdWxhciwKZmVhdHVyZSBub3JtYWxpemF0aW9uIChzY2FsaW5nKSB0ZWNobmlxdWVzIGFuZCBhIHNjaGVtZSBmb3IgcmVwcmVzZW50aW5nCmV4cGxpY2l0IHRlbXBvcmFsIGluZm9ybWF0aW9uIGFyZSBleHBsb3JlZCB0byBpbXByb3ZlIHRoZSBwZXJmb3JtYW5jZSBvZgp0aGUgbWFjaGluZSBsZWFybmluZyBiYXNlZCBpbnNpZGVyIHRocmVhdCBkZXRlY3Rpb24gc3lzdGVtcy4gVGhlIG9idGFpbmVkCnJlc3VsdHMgc2hvdyB0aGF0IHRoZXNlIGRhdGEgY2hhcmFjdGVyaXN0aWNzIGhhdmUgZGlmZmVyZW50IGVmZmVjdHMgb24KZGlmZmVyZW50IGluc2lkZXIgdGhyZWF0IGNsYXNzaWZpZXJzLiBUaGlzIHNob3dzIGEgcHJvbWlzaW5nIGZ1dHVyZQpyZXNlYXJjaCBkaXJlY3Rpb24gZm9yIGZ1cnRoZXIgYW5hbHlzaXMgb2YgZGlmZmVyZW50IHVzZXIgYmVoYXZpb3Vycy4iCn0KCgoKQGlucHJvY2VlZGluZ3N7TGVfc3NjaTIwMTksCmFic3RyYWN0ID0ge0RpZmZlcmVudCB2YXJpYXRpb25zIGluIGRlcGxveW1lbnQgZW52aXJvbm1lbnRzIG9mIG1hY2hpbmUgbGVhcm5pbmcgdGVjaG5pcXVlcyBtYXkgYWZmZWN0IHRoZSBwZXJmb3JtYW5jZSBvZiB0aGUgaW1wbGVtZW50ZWQgc3lzdGVtcy4gVGhlIHZhcmlhdGlvbnMgbWF5IGNhdXNlIGNoYW5nZXMgaW4gdGhlIGRhdGEgZm9yIG1hY2hpbmUgbGVhcm5pbmcgc29sdXRpb25zLCBzdWNoIGFzIGluIHRoZSBudW1iZXIgb2YgY2xhc3NlcyBhbmQgdGhlIGV4dHJhY3RlZCBmZWF0dXJlcy4gVGhpcyBwYXBlciBpbnZlc3RpZ2F0ZXMgdGhlIGNhcGFiaWxpdGllcyBvZiBHZW5ldGljIFByb2dyYW1taW5nIChHUCkgZm9yIG1hbGljaW91cyBpbnNpZGVyIGRldGVjdGlvbiBpbiBjb3Jwb3JhdGUgZW52aXJvbm1lbnRzIHVuZGVyIHN1Y2ggY2hhbmdlcy4gQXNzdW1pbmcgYSBMaW5lYXIgR1AgZGV0ZWN0b3IsIHRlY2huaXF1ZXMgYXJlIGludHJvZHVjZWQgdG8gYWxsb3cgYSBwcmV2aW91c2x5IHRyYWluZWQgR1AgcG9wdWxhdGlvbiB0byBhZGFwdCB0byBkaWZmZXJlbnQgY2hhbmdlcyBpbiB0aGUgZGF0YS4gVGhlIGV4cGVyaW1lbnRzIGFuZCBldmFsdWF0aW9uIHJlc3VsdHMgc2hvdyBwcm9taXNpbmcgaW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9uIHBlcmZvcm1hbmNlcyBvZiB0aGUgdGVjaG5pcXVlcyBpbiBjb21wYXJpc29uIHdpdGggdHJhaW5pbmcgbWFjaGluZSBsZWFybmluZyBjbGFzc2lmaWVycyBmcm9tIHNjcmF0Y2guIFRoaXMgcmVkdWNlcyB0aGUgYW1vdW50IG9mIGRhdGEgbmVlZGVkIGFuZCBjb21wdXRhdGlvbiByZXF1aXJlbWVudHMgZm9yIG9idGFpbmluZyBkZXBlbmRhYmxlIGluc2lkZXIgdGhyZWF0IGRldGVjdG9ycyB1bmRlciBuZXcgY29uZGl0aW9ucy59LAphdXRob3IgPSB7TGUsIER1YyBDLiBhbmQgWmluY2lyLUhleXdvb2QsIEEuIE51ciBhbmQgSGV5d29vZCwgTWFsY29sbSBJLn0sCmJvb2t0aXRsZSA9IHtJRUVFIFN5bXBvc2l1bSBTZXJpZXMgb24gQ29tcHV0YXRpb25hbCBJbnRlbGxpZ2VuY2UgKFNTQ0kgJzE5KX0sCl9kb2kgPSB7MTAuMTEwOS9TU0NJLjIwMTYuNzg1MDA3OH0sCmtleXdvcmRzID0ge2luc2lkZXIgdGhyZWF0IGRldGVjdGlvbiwgY3liZXItc2VjdXJpdHksIGR5bmFtaWMgZW52aXJvbm1lbnR9LAp0aXRsZSA9IHtEeW5hbWljIEluc2lkZXIgVGhyZWF0IERldGVjdGlvbiBCYXNlZCBvbiBBZGFwdGFibGUgR2VuZXRpYyBQcm9ncmFtbWluZ30sCnllYXIgPSB7MjAxOX0sCnVybF9QYXBlciA9IHsyMDE5X0NJU0RBLnBkZn0KfQoKCgpAQVJUSUNMRXtMZV90bnNtMjAyMCwKYXV0aG9yPXtMZSwgRHVjIEMuIGFuZCBaaW5jaXItSGV5d29vZCwgQS4gTnVyIGFuZCBIZXl3b29kLCBNYWxjb2xtIEkufSwKam91cm5hbD17SUVFRSBUcmFuc2FjdGlvbnMgb24gTmV0d29yayBhbmQgU2VydmljZSBNYW5hZ2VtZW50fSwKdGl0bGU9e0FuYWx5emluZyBEYXRhIEdyYW51bGFyaXR5IExldmVscyBmb3IgSW5zaWRlciBUaHJlYXQgRGV0ZWN0aW9uIHVzaW5nIE1hY2hpbmUgTGVhcm5pbmd9LAphYnN0cmFjdCA9IHtNYWxpY2lvdXMgaW5zaWRlciBhdHRhY2tzIHJlcHJlc2VudCBvbmUgb2YgdGhlIG1vc3QgZGFtYWdpbmcgdGhyZWF0cyB0byBuZXR3b3JrZWQgc3lzdGVtcyBvZiBjb21wYW5pZXMgYW5kIGdvdmVybm1lbnQgYWdlbmNpZXMuIFRoZXJlIGlzIGEgdW5pcXVlIHNldCBvZiBjaGFsbGVuZ2VzIHRoYXQgY29tZSB3aXRoIGluc2lkZXIgdGhyZWF0IGRldGVjdGlvbiBpbiB0ZXJtcyBvZiBodWdlbHkgdW5iYWxhbmNlZCBkYXRhLCBsaW1pdGVkIGdyb3VuZCB0cnV0aCwgYXMgd2VsbCBhcyBiZWhhdmlvdXIgZHJpZnRzIGFuZCBzaGlmdHMuIFRoaXMgd29yayBwcm9wb3NlcyBhbmQgZXZhbHVhdGVzIGEgbWFjaGluZSBsZWFybmluZyBiYXNlZCBzeXN0ZW0gZm9yIHVzZXItY2VudGVyZWQgaW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9uLiBVc2luZyBtYWNoaW5lIGxlYXJuaW5nLCBhbmFseXNpcyBvZiBkYXRhIGlzIHBlcmZvcm1lZCBvbiBtdWx0aXBsZSBsZXZlbHMgb2YgZ3JhbnVsYXJpdHkgdW5kZXIgcmVhbGlzdGljIGNvbmRpdGlvbnMgZm9yIGlkZW50aWZ5aW5nIG5vdCBvbmx5IG1hbGljaW91cyBiZWhhdmlvdXJzLCBidXQgYWxzbyBtYWxpY2lvdXMgaW5zaWRlcnMuIERldGFpbGVkIGFuYWx5c2lzIG9mIHBvcHVsYXIgaW5zaWRlciB0aHJlYXQgc2NlbmFyaW9zIHdpdGggZGlmZmVyZW50IHBlcmZvcm1hbmNlIG1lYXN1cmVzIGFyZSBwcmVzZW50ZWQgdG8gZmFjaWxpdGF0ZSB0aGUgcmVhbGlzdGljIGVzdGltYXRpb24gb2Ygc3lzdGVtIHBlcmZvcm1hbmNlLiBFdmFsdWF0aW9uIHJlc3VsdHMgc2hvdyB0aGF0IHRoZSBtYWNoaW5lIGxlYXJuaW5nIGJhc2VkIGRldGVjdGlvbiBzeXN0ZW0gY2FuIGxlYXJuIGZyb20gbGltaXRlZCBncm91bmQgdHJ1dGggYW5kIGRldGVjdCBuZXcgbWFsaWNpb3VzIGluc2lkZXJzIGluIHVuc2VlbiBkYXRhIHdpdGggYSBoaWdoIGFjY3VyYWN5LiBTcGVjaWZpY2FsbHksIHVwIHRvIDg1XCUgb2YgbWFsaWNpb3VzIGluc2lkZXJzIGFyZSBkZXRlY3RlZCBhdCBvbmx5IDAuNzhcJSBmYWxzZSBwb3NpdGl2ZSByYXRlLiBUaGUgc3lzdGVtIGlzIGFsc28gYWJsZSB0byBxdWlja2x5IGRldGVjdCB0aGUgbWFsaWNpb3VzIGJlaGF2aW91cnMsIGFzIGxvdyBhcyAxNCBtaW51dGVzIGFmdGVyIHRoZSBmaXJzdCBtYWxpY2lvdXMgYWN0aW9uLiBDb21wcmVoZW5zaXZlIHJlc3VsdCByZXBvcnRpbmcgYWxsb3dzIHRoZSBzeXN0ZW0gdG8gcHJvdmlkZSB2YWx1YWJsZSBpbnNpZ2h0cyB0byBhbmFseXN0cyBpbiBpbnZlc3RpZ2F0aW5nIGluc2lkZXIgdGhyZWF0IGNhc2VzLn0sCnllYXI9ezIwMjB9LAp2b2x1bWU9ezE3fSwKbnVtYmVyPXsxfSwKcGFnZXM9ezMwLS00NH0sCmtleXdvcmRzPXtJbnNpZGVyIHRocmVhdDttYWNoaW5lIGxlYXJuaW5nO2RhdGEgZ3JhbnVsYXJpdHkufSwKZG9pPXsxMC4xMTA5L1ROU00uMjAyMC4yOTY3NzIxfSwKSVNTTj17MjM3My03Mzc5fSwKbW9udGg9bWFyLAp1cmxfUGFwZXIgPSB7VE5TTTIwMjAucGRmfQp9CgoKCgpAQXJ0aWNsZXtMZV9qbnNtMjAyMCwKYWJzdHJhY3QgPSB7TW9kZXJuIG5ldHdvcmtzIGFuZCBzeXN0ZW1zIHBvc2UgbWFueSBjaGFsbGVuZ2VzIHRvIHRyYWRpdGlvbmFsIG1hbmFnZW1lbnQgYXBwcm9hY2hlcy4gTm90IG9ubHkgdGhlIG51bWJlciBvZiBkZXZpY2VzIGFuZCB0aGUgdm9sdW1lIG9mIG5ldHdvcmsgdHJhZmZpYyBhcmUgaW5jcmVhc2luZyBleHBvbmVudGlhbGx5LCBidXQgYWxzbyBuZXcgbmV0d29yayBwcm90b2NvbHMgYW5kIHRlY2hub2xvZ2llcyByZXF1aXJlIG5ldyB0ZWNobmlxdWVzIGFuZCBzdHJhdGVnaWVzIGZvciBtb25pdG9yaW5nIGNvbnRyb2xsaW5nIGFuZCBtYW5hZ2luZyB1cCBhbmQgY29taW5nIG5ldHdvcmtzIGFuZCBzeXN0ZW1zLiBNb3Jlb3ZlciwgbWFjaGluZSBsZWFybmluZyBoYXMgcmVjZW50bHkgZm91bmQgaXRzIHN1Y2Nlc3NmdWwgYXBwbGljYXRpb25zIGluIG1hbnkgZmllbGRzIGR1ZSB0byBpdHMgY2FwYWJpbGl0eSB0byBsZWFybiBmcm9tIGRhdGEgdG8gYXV0b21hdGljYWxseSBpbmZlciBwYXR0ZXJucyBmb3IgbmV0d29yayBhbmFseXRpY3MuIFRodXMsIHRoZSBkZXBsb3ltZW50IG9mIG1hY2hpbmUgbGVhcm5pbmcgaW4gbmV0d29yayBhbmQgc3lzdGVtIG1hbmFnZW1lbnQgaGFzIGJlY29tZSBpbW1pbmVudC4gVGhpcyB3b3JrIHByb3ZpZGVzIGEgcmV2aWV3IG9mIHRoZSBhcHBsaWNhdGlvbnMgb2YgbWFjaGluZSBsZWFybmluZyBpbiBuZXR3b3JrIGFuZCBzeXN0ZW0gbWFuYWdlbWVudC4gQmFzZWQgb24gdGhpcyByZXZpZXcsIHdlIGFpbSB0byBwcmVzZW50IHRoZSBjdXJyZW50IG9wcG9ydHVuaXRpZXMgYW5kIGNoYWxsZW5nZXMgaW4gYW5kIGhpZ2hsaWdodCB0aGUgbmVlZCBmb3IgZGVwZW5kYWJsZSwgcmVsaWFibGUgYW5kIHNlY3VyZSBtYWNoaW5lIGxlYXJuaW5nIGZvciBuZXR3b3JrIGFuZCBzeXN0ZW0gbWFuYWdlbWVudC59LAphdXRob3IgPSB7TGUsIER1YyBDLiBhbmQgWmluY2lyLUhleXdvb2QsIE51cn0sCmRvaSA9IHsxMC4xMDA3L3MxMDkyMi0wMjAtMDk1MTItNX0sCmlzc24gPSB7MTU3Mzc3MDV9LApqb3VybmFsID0ge0pvdXJuYWwgb2YgTmV0d29yayBhbmQgU3lzdGVtcyBNYW5hZ2VtZW50fSwKa2V5d29yZHMgPSB7TmV0d29yayBhbmQgc3lzdGVtIG1hbmFnZW1lbnQsUmVsaWFibGUgYW5kIGRlcGVuZGFibGUgbWFjaGluZSBsZWFybmluZyxTZWN1cmUgbWFjaGluZSBsZWFybmluZ30sCm1vbnRoID0gb2N0LApudW1iZXIgPSB7NH0sCnBhZ2VzID0gezgyNy0tODQ5fSwKcHVibGlzaGVyID0ge1NwcmluZ2VyfSwKdGl0bGUgPSB7e0EgRnJvbnRpZXI6IERlcGVuZGFibGUsIFJlbGlhYmxlIGFuZCBTZWN1cmUgTWFjaGluZSBMZWFybmluZyBmb3IgTmV0d29yay9TeXN0ZW0gTWFuYWdlbWVudH19LAp2b2x1bWUgPSB7Mjh9LAp5ZWFyID0gezIwMjB9LAp1cmwgPSB7aHR0cHM6Ly9yZGN1LmJlL2IwMGFjfSwKdXJsX3BhcGVyPXtMZV9TcHJpbmdlckpOU00yMDIwLnBkZn0KfQoKCgpAQXJ0aWNsZXtMZV9pam5tMjAyMCwKYXV0aG9yPSJEdWMgQy4gTGUgYW5kIFppbmNpci1IZXl3b29kLCBOdXIiLAp0aXRsZT0iRXhwbG9yaW5nIGFub21hbG91cyBiZWhhdmlvdXIgZGV0ZWN0aW9uIGFuZCBjbGFzc2lmaWNhdGlvbiBmb3IgaW5zaWRlciB0aHJlYXQgaWRlbnRpZmljYXRpb24iLApqb3VybmFsPSJJbnRlcm5hdGlvbmFsIEpvdXJuYWwgb2YgTmV0d29yayBNYW5hZ2VtZW50IiwKdm9sdW1lPSJFYXJseSBhY2Nlc3MiLAp5ZWFyPSIyMDIwIiwKbW9udGg9bWFyLAphYnN0cmFjdD0iUmVjZW50bHksIG1hbGljaW91cyBpbnNpZGVyIHRocmVhdHMgcmVwcmVzZW50IG9uZSBvZiB0aGUgbW9zdCBkYW1hZ2luZyB0aHJlYXRzIHRvIGNvbXBhbmllcyBhbmQgZ292ZXJubWVudCBhZ2VuY2llcy4gSW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9uIGlzIGEgaGlnaGx5IHNrZXdlZCBkYXRhIGFuYWx5c2lzIHByb2JsZW0sIHdoZXJlIHRoZSBodWdlIGNsYXNzIGltYmFsYW5jZSBtYWtlcyB0aGUgYWRhcHRhdGlvbiBvZiBsZWFybmluZyBhbGdvcml0aG1zIHRvIHRoZSByZWFsIHdvcmxkIGNvbnRleHQgdmVyeSBkaWZmaWN1bHQuIFRoaXMgc3R1ZHkgcHJvcG9zZXMgYSBuZXcgc3lzdGVtIGZvciB1c2VyLWNlbnRlcmVkIG1hY2hpbmUgbGVhcm5pbmcgYmFzZWQgYW5vbWFseSBiZWhhdmlvdXIgYW5kIGluc2lkZXIgdGhyZWF0IGRldGVjdGlvbiBvbiBtdWx0aXBsZSBkYXRhIGdyYW51bGFyaXR5IGxldmVscy4gU3lzdGVtIGV2YWx1YXRpb25zIGFuZCBhbmFseXNpcyBhcmUgcGVyZm9ybWVkIG5vdCBvbmx5IG9uIGluZGl2aWR1YWwgZGF0YSBpbnN0YW5jZXMgYnV0IGFsc28gb24gbm9ybWFsIGFuZCBtYWxpY2lvdXMgdXNlcnMuIE91ciByZXN1bHRzIHNob3cgdGhhdCB0aGUgcHJvcG9zZWQgc3lzdGVtLCB3aGljaCBpcyBhIGNvbWJpbmF0aW9uIG9mIHVuc3VwZXJ2aXNlZCBhbm9tYWx5IGRldGVjdGlvbiBhbmQgc3VwZXJ2aXNlZCBtYWNoaW5lIGxlYXJuaW5nIG1ldGhvZHMsIGNhbiBsZWFybiBmcm9tIHVubGFiZWxsZWQgZGF0YSBhbmQgYSB2ZXJ5IHNtYWxsIGFtb3VudCBvZiBsYWJlbGxlZCBkYXRhLiBGdXJ0aGVybW9yZSwgaXQgY2FuIGdlbmVyYWxpemUgdG8gYmlnZ2VyIGRhdGFzZXRzIGZvciBkZXRlY3RpbmcgYW5vbWFsb3VzIGJlaGF2aW91cnMgYW5kIHVuc2VlbiBtYWxpY2lvdXMgaW5zaWRlcnMgd2l0aCBhIGhpZ2ggZGV0ZWN0aW9uIGFuZCBhIGxvdyBmYWxzZSBwb3NpdGl2ZSByYXRlLiIsCmRvaT0iMTAuMTAwMi9uZW0uMjEwOSIsCnVybF9QYXBlciA9IHtJSk5NX2UyMTA5LnBkZn0KfQoKCgpASU5QUk9DRUVESU5HU3tMZV9DTlMyMDIwLApBVVRIT1I9IkR1YyBDLiBMZSBhbmQgTnVyIFppbmNpci1IZXl3b29kIiwKVElUTEU9IkV4cGxvcmluZyBBZHZlcnNhcmlhbCBQcm9wZXJ0aWVzIG9mIEluc2lkZXIgVGhyZWF0IERldGVjdGlvbiIsCkJPT0tUSVRMRT0iMjAyMCBJRUVFIENvbmZlcmVuY2Ugb24gQ29tbXVuaWNhdGlvbnMgYW5kIE5ldHdvcmsgU2VjdXJpdHkgKENOUykiLApNT05USD1qdW4sCllFQVI9MjAyMCwKQUJTVFJBQ1Q9Ikluc2lkZXIgdGhyZWF0IHJlcHJlc2VudHMgYSBtYWpvciBjeWJlcnNlY3VyaXR5IGNoYWxsZW5nZSB0byBjb21wYW5pZXMgYW5kCmdvdmVybm1lbnQgYWdlbmNpZXMuIFRoZSBjaGFsbGVuZ2VzIGluIGluc2lkZXIgdGhyZWF0IGRldGVjdGlvbiwgaW5jbHVkZXMKdW5iYWxhbmNlZCBkYXRhLCBsaW1pdGVkIGdyb3VuZCB0cnV0aCwgYW5kIHBvc3NpYmxlIHVzZXIgYmVoYXZpb3VyIGNoYW5nZXMuClRoaXMgcmVzZWFyY2ggcHJlc2VudHMgYW4gdW5zdXBlcnZpc2VkIG1hY2hpbmUgbGVhcm5pbmcgKE1MKSBiYXNlZCBhbm9tYWx5CmRldGVjdGlvbiBhcHByb2FjaCBmb3IgaW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9uLiBXZSBlbXBsb3kgdHdvIE1MIG1ldGhvZHMKd2l0aCBkaWZmZXJlbnQgd29ya2luZyBwcmluY2lwbGVzLCBzcGVjaWZpY2FsbHkgYXV0b2VuY29kZXIgYW5kIGlzb2xhdGlvbgpmb3Jlc3QsIGFuZCBleHBsb3JlIHZhcmlvdXMgcmVwcmVzZW50YXRpb25zIG9mIGRhdGEgd2l0aCB0ZW1wb3JhbAppbmZvcm1hdGlvbi4gRXZhbHVhdGlvbiByZXN1bHRzIHNob3cgdGhhdCB0aGUgYXBwcm9hY2ggYWxsb3dzIGxlYXJuaW5nIGZyb20KdW5sYWJlbGxlZCBkYXRhIGluIHVuZGVyIGFkdmVyc2FyaWFsIGNvbmRpdGlvbnMgZm9yIGluc2lkZXIgdGhyZWF0CmRldGVjdGlvbiB3aXRoIGEgaGlnaCBkZXRlY3Rpb24gYW5kIGEgbG93IGZhbHNlIHBvc2l0aXZlIHJhdGUuIEZvciBleGFtcGxlLAo2MFwlIG9mIG1hbGljaW91cyBpbnNpZGVycyBhcmUgZGV0ZWN0ZWQgdW5kZXIgMC4xXCUgaW52ZXN0aWdhdGlvbiBidWRnZXQuCkZ1cnRoZXJtb3JlLCB3ZSBleHBsb3JlIHRoZSBhYmlsaXR5IG9mIHRoZSBwcm9wb3NlZCBhcHByb2FjaCB0byBnZW5lcmFsaXplCmZvciBkZXRlY3RpbmcgdW5zZWVuIGFub21hbG91cyBiZWhhdmlvdXJzIGluIGRpZmZlcmVudCBkYXRhc2V0cywgaS5lLgpyb2J1c3RuZXNzLiBDb21wYXJpc29ucyB3aXRoIG90aGVyIHdvcmsgaW4gdGhlIGxpdGVyYXR1cmUgY29uZmlybSB0aGUKZWZmZWN0aXZlbmVzcyBvZiB0aGUgcHJvcG9zZWQgYXBwcm9hY2guIiwKdXJsX1BhcGVyID0ge0NOUzIwLnBkZn0KfQoKCgpAQVJUSUNMRXtMZV90bnNtMjAyMSwKYXV0aG9yPXtMZSwgRHVjIEMuIGFuZCBaaW5jaXItSGV5d29vZCwgQS4gTnVyfSwKam91cm5hbD17SUVFRSBUcmFuc2FjdGlvbnMgb24gTmV0d29yayBhbmQgU2VydmljZSBNYW5hZ2VtZW50fSwKdGl0bGU9e0Fub21hbHkgRGV0ZWN0aW9uIGZvciBJbnNpZGVyIFRocmVhdHMgVXNpbmcgVW5zdXBlcnZpc2VkIEVuc2VtYmxlc30sCmFic3RyYWN0ID0ge0luc2lkZXIgdGhyZWF0IHJlcHJlc2VudHMgYSBtYWpvciBjeWJlcnNlY3VyaXR5IGNoYWxsZW5nZSB0byBjb21wYW5pZXMsIG9yZ2FuaXphdGlvbnMsIGFuZCBnb3Zlcm5tZW50IGFnZW5jaWVzLiBJbnNpZGVyIHRocmVhdCBkZXRlY3Rpb24gaW52b2x2ZXMgbWFueSBjaGFsbGVuZ2VzLCBpbmNsdWRpbmcgdW5iYWxhbmNlZCBkYXRhLCBsaW1pdGVkIGdyb3VuZCB0cnV0aCwgYW5kIHBvc3NpYmxlIHVzZXIgYmVoYXZpb3VyIGNoYW5nZXMuIFRoaXMgcmVzZWFyY2ggcHJlc2VudHMgYW4gdW5zdXBlcnZpc2VkIGxlYXJuaW5nIGJhc2VkIGFub21hbHkgZGV0ZWN0aW9uIGFwcHJvYWNoIGZvciBpbnNpZGVyIHRocmVhdCBkZXRlY3Rpb24uIFdlIGVtcGxveSBmb3VyIHVuc3VwZXJ2aXNlZCBsZWFybmluZyBtZXRob2RzIHdpdGggZGlmZmVyZW50IHdvcmtpbmcgcHJpbmNpcGxlcywgYW5kIGV4cGxvcmUgdmFyaW91cyByZXByZXNlbnRhdGlvbnMgb2YgZGF0YSB3aXRoIHRlbXBvcmFsIGluZm9ybWF0aW9uLiBGdXJ0aGVybW9yZSwgZGlmZmVyZW50IGNvbXB1dGF0aW9uYWwgaW50ZWxsaWdlbmNlIHNjaGVtZXMgYXJlIGV4cGxvcmVkIHRvIGNvbWJpbmUgdGhlc2UgbW9kZWxzIHRvIGNyZWF0ZSBhbm9tYWx5IGRldGVjdGlvbiBlbnNlbWJsZXMgZm9yIGltcHJvdmluZyB0aGUgZGV0ZWN0aW9uIHBlcmZvcm1hbmNlLiBFdmFsdWF0aW9uIHJlc3VsdHMgc2hvdyB0aGF0IHRoZSBhcHByb2FjaCBhbGxvd3MgbGVhcm5pbmcgZnJvbSB1bmxhYmVsbGVkIGRhdGEgdW5kZXIgY2hhbGxlbmdpbmcgY29uZGl0aW9ucyBmb3IgaW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9uLiBJbnNpZGVyIHRocmVhdHMgYXJlIGRldGVjdGVkIHdpdGggaGlnaCBkZXRlY3Rpb24gYW5kIGxvdyBmYWxzZSBwb3NpdGl2ZSByYXRlcy4gRm9yIGV4YW1wbGUsIDYwXCUgb2YgbWFsaWNpb3VzIGluc2lkZXJzIGFyZSBkZXRlY3RlZCB1bmRlciAwLjFcJSBpbnZlc3RpZ2F0aW9uIGJ1ZGdldCwgYW5kIGFsbCBtYWxpY2lvdXMgaW5zaWRlcnMgYXJlIGRldGVjdGVkIGF0IGF0IGxlc3MgdGhhbiA1XCUgaW52ZXN0aWdhdGlvbiBidWRnZXQuIEZ1cnRoZXJtb3JlLCB3ZSBleHBsb3JlIHRoZSBhYmlsaXR5IG9mIHRoZSBwcm9wb3NlZCBhcHByb2FjaCB0byBnZW5lcmFsaXplIGZvciBkZXRlY3RpbmcgbmV3IGFub21hbG91cyBiZWhhdmlvdXJzIGluIGRpZmZlcmVudCBkYXRhc2V0cywgaS5lLiByb2J1c3RuZXNzLiBGaW5hbGx5LCByZXN1bHRzIGRlbW9uc3RyYXRlIHRoYXQgYSB2b3RpbmctYmFzZWQgZW5zZW1ibGUgb2YgYW5vbWFseSBkZXRlY3Rpb24gY2FuIGJlIHVzZWQgdG8gaW1wcm92ZSBkZXRlY3Rpb24gcGVyZm9ybWFuY2UgYXMgd2VsbCBhcyB0aGUgcm9idXN0bmVzcy4gQ29tcGFyaXNvbnMgd2l0aCB0aGUgc3RhdGUtb2YtdGhlLWFydCBjb25maXJtIHRoZSBlZmZlY3RpdmVuZXNzIG9mIHRoZSBwcm9wb3NlZCBhcHByb2FjaC59LAptb250aD1qdW4sCnllYXI9ezIwMjF9LAp2b2x1bWU9ezE4fSwKbnVtYmVyPXsyfSwKcGFnZXM9ezExNTItLTExNjR9LAprZXl3b3Jkcz17aW5zaWRlciB0aHJlYXQgZGV0ZWN0aW9uLGFub21hbHkgZGV0ZWN0aW9uLGVuc2VtYmxlIGxlYXJuaW5nLHVuc3VwZXJ2aXNlZCBsZWFybmluZyx0ZW1wb3JhbCBkYXRhLGRlcGVuZGFibGUgYW5kIHJvYnVzdCBsZWFybmluZy59LApkb2k9ezEwLjExMDkvVE5TTS4yMDIxLjMwNzE5Mjh9LApJU1NOPXsxOTMyLTQ1Mzd9LAp1cmwgPSB7aHR0cHM6Ly9pZWVleHBsb3JlLmllZWUub3JnL2RvY3VtZW50LzkzOTkxMTZ9LAp1cmxfUGFwZXIgPSB7VE5TTTIwMjEucGRmfQp9CgoKCkBpbnByb2NlZWRpbmdze0xlX3NwdzIwMjEsCiBhYnN0cmFjdCA9IHtBIG1hbGljaW91cyBpbnNpZGVyIGlzIG9uZSBvZiB0aGUgbW9zdCBkYW1hZ2luZyB0aHJlYXRzIHRvIGFueSBvcmdhbml6YXRpb24gZnJvbSBpbmR1c3RyeSB0byBnb3Zlcm5tZW50IGFnZW5jaWVzLiBNYW55IGNoYWxsZW5nZXMgZnJvbSBpbnNpZGVyIHRocmVhdCBkZXRlY3Rpb24gY29tZSBmcm9tIHRoZSBmYWN0IHRoYXQgdGhlIGdyb3VuZCB0cnV0aCBpcyB2ZXJ5IGxpbWl0ZWQgYW5kIGNvc3RseSB0byBhY3F1aXJlLiBUaGlzIHBhcGVyIHByZXNlbnRzIGEgc2VtaS1zdXBlcnZpc2VkIGxlYXJuaW5nIGFwcHJvYWNoIHRvIGluc2lkZXIgdGhyZWF0IGRldGVjdGlvbi4gV2UgZW1wbG95IHRocmVlIG1hY2hpbmUgbGVhcm5pbmcgbWV0aG9kcyB1bmRlciBkaWZmZXJlbnQgcmVhbC13b3JsZCBjb25kaXRpb25zLiBUaGVzZSBpbmNsdWRlIG9idGFpbmluZyB0aGUgaW5pdGlhbCBncm91bmQgdHJ1dGggdHJhaW5pbmcgZGF0YSByYW5kb21seSBvciB2aWEgYSBjZXJ0YWluIHR5cGUgb2YgaW5zaWRlciBtYWxpY2lvdXMgYmVoYXZpb3Igb3IgYnkgYW5vbWFseSBkZXRlY3Rpb24gc3lzdGVtIHNjb3Jlcy4gRXZhbHVhdGlvbiByZXN1bHRzIHNob3cgdGhhdCB0aGUgYXBwcm9hY2ggYWxsb3dzIGxlYXJuaW5nIGZyb20gdmVyeSBsaW1pdGVkIGRhdGEgZm9yIGluc2lkZXIgdGhyZWF0IGRldGVjdGlvbiBhdCBoaWdoIHByZWNpc2lvbi4gOTBcJSBvZiBtYWxpY2lvdXMgZGF0YSBpbnN0YW5jZXMgYXJlIGRldGVjdGVkIHVuZGVyIDFcJSBmYWxzZSBwb3NpdGl2ZSByYXRlLn0sCiBhdXRob3IgPSB7TGUsIER1YyBDLiBhbmQgWmluY2lyLUhleXdvb2QsIEEuIE51ciBhbmQgSGV5d29vZCwgTWFsY29sbSBJLn0sCiB0aXRsZSA9IHtUcmFpbmluZyByZWdpbWUgaW5mbHVlbmNlcyB0byBzZW1pLXN1cGVydmlzZWQgbGVhcm5pbmcgZm9yIGluc2lkZXIgdGhyZWF0IGRldGVjdGlvbn0sCiBib29rdGl0bGUgPSB7SUVFRSBTZWN1cml0eSBhbmQgUHJpdmFjeSBXb3Jrc2hvcHMgKFNQVyAnMjEpfSwKIHllYXIgPSB7MjAyMX0sCiBfcGFnZXMgPSB7MjcwLTI3NX0sCiBfZG9pID0gezEwLjExMDkvU1BXLjIwMTguMDAwNDN9LAoga2V5d29yZHMgPSB7c2VtaS1zdXBlcnZpc2VkIGxlYXJuaW5nLCBpbnNpZGVyIHRocmVhdCwgbWFsaWNpb3VzIGJlaGF2aW9yLCBhbm9tYWx5IGRldGVjdGlvbiwgZGF0YSBhdmFpbGFiaWxpdHl9LAogX3VybCA9IHt9LAogdXJsX1BhcGVyID0ge3d0bWMyMDIxLnBkZn0KfQoK\">\n            <i class=\"fa fa-download fa-fw\"></i> Download BibTeX\n          </a>\n        </li>\n        <li>\n          <a href=\"//bibbase.org/rss?bib=https://web.cs.dal.ca/~lcd/pubs/lcd.bib\">\n            <i class=\"fa fa-rss fa-fw\"></i> RSS Feed\n          </a>\n          </li>\n      </ul>\n      </li>\n\n      \n\n\n      \n    </ul>\n\n\n    <div class=\"alert alert-success bibbase_msg\" id=\"bibbase_msg_embed\"\n         style=\"display: none;\">\n\n      Excellent! Next you can\n      <a href=\"/network/register?next=/network/newSiteFromTemplate%3Fbiburl=https://web.cs.dal.ca/~lcd/pubs/lcd.bib\"\n      >create a new website with this list</a>, or\n      embed it in an existing web page by copying &amp; pasting\n      any of the following snippets.\n\n      <div style=\"text-align: left; margin-top: 1em;\">\n        <strong>JavaScript</strong>\n        <span class=\"comment recommended\">(easiest)</span>\n        <div class=\"well well-small\">\n          <code>\n            &lt;script src=\"https://bibbase.org/show?bib=https%3A%2F%2Fweb.cs.dal.ca%2F%7Elcd%2Fpubs%2Flcd.bib&amp;jsonp=1&amp;jsonp=1\"&gt;&lt;/script&gt;\n          </code>\n        </div>\n\n        <strong>PHP</strong>\n        <div class=\"well well-small\">\n          <code>\n            &lt;?php\n            $contents = file_get_contents(\"https://bibbase.org/show?bib=https%3A%2F%2Fweb.cs.dal.ca%2F%7Elcd%2Fpubs%2Flcd.bib&amp;jsonp=1\");\n            print_r($contents);\n            ?&gt;\n          </code>\n        </div>\n\n        <strong>iFrame</strong>\n        <span class=\"comment\">(not recommended)</span>\n        <div class=\"well well-small\">\n          <code>\n            &lt;iframe src=\"https://bibbase.org/show?bib=https%3A%2F%2Fweb.cs.dal.ca%2F%7Elcd%2Fpubs%2Flcd.bib&amp;jsonp=1\"&gt;&lt;/iframe&gt;\n          </code>\n        </div>\n\n        <p>\n          For more details see the <a href=\"//bibbase.org/help\">documention</a>.\n        </p>\n      </div>\n    </div>\n\n    <div class=\"alert alert-success bibbase_msg\" id=\"bibbase_msg_preview\"\n         style=\"display: none;\">\n\n      This is a preview! To use this list on your own web site\n      or create a new web site from it,\n      <a href=\"/network/register?next=/network/newAccountWithFile%3FfileId=\"\n      >create a free account</a>. The file will be added\n      and you will be able to edit it in the File Manager.\n      We will show you instructions once you've created your account.\n    </div>\n\n    <div class=\"alert alert-warning bibbase_msg\" id=\"bibbase_msg_mendeley1\"\n         style=\"display: none;\">\n\n      <p>To the site owner:</p>\n\n      <p><strong>Action required!</strong> Mendeley is changing its\n        API. In order to keep using Mendeley with BibBase past April\n        14th, you need to:\n        <ol>\n          <li>renew the authorization for BibBase on Mendeley, and</li>\n          <li>update the BibBase URL\n            in your page the same way you did when you initially set up\n            this page.\n          </li>\n        </ol>\n      </p>\n\n      <p>\n        <a href=\"http://bibbase.org/cgi-bin/mendeley2/get.py\">\n          <i class=\"fa fa-angle-double-right\"></i>\n          Fix it now</a>\n      </p>\n    </div>\n\n  </div>\n\n\n  <div id=\"bibbase_body\">\n    \n  \n  <div class=\"bibbase_group_whole\" id=\"group_2021\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2021')\"\n      onkeypress=\"toggleGroup('group_2021')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2021</span>\n      <span class=\"bibbase_group_count\">\n        \n        (2)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/TNSM2021.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021', 'https://web.cs.dal.ca/~lcd/pubs/TNSM2021.pdf', event);\">\n    Anomaly Detection for Insider Threats Using Unsupervised Ensembles.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, A. N.\n</span>\n\n  \n\n</span>\n\n  <i>IEEE Transactions on Network and Service Management</i>, 18(2): 1152–1164. June 2021.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://ieeexplore.ieee.org/document/9399116\"\n     onclick=\"log_download('le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021', 'https://ieeexplore.ieee.org/document/9399116', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"Anomaly Detection for Insider Threats Using Unsupervised Ensembles [link]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/TNSM2021.pdf\"\n     onclick=\"log_download('le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021', 'https://web.cs.dal.ca/~lcd/pubs/TNSM2021.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Anomaly Detection for Insider Threats Using Unsupervised Ensembles [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1109/TNSM.2021.3071928\"\n     onclick=\"log_download('le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021', 'http://doi.org/10.1109/TNSM.2021.3071928', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>4 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-anomalydetectionforinsiderthreatsusingunsupervisedensembles-2021')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@ARTICLE{Le_tnsm2021,\nauthor={Le, Duc C. and Zincir-Heywood, A. Nur},\njournal={IEEE Transactions on Network and Service Management},\ntitle={Anomaly Detection for Insider Threats Using Unsupervised Ensembles},\nabstract = {Insider threat represents a major cybersecurity challenge to companies, organizations, and government agencies. Insider threat detection involves many challenges, including unbalanced data, limited ground truth, and possible user behaviour changes. This research presents an unsupervised learning based anomaly detection approach for insider threat detection. We employ four unsupervised learning methods with different working principles, and explore various representations of data with temporal information. Furthermore, different computational intelligence schemes are explored to combine these models to create anomaly detection ensembles for improving the detection performance. Evaluation results show that the approach allows learning from unlabelled data under challenging conditions for insider threat detection. Insider threats are detected with high detection and low false positive rates. For example, 60\\% of malicious insiders are detected under 0.1\\% investigation budget, and all malicious insiders are detected at at less than 5\\% investigation budget. Furthermore, we explore the ability of the proposed approach to generalize for detecting new anomalous behaviours in different datasets, i.e. robustness. Finally, results demonstrate that a voting-based ensemble of anomaly detection can be used to improve detection performance as well as the robustness. Comparisons with the state-of-the-art confirm the effectiveness of the proposed approach.},\nmonth=jun,\nyear={2021},\nvolume={18},\nnumber={2},\npages={1152--1164},\nkeywords={insider threat detection,anomaly detection,ensemble learning,unsupervised learning,temporal data,dependable and robust learning.},\ndoi={10.1109/TNSM.2021.3071928},\nISSN={1932-4537},\nurl = {https://ieeexplore.ieee.org/document/9399116},\nurl_Paper = {TNSM2021.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Insider threat represents a major cybersecurity challenge to companies, organizations, and government agencies. Insider threat detection involves many challenges, including unbalanced data, limited ground truth, and possible user behaviour changes. This research presents an unsupervised learning based anomaly detection approach for insider threat detection. We employ four unsupervised learning methods with different working principles, and explore various representations of data with temporal information. Furthermore, different computational intelligence schemes are explored to combine these models to create anomaly detection ensembles for improving the detection performance. Evaluation results show that the approach allows learning from unlabelled data under challenging conditions for insider threat detection. Insider threats are detected with high detection and low false positive rates. For example, 60% of malicious insiders are detected under 0.1% investigation budget, and all malicious insiders are detected at at less than 5% investigation budget. Furthermore, we explore the ability of the proposed approach to generalize for detecting new anomalous behaviours in different datasets, i.e. robustness. Finally, results demonstrate that a voting-based ensemble of anomaly detection can be used to improve detection performance as well as the robustness. Comparisons with the state-of-the-art confirm the effectiveness of the proposed approach.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-heywood-trainingregimeinfluencestosemisupervisedlearningforinsiderthreatdetection-2021\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/wtmc2021.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-heywood-trainingregimeinfluencestosemisupervisedlearningforinsiderthreatdetection-2021', 'https://web.cs.dal.ca/~lcd/pubs/wtmc2021.pdf', event);\">\n    Training regime influences to semi-supervised learning for insider threat detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Zincir-Heywood, A. N.;  and Heywood, M. I.\n</span>\n\n  \n\n</span>\n\n  In <i>IEEE Security and Privacy Workshops (SPW '21)</i>,  2021. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/wtmc2021.pdf\"\n     onclick=\"log_download('le-zincirheywood-heywood-trainingregimeinfluencestosemisupervisedlearningforinsiderthreatdetection-2021', 'https://web.cs.dal.ca/~lcd/pubs/wtmc2021.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Training regime influences to semi-supervised learning for insider threat detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-heywood-trainingregimeinfluencestosemisupervisedlearningforinsiderthreatdetection-2021\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>3 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-heywood-trainingregimeinfluencestosemisupervisedlearningforinsiderthreatdetection-2021')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Le_spw2021,\n abstract = {A malicious insider is one of the most damaging threats to any organization from industry to government agencies. Many challenges from insider threat detection come from the fact that the ground truth is very limited and costly to acquire. This paper presents a semi-supervised learning approach to insider threat detection. We employ three machine learning methods under different real-world conditions. These include obtaining the initial ground truth training data randomly or via a certain type of insider malicious behavior or by anomaly detection system scores. Evaluation results show that the approach allows learning from very limited data for insider threat detection at high precision. 90\\% of malicious data instances are detected under 1\\% false positive rate.},\n author = {Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\n title = {Training regime influences to semi-supervised learning for insider threat detection},\n booktitle = {IEEE Security and Privacy Workshops (SPW &#x27;21)},\n year = {2021},\n _pages = {270-275},\n _doi = {10.1109/SPW.2018.00043},\n keywords = {semi-supervised learning, insider threat, malicious behavior, anomaly detection, data availability},\n _url = {},\n url_Paper = {wtmc2021.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  A malicious insider is one of the most damaging threats to any organization from industry to government agencies. Many challenges from insider threat detection come from the fact that the ground truth is very limited and costly to acquire. This paper presents a semi-supervised learning approach to insider threat detection. We employ three machine learning methods under different real-world conditions. These include obtaining the initial ground truth training data randomly or via a certain type of insider malicious behavior or by anomaly detection system scores. Evaluation results show that the approach allows learning from very limited data for insider threat detection at high precision. 90% of malicious data instances are detected under 1% false positive rate.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2020\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2020')\"\n      onkeypress=\"toggleGroup('group_2020')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2020</span>\n      <span class=\"bibbase_group_count\">\n        \n        (4)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-heywood-analyzingdatagranularitylevelsforinsiderthreatdetectionusingmachinelearning-2020\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/TNSM2020.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-heywood-analyzingdatagranularitylevelsforinsiderthreatdetectionusingmachinelearning-2020', 'https://web.cs.dal.ca/~lcd/pubs/TNSM2020.pdf', event);\">\n    Analyzing Data Granularity Levels for Insider Threat Detection using Machine Learning.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Zincir-Heywood, A. N.;  and Heywood, M. I.\n</span>\n\n  \n\n</span>\n\n  <i>IEEE Transactions on Network and Service Management</i>, 17(1): 30–44. March 2020.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/TNSM2020.pdf\"\n     onclick=\"log_download('le-zincirheywood-heywood-analyzingdatagranularitylevelsforinsiderthreatdetectionusingmachinelearning-2020', 'https://web.cs.dal.ca/~lcd/pubs/TNSM2020.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Analyzing Data Granularity Levels for Insider Threat Detection using Machine Learning [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1109/TNSM.2020.2967721\"\n     onclick=\"log_download('le-zincirheywood-heywood-analyzingdatagranularitylevelsforinsiderthreatdetectionusingmachinelearning-2020', 'http://doi.org/10.1109/TNSM.2020.2967721', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-heywood-analyzingdatagranularitylevelsforinsiderthreatdetectionusingmachinelearning-2020\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>8 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-heywood-analyzingdatagranularitylevelsforinsiderthreatdetectionusingmachinelearning-2020')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@ARTICLE{Le_tnsm2020,\nauthor={Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\njournal={IEEE Transactions on Network and Service Management},\ntitle={Analyzing Data Granularity Levels for Insider Threat Detection using Machine Learning},\nabstract = {Malicious insider attacks represent one of the most damaging threats to networked systems of companies and government agencies. There is a unique set of challenges that come with insider threat detection in terms of hugely unbalanced data, limited ground truth, as well as behaviour drifts and shifts. This work proposes and evaluates a machine learning based system for user-centered insider threat detection. Using machine learning, analysis of data is performed on multiple levels of granularity under realistic conditions for identifying not only malicious behaviours, but also malicious insiders. Detailed analysis of popular insider threat scenarios with different performance measures are presented to facilitate the realistic estimation of system performance. Evaluation results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders in unseen data with a high accuracy. Specifically, up to 85\\% of malicious insiders are detected at only 0.78\\% false positive rate. The system is also able to quickly detect the malicious behaviours, as low as 14 minutes after the first malicious action. Comprehensive result reporting allows the system to provide valuable insights to analysts in investigating insider threat cases.},\nyear={2020},\nvolume={17},\nnumber={1},\npages={30--44},\nkeywords={Insider threat;machine learning;data granularity.},\ndoi={10.1109/TNSM.2020.2967721},\nISSN={2373-7379},\nmonth=mar,\nurl_Paper = {TNSM2020.pdf}\n}\n\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Malicious insider attacks represent one of the most damaging threats to networked systems of companies and government agencies. There is a unique set of challenges that come with insider threat detection in terms of hugely unbalanced data, limited ground truth, as well as behaviour drifts and shifts. This work proposes and evaluates a machine learning based system for user-centered insider threat detection. Using machine learning, analysis of data is performed on multiple levels of granularity under realistic conditions for identifying not only malicious behaviours, but also malicious insiders. Detailed analysis of popular insider threat scenarios with different performance measures are presented to facilitate the realistic estimation of system performance. Evaluation results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders in unseen data with a high accuracy. Specifically, up to 85% of malicious insiders are detected at only 0.78% false positive rate. The system is also able to quickly detect the malicious behaviours, as low as 14 minutes after the first malicious action. Comprehensive result reporting allows the system to provide valuable insights to analysts in investigating insider threat cases.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/Le_SpringerJNSM2020.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020', 'https://web.cs.dal.ca/~lcd/pubs/Le_SpringerJNSM2020.pdf', event);\">\n    A Frontier: Dependable, Reliable and Secure Machine Learning for Network/System Management.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, N.\n</span>\n\n  \n\n</span>\n\n  <i>Journal of Network and Systems Management</i>, 28(4): 827–849. October 2020.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://rdcu.be/b00ac\"\n     onclick=\"log_download('le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020', 'https://rdcu.be/b00ac', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"A Frontier: Dependable, Reliable and Secure Machine Learning for Network/System Management [link]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/Le_SpringerJNSM2020.pdf\"\n     onclick=\"log_download('le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020', 'https://web.cs.dal.ca/~lcd/pubs/Le_SpringerJNSM2020.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"A Frontier: Dependable, Reliable and Secure Machine Learning for Network/System Management [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1007/s10922-020-09512-5\"\n     onclick=\"log_download('le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020', 'http://doi.org/10.1007/s10922-020-09512-5', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>2 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-afrontierdependablereliableandsecuremachinelearningfornetworksystemmanagement-2020')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@Article{Le_jnsm2020,\nabstract = {Modern networks and systems pose many challenges to traditional management approaches. Not only the number of devices and the volume of network traffic are increasing exponentially, but also new network protocols and technologies require new techniques and strategies for monitoring controlling and managing up and coming networks and systems. Moreover, machine learning has recently found its successful applications in many fields due to its capability to learn from data to automatically infer patterns for network analytics. Thus, the deployment of machine learning in network and system management has become imminent. This work provides a review of the applications of machine learning in network and system management. Based on this review, we aim to present the current opportunities and challenges in and highlight the need for dependable, reliable and secure machine learning for network and system management.},\nauthor = {Le, Duc C. and Zincir-Heywood, Nur},\ndoi = {10.1007/s10922-020-09512-5},\nissn = {15737705},\njournal = {Journal of Network and Systems Management},\nkeywords = {Network and system management,Reliable and dependable machine learning,Secure machine learning},\nmonth = oct,\nnumber = {4},\npages = {827--849},\npublisher = {Springer},\ntitle = {{A Frontier: Dependable, Reliable and Secure Machine Learning for Network/System Management}},\nvolume = {28},\nyear = {2020},\nurl = {https://rdcu.be/b00ac},\nurl_paper={Le_SpringerJNSM2020.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Modern networks and systems pose many challenges to traditional management approaches. Not only the number of devices and the volume of network traffic are increasing exponentially, but also new network protocols and technologies require new techniques and strategies for monitoring controlling and managing up and coming networks and systems. Moreover, machine learning has recently found its successful applications in many fields due to its capability to learn from data to automatically infer patterns for network analytics. Thus, the deployment of machine learning in network and system management has become imminent. This work provides a review of the applications of machine learning in network and system management. Based on this review, we aim to present the current opportunities and challenges in and highlight the need for dependable, reliable and secure machine learning for network and system management.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-exploringanomalousbehaviourdetectionandclassificationforinsiderthreatidentification-2020\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/IJNM_e2109.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-exploringanomalousbehaviourdetectionandclassificationforinsiderthreatidentification-2020', 'https://web.cs.dal.ca/~lcd/pubs/IJNM_e2109.pdf', event);\">\n    Exploring anomalous behaviour detection and classification for insider threat identification.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, N.\n</span>\n\n  \n\n</span>\n\n  <i>International Journal of Network Management</i>, Early access. March 2020.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/IJNM_e2109.pdf\"\n     onclick=\"log_download('le-zincirheywood-exploringanomalousbehaviourdetectionandclassificationforinsiderthreatidentification-2020', 'https://web.cs.dal.ca/~lcd/pubs/IJNM_e2109.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Exploring anomalous behaviour detection and classification for insider threat identification [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1002/nem.2109\"\n     onclick=\"log_download('le-zincirheywood-exploringanomalousbehaviourdetectionandclassificationforinsiderthreatidentification-2020', 'http://doi.org/10.1002/nem.2109', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-exploringanomalousbehaviourdetectionandclassificationforinsiderthreatidentification-2020\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>7 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-exploringanomalousbehaviourdetectionandclassificationforinsiderthreatidentification-2020')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@Article{Le_ijnm2020,\nauthor=&quot;Duc C. Le and Zincir-Heywood, Nur&quot;,\ntitle=&quot;Exploring anomalous behaviour detection and classification for insider threat identification&quot;,\njournal=&quot;International Journal of Network Management&quot;,\nvolume=&quot;Early access&quot;,\nyear=&quot;2020&quot;,\nmonth=mar,\nabstract=&quot;Recently, malicious insider threats represent one of the most damaging threats to companies and government agencies. Insider threat detection is a highly skewed data analysis problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. This study proposes a new system for user-centered machine learning based anomaly behaviour and insider threat detection on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious users. Our results show that the proposed system, which is a combination of unsupervised anomaly detection and supervised machine learning methods, can learn from unlabelled data and a very small amount of labelled data. Furthermore, it can generalize to bigger datasets for detecting anomalous behaviours and unseen malicious insiders with a high detection and a low false positive rate.&quot;,\ndoi=&quot;10.1002/nem.2109&quot;,\nurl_Paper = {IJNM_e2109.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Recently, malicious insider threats represent one of the most damaging threats to companies and government agencies. Insider threat detection is a highly skewed data analysis problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. This study proposes a new system for user-centered machine learning based anomaly behaviour and insider threat detection on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious users. Our results show that the proposed system, which is a combination of unsupervised anomaly detection and supervised machine learning methods, can learn from unlabelled data and a very small amount of labelled data. Furthermore, it can generalize to bigger datasets for detecting anomalous behaviours and unseen malicious insiders with a high detection and a low false positive rate.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-exploringadversarialpropertiesofinsiderthreatdetection-2020\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/CNS20.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-exploringadversarialpropertiesofinsiderthreatdetection-2020', 'https://web.cs.dal.ca/~lcd/pubs/CNS20.pdf', event);\">\n    Exploring Adversarial Properties of Insider Threat Detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, N.\n</span>\n\n  \n\n</span>\n\n  In <i>2020 IEEE Conference on Communications and Network Security (CNS)</i>, June 2020. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/CNS20.pdf\"\n     onclick=\"log_download('le-zincirheywood-exploringadversarialpropertiesofinsiderthreatdetection-2020', 'https://web.cs.dal.ca/~lcd/pubs/CNS20.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Exploring Adversarial Properties of Insider Threat Detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-exploringadversarialpropertiesofinsiderthreatdetection-2020\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>1 download</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-exploringadversarialpropertiesofinsiderthreatdetection-2020')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@INPROCEEDINGS{Le_CNS2020,\nAUTHOR=&quot;Duc C. Le and Nur Zincir-Heywood&quot;,\nTITLE=&quot;Exploring Adversarial Properties of Insider Threat Detection&quot;,\nBOOKTITLE=&quot;2020 IEEE Conference on Communications and Network Security (CNS)&quot;,\nMONTH=jun,\nYEAR=2020,\nABSTRACT=&quot;Insider threat represents a major cybersecurity challenge to companies and\ngovernment agencies. The challenges in insider threat detection, includes\nunbalanced data, limited ground truth, and possible user behaviour changes.\nThis research presents an unsupervised machine learning (ML) based anomaly\ndetection approach for insider threat detection. We employ two ML methods\nwith different working principles, specifically autoencoder and isolation\nforest, and explore various representations of data with temporal\ninformation. Evaluation results show that the approach allows learning from\nunlabelled data in under adversarial conditions for insider threat\ndetection with a high detection and a low false positive rate. For example,\n60\\% of malicious insiders are detected under 0.1\\% investigation budget.\nFurthermore, we explore the ability of the proposed approach to generalize\nfor detecting unseen anomalous behaviours in different datasets, i.e.\nrobustness. Comparisons with other work in the literature confirm the\neffectiveness of the proposed approach.&quot;,\nurl_Paper = {CNS20.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Insider threat represents a major cybersecurity challenge to companies and government agencies. The challenges in insider threat detection, includes unbalanced data, limited ground truth, and possible user behaviour changes. This research presents an unsupervised machine learning (ML) based anomaly detection approach for insider threat detection. We employ two ML methods with different working principles, specifically autoencoder and isolation forest, and explore various representations of data with temporal information. Evaluation results show that the approach allows learning from unlabelled data in under adversarial conditions for insider threat detection with a high detection and a low false positive rate. For example, 60% of malicious insiders are detected under 0.1% investigation budget. Furthermore, we explore the ability of the proposed approach to generalize for detecting unseen anomalous behaviours in different datasets, i.e. robustness. Comparisons with other work in the literature confirm the effectiveness of the proposed approach.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2019\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2019')\"\n      onkeypress=\"toggleGroup('group_2019')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2019</span>\n      <span class=\"bibbase_group_count\">\n        \n        (5)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-machinelearningbasedinsiderthreatmodellinganddetection-2019\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-machinelearningbasedinsiderthreatmodellinganddetection-2019', 'http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf', event);\">\n    Machine learning based Insider Threat Modelling and Detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, A. N.\n</span>\n\n  \n\n</span>\n\n  In <i>IFIP/IEEE International Symposium on Integrated Network Management</i>, Washington DC, USA, April 2019. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf\"\n     onclick=\"log_download('le-zincirheywood-machinelearningbasedinsiderthreatmodellinganddetection-2019', 'http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Machine learning based Insider Threat Modelling and Detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-machinelearningbasedinsiderthreatmodellinganddetection-2019\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>2 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-machinelearningbasedinsiderthreatmodellinganddetection-2019')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Le_dissect2019,\nabstract = {Recently, malicious insider attacks represent one of the most damaging threats to companies and government agencies. This paper proposes  a new framework in constructing a user-centered machine learning based insider threat detection system on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious insiders, where insider scenario specific results and delay in detection are reported and discussed. Our results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders with a high accuracy.},\nauthor = {Le, Duc C. and Zincir-Heywood, A. Nur},\nbooktitle={IFIP/IEEE International Symposium on Integrated Network Management}, \ntitle={Machine learning based Insider Threat Modelling and Detection}, \nyear={2019},\nmonth=apr,\naddress = {Washington DC, USA},\nurl_paper = {http://dl.ifip.org/db/conf/im/im2019-ws2-dissect/191805.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Recently, malicious insider attacks represent one of the most damaging threats to companies and government agencies. This paper proposes a new framework in constructing a user-centered machine learning based insider threat detection system on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious insiders, where insider scenario specific results and delay in detection are reported and discussed. Our results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders with a high accuracy.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/le_gecco2019.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019', 'https://web.cs.dal.ca/~lcd/pubs/le_gecco2019.pdf', event);\">\n    Benchmarking Genetic Programming in Dynamic Insider Threat Detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Heywood, M. I.;  and Zincir-Heywood, N.\n</span>\n\n  \n\n</span>\n\n  In <i>Proceedings of the Genetic and Evolutionary Computation Conference Companion</i>, pages 385–386, July 2019. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://doi.acm.org/10.1145/3319619.3322029\"\n     onclick=\"log_download('le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019', 'http://doi.acm.org/10.1145/3319619.3322029', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"Benchmarking Genetic Programming in Dynamic Insider Threat Detection [link]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/le_gecco2019.pdf\"\n     onclick=\"log_download('le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019', 'https://web.cs.dal.ca/~lcd/pubs/le_gecco2019.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Benchmarking Genetic Programming in Dynamic Insider Threat Detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1145/3319619.3322029\"\n     onclick=\"log_download('le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019', 'http://doi.org/10.1145/3319619.3322029', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>3 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-heywood-zincirheywood-benchmarkinggeneticprogrammingindynamicinsiderthreatdetection-2019')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Le_Gecco2019,\n author = {Le, Duc C. and Heywood, Malcolm I. and Zincir-Heywood, Nur},\n title = {Benchmarking Genetic Programming in Dynamic Insider Threat Detection},\n booktitle = {Proceedings of the Genetic and Evolutionary Computation Conference Companion},\n _series = {GECCO &#x27;19},\n year = {2019},\n month=jul,\n isbn = {978-1-4503-6748-6},\n location = {Prague, Czech Republic},\n pages = {385--386},\n numpages = {2},\n url = {http://doi.acm.org/10.1145/3319619.3322029},\n doi = {10.1145/3319619.3322029},\n acmid = {3322029},\n _publisher = {ACM},\n _address = {New York, NY, USA},\n keywords = {cyber-security, dynamic environment, insider threat detection},\n url_paper = {le_gecco2019.pdf}\n} \n\n</pre>\n</div>\n\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-learningfromevolvingnetworkdatafordependablebotnetdetection-2019\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-learningfromevolvingnetworkdatafordependablebotnetdetection-2019', 'http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf', event);\">\n    Learning From Evolving Network Data for Dependable Botnet Detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, N.\n</span>\n\n  \n\n</span>\n\n  In <i>International Conference on Network and Service Management (CNSM 2019)</i>, Halifax, Canada, October 2019. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf\"\n     onclick=\"log_download('le-zincirheywood-learningfromevolvingnetworkdatafordependablebotnetdetection-2019', 'http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Learning From Evolving Network Data for Dependable Botnet Detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-learningfromevolvingnetworkdatafordependablebotnetdetection-2019\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>1 download</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-learningfromevolvingnetworkdatafordependablebotnetdetection-2019')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@INPROCEEDINGS{Le_cnsm2019,\nAUTHOR=&quot;Duc C. Le and Nur Zincir-Heywood&quot;,\nTITLE=&quot;Learning From Evolving Network Data for Dependable Botnet Detection&quot;,\nBOOKTITLE=&quot;International Conference on Network and Service Management (CNSM 2019)&quot;,\nADDRESS=&quot;Halifax, Canada&quot;,\nDAYS=21,\nMONTH=oct,\nYEAR=2019,\nurl_Paper = {http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570564953.pdf},\nABSTRACT=&quot;This work presents an emerging problem in real-world applications of\nmachine learning (ML) in cybersecurity, particularly in botnet detection,\nwhere the dynamics and the evolution in the deployment environments may\nrender the ML solutions inadequate. We propose an approach to tackle this\nchallenge using Genetic Programming (GP) - an evolutionary computation\nbased approach. Preliminary results show that GP is able to evolve\npre-trained classifiers to work under evolved (expanded) feature space\nconditions. This indicates the potential use of such an approach for botnet\ndetection under non-stationary environments, where much less data and\ntraining time are required to obtain a reliable classifier as new network\nconditions arise.&quot;\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  This work presents an emerging problem in real-world applications of machine learning (ML) in cybersecurity, particularly in botnet detection, where the dynamics and the evolution in the deployment environments may render the ML solutions inadequate. We propose an approach to tackle this challenge using Genetic Programming (GP) - an evolutionary computation based approach. Preliminary results show that GP is able to evolve pre-trained classifiers to work under evolved (expanded) feature space conditions. This indicates the potential use of such an approach for botnet detection under non-stationary environments, where much less data and training time are required to obtain a reliable classifier as new network conditions arise.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"ferreira-le-zincirheywood-exploringfeaturenormalizationandtemporalinformationformachinelearningbasedinsiderthreatdetection-2019\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'ferreira-le-zincirheywood-exploringfeaturenormalizationandtemporalinformationformachinelearningbasedinsiderthreatdetection-2019', 'http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf', event);\">\n    Exploring Feature Normalization and Temporal Information for Machine Learning Based Insider Threat Detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Ferreira, P.; <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, N.\n</span>\n\n  \n\n</span>\n\n  In <i>International Conference on Network and Service Management (CNSM 2019)</i>, Halifax, Canada, October 2019. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf\"\n     onclick=\"log_download('ferreira-le-zincirheywood-exploringfeaturenormalizationandtemporalinformationformachinelearningbasedinsiderthreatdetection-2019', 'http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Exploring Feature Normalization and Temporal Information for Machine Learning Based Insider Threat Detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/ferreira-le-zincirheywood-exploringfeaturenormalizationandtemporalinformationformachinelearningbasedinsiderthreatdetection-2019\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('ferreira-le-zincirheywood-exploringfeaturenormalizationandtemporalinformationformachinelearningbasedinsiderthreatdetection-2019')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@INPROCEEDINGS{Ferreira_cnsm2019,\nAUTHOR=&quot;Pedro Ferreira and Duc C. Le and Nur Zincir-Heywood&quot;,\nTITLE=&quot;Exploring Feature Normalization and Temporal Information for Machine\nLearning Based Insider Threat Detection&quot;,\nBOOKTITLE=&quot;International Conference on Network and Service Management (CNSM 2019)&quot;,\nADDRESS=&quot;Halifax, Canada&quot;,\nurl_Paper = {http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf},\nDAYS=21,\nMONTH=oct,\nYEAR=2019,\nKEYWORDS=&quot;Insider Threat Detection; data normalization; temporal information&quot;,\nABSTRACT=&quot;Insider threat is one of the most damaging cybersecurity attacks to\ncompanies and organizations. The threats are also hard to detect, largely\ndue to its nature that malicious actions are performed by the insiders. In\nthis paper, we explore different techniques to leverage spatial and\ntemporal characteristics of user behaviours (actions). In particular,\nfeature normalization (scaling) techniques and a scheme for representing\nexplicit temporal information are explored to improve the performance of\nthe machine learning based insider threat detection systems. The obtained\nresults show that these data characteristics have different effects on\ndifferent insider threat classifiers. This shows a promising future\nresearch direction for further analysis of different user behaviours.&quot;\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Insider threat is one of the most damaging cybersecurity attacks to companies and organizations. The threats are also hard to detect, largely due to its nature that malicious actions are performed by the insiders. In this paper, we explore different techniques to leverage spatial and temporal characteristics of user behaviours (actions). In particular, feature normalization (scaling) techniques and a scheme for representing explicit temporal information are explored to improve the performance of the machine learning based insider threat detection systems. The obtained results show that these data characteristics have different effects on different insider threat classifiers. This shows a promising future research direction for further analysis of different user behaviours.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-heywood-dynamicinsiderthreatdetectionbasedonadaptablegeneticprogramming-2019\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/2019_CISDA.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-heywood-dynamicinsiderthreatdetectionbasedonadaptablegeneticprogramming-2019', 'https://web.cs.dal.ca/~lcd/pubs/2019_CISDA.pdf', event);\">\n    Dynamic Insider Threat Detection Based on Adaptable Genetic Programming.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Zincir-Heywood, A. N.;  and Heywood, M. I.\n</span>\n\n  \n\n</span>\n\n  In <i>IEEE Symposium Series on Computational Intelligence (SSCI '19)</i>,  2019. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/2019_CISDA.pdf\"\n     onclick=\"log_download('le-zincirheywood-heywood-dynamicinsiderthreatdetectionbasedonadaptablegeneticprogramming-2019', 'https://web.cs.dal.ca/~lcd/pubs/2019_CISDA.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Dynamic Insider Threat Detection Based on Adaptable Genetic Programming [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-heywood-dynamicinsiderthreatdetectionbasedonadaptablegeneticprogramming-2019\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>2 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-heywood-dynamicinsiderthreatdetectionbasedonadaptablegeneticprogramming-2019')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Le_ssci2019,\nabstract = {Different variations in deployment environments of machine learning techniques may affect the performance of the implemented systems. The variations may cause changes in the data for machine learning solutions, such as in the number of classes and the extracted features. This paper investigates the capabilities of Genetic Programming (GP) for malicious insider detection in corporate environments under such changes. Assuming a Linear GP detector, techniques are introduced to allow a previously trained GP population to adapt to different changes in the data. The experiments and evaluation results show promising insider threat detection performances of the techniques in comparison with training machine learning classifiers from scratch. This reduces the amount of data needed and computation requirements for obtaining dependable insider threat detectors under new conditions.},\nauthor = {Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\nbooktitle = {IEEE Symposium Series on Computational Intelligence (SSCI &#x27;19)},\n_doi = {10.1109/SSCI.2016.7850078},\nkeywords = {insider threat detection, cyber-security, dynamic environment},\ntitle = {Dynamic Insider Threat Detection Based on Adaptable Genetic Programming},\nyear = {2019},\nurl_Paper = {2019_CISDA.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Different variations in deployment environments of machine learning techniques may affect the performance of the implemented systems. The variations may cause changes in the data for machine learning solutions, such as in the number of classes and the extracted features. This paper investigates the capabilities of Genetic Programming (GP) for malicious insider detection in corporate environments under such changes. Assuming a Linear GP detector, techniques are introduced to allow a previously trained GP population to adapt to different changes in the data. The experiments and evaluation results show promising insider threat detection performances of the techniques in comparison with training machine learning classifiers from scratch. This reduces the amount of data needed and computation requirements for obtaining dependable insider threat detectors under new conditions.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2018\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2018')\"\n      onkeypress=\"toggleGroup('group_2018')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2018</span>\n      <span class=\"bibbase_group_count\">\n        \n        (4)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-heywood-unsupervisedmonitoringofnetworkandservicebehaviourusingselforganizingmaps-2018\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-heywood-unsupervisedmonitoringofnetworkandservicebehaviourusingselforganizingmaps-2018', 'https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2', event);\">\n    Unsupervised Monitoring of Network and Service Behaviour Using Self Organizing Maps.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Zincir-Heywood, A. N.;  and Heywood, M. I.\n</span>\n\n  \n\n</span>\n\n  <i>Journal of Cyber Security and Mobility</i>, 8(2): 15–52.  2018.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2\"\n     onclick=\"log_download('le-zincirheywood-heywood-unsupervisedmonitoringofnetworkandservicebehaviourusingselforganizingmaps-2018', 'https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"Unsupervised Monitoring of Network and Service Behaviour Using Self Organizing Maps [link]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.13052/jcsm2245-1439.812\"\n     onclick=\"log_download('le-zincirheywood-heywood-unsupervisedmonitoringofnetworkandservicebehaviourusingselforganizingmaps-2018', 'http://doi.org/10.13052/jcsm2245-1439.812', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-heywood-unsupervisedmonitoringofnetworkandservicebehaviourusingselforganizingmaps-2018\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>2 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-heywood-unsupervisedmonitoringofnetworkandservicebehaviourusingselforganizingmaps-2018')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@article{Le_jcsm2018,\nabstract = {Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. This paper investigates the capability of the Self Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, the aim is to understand how far such an approach could be pushed to analyze the network traffic, and to detect malicious behaviours in the wild. To this end, three different unsupervised SOM training scenarios for different data acquisition conditions are designed, implemented and evaluated. The approach is evaluated on publicly available network traffic (flows) and web server access (web requests) datasets. The results show that the approach has a high potential as a data analytics tool on unknown traffic/web service requests, and unseen attack behaviours. Malicious behaviours both on network and service datasets used could be identified with a high accuracy. Furthermore, the approach achieves comparable performances to that of popular supervised and unsupervised learning methods in the literature. Last but not the least, it provides unique visualization capabilities for enabling a simple yet effective network/service data analytics for security management.},\nauthor = {Duc C. Le and A. Nur Zincir-Heywood and Malcolm I. Heywood},\njournal = {Journal of Cyber Security and Mobility},\nkeywords = {network and service data analysis, unsupervised learning, malicious behaviour analysis},\nnumber = {2},\npages = {15--52},\ntitle = {Unsupervised Monitoring of Network and Service Behaviour Using Self Organizing Maps},\nvolume = {8},\nissue = {1},\nyear = {2018},\nurl = {https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/8/1/2},\ndoi = {10.13052/jcsm2245-1439.812}\n}\n\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. This paper investigates the capability of the Self Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, the aim is to understand how far such an approach could be pushed to analyze the network traffic, and to detect malicious behaviours in the wild. To this end, three different unsupervised SOM training scenarios for different data acquisition conditions are designed, implemented and evaluated. The approach is evaluated on publicly available network traffic (flows) and web server access (web requests) datasets. The results show that the approach has a high potential as a data analytics tool on unknown traffic/web service requests, and unseen attack behaviours. Malicious behaviours both on network and service datasets used could be identified with a high accuracy. Furthermore, the approach achieves comparable performances to that of popular supervised and unsupervised learning methods in the literature. Last but not the least, it provides unique visualization capabilities for enabling a simple yet effective network/service data analytics for security management.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-bigdatainnetworkanomalydetection-2018\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  Big Data in Network Anomaly Detection.\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, N.\n</span>\n\n  \n\n</span>\n\n  In Sakr, S.;  and Zomaya, A., editor(s), <i>Encyclopedia of Big Data Technologies</i>, pages 1–9. Springer International Publishing,  2018.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n\n  \n  <a href=\"http://doi.org/10.1007/978-3-319-63962-8_161-1\"\n     onclick=\"log_download('le-zincirheywood-bigdatainnetworkanomalydetection-2018', 'http://doi.org/10.1007/978-3-319-63962-8_161-1', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-bigdatainnetworkanomalydetection-2018\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>1 download</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-bigdatainnetworkanomalydetection-2018')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@incollection{Le_2018,\nauthor=&quot;Le, Duc C.\nand Zincir-Heywood, Nur&quot;,\neditor=&quot;Sakr, Sherif\nand Zomaya, Albert&quot;,\ntitle=&quot;Big Data in Network Anomaly Detection&quot;,\nbookTitle=&quot;Encyclopedia of Big Data Technologies&quot;,\nyear=&quot;2018&quot;,\npublisher=&quot;Springer International Publishing&quot;,\npages=&quot;1--9&quot;,\nisbn=&quot;978-3-319-63962-8&quot;,\ndoi=&quot;10.1007/978-3-319-63962-8_161-1&quot;,\n_url=&quot;https://doi.org/10.1007/978-3-319-63962-8_161-1&quot;\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-khanchi-zincirheywood-heywood-benchmarkingevolutionarycomputationapproachestoinsiderthreatdetection-2018\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/lcd_gecco18.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-khanchi-zincirheywood-heywood-benchmarkingevolutionarycomputationapproachestoinsiderthreatdetection-2018', 'https://web.cs.dal.ca/~lcd/pubs/lcd_gecco18.pdf', event);\">\n    Benchmarking Evolutionary Computation Approaches to Insider Threat Detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Khanchi, S.; Zincir-Heywood, A. N.;  and Heywood, M. I.\n</span>\n\n  \n\n</span>\n\n  In <i>Genetic and Evolutionary Computation Conference (GECCO '18)</i>, pages 1286–1293,  2018. \n  <span class=\"note\">Best paper award - RWA track</span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/lcd_gecco18.pdf\"\n     onclick=\"log_download('le-khanchi-zincirheywood-heywood-benchmarkingevolutionarycomputationapproachestoinsiderthreatdetection-2018', 'https://web.cs.dal.ca/~lcd/pubs/lcd_gecco18.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Benchmarking Evolutionary Computation Approaches to Insider Threat Detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1145/3205455.3205612\"\n     onclick=\"log_download('le-khanchi-zincirheywood-heywood-benchmarkingevolutionarycomputationapproachestoinsiderthreatdetection-2018', 'http://doi.org/10.1145/3205455.3205612', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-khanchi-zincirheywood-heywood-benchmarkingevolutionarycomputationapproachestoinsiderthreatdetection-2018\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>4 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-khanchi-zincirheywood-heywood-benchmarkingevolutionarycomputationapproachestoinsiderthreatdetection-2018')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Le_gecco2018,\n abstract = {Insider threat detection represents a challenging problem to compa- nies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. In this work, applications of genetic programming (GP) and stream active learning are evaluated for insider threat detection. Linear GP with lexicase/multi-objective selection is employed to address the problem under a stationary data assumption. Moreover, streaming GP is employed to address the problem under a non-stationary data assumption. Experiments conducted on a publicly available corporate data set show the capa- bility of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.},\n author = {Le, Duc C. and Khanchi, Sara and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\n title = {Benchmarking Evolutionary Computation Approaches to Insider Threat Detection},\n booktitle = {Genetic and Evolutionary Computation Conference (GECCO &#x27;18)},\n year = {2018},\n pages = {1286--1293},\n _url = {http://doi.acm.org/10.1145/3205455.3205612},\n doi = {10.1145/3205455.3205612},\n keywords = {cyber-security, insider threat detection},\n url_Paper = {lcd_gecco18.pdf},\n note = {Best paper award - RWA track},\n} \n\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Insider threat detection represents a challenging problem to compa- nies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. In this work, applications of genetic programming (GP) and stream active learning are evaluated for insider threat detection. Linear GP with lexicase/multi-objective selection is employed to address the problem under a stationary data assumption. Moreover, streaming GP is employed to address the problem under a non-stationary data assumption. Experiments conducted on a publicly available corporate data set show the capa- bility of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/lcd_spw2018.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018', 'https://web.cs.dal.ca/~lcd/pubs/lcd_spw2018.pdf', event);\">\n    Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>;  and Zincir-Heywood, A. N.\n</span>\n\n  \n\n</span>\n\n  In <i>IEEE Security and Privacy Workshops (SPW '18)</i>, pages 270-275, San Francisco, CA, USA,  2018. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://ieeexplore.ieee.org/abstract/document/8424659/\"\n     onclick=\"log_download('le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018', 'https://ieeexplore.ieee.org/abstract/document/8424659/', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning [link]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/lcd_spw2018.pdf\"\n     onclick=\"log_download('le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018', 'https://web.cs.dal.ca/~lcd/pubs/lcd_spw2018.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1109/SPW.2018.00043\"\n     onclick=\"log_download('le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018', 'http://doi.org/10.1109/SPW.2018.00043', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>2 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-evaluatinginsiderthreatdetectionworkflowusingsupervisedandunsupervisedlearning-2018')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Le_spw2018,\n abstract = {Insider threat is a prominent cyber-security dan- ger faced by organizations and companies. In this research, we study and evaluate an insider threat detection workflow using supervised and unsupervised learning algorithms. To this end, we study data exploration and analysis, anomaly detection and malicious behaviour classification on a publicly available data set. We evaluate several supervised and unsupervised learning algorithms - HMM, SOM, and DT - using this workflow.},\n author = {Le, Duc C. and Zincir-Heywood, A. Nur},\n title = {Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning},\n booktitle = {IEEE Security and Privacy Workshops (SPW &#x27;18)},\n year = {2018},\n address = {San Francisco, CA, USA},\n pages = {270-275},\n doi = {10.1109/SPW.2018.00043},\n keywords = {Insider Threat Detection, Unsupervised Machine Learning, Supervised Machine Learning, Anomaly detection, Behaviour Classification},\n url = {https://ieeexplore.ieee.org/abstract/document/8424659/},\n url_Paper = {lcd_spw2018.pdf}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Insider threat is a prominent cyber-security dan- ger faced by organizations and companies. In this research, we study and evaluate an insider threat detection workflow using supervised and unsupervised learning algorithms. To this end, we study data exploration and analysis, anomaly detection and malicious behaviour classification on a publicly available data set. We evaluate several supervised and unsupervised learning algorithms - HMM, SOM, and DT - using this workflow.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2016\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2016')\"\n      onkeypress=\"toggleGroup('group_2016')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2016</span>\n      <span class=\"bibbase_group_count\">\n        \n        (1)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"le-zincirheywood-heywood-dataanalyticsonnetworktrafficflowsforbotnetbehaviourdetection-2016\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/SSCI16_paper_229.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'le-zincirheywood-heywood-dataanalyticsonnetworktrafficflowsforbotnetbehaviourdetection-2016', 'https://web.cs.dal.ca/~lcd/pubs/SSCI16_paper_229.pdf', event);\">\n    Data analytics on network traffic flows for botnet behaviour detection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Zincir-Heywood, A. N.;  and Heywood, M. I.\n</span>\n\n  \n\n</span>\n\n  In <i>IEEE Symposium Series on Computational Intelligence (SSCI '16)</i>,  2016. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://web.cs.dal.ca/~lcd/pubs/SSCI16_paper_229.pdf\"\n     onclick=\"log_download('le-zincirheywood-heywood-dataanalyticsonnetworktrafficflowsforbotnetbehaviourdetection-2016', 'https://web.cs.dal.ca/~lcd/pubs/SSCI16_paper_229.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Data analytics on network traffic flows for botnet behaviour detection [pdf]\"\n       title=\" paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\"> paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1109/SSCI.2016.7850078\"\n     onclick=\"log_download('le-zincirheywood-heywood-dataanalyticsonnetworktrafficflowsforbotnetbehaviourdetection-2016', 'http://doi.org/10.1109/SSCI.2016.7850078', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/le-zincirheywood-heywood-dataanalyticsonnetworktrafficflowsforbotnetbehaviourdetection-2016\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>3 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('le-zincirheywood-heywood-dataanalyticsonnetworktrafficflowsforbotnetbehaviourdetection-2016')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Le_ssci2016,\nabstract = {Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. In this paper, we investigate the capability of employing the Self-Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, our aim is to understand how far such an approach could be pushed to analyze unknown traffic to detect botnets. To this end, we employed three different unsupervised training schemes using publicly available botnet data sets. Our results show that SOMs possess high potential as a data analytics tool on unknown traffic. They can identify the botnet and normal flows with high confidence approximately 99{\\%} of the time on the data sets employed in this work.},\nauthor = {Le, Duc C. and Zincir-Heywood, A. Nur and Heywood, Malcolm I.},\nbooktitle = {IEEE Symposium Series on Computational Intelligence (SSCI &#x27;16)},\ndoi = {10.1109/SSCI.2016.7850078},\nisbn = {9781509042401},\nkeywords = {anomaly detection systems,botnet behaviour detection,computer network security,data analytics,self-organising feature maps,unsupervised learning},\ntitle = {Data analytics on network traffic flows for botnet behaviour detection},\nyear = {2016},\nurl_Paper = {SSCI16_paper_229.pdf}\n}\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. In this paper, we investigate the capability of employing the Self-Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, our aim is to understand how far such an approach could be pushed to analyze unknown traffic to detect botnets. To this end, we employed three different unsupervised training schemes using publicly available botnet data sets. Our results show that SOMs possess high potential as a data analytics tool on unknown traffic. They can identify the botnet and normal flows with high confidence approximately 99% of the time on the data sets employed in this work.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2015\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2015')\"\n      onkeypress=\"toggleGroup('group_2015')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2015</span>\n      <span class=\"bibbase_group_count\">\n        \n        (2)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"hoang-hoang-le-acontributiontoperformanceanalysisapproachoftheieee80211edcainwirelessmultihopnetworks-2015\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  A Contribution to Performance Analysis Approach of the IEEE 802.11 EDCA in Wireless Multi-hop Networks.\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Hoang, M. T.; Hoang, M.;  and <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>\n</span>\n\n  \n\n</span>\n\n  <i>VNU Journal of Science: Comp. Science & Com. Eng</i>, 31(1): 45–54.  2015.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/hoang-hoang-le-acontributiontoperformanceanalysisapproachoftheieee80211edcainwirelessmultihopnetworks-2015\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('hoang-hoang-le-acontributiontoperformanceanalysisapproachoftheieee80211edcainwirelessmultihopnetworks-2015')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@article{Hoang2015,\nabstract = {The IEEE 802.11e standard has been introduced to support service differentiation for wireless local area networks. In wireless multi-hop networks, the performance of IEEE 802.11e EDCA has to confront with some practical problems such as unsaturation traffic and hidden node problem. Hence, this problem has attracted numerous studies in recent years, in which several investigations use analytic model to evaluate the performance due to its accuracy aspect. However, the accuracy and complexity of analytical model depends on a range of assumed parameters. The complexity caused by the introduction of realistic conditions in wireless multi-hop networks is the major challenge of current studies in this field. To overcome this challenge, this paper proposes an analytical model which covers full specification of IEEE 802.11e EDCA. To reduce the complexity, the model is simplified by decomposing the problem in two models based on Markov chain that can be easily solved by numerical method. The proposed model is presented in the theoretical aspect as well as numerical results to clarify its accuracy.},\nauthor = {Hoang, Minh Trong and Hoang, Minh and Le, Duc C.},\njournal = {VNU Journal of Science: Comp. Science {\\&amp;} Com. Eng},\nkeywords = {Hidden node,IEEE 80211e EDCA,Markov chain,Multi-hop network,Virtual collision},\nnumber = {1},\npages = {45--54},\ntitle = {A Contribution to Performance Analysis Approach of the IEEE 802.11 EDCA in Wireless Multi-hop Networks},\nvolume = {31},\nyear = {2015}\n}\n\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  The IEEE 802.11e standard has been introduced to support service differentiation for wireless local area networks. In wireless multi-hop networks, the performance of IEEE 802.11e EDCA has to confront with some practical problems such as unsaturation traffic and hidden node problem. Hence, this problem has attracted numerous studies in recent years, in which several investigations use analytic model to evaluate the performance due to its accuracy aspect. However, the accuracy and complexity of analytical model depends on a range of assumed parameters. The complexity caused by the introduction of realistic conditions in wireless multi-hop networks is the major challenge of current studies in this field. To overcome this challenge, this paper proposes an analytical model which covers full specification of IEEE 802.11e EDCA. To reduce the complexity, the model is simplified by decomposing the problem in two models based on Markov chain that can be easily solved by numerical method. The proposed model is presented in the theoretical aspect as well as numerical results to clarify its accuracy.\n</div>\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"haddadi-le-porter-zincirheywood-ontheeffectivenessofdifferentbotnetdetectionapproaches-2015\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  On the Effectiveness of Different Botnet Detection Approaches.\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Haddadi, F.; <a class=\"bibbase author link\" href=\"https://web.cs.dal.ca/~lcd/\">Le, D. C.</a>; Porter, L.;  and Zincir-Heywood, A. N.\n</span>\n\n  \n\n</span>\n\n  In <i>11th International Conference on Information Security Practice and Experience (ISPEC '15)</i>, pages 121–135,  2015. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n\n  \n  <a href=\"http://doi.org/10.1007/978-3-319-17533-1_9\"\n     onclick=\"log_download('haddadi-le-porter-zincirheywood-ontheeffectivenessofdifferentbotnetdetectionapproaches-2015', 'http://doi.org/10.1007/978-3-319-17533-1_9', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/haddadi-le-porter-zincirheywood-ontheeffectivenessofdifferentbotnetdetectionapproaches-2015\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('haddadi-le-porter-zincirheywood-ontheeffectivenessofdifferentbotnetdetectionapproaches-2015')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{Haddadi,\nabstract = {Botnets represent one of the most significant threats against cyber security. They employ different techniques, topologies and commu-nication protocols in different stages of their lifecycle. Hence, identifying botnets have become very challenging specifically given that they can upgrade their methodology at any time. In this work, we investigate four different botnet detection approaches based on the technique used and type of data employed. Two of them are public rule based systems (BotHunter and Snort) and the other two are data mining based tech-niques with different feature extraction methods (packet payload based and traffic flow based). The performance of these systems range from 0{\\%} to 100{\\%} on the five publicly available botnet data sets employed in this work. We discuss the evaluation results for these different systems, their features and the models learned by the data mining based techniques.},\nauthor = {Haddadi, Fariba and Le, Duc C. and Porter, Laura and Zincir-Heywood, A. Nur},\ntitle     = {On the Effectiveness of Different Botnet Detection Approaches},\nbooktitle = {11th International Conference on Information Security Practice and Experience ({ISPEC} &#x27;15)}, \nkeywords = {Botnet detection,Feature extraction,Traffic analysis},\npages = {121--135},\nyear = {2015},\ndoi = {10.1007/978-3-319-17533-1_9}\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Botnets represent one of the most significant threats against cyber security. They employ different techniques, topologies and commu-nication protocols in different stages of their lifecycle. Hence, identifying botnets have become very challenging specifically given that they can upgrade their methodology at any time. In this work, we investigate four different botnet detection approaches based on the technique used and type of data employed. Two of them are public rule based systems (BotHunter and Snort) and the other two are data mining based tech-niques with different feature extraction methods (packet payload based and traffic flow based). The performance of these systems range from 0% to 100% on the five publicly available botnet data sets employed in this work. We discuss the evaluation results for these different systems, their features and the models learned by the data mining based techniques.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n\n\n\n  </div>\n\n\n  <!-- Modal -->\n\n  <!-- <iframe id=\"bibbase_network_frame\" -->\n  <!--         src=\"//bibbase.org/network/control\" -->\n  <!--         style=\"display: none;\"> -->\n  <!-- </iframe> -->\n\n</div>\n"}; document.write(bibbase_data.data);