publications

Book

  • Understanding Intrusion Detection through Visualization, Stefan Axelsson and David Sands, in the series: Advances in Information Security, Sushil Jajodia (Ed.), Vol. 24  2006, XX, 145 p., Springer Verlag,  ISBN: 978-0-387-27634-2 (Unfortunately not available as a PDF from here). BibTeX

Theses

  • Understanding Intrusion Detection Through Visualisation, Stefan Axelsson, Thesis for the degree of doctor of philosophy, ISBN 91-7291-557-9, Department of Computer Science and Engineering, Chalmers University of Technology, Göteborg, Sweden, January 2005. Available in Zipped PDF (To get below 10MB size limit, also note that the cover is not the original cover of the printed thesis as it lacks the Chalmers and Göteborg University logotypes). A colour printer is highly recommended for the last chapter (Colour Plates).  Finally, note that even though the PDF is laid out for A4 paper, the thesis was printed in G5 (i.e. a 80% reduction). BibTeX
  • Aspects of the Modelling and Performance of Intrusion Detection, Stefan Axelsson, Thesis for the degree of licentiate of engineering, a degree between M.Sc. and PhD., Technical Report No 319L, Department of Computer Engineering, Chalmers University of Technology, Göteborg, Sweden, March 2000. Available in PDF. BibTeX

Articles in refereed journals/book chapters

  • Potential fields in modeling transport over water,  Ewa Osekowska, Stefan Axelsson, Bengt Carlsson, edited book chapter in Transport of Water versus Transport over Water-Exploring the Dynamic Interplay of Transport and Water, Carlos Ocampo-Martinez, Rudy R. Negenborn, editors. Chapter 14, pp 259-280, published in the Operations Research/Computer Science Interfaces Series, series volume 58, ISSN 1387-666X, ISBN 978-3-319-16133-4, Springer Verlag, 2015.
  • Do data loss prevention systems work?, Sara Ghorbanian, Glenn Fryklund, Stefan Axelsson, Edited book chapter in Advances in Digital Forensics XI, the 11:th IFIP WG 11.9 international conference, January 26-28, 2015. Orlando Florida. IN PRESS
  • VMI-PL: A Monitoring Language for Virtual Platforms Using Virtual Machine Introspection, Florian Westphal, Stefan Axelsson, Christian Neuhaus and Andreas Polze, Digital Investigation, The proceedings of the Fourteenth Annual DFRWS Conference, Vol. 11, S2 (2014), pp. S85-S94, Denver CO, USA, August 2014. Our final draft as PDF.
  • Key-hiding on the ARM platform, Alexander Nilsson, Marcus Andersson, Stefan Axelsson, Digital Investigation (The proceedings of the first annual DFRWS Europe conference), vol. 11S (2014), pp. S63-S67, Amsterdam, Holland, May 7-9, 2014. My final draft as PDF.
  • Using the RetSim simulator for fraud detection research, 
  • Edgar Alonso Lopez-Rojas, Dan Gorton, Stefan Axelsson, 
  • International Journal of Simulation and Process Modelling (IJSPM), ISSN online: 1740-2131, ISSN print: 1740-2123, Inderscience publishers, 2014. IN PRESS in the Special Issue on: I3M 2013 Modelling and Applied Simulation Multi-Perspective and Multidisciplinary Approaches. Our final draft as PDF.
  • Using Normalised Compression Distance for File Fragment 
  • Analysis
  •  
  • What to Look for in a Compressor, Stefan Axelsson, Kamran Ali Bajwa, Mandhapati Venkata Srikanth, in the proceedings of The 
  •  Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28 - 30, 2013. Available in PDF.
  • Similarity Assessment for Removal of Noisy End User License Agreements
  • Knowledge and Information Systems, Niklas Lavesson, Stefan Axelsson, Knowledge and Information Systems (KAIS), Springer Verlag, In press, accepted Jul 03, 2011. Our final draft as PDF. BibTeX (to come)
  • The Normalised Compression Distance as a file fragment classifier, Stefan Axelsson, Digital Investigation (The Proceedings of the Tenth Annual DFRWS Conference), 7(1), pp. S24-S31, August, 2010. My final draft as PDFBibTeX.
  • The base-rate fallacy and the difficulty of intrusion detection, Stefan Axelsson, ACM Transactions on Information and System Security (TISSEC), 3(3), pp. 186-205, ACM Press, ISSN: 1094-9224, 2000. Available from ACM. My final draft to ACM (ACM did some typographical changes) in PDF. BibTeX

Refereed conference and workshop contributions

  • A Review of Computer Simulation for Fraud Detection Research in Financial DatasetsEdgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of the Future Technologies Conference 2016 (FTC 2016), San Francisco, USA,6-7 December 2016. PDF
  • Paysim: a financial mobile money simulator for fraud detectionEdgar Alonso Lopez-Rojas, Ahmad Elmir, Stefan Axelsson, in the proceedings of the 28th European Modeling and Simulation Symposium 2016 (EMSS 2016), Larnaca, Cyprus, 26-28 September, 2016. PDF
  • Using the RetSim Fraud Simulation Tool to set Thresholds for Triage of Retail FraudEdgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of The 20th Nordic Conference on Secure IT Systems (NORDSEC 2015), Stockholm, Sweden, October 19-21, 2015. PDF
  • BankSim: A Bank Payments Simulator for Fraud Detection Research
  • Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the Proceedings of the 
  • The 26th European Modelling & Simulation Symposium (EMSS 2014), 10-13 Sept. Bordeaux, France, 2014. Our final draft as PDF.
  • Social Simulation of Commercial and Financial Behaviour for Fraud Detection ResearchEdgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of the Social Simulation Conference (SSC 2014), The 10th Conference of the European Social Simulation Association), Sept. 1-5, Barcelona, Spain. Our final draft as PDF.
  • Potential Fields in Maritime Anomaly Detection, Ewa Osekowska, Stefan Axelsson, Bengt Carlsson, In the proceeding of the 3rd International Conference on Models and Technologies for Intelligent Transport Systems, Dresden, Germany, Dec 2-4, 2013, available in PDF.
  • RETSIM: A Shoe Store Agent-based Simulation For Fraud DetectionEdgar Alonso Lopez-Rojas, Stefan Axelsson, and Dan Gorton, in the proceedings of the 25th European Modeling and Simulation Symposium 2013 (EMSS 2013), Athens, Greece, 15-27 September, 2013. Available in PDF (final draft). BibTeX. This paper won the best paper award of the conference out of a total of 97 published papers.
  • Using Data Mining for Static Code Analysis of C, Hannes Tribus, Irene Morrigl, Stefan Axelsson, The proceedings of the 8th International Conference on Advanced Data Mining and Applications (ADMA 2012), Nanjing, China, 15-18 December, 2012. My final draft as PDF, BibTeX.
  • Multi Agent Based Simulation (MABS) of Financial Transactions for Anti Money Laundering (AML), Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of The 17th Nordic Conference on Secure IT Systems (NORDSEC 2012), Karlskrona, Blekinge, Sweden, 31 Oct-2 Nov 2012. PDF. BibTeX
  • Money Laundering Detection using Synthetic Data, Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of The 27th annual workshop of the Swedish Artificial Intelligence Society (SAIS), Örebro, Sweden, May 14-15, 2012. PDF, BibTeX.
  • Using normalized compression distance for classifying file fragments, Stefan Axelsson, In the proceedings of the Third International Workshop on Digital Forensics (WSDF'10), (organized in conjunction with ARES 2010), Krakow, Poland, 15-18, February, 2010. Available in PDF, BibTeX.
  • Detecting Defects with an Interactive Code Review Tool Based on Visualisation and Machine Learning, Stefan Axelsson, Dejan Baca, Robert Feldt, Darius Sidlauskas, Denis Kacan, In the proceedings of the 21st International Conference on Software Engineering and Knowledge Engineering (SEKE 2009), Boston, MA, USA, 1-3 Jul, 2009. Available in PDF. BibTeX. The software that is described in the paper has its own Sourceforge project that contains a VIDEO demonstrating the tool in action.
  • Combining A Bayesian Classifier with Visualisation: Understanding the IDS, Stefan Axelsson, In the proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security, (Held in conjunction with the Eleventh ACM Conference on Computer and Communications Security), Oct 29, 2004. Available in PDF. The Bayesvis software is also available and a video that demonstrates the first example in the paper. BibTeX An expanded and corrected version is part of my PhD thesis.
  • Visualising Intrusions: Watching the Webserver, Stefan Axelsson, In the proceedings of the 19th IFIP International Information Security Conference (SEC2004), Tolouse France, 22-27 Aug, 2004. Available in PDF. BibTeX. An expanded and corrected version is part of my PhD thesis.
  • Visualization for Intrusion Detection: Hooking the worm, Stefan Axelsson, In the proceedings of the 8th European Symposium on Research in Computer Security (ESORICS 2003), Springer Verlag: LNCS 2808, 13-15 Oct, Gjövik Norway, 2003. Available in PDF. BibTeX An expanded and corrected version is part of my PhD thesis.
  • The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection, Stefan Axelsson, In Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 1-7, November 1-4, 1999, Kent Ridge Digital Labs, Singapore, Copyright ACM 1999. Available in PDF. BibTeX
  • On a Difficulty of Intrusion Detection, Stefan Axelsson, 2nd Intl. Workshop on Recent Advances in Intrusion Detection (RAID'99), Purdue University, West Lafayette, Indiana, USA, September 7-9, 1999, Available in PDF. BibTeX
  • A Comparison of the Security of Windows NT and UNIX, Hans Hedbom , Stefan Lindskog, Stefan Axelsson, Erland Jonsson, Presented at the Third Nordic Workshop on Secure IT Systems, NORDSEC'98, 5-6 November, 1998, Trondheim, Norway, Available in PDF. BibTeX
  • An Approach to UNIX Security Logging, Stefan Axelsson, Ulf Lindqvist, Ulf Gustafson,Erland Jonsson, In Proceedings of the 21st National Information Systems Security Conference, pp. 62-75, Oct. 5-8, Crystal City, Arlington, VA, USA, 1998, Available in PDF. BibTeX

Technical reports 

  • A Systematic Review and Taxonomy of SQL Injection Defence Techniques, Anup Shakya, Dhiraj Aryal, Stefan Axelsson, Unpublished technical report, 2012-06-12. Avaliable in PDF.
  • Visualising the Inner Workings of a Self Learning Classifier: Improving the Usability of Intrusion Detection Systems, Stefan Axelsson, Technical Report No. 2004-12, Department of Computing Science, Chalmers University of Technology, 2004. Available in PDF. BibTeX Part of my PhD thesis above.
  • Preliminary Attempt to Apply Detection and Estimation Theory to Intrusion Detection, Stefan Axelsson, Technical Report No 00-4, Dept. of Computer Engineering, Chalmers Univerity of Technology, Sweden, March 2000, Available in PDF. BibTeX
  • Intrusion Detection Systems: A Taxonomy and Survey, Stefan Axelsson, Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden,March 2000, Available in PDF. BibTeX
  • Research in Intrusion Detection Systems: A Survey, Stefan Axelsson, Technical Report No 98-17, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, Dec 15, 1998 revised  Aug 19, 1999, Available in PDF. BibTeX