Research Group
Machine Learning
and Security
and Security
View from our building over Berlin.
LLM-based Vulnerability Discovery through the Lens of Code Metrics.
48th IEEE/ACM International Conference on Software Engineering (ICSE), 2026. (to appear)
Manipulating Feature Visualizations with Gradient Slingshots.
Advances in Neural Information Processing Systems 39 (NeurIPS), 2025. (to appear)
ThreatCompute: Leveraging LLMs for Automated Threat Modeling of Cloud-Native Applications.
ACM Cloud Computing Security Workshop (CCSW), 2025. (to appear)
Adversarial Observations in Weather Forecasting.
32nd ACM Conference on Computer and Communications Security (CCS), 2025.
Distinguished Paper Award
Tiny Sensors, Big Threats: Assessing Motion Sensor-based Fingerprinting in Mobile Systems.
27th International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), 2025.
Towards Identifying Intent of Data Errors.
VLDB Workshop Guide-AI, 2025.
Seeing through: Analyzing and Attacking Virtual Backgrounds in Video Calls.
34th USENIX Security Symposium, 2025.
Prompt Obfuscation for Large Language Models.
34th USENIX Security Symposium, 2025.
SigN: SIMBox Activity Detection Through Latency Anomalies at the Cellular Edge.
20th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2025.
Adversarial Inputs for Linear Algebra Backends.
42nd International Conference on Machine Learning (ICML), 2025.
Exploring the Potential of LLMs for Code Deobfuscation.
22nd Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2025.
The Silent Signature: Behavior-Based User Exposure in Mobility Data.
26th IEEE International Conference on Mobile Data Management (MDM), 2025.
3rd IEEE Conference on Secure and Trustworthy Machine Learning (SaTML).
Conference proceedings, IEEE, 2025.
Verifiable and Provably Secure Machine Unlearning.
IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2025.
Evil from Within: Machine Learning Backdoors Through Dormant Hardware Trojans.
40th Annual Computer Security Applications Conference (ACSAC), 2024.
Assessing Shadows in Mobility: Beyond Spatiotemporal Patterns.
Conference on Mobile Phone Datasets and Applications (NetMob), 2024.
Pitfalls in Machine Learning for Computer Security.
Communications of the ACM, 67, (11), 2024.
Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting.
33rd USENIX Security Symposium, 2024.
Distinguished Paper Award
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing.
19th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2024.
Cross-Language Differential Testing of JSON Parsers.
19th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2024.
On the Role of Pre-trained Embeddings in Binary Code Analysis.
19th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2024.
Battle of Wits: To What Extent Can Fraudsters Disguise Their Tracks in International Bypass Fraud?
19th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2024.
I still know it's you! On Challenges in Anonymizing Source Code.
Proceedings on Privacy Enhancing Technologies (PETS), 2024, (3), 2024.
Listening between the Bits: Privacy Leaks in Audio Fingerprints.
21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2024.
A Representative Study on Human Detection of Artificially Generated Media Across Countries.
45th IEEE Symposium on Security and Privacy (S&P), 2024.
Security Viewpoints on Explainable Machine Learning.
PhD thesis, Technische Universität Berlin, 2024.
Software Defect Localization Using Explainable Deep Learning.
PhD thesis, Technische Universität Berlin, 2024.
Manipulating Feature Visualizations with Gradient Slingshots.
Technical report, arXiv:2401.06122, 2024.
On the Detection of Image-Scaling Attacks in Machine Learning.
39th Annual Computer Security Applications Conference (ACSAC), 2023.
PAVUDI: Patch-based Vulnerability Discovery using Machine Learning.
39th Annual Computer Security Applications Conference (ACSAC), 2023.
Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery.
16th ACM Workshop on Artificial Intelligence and Security (AISEC), 2023.
Drift Forensics of Malware Classifiers.
16th ACM Workshop on Artificial Intelligence and Security (AISEC), 2023.
Lazy Gatekeepers: A Large-Scale Study on SPF Configuration in the Wild.
23rd ACM Internet Measurement Conference (IMC), 2023.
Learning Type Inference for Enhanced Dataflow Analysis.
28th European Symposium on Research in Computer Security (ESORICS), 2023.
Lessons Learned on Machine Learning for Computer Security.
IEEE Security & Privacy, 21, (4), 2023.
No more Reviewer #2: Subverting Automatic Paper-Reviewer Assignment using Adversarial Learning.
32nd USENIX Security Symposium, 2023.
Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery.
8th IEEE European Symposium on Security and Privacy (EuroS&P), 2023.
CodeGraphSMOTE: Data Augmentation for Vulnerability Discovery.
IFIP Conference on Data and Applications Security and Privacy (DBSEC), 2023.
Evil from Within: Machine Learning Backdoor through Hardware Trojans.
Technical report, arXiv:2304.08411, 2023.
Detecting Backdoors in Collaboration Graphs of Software Repositories.
14th ACM Conference on Data and Applications Security and Privacy (CODASPY), 2023.
Machine Unlearning of Features and Labels.
30th Network and Distributed System Security Symposium (NDSS), 2023.
Improving Malware Detection with Explainable Machine Learning.
Explainable Deep Learning AI: Methods and Challenges, Elsevier, 2023.
Möglichkeiten und Grenzen KI-gestützter Analyse digitaler Spuren.
Kriminalistik, Jan, 2023.
Security of Machine Learning.
Technical report, Dagstuhl, 12, (7), 41–61, 2023.
I still know it's you! On Challenges in Anonymizing Source Code.
Technical report, arXiv:2208.12553, 2022.
Dos and Don'ts of Machine Learning in Computer Security.
31st USENIX Security Symposium, 2022.
Distinguished Paper Award
Quantifying the Risk of Wormhole Attacks on Bluetooth Contact Tracing.
13th ACM Conference on Data and Applications Security and Privacy (CODASPY), 264–275, 2022.
Misleading Deep-Fake Detection with GAN Fingerprints.
5th IEEE Workshop on Deep Learning and Security (DLS), 2022.
LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems.
37th Annual Computer Security Applications Conference (ACSAC), 2021.
Spying through Virtual Backgrounds of Video Calls.
14th ACM Workshop on Artificial Intelligence and Security (AISEC), 2021.
Explaining Graph Neural Networks for Vulnerability Discovery.
14th ACM Workshop on Artificial Intelligence and Security (AISEC), 2021.
Best Paper Award
On the Security of Machine Learning Beyond the Feature Space.
PhD thesis, Technische Universität Braunschweig, 2021.
Machine Unlearning of Features and Labels.
Technical report, arXiv:2108.11577, 2021.
LogPicker: Strengthening Certificate Transparency Against Covert Adversaries.
Proceedings on Privacy Enhancing Technologies (PETS), 2021, (4), 184–202, 2021.
TagVet: Vetting Malware Tags using Explainable Machine Learning.
14th ACM European Workshop on Systems Security (EuroSec), 2021.
Explanation-driven Characterisation of Android Ransomware.
Proc. of Workshop on Explainable Deep Learning/AI, 2020.
Against All Odds: Winning the Defense Challenge in an Evasion Competition with Diversification.
Technical report, arXiv:2010.09569, 2020.
Dos and Don'ts of Machine Learning in Computer Security.
Technical report, arXiv:2010.09470, 2020.
Evaluating Explanation Methods for Deep Learning in Security.
5th IEEE European Symposium on Security and Privacy (EuroS&P), 2020.
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning.
29th USENIX Security Symposium, 2020.
Backdooring and Poisoning Neural Networks with Image-Scaling Attacks.
3rd IEEE Workshop on Deep Learning and Security (DLS), 2020.
What's All That Noise: Analysis and Detection of Propaganda on Twitter.
13th ACM European Workshop on Systems Security (EuroSec), 2020.
Political Elections Under (Social) Fire? Analysis and Detection of Propaganda on Twitter.
Technical report, arXiv:1912.04143, 2019.
Evaluating Explanation Methods for Deep Learning in Security.
Technical report, arXiv:1906.02108, 2019.
On the Security and Applicability of Fragile Camera Fingerprints.
24th European Symposium on Research in Computer Security (ESORICS), 450–470, 2019.
Misleading Authorship Attribution of Source Code using Adversarial Learning.
28th USENIX Security Symposium, 2019.
Thieves in the Browser: Web-based Cryptojacking in the Wild.
Proc. of 14th International Conference on Availability, Reliability and Security (ARES), 2019.
Best Paper Award Runner-Up
New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild.
16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 23–42, 2019.
Best Paper Award Runner-Up
TypeMiner: Recovering Types in Binary Programs using Machine Learning.
16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 288–308, 2019.
False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps.
4th IEEE European Symposium on Security and Privacy (EuroS&P), 2019.
Efficient and Explainable Detection of Mobile Malware with Machine Learning.
PhD thesis, Technische Universität Braunschweig, 2019.
2nd IEEE Deep Learning and Security Workshop (DLS).
Workshop proceedings, IEEE, 2019.
Defending Against Targeted Attacks with Pattern Recognition.
PhD thesis, Technische Universität Braunschweig, 2019.
Security Analysis of Devolo HomePlug Devices.
12th ACM European Workshop on Systems Security (EuroSec), 2019.
Features and Machine Learning Systems for Structured and Sequential Data.
PhD thesis, Technische Universität Berlin, 2019.
12th ACM European Workshop on Systems Security (EuroSec).
Workshop proceedings, ACM, 2019.
Efficient Machine Learning for Attack Detection.
PhD thesis, Technische Universität Braunschweig, 2018.
Adversarial Machine Learning Against Digital Watermarking.
26th European Signal Processing Conference (EUSIPCO), 2018.
Reading Between The Lines: Content-Agnostic Detection of Spear-Phishing Emails.
21st Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2018.
Web-based Cryptojacking in the Wild.
Technical report, arXiv:1808.09474, 2018.
Privacy-Enhanced Fraud Detection with Bloom filters.
14th International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2018.
ZOE: Content-based Anomaly Detection for Industrial Control Systems.
48th Conference on Dependable Systems and Networks (DSN), 127–138, 2018.
11th ACM European Workshop on Systems Security (EuroSec).
Workshop proceedings, ACM, 2018.
Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking.
3rd IEEE European Symposium on Security and Privacy (EuroS&P), 2018.
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.
25th Network and Distributed System Security Symposium (NDSS), 2018.
Static Program Analysis as a Fuzzing Aid.
20th Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2017.
Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery.
USENIX Workshop on Offensive Technologies (WOOT), 2017.
Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing.
USENIX Workshop on Offensive Technologies (WOOT), 2017.
Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection.
IEEE Transactions on Dependable and Secure Computing (TDSC), 2017.
64-bit Migration Vulnerabilities.
Information Technology (IT), 59, (2), 73–82, De Gruyter, 2017.
Looking Back on Three Years of Flash-based Malware.
10th ACM European Workshop on Systems Security (EuroSec), 2017.
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks.
12th ACM Asia Conference on Computer and Communications Security (ASIACCS), 587–598, 2017.
Special Issue on Vulnerability Analysis.
Information Technology (IT), 59, (2), 57–58, De Gruyter, 2017.
TrustJS: Trusted Client-side Execution of JavaScript.
10th ACM European Workshop on Systems Security (EuroSec), 2017.
Efficient and Flexible Discovery of PHP Application Vulnerabilities.
2nd IEEE European Symposium on Security and Privacy (EuroS&P), 2017.
Privacy Threats through Ultrasonic Side Channels on Mobile Devices.
2nd IEEE European Symposium on Security and Privacy (EuroS&P), 35–47, 2017.
Fraternal Twins: Unifying Attacks on Machine Learning and Digital Watermarking.
Technical report, arXiv:1703.05561, 2017.
Mining Attributed Graphs for Threat Intelligence.
8th ACM Conference on Data and Applications Security and Privacy (CODASPY), 15–22, 2017.
Multi-objective Ant Colony Optimisation in Wireless Sensor Networks.
Nature-Inspired Computing and Optimization, 51–78, Springer, 2017.
Die Codeanalyseplattform “Octopus”.
Datenschutz und Datensicherheit (DuD), 40, (11), 713–717, 2016.
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms.
23rd ACM Conference on Computer and Communications Security (CCS), 541–552, 2016.
From Malware Signatures to Anti-Virus Assisted Attacks.
Technical report, Technische Universität Braunschweig, (2016-03), 2016.
Bat in the Mobile: A Study on Ultrasonic Device Tracking.
Technical report, Technische Universität Braunschweig, (2016-02), 2016.
Comprehensive Analysis and Detection of Flash-based Malware.
13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 101–121, 2016.
Best Paper Award
Towards Vulnerability Discovery Using Staged Program Analysis.
13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 78–97, 2016.
Monte Carlo Localization for Path-Based Mobility in Mobile Wireless Sensor Networks.
18th IEEE Wireless Communications and Networking Conference (WCNC), 1–7, 2016.
Harry: A Tool for Measuring String Similarity.
Journal of Machine Learning Research (JMLR), 17, (9), 1–5, 2016.
Analyzing and Detecting Flash-based Malware using Lightweight Multi-Path Exploration.
Technical report, University of Göttingen, (IFI-TB-2015-05), 2015.
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.
Technical report, arXiv:1512.08546, 2015.
Pattern-Based Vulnerability Discovery.
PhD thesis, University of Göttingen, 2015.
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits.
22nd ACM Conference on Computer and Communications Security (CCS), 2015.
Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols.
11th International Conference on Security and Privacy in Communication Networks (SECURECOMM), 330–347, 2015.
Fingerprinting Mobile Devices Using Personalized Configurations.
Proceedings on Privacy Enhancing Technologies (PETS), 2016, (1), 4–19, 2015.
De-anonymizing Programmers via Code Stylometry.
24th USENIX Security Symposium, 255–270, 2015.
Automatic Inference of Search Patterns for Taint-Style Vulnerabilities.
36th IEEE Symposium on Security and Privacy (S&P), 2015.
Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication.
ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015.
Torben: Deanonymizing Tor Communication using Web Page Markers.
Technical report, University of Göttingen, (IFI-TB-2014-01), 2014.
Poisoning Behavioral Malware Clustering.
7th ACM Workshop on Artificial Intelligence and Security (AISEC), 1–10, 2014.
Mobile-Sandbox: Combining Static and Dynamic Analysis with Machine Learning Techniques.
International Journal of Information Security, 1–13, Springer, 2014.
Special Issue on Threat Detection, Analysis and Defense.
Journal of Information Security and Applications (JISA), 19, (3), 163–164, 2014.
Modeling and Discovering Vulnerabilities with Code Property Graphs.
35th IEEE Symposium on Security and Privacy (S&P), 2014.
Test-of-Time Award
Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior.
GI Conference “Sicherheit, Schutz und Zuverlässigkeit” (SICHERHEIT), 2014.
Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket.
21st Network and Distributed System Security Symposium (NDSS), 2014.
Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery.
20th ACM Conference on Computer and Communications Security (CCS), 499–510, 2013.
A Close Look on n-Grams in Intrusion Detection: Anomaly Detection vs. Classification.
6th ACM Workshop on Artificial Intelligence and Security (AISEC), 67–76, 2013.
Off the Beaten Path: Machine Learning for Offensive Security.
6th ACM Workshop on Artificial Intelligence and Security (AISEC), 1–2, 2013. (Keynote)
Structural Detection of Android Malware using Embedded Call Graphs.
6th ACM Workshop on Artificial Intelligence and Security (AISEC), 45–54, 2013.
Deobfuscating Embedded Malware using Probable-Plaintext Attacks.
16th Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 164–183, 2013.
Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket.
Technical report, University of Göttingen, (IFI-TB-2013-02), 2013.
10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment.
Conference proceedings, Springer, 2013.
Probabilistic Methods for Network Security: From Analysis to Response.
PhD thesis, Technische Universität Berlin, 2013.
Toward Supervised Anomaly Detection.
Journal of Artificial Intelligence Research (JAIR), 46, (1), 235–262, 2013.
Generalized Vulnerability Extrapolation using Abstract Syntax Trees.
28th Annual Computer Security Applications Conference (ACSAC), 359–368, 2012.
Outstanding Paper Award
Sally: A Tool for Embedding Strings in Vector Spaces.
Journal of Machine Learning Research (JMLR), 13, (Nov), 3247–3251, 2012.
Autonomous Learning for Detection of JavaScript Attacks: Vision or Reality?
5th ACM Workshop on Artificial Intelligence and Security (AISEC), 93–104, 2012.
Early Detection of Malicious Behavior in JavaScript Code.
5th ACM Workshop on Artificial Intelligence and Security (AISEC), 15–24, 2012.
Learning Stateful Models for Network Honeypots.
5th ACM Workshop on Artificial Intelligence and Security (AISEC), 37–48, 2012.
Intelligent Defense against Malicious JavaScript Code.
Praxis der Informationsverarbeitung und Kommunikation (PIK), 35, (1), 54–60, 2012.
Support Vector Machines.
Handbook of Computational Statistics, 883–926, Springer, 2012.
Smart Metering De-Pseudonymization.
27th Annual Computer Security Applications Conference (ACSAC), 227–236, 2011.
Adaptive Detection of Covert Communication in HTTP Requests.
7th European Conference on Network Defense (EC2ND), 25–32, 2011.
Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities using Machine Learning.
USENIX Workshop on Offensive Technologies (WOOT), 118–127, 2011.
Computer Security and Machine Learning: Worst Enemies or Best Friends?
1st Workshop on Systems Security (SYSSEC), 107–110, 2011.
Similarity Measures for Sequential Data.
WIREs: Data Mining and Knowledge Discovery, 1, (4), 296–304, Wiley, 2011.
Automatic Analysis of Malware Behavior using Machine Learning.
Journal of Computer Security (JCS), 19, (4), 639–668, IOSPress, 2011.
Self-Learning Network Intrusion Detection.
Information Technology (IT), 53, (3), 152–156, Oldenbourg, 2011.
Cujo: Efficient Detection and Prevention of Drive-by-Download Attacks.
26th Annual Computer Security Applications Conference (ACSAC), 31–39, 2010.
6th European Conference on Computer Network Defense.
Conference proceedings, IEEE Computer Society, 2010.
A Malware Instruction Set for Behavior-based Analysis.
GI Conference “Sicherheit, Schutz und Zuverlässigkeit” (SICHERHEIT), 205–216, 2010.
ASAP: Automatic Semantics-Aware Analysis of Network Payloads.
ECML Workshop on Privacy and Security Issues in Machine Learning, 50–63, 2010.
Cujo: Efficient Detection and Prevention of Drive-by-Download Attacks.
Technical report, Technische Universität Berlin, (2010-10), 2010.
Botzilla: Detecting the “Phoning Home” of Malicious Software.
25th ACM Symposium on Applied Computing (SAC), 1978–1984, 2010.
TokDoc: A Self-Healing Web Application Firewall.
25th ACM Symposium on Applied Computing (SAC), 1846–1853, 2010.
FIPS: FIRST Intrusion Prevention System.
Technical report, Fraunhofer Institute FIRST, (FIRST 1/2010), 2010.
Approximate Tree Kernels.
Journal of Machine Learning Research (JMLR), 11, (Feb), 555–580, Microtome, 2010.
A Malware Instruction Set for Behavior-Based Analysis.
Technical report, University of Mannheim, (TR-2009-07), 2009.
Automatic Analysis of Malware Behavior using Machine Learning.
Technical report, Technische Universität Berlin, (2009-18), 2009.
Visualization and Explanation of Payload-Based Anomaly Detection.
5th European Conference on Network Defense (EC2ND), 2009.
Active Learning for Network Intrusion Detection.
2nd ACM Workshop on Artificial Intelligence and Security (AISEC), 47–54, 2009.
Securing IMS against Novel Threats.
Bell Labs Technical Journal, 14, (1), 243–257, Wiley, 2009.
Machine Learning for Application-Layer Intrusion Detection.
PhD thesis, Technische Universität Berlin, 2009.
An Architecture for Inline Anomaly Detection.
4th European Conference on Network Defense (EC2ND), 11–18, 2008.
Incorporation of Application Layer Protocol Syntax into Anomaly Detection.
4th International Conference on Information Systems Security (ICISS), 188–202, 2008.
Approximate Kernels for Trees.
Technical report, Fraunhofer Institute FIRST, (FIRST 5/2008), 2008.
Machine Learning for Intrusion Detection.
Mining Massive Data Sets for Security, 366–373, IOS press, 2008.
A Self-Learning System for Detection of Anomalous SIP Messages.
Principles, Systems and Applications of IP Telecommunications (IPTCOMM), 90–106, 2008.
Learning and Classification of Malware Behavior.
5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 108–125, 2008.
Attack Taxonomy.
Perspectives Workshop: Network Attack Detection and Defense (Dagstuhl Proceedings), 2008.
Requirements for Network Monitoring from an IDS Perspective.
Perspectives Workshop: Network Attack Detection and Defense (Dagstuhl Proceedings), 2008.
Measuring and Detecting Fast-Flux Service Networks.
15th Network and Distributed System Security Symposium (NDSS), 2008.
Linear-Time Computation of Similarity Measures for Sequential Data.
Journal of Machine Learning Research (JMLR), 9, (Jan), 23–48, Microtome, 2008.
Computation of Similarity Measures for Sequential Data using Generalized Suffix Trees.
Advances in Neural Information Processing Systems 21 (NeurIPS), 2007.
Large scale learning with string kernels.
Large Scale Kernel Machines, 73–103, MIT Press, 2007.
Language Models for Detection of Unknown Attacks in Network Traffic.
Journal in Computer Virology (JICV), 2, (4), 243–256, Springer, 2007.
Efficient Algorithms for Similarity Measures over Sequential Data: A Look beyond Kernels.
DAGM Symposium on Pattern Recognition, 374–383, 2006.
Detecting Unknown Network Attacks using Language Models.
3rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 74–90, 2006.
Learning intrusion detection: supervised or unsupervised?
13th International Conference on Image Analysis and Processing (ICIAP), 50–57, 2005.
Visualization of anomaly detection using prediction sensitivity.
GI Conference “Sicherheit, Schutz und Zuverlässigkeit” (SICHERHEIT), 197–208, 2005.