Publications
See Google Scholar for the full publication list.
Selected publications can be found below:
- Risto Vaarandi and Alejandro Guerra-Manzanares.
Network IDS alert classification with active learning techniques.
Journal of Information Security and Applications, vol. 81, article 103687, 2024
(accepted version of the paper)
- Risto Vaarandi and Alejandro Guerra-Manzanares.
Stream clustering guided supervised learning for classifying NIDS alerts.
Future Generation Computer Systems, vol. 155, pp. 231-244, 2024
- Orkhan Gasimov, Risto Vaarandi and Mauno Pihelgas.
Comparative Analysis of Pattern Mining Algorithms for Event Logs.
Proceedings of the 2023 IEEE International Conference on
Cyber Security and Resilience, pp. 1-7, 2023
- Frank Korving and Risto Vaarandi.
DACA: Automated Attack Scenarios and Dataset Generation.
Proceedings of the 2023 International Conference on Cyber
Warfare and Security, pp. 550-559, 2023
- Risto Vaarandi and Sten Mäses.
How to Build a SOC on a Budget.
Proceedings of the 2022 IEEE International Conference on
Cyber Security and Resilience, pp. 171-177, 2022
- Risto Vaarandi.
A Stream Clustering Algorithm for Classifying
Network IDS Alerts.
Proceedings of the 2021 IEEE International Conference on
Cyber Security and Resilience, pp. 14-19, 2021
- Risto Vaarandi and Mauno Pihelgas.
NetFlow Based Framework for Identifying Anomalous
End User Nodes.
Proceedings of the 2020 International Conference on Cyber
Warfare and Security, pp. 448-456, 2020
- Emin Caliskan, Risto Vaarandi and Birgy Lorenz.
Improving Learning Efficiency and Evaluation Fairness for
Cyber Security Courses: A Case Study.
Proceedings of the 2019 Computing Conference, Vol. 2,
AISC Vol. 998, Springer, pp. 622-638, 2019
- Bernhards Blumbergs, Rain Ottis and Risto Vaarandi.
Crossed Swords: A Cyber Red Team Oriented Technical Exercise.
Proceedings of the 2019 European Conference on
Cyber Warfare and Security, pp. 37-44, 2019
- Risto Vaarandi, Bernhards Blumbergs and Markus Kont.
An Unsupervised Framework for Detecting Anomalous Messages
from Syslog Log Files.
Proceedings of the 2018 IEEE/IFIP Network Operations and
Management Symposium, pp. 1-6, 2018
- Chen Zhuge and Risto Vaarandi.
Efficient Event Log Mining with LogClusterC.
Proceedings of the 2017 IEEE International Conference on
Big Data Security on Cloud, pp. 261-266, 2017
- Bernhards Blumbergs and Risto Vaarandi.
Bbuzz: A Bit-aware Fuzzing Framework for Network Protocol
Systematic Reverse Engineering and Analysis.
Proceedings of the 2017 IEEE MILCOM Conference, pp. 707-712, 2017
- Risto Vaarandi, Markus Kont and Mauno Pihelgas.
Event Log Analysis with the LogCluster Tool.
Proceedings of the 2016 IEEE MILCOM Conference, pp. 982-987, 2016
- Bernhards Blumbergs, Mauno Pihelgas, Markus Kont, Olaf Maennel
and Risto Vaarandi.
Creating and Detecting IPv6 Transition Mechanism-Based Information
Exfiltration Covert Channels.
Proceedings of the 2016 Nordic Conference on Secure IT Systems,
LNCS Vol. 10014,
© Springer, pp. 85-100, 2016,
DOI:
10.1007/978-3-319-47560-8_6
(extended version of the paper)
- Risto Vaarandi and Mauno Pihelgas.
LogCluster - A Data Clustering and Pattern Mining Algorithm
for Event Logs.
Proceedings of the 2015 International Conference on Network and Service
Management, pp. 1-7, 2015
- Risto Vaarandi, Bernhards Blumbergs and Emin Caliskan.
Simple Event Correlator - Best Practices for Creating Scalable
Configurations.
Proceedings of the 2015 IEEE CogSIMA Conference, pp. 96-100, 2015
- Risto Vaarandi and Mauno Pihelgas.
Using Security Logs for Collecting and Reporting
Technical Security Metrics.
Proceedings of the 2014 IEEE MILCOM Conference, pp. 294-299, 2014
- Risto Vaarandi and Pawel Nizinski.
Comparative Analysis of Open-Source Log Management Solutions
for Security Monitoring and Network Forensics.
Proceedings of the 2013 European Conference on Information
Warfare and Security, pp. 278-287, 2013
- Risto Vaarandi.
Detecting Anomalous Network Traffic in Organizational Private
Networks.
Proceedings of the 2013 IEEE CogSIMA Conference, pp. 285-292, 2013
- Risto Vaarandi and Michael R. Grimaila.
Security Event Processing with Simple Event Correlator.
Information Systems Security Association (ISSA) Journal 10(8),
pp. 30-37, 2012
- Risto Vaarandi.
Methods for Detecting Important Events and Knowledge
from Data Security Logs.
Proceedings of the 2011 European Conference on Information
Warfare and Security, pp. 261-267, 2011
- Risto Vaarandi and Karlis Podins.
Network IDS Alert Classification with Frequent Itemset Mining and
Data Clustering.
Proceedings of the 2010 International Conference on Network and Service
Management, pp. 451-456, 2010
- Risto Vaarandi.
Real-time Classification of IDS Alerts with Data Mining Techniques.
Proceedings of the 2009 IEEE MILCOM Conference, pp. 1786-1792, 2009
- Risto Vaarandi.
Mining Event Logs with SLCT and LogHound.
Proceedings of the 2008 IEEE/IFIP Network Operations and Management
Symposium, pp. 1071-1074, 2008
- Risto Vaarandi.
Simple Event Correlator for real-time security log monitoring.
Hakin9 Magazine 1/2006 (6), pp. 28-39, 2006
- Risto Vaarandi.
Tools and Techniques for Event Log Analysis.
PhD Thesis, Tallinn University of Technology, 2005
- Risto Vaarandi.
A Breadth-First Algorithm for Mining Frequent Patterns from Event Logs.
Proceedings of the 2004 IFIP International Conference on Intelligence in
Communication Systems,
LNCS Vol. 3283,
© Springer-Verlag, pp. 293-308, 2004
- Risto Vaarandi.
A Data Clustering Algorithm for Mining Patterns From Event Logs.
Proceedings of the 2003 IEEE Workshop on IP Operations and
Management, pp. 119-126, 2003
- Risto Vaarandi.
A Clustering Algorithm for Logfile Data Sets.
Technical Report, University of Kuopio, 2003
- Risto Vaarandi.
SEC - a Lightweight Event Correlation Tool.
Proceedings of the 2002 IEEE Workshop on IP Operations and
Management, pp. 111-115, 2002
- Risto Vaarandi.
Platform Independent Event Correlation Tool for Network Management.
Proceedings of the 2002 IEEE/IFIP Network Operations and Management
Symposium, pp. 907-910, 2002
- Risto Vaarandi.
Platform Independent Tool for Local Event Correlation.
Acta Cybernetica 15(4), pp. 705-723, 2002