try another color:
try another fontsize: 60% 70% 80% 90%
Information Security at NCSU

Research Publications

2005
Intrusion Detection systems Basics
Peng Ning and Sushil Jajodia.
To appear: Hossein Bidgoli (Ed), Handbook of Information Security, 2005.

Establishing Pairwise Keys in Distributed Sensor Networks
Donggang Liu, Peng Ning, and Rongfang Li.
To appear: ACM Transactions on Information and System Security, 2005.

How to Misuse AODV: A Case Study of Insider Attacks against Mobile Ad-hoc Routing Protocols
Peng Ning, Kun Sun.
To appear: Ad Hoc Networks Journal, Elsevier Science, 2005.

How to Misuse AODV: A Case Study of Insider Attacks against Mobile Ad-hoc Routing Protocols
Peng Ning and Donggang Liu.
To appear: Ivan Stojmenovic (Ed.), Sensor Networks, John Wiley & Sons, 2005.

LAD: Localization Anomaly Detection for Wireless Sensor Networks
Wenliang Du, Lei Fang, Peng Ning.
To appear: Proceedings of the 19th IEEE International Parallel & Distributed Processing Symposium (IPDPS '05), April 2005.

A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks
Lei Fang, Wenliang Du, Peng Ning.
To appear:IEEE INFOCOM'05, March 2005.

2004
Inside JetBlue's Privacy Policy Violation
Annie I. Antón, Qingfeng He, David L. Baumer.
IEEE Security & Privacy, Vol. 2, No. 6, pages 12--18, November/December 2004.

Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems
Peng Ning and Dingbang Xu.
ACM Transactions on Information and System Security, Vol. 7, No. 4, pages 1--37, 2004.

Reasoning about Complementary Intrusion Evidence
Yan Zhai, Peng Ning, Purush Iyer, and Douglas S. Reeves.
Proceedings of 20th Annual Computer Security Applications Conference, December 2004.

Alert Correlation through Triggering Events and Common Resources
Dingbang Xu, Peng Ning.
Proceedings of 20th Annual Computer Security Applications Conference, December 2004.

Enforcing Safety of Real-Time Schedules on Contemporary Processors using a Virtual Simple Architecture (VISA)
A. Anantaraman, K. Seth, E. Rotenberg and F. Mueller.
Proceedings of IEEE Real-Time Systems Symposium, December 2004.

Multi-Level µTESLA: Broadcast Authentication for Distributed Sensor Networks
Donggang Liu, Peng Ning.
ACM Transactions in Embedded Computing Systems (TECS), Vol. 3, No. 4, pages 800-836, November 2004.

Effectiveness of Stochastically Generated Dependencies in Pairwise Testing
Kera Z. Bell, Mladen A. Vouk.
Supplementary Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, Nov. 2-5 2004 Saint Malo, France, pp. 33-34.

Assessing N-Wise Approach For Use in System Security Testing
Kera Z. Bell, Mladen A. Vouk.
Supplementary Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, Nov. 2-5 2004 Saint Malo, France, pp. 73-74.

WORM vs. WORM: Preliminary Study of an Active Counter-Attack Mechanism
Frank Castaneda, Emre Can Sezer and Jun Xu.
Proceedings of ACM Workshop on Rapid Malcode (WORM'04), October 2004.

An Identifiability-based Access Control Model for Privacy Protection in Open Systems
Keith Irwin and Ting Yu.
ACM Workshop on Privacy in the Electronic Society, Washington, DC, October, 2004.

Storage-Efficient Stateless Group Key Revocation
Pan Wang, Peng Ning, Douglas S. Reeves.
Proceedings of the 7th Information Security Conference (ISC '04), September 2004.

Certificate Recommendations to Improve the Robustness of Webs of Trust
Qinglin Jiang, Douglas S. Reeves, and Peng Ning.
Proceedings of the 7th Information Security Conference (ISC '04), September 2004.

Addressing End-User Privacy Concerns
J.B. Earp and A.I. Antón.
Proceedings for the 2004 Americas Conference on Information Systems (AMCIS 2004), August 2004.

A Requirements Taxonomy to Reduce Website Privacy Vulnerabilities
A.I. Antón and J.B. Earp.
Requirements Engineering Journal, Springer Verlag, 9(3), pp.169-185, August 2004.

Toward interface customization in intrusion detection systems
Lloyd Williams, Sean McBride, Robert St. Amant, and Peng Ning.
Workshop on Behavior-based Customization, International Conference on Intelligent User Interfaces (IUI) (invited paper), August 2004.

Internet Privacy Law: A Comparison between the United States and the European Union
D.Baumer, J.B. Earp and J.C. Poindexter.
Computers and Security, Elsevier, 23(5), pp.400-412, July 2004.

I need it now: Improving Website Usability By Contextualizing Privacy Policies
D. Bolchini, Q. He, A.I. Antón and W. Stufflebeam.
The 4th International Conference on Web Engineering (ICWE 2004), Munich, Germany, 28-30 July 2004.

An Interleaved Hop-by-Hop Authentication Scheme for Filtering False Data in Sensor Networks
Sencun Zhu, Sanjeev Setia, Sushil Jajodia, and Peng Ning.
Proceedings of IEEE Symposium on Security and Privacy, pages 259--271, Oakland, California, May 2004.

Tools and Techniques for Analyzing Intrusion Alerts
Peng Ning, Yun Cui, Douglas Reeves, and Dingbang Xu.
ACM Transactions on Information and System Security, Vol. 7, No. 2, pages 273--318, May 2004.

Meaningful and Meaningless Choices in Cyberspace
D.Baumer, J.B. Earp and J.C. Poindexter.
Journal of Internet Law, 7(11), pp.3-11, May 2004.

The Lack of Clarity in Financial Privacy Policies and the Need for Standardization
A.I. Antón, J.B. Earp, D. Bolchini, Q. He, C. Jensen and W. Stufflebeam.
IEEE Security and Privacy, 2(2), pp.36-45, March-April 2004.

Modeling and Evaluating the Security Threats of Transient Errors in Firewall Software
Shuo Chen, Jun Xu, Zbigniew Kalbarczyk, Ravishankar K. Iyer and Keith Whisnant.
International Journal of Performance Evaluation,<> Volume 56, Issues 1-4, pp. 53-72, March 2004.

Building Attack Scenarios through Integration of Complementary Alert Correlation Methods
Peng Ning, Dingbang Xu, Christopher G. Healey, and Robert A. St. Amant.
Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS '04), pages 97--111, February, 2004.

Improving Robutness of PGP Keyrings by Conflict Detection
Qinglin Jiang, Douglas S. Reeves, Peng Ning.
2004 RSA Conference Cryptographers' Track (CT-RSA2004), LNCS 2964, pages 194--207, February 2004.

A Compressed Accessibility Map for XML
Ting Yu, Divesh Srivastava, Laks Lakshmanan and H.V. Jagadish.
ACM Transaction on Database Systems (TODS), Vol. 29, No. 2, pp. 363-402, 2004.

2003
Intrusion Detection Techniques
Peng Ning, Sushil Jajodia.
In H. Bidgoli (Ed.), The Internet Encyclopedia. John Wiley & Sons. December 2003.

Precluding Incongruous Behavior by Aligning Software Requirements with Security and Privacy Policies
A.I. Antón, J.B. Earp and R.A. Carter.
Information and Software Technology, Elsevier, 45(14), pp.967-977, November 2003.

Intrusion Detection in Distributed Systems: An Abstraction-Based Approach
Peng Ning, Sushil Jajodia, X.Sean Wang.
Kluwer Academic Publisher. October 2003.

Learning Attack Strategies from Intrusion Alerts
Peng Ning, Dingbang Xu.
Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), pages 200--209, Washington D.C., October, 2003.

Transparent Runtime Randomization for Security
Jun Xu, Zbigniew Kalbarczyk and Ravishankar K. Iyer.
Proc. of 22nd Symposium on Reliable and Distributed Systems (SRDS), Florence, Italy, October 6-8, 2003.

Efficient Self-Healing Group Key Distribution with Revocation Capability
Donggang Liu, Peng Ning, Kun Sun.
Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), pages 231--240, Washington D.C., October, 2003.

Establishing Pairwise Keys in Distributed Sensor Networks
Donggang Liu, Peng Ning.
Proceedings of 10th ACM Conference on Computer and Communications Security (CCS '03), pages 52--61, Washington D.C., October, 2003.

Location-Based Pairwise Key Establishments for Static Sensor Networks
Donggang Liu, Peng Ning.
2003 ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN '03), October 2003.

Policy Migration for Sensitive Credentials in Trust Negotiation
Ting Yu and Marianne Winslett.
ACM Workshop on Privacy in the Electronic Society, Washington, DC, October, 2003.

Encryption Overhead for Sensor Networks and Embedded Systems: Modeling and Analysis
Ramnath Venugopalan, Prasanth Ganesan, Pushkin Peddabachagari, Alexander Dean, Frank Mueller and Mihail Sichitiu.
Conference on Compiler, Architecture and Synthesis on Embedded Systems (CASES'03), Oct/Nov 2003.

Watermark Based Robust Correlation of Randomly Perturbed Encrypted Connections
X. Wang and D. S. Reeves.
Proc. of ACM Symposium on Computer and Communications Security (CCS 03), October 2003.

Analyzing and Modeling Encryption Overhead for Sensor Network Nodes
Prasanth Ganesan, Ramnath Venugopalan, Pushkin Peddabachagari, Alexander Dean, Frank Mueller and Mihail Sichitiu>.
Workshop on Wireless Sensor Networks and Applications (WSNA '03) with MobiCom'03, Sep 2003.

Towards Automating Intrusion Alert Analysis
Peng Ning, Yun Cui, Douglas S. Reeves, and Dingbang Xu.
2003 Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection (invited paper), September 2003.

Adapting Query Optimization Techniques for Efficient Intrusion Alert Correlation
Peng Ning, Dingbang Xu.
17th IFIP WG 11.3 Working Conference on Data and Application Security, August, 2003.

Enabling Transnational Collection, Notification, and Sharing of Information
V. Cavalli-Sforza, A. I. Antón, O. Brooks, J. Carbonell, R. Cole, R. Connolly, J. Fortes, M. Herrera, I. Krsul, C. McSweeney, C. Ortega, S. Su, D. Towsley, J. Ventura and W. Ward.
The 2003 National Conference on Digital Government Research, June 2003.

Virtual Simple Architecture (VISA): Exceeding the Complexity Limit in Safe Real-Time Systems
A. Anantaraman, K. Seth, K. Patil, E. Rotenberg and F. Mueller.
International Symposium on Computer Architecture, June 2003, pages 350-361.

How to Misuse AODV: A Case Study of Insider Attacks against Mobile Ad-hoc Routing Protocols
Peng Ning, Kun Sun.
Proceedings of the 4th Annual IEEE Information Assurance Workshop, pages 60-67, West Point, June 2003.

A Unified Scheme for Resource Protection in Automated Trust Negotiation
Ting Yu and Marianne Winslett.
2003 IEEE Symposium on Security and Privacy. Oakland, CA, May 2003.

Innovative Web Use to Learn about Consumer Behavior and Online Privacy
D. Baumer and J.B. Earp.
Communications of the ACM, v.46, n.4, April 2003, pp.81-83.

Tit for Tat in Cyberspace: Consumer and Web Site Responses to Anarchy in the Market for Personal Information
D. Baumer, J.B. Earp and P.S. Evers.
UNC Journal of Law and Technology, v.4, n. 2, Spring, 2003, pp.217-274.

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks
Donggang Liu, Peng Ning.
Proceedings of 10th Annual Network and Distributed System Security Symposium (NDSS '03), pages 263--276, February 2003.

Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies in Automated Trust Negotiation
Ting Yu, Marianne Winslett and Kent E. Seamons.
ACM Transaction on Information and System Security, Vol. 6, No. 1, pp. 1-42, 2003.

2002
Negotiating Trust on the Web
Marianne Winslett, Ting Yu, Kent E. Seamons, Adam Hess, Jared Jacobson, Ryan Jarvis, Brian Smith and Lina Yu.
IEEE Internet Computing, November-December, 2002.

Constructing Attack Scenarios through Correlation of Intrusion Alerts
Peng Ning, Yun Cui, Douglas S. Reeves.
Proceedings of the 9th ACM Conference on Computer & Communications Security, pages 245--254, Washington D.C., November 2002.

A Visibility Framework for Privacy Management Requirements
Olli Jarvinen, Julia B. Earp, Annie I. Ant�n.
Proceedings of the 2nd Symposium on Requirements Engineering for Information Security, Raleigh, NC, 15 October 2002.

Inter-Packet Delay Based Correlation for Tracing Encrypted Connections Through Stepping Stones
Xinyuan Wang, Douglas S. Reeves, S. Felix Wu.
Proceedings of 2002 European Symposium on Research in Computer Security, October 2002.

Analyzing Intensive Intrusion Alerts Via Correlation
Peng Ning, Yun Cui, Douglas S. Reeves.
Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, October 2002.

Analyzing Web Site Privacy Requirements Using a Privacy Goal Taxonomy
Annie I. Ant�n, Julia B. Earp and Angela Reese.
10th Anniversary IEEE Joint Requirements Engineering Conference (RE'02), Essen, Germany, 9-13 September 2002.

Design and Implementation of A Decentralized Prototype System for Detecting Distributed Attacks
Peng Ning, Sushil Jajodia and X. Sean Wang.
Computer Communications, Special Issue on Intrusion Detection Systems, 25(15):1374-1391, Elsevier Science, September 2002.

Aligning Software Requirements with Security and Privacy Policies
A.I. Antón, J.B. Earp and R. Carter.
International Workshop on Requirements Engineering for Software Quality (REFSQ 2002), Essen, Germany, 9-10 September 2002.

A Social, Technical and Legal Framework for Privacy Management and Policies
Julia B. Earp, Annie I. Antón and Olli Jarvinen.
Americas Conference on Information Systems (AMCIS 2002), Dallas, Texas, 9-11 August 2002.

A Multidisciplinary Project Studio: Designing Secure Electronic Commerce Systems
A.I. Antón and J.B. Earp.
6th National Colloquium for Information Systems Security Education (NCISSE), Redmond, Washington, 4-6 June 2002.

2001
Abstraction-based Intrusion Detection in Distributed Environments
Peng Ning, Sushil Jajodia and X. Sean Wang.
ACM Transactions on Information and System Security (TISSEC), 4(4):407-452, 2001.

Efficient Software Implementation for Finite Field Multiplication in Normal Basis
Peng Ning and Yinqun L. Yin.
Proceedings of the 3rd International Conference on Information and Communication Security (ICICS 01), LNCS 2229, p.p. 177 - 188, November 2001.

Goal Mining to Examine Health Care Privacy Policies
Annie I. Antón, Julia B. Earp and Angela Reese.
Submitted to: IEEE 2002 Symposium on Security and Privacy, 6 November 2001,
NCSU Dept. of Computer Science Technical Report, TR-2001-10.

Design and Implementation of Acceptance Monitor for Building Scalable Intrusion Tolerant Systems
R. Wang, F. Wang and G. T. Byrd
10th Int'l Conference on Computer Communications and Networks, October 2001.

Strategies for Developing Policies and Requirements for Secure E-Commerce Systems
Annie I. Antón and Julia B. Earp.
Recent Advances in E-Commerce Security and Privacy, Kluwer-Academic Publishers, 2001.

Tracing Based Active Intrusion Response
X. Wang, D. Reeves and F. Wu.
Journal of Information Warfare, 1(1), Teamlink Australia, pp. 50-61, Sept. 2001.

A Comparison of Static Analysis and Evolutionary Testing for the Verification of Timing Constraints
J. Wegener and F. Mueller.
Real-Time Systems Journal, 21(3), pp. 241-268, Nov. 2001.

The Role of Policy and Privacy Values in Requirements Engineering
Annie I. Antón, Julia B. Earp, Colin Potts and Thomas A. Alspaugh.
IEEE 5th International Symposium on Requirements Engineering (RE'01), Toronto, Canada, pp. 138-145, 27-31 August 2001.

Event Recognition Beyond Signature and Anomaly
Jon Doyle, Isaac Kohane, William Long, Howard Shrobe, and Peter Szolovits.
2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York, pp. 17-23, 5-6 June 2001.

Yalta: A Collaborative Space for Secure Dynamic Coalitions
G. T. Byrd, F. Gong, C. Sargor and T. J. Smith.
IEEE Systems, Man, and Cybernetics Information Assurance Workshop, June 2001.

Exercising Qualitative Control in Autonomous Adaptive Survivable Systems
Jon Doyle and Michael McGeachie.
To appear: revised papers from the 2nd International Workshop on Self-Adaptive Software (IWSAS 2). Berlin: Springer Verlag, 28 February 2001.

Practical Experiences with ATM Encryption
G. T. Byrd, N. Hillery and J. Symon.
Network and Distributed System Security Symposium, February 2001.

Avoiding Loss of Fairness Owing to Failures in Fair Data Exchange Systems
Peng Liu, Peng Ning and Sushil Jajodia.
Decision Support Systems, 31(3):337-350, Elsevier Science, 2001.

Active Trust Management for Autonomous Adaptive Survivable Systems
Howard Shrobe and Jon Doyle.
In Self-Adaptive Software, P. Robertson, H. Shrobe, and R. Laddaga, editors, Berlin: Springer Verlag, pp. 40-49, 2001.

Data Protection in the University Setting: Employee Perceptions of Student Privacy
Earp, J.B. and F.C. Payton.
IEEE Hawaiian International Conference on Systems Sciences, January 2001.

2000
Modeling Requests among Cooperating Intrusion Detection Systems
Peng Ning, X. Sean Wang, Sushil Jajodia
Computer Communications, Elsevier Science, 23(17), pp. 1702-1715, 2000.

Privacy of Medical Records: IT Implications of HIPAA
Baumer,D., J.B. Earp and F.C. Payton.
ACM Computers and Society, 30(4), pp.40-47, Dec. 2000.

Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems
Annie I. Anton and Julia B. Earp
Presented at: 1st ACM Workshop on Security and Privacy in E-Commerce (CCS 2000), Athens, Greece, 1-4 November 2000.

A Query Facility for Common Intrusion Detection Framework
Peng Ning, X. Sean Wang, and Sushil Jajodia.
Proceedings of the 23rd National Information Systems Security Conference, p.p. 317 - 328, Baltimore, MD, October 2000.

CARDS: A Distributed System for Detecting Coordinated Attacks
Jiahai Yang, Peng Ning, X. Sean Wang, and Sushil Jajodia.
Proceedings of IFIP TC11 16th Annual Working Conference on Information Security, p.p. 171 - 180, August 2000.

Avoiding Loss of Fairness Owing to Process Crashes in Fair Data Exchange Protocols
Peng Liu, Peng Ning, and Sushil Jajodia.
Proceedings of 2000 International Conference on Dependable Systems and Networks, p.p. 631 - 640, June 2000.

A Multidisciplinary Electronic Commerce Project Studio for Secure Systems
A.I. Antón and J.B. Earp.
4th National Colloquim for Information Systems Security Education (NCISSE), Washington, D.C., 23-25 May 2000.

Privacy Issues Confronting IT Professionals
J.B. Earp and F.C. Payton.
IT Professional, March/April 2000.

1999 and earlier
Bounding Pipeline and Instruction Cache Performancec
C. A. Healy, R. D. Arnold, F. Mueller, D. Whalley and M. G. Harmon.
IEEE Transactions on Computers, 48(1), pp. 53-70, Jan. 1999.

Priority Inheritance and Ceilings for Distributed Mutual Exclusion
F. Mueller.
IEEE Real-Time Systems Symposium, pp. 340-349, Dec. 1999.

Timing Analysis for Data and Wrap-Around Fill Caches
R. T. White, F. Mueller, C. Healy, D. Whalley and M. G. Harmon.
Real-Time Systems Journal, 17(2/3), pp. 209-233, Nov 1999.

Priority Inheritance and Ceilings for Distributed Mutual Exclusion
F. Mueller.
IEEE Real-Time Systems Symposium, pp. 340-349, Dec. 1999.

Hamilton path heuristics and the middle two levels problem
I. Shields and C. D. Savage.
Congressus Numerantium, Vol. 140 pp. 161-178, 1999.

On the multiplicity of parts in a random partition
S. Corteel, B. G. Pittel, C. D. Savage and H. S. Wilf.
Random Structures and Algorithms, 14(2), pp. 185-197, 1999.

LAVA: Secure Delegation of Mobile Applets: Design, Implementation and Applications
J.N. Hansoty, M. Vouk, S.F. Wu.
Proceedings Sixth IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 24-27, 1997.

Design of a Key Agile Cryptographic System for OC-12c Rate ATM
D. Stevenson, N. Hillery, G. Byrd, F. Gong and D. Winkelstein.
Network and Distributed System Security Symposium, February 1995.

Secure Communications in ATM Networks
D. Stevenson, N. Hillery and G. Byrd.
Communications of the ACM, 38(2), pp. 45-52, February 1995.

Applications of the Drazin Inverse to the Hill Cryptographic System I-IV
Robert Hartwig.
Cryptologia, 4 (1980) pp 71-85, pp150-168, Cryptologia 5, (1981) pp 67-77, pp 213-228.