Publications

• Risto Vaarandi and Alejandro Guerra-Manzanares. Network IDS alert classification with active learning techniques. Journal of Information Security and Applications, vol. 81, article 103687, 2024 (accepted version of the paper)
• Risto Vaarandi and Alejandro Guerra-Manzanares. Stream clustering guided supervised learning for classifying NIDS alerts. Future Generation Computer Systems, vol. 155, pp. 231-244, 2024
• Orkhan Gasimov, Risto Vaarandi and Mauno Pihelgas. Comparative Analysis of Pattern Mining Algorithms for Event Logs. Proceedings of the 2023 IEEE International Conference on Cyber Security and Resilience, pp. 1-7, 2023
• Frank Korving and Risto Vaarandi. DACA: Automated Attack Scenarios and Dataset Generation. Proceedings of the 2023 International Conference on Cyber Warfare and Security, pp. 550-559, 2023
• Risto Vaarandi and Sten Mäses. How to Build a SOC on a Budget. Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, pp. 171-177, 2022
• Risto Vaarandi. A Stream Clustering Algorithm for Classifying Network IDS Alerts. Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, pp. 14-19, 2021
• Risto Vaarandi and Mauno Pihelgas. NetFlow Based Framework for Identifying Anomalous End User Nodes. Proceedings of the 2020 International Conference on Cyber Warfare and Security, pp. 448-456, 2020
• Emin Caliskan, Risto Vaarandi and Birgy Lorenz. Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: A Case Study. Proceedings of the 2019 Computing Conference, Vol. 2, AISC Vol. 998, Springer, pp. 622-638, 2019
• Bernhards Blumbergs, Rain Ottis and Risto Vaarandi. Crossed Swords: A Cyber Red Team Oriented Technical Exercise. Proceedings of the 2019 European Conference on Cyber Warfare and Security, pp. 37-44, 2019
• Risto Vaarandi, Bernhards Blumbergs and Markus Kont. An Unsupervised Framework for Detecting Anomalous Messages from Syslog Log Files. Proceedings of the 2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1-6, 2018
• Chen Zhuge and Risto Vaarandi. Efficient Event Log Mining with LogClusterC. Proceedings of the 2017 IEEE International Conference on Big Data Security on Cloud, pp. 261-266, 2017
• Bernhards Blumbergs and Risto Vaarandi. Bbuzz: A Bit-aware Fuzzing Framework for Network Protocol Systematic Reverse Engineering and Analysis. Proceedings of the 2017 IEEE MILCOM Conference, pp. 707-712, 2017
• Risto Vaarandi, Markus Kont and Mauno Pihelgas. Event Log Analysis with the LogCluster Tool. Proceedings of the 2016 IEEE MILCOM Conference, pp. 982-987, 2016
• Bernhards Blumbergs, Mauno Pihelgas, Markus Kont, Olaf Maennel and Risto Vaarandi. Creating and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels. Proceedings of the 2016 Nordic Conference on Secure IT Systems, LNCS Vol. 10014, © Springer, pp. 85-100, 2016, DOI: 10.1007/978-3-319-47560-8_6 (extended version of the paper)
• Risto Vaarandi and Mauno Pihelgas. LogCluster - A Data Clustering and Pattern Mining Algorithm for Event Logs. Proceedings of the 2015 International Conference on Network and Service Management, pp. 1-7, 2015
• Risto Vaarandi, Bernhards Blumbergs and Emin Caliskan. Simple Event Correlator - Best Practices for Creating Scalable Configurations. Proceedings of the 2015 IEEE CogSIMA Conference, pp. 96-100, 2015
• Risto Vaarandi and Mauno Pihelgas. Using Security Logs for Collecting and Reporting Technical Security Metrics. Proceedings of the 2014 IEEE MILCOM Conference, pp. 294-299, 2014
• Risto Vaarandi and Pawel Nizinski. Comparative Analysis of Open-Source Log Management Solutions for Security Monitoring and Network Forensics. Proceedings of the 2013 European Conference on Information Warfare and Security, pp. 278-287, 2013
• Risto Vaarandi. Detecting Anomalous Network Traffic in Organizational Private Networks. Proceedings of the 2013 IEEE CogSIMA Conference, pp. 285-292, 2013
• Risto Vaarandi and Michael R. Grimaila. Security Event Processing with Simple Event Correlator. Information Systems Security Association (ISSA) Journal 10(8), pp. 30-37, 2012
• Risto Vaarandi. Methods for Detecting Important Events and Knowledge from Data Security Logs. Proceedings of the 2011 European Conference on Information Warfare and Security, pp. 261-267, 2011
• Risto Vaarandi and Karlis Podins. Network IDS Alert Classification with Frequent Itemset Mining and Data Clustering. Proceedings of the 2010 International Conference on Network and Service Management, pp. 451-456, 2010
• Risto Vaarandi. Real-time Classification of IDS Alerts with Data Mining Techniques. Proceedings of the 2009 IEEE MILCOM Conference, pp. 1786-1792, 2009
• Risto Vaarandi. Mining Event Logs with SLCT and LogHound. Proceedings of the 2008 IEEE/IFIP Network Operations and Management Symposium, pp. 1071-1074, 2008
• Risto Vaarandi. Simple Event Correlator for real-time security log monitoring. Hakin9 Magazine 1/2006 (6), pp. 28-39, 2006
• Risto Vaarandi. Tools and Techniques for Event Log Analysis. PhD Thesis, Tallinn University of Technology, 2005
• Risto Vaarandi. A Breadth-First Algorithm for Mining Frequent Patterns from Event Logs. Proceedings of the 2004 IFIP International Conference on Intelligence in Communication Systems, LNCS Vol. 3283, © Springer-Verlag, pp. 293-308, 2004
• Risto Vaarandi. A Data Clustering Algorithm for Mining Patterns From Event Logs. Proceedings of the 2003 IEEE Workshop on IP Operations and Management, pp. 119-126, 2003
• Risto Vaarandi. A Clustering Algorithm for Logfile Data Sets. Technical Report, University of Kuopio, 2003
• Risto Vaarandi. SEC - a Lightweight Event Correlation Tool. Proceedings of the 2002 IEEE Workshop on IP Operations and Management, pp. 111-115, 2002
• Risto Vaarandi. Platform Independent Event Correlation Tool for Network Management. Proceedings of the 2002 IEEE/IFIP Network Operations and Management Symposium, pp. 907-910, 2002
• Risto Vaarandi. Platform Independent Tool for Local Event Correlation. Acta Cybernetica 15(4), pp. 705-723, 2002