Publications

Publications

Books

    • Digital Forensics, Andre Årnes ed. with Andre Årnes, Anders O. Flaglien, Inger Marie Sunde, Ausra Dilijonaite, Jeff Hamm, Jens-Petter Sandvik, Petter Christian Bjelland, Katrin Franke, Stefan Axelsson, Wiley, ISBN: 978-1-119-26238-1, 376 pages, July 2017
    • Understanding Intrusion Detection through Visualization, Stefan Axelsson and David Sands, in the series: Advances in Information Security, Sushil Jajodia (Ed.), Vol. 24 2006, XX, 145 p., Springer Verlag, ISBN: 978-0-387-27634-2 (Unfortunately not available as a PDF from here). BibTeX

Theses

    • Understanding Intrusion Detection Through Visualisation, Stefan Axelsson, Thesis for the degree of doctor of philosophy, ISBN 91-7291-557-9, Department of Computer Science and Engineering, Chalmers University of Technology, Göteborg, Sweden, January 2005. Available in Zipped PDF (To get below 10MB size limit, also note that the cover is not the original cover of the printed thesis as it lacks the Chalmers and Göteborg University logotypes). A colour printer is highly recommended for the last chapter (Colour Plates). Finally, note that even though the PDF is laid out for A4 paper, the thesis was printed in G5 (i.e. a 80% reduction). BibTeX
  • Aspects of the Modelling and Performance of Intrusion Detection, Stefan Axelsson, Thesis for the degree of licentiate of engineering, a degree between M.Sc. and PhD., Technical Report No 319L, Department of Computer Engineering, Chalmers University of Technology, Göteborg, Sweden, March 2000. Available in PDF. BibTeX

Articles in refereed journals/book chapters

  • Reverse engineering of ReFS, Rune Nordvik, Henry Georges, Fergus Toolan, Stefan Axelsson, Digital Investigation, Volume 30, 2019, (Received 23 March 2019, Revised 4 July 2019, Accepted 17 July 2019, Available online 23 July 2019.) Pages 127-147, ISSN 1742-2876, Elsevier, PDF available from https://doi.org/10.1016/j.diin.2019.07.004 (Open access).
    • Using NTFS Cluster Allocation Behavior to Find the Location of User Data, Martin Karresand, Stefan Axelsson and Geir Olav Dyrkolbotn, Digital Investigation, The Proceedings of the 19th DFRWS conference, Portland Or., USA, July 2019, Available from Digital Investigation (Open Access).
    • Using the Object ID index as an investigative approach for NTFS file systems, Rune Nordvik, Fergus Toolan and Stefan Axelsson, Digital Investigation, The Proceedings of the Sixth Annual DFRWS Europe conference, Oslo, Norway, April 2019, Available from Digital Investigation (Open access).
    • Creating a Map of User Data in NTFS to Improve File Carving, Martin Karresand, Asalena Warnqvist, David Lindahl, Stefan Axelsson and Geir Olav Dyrkolbotn, Edited book chapter in Advances in Digital Forensics XV, the 15:th IFIP WG 11.9 international conference, January 28-29, 2019. Orlando Florida.
    • Forensic Atomic Force Microscopy of Semiconductor Memory Arrays, Struan Gray and Stefan Axelsson, Edited book chapter in Advances in Digital Forensics XV, the 15:th IFIP WG 11.9 international conference, January 28-29, 2019. Orlando Florida.
    • Brute Forcing Vendor Defined Messages in the USB Power Delivery Protocol, Gunnar Alendal, Stefan Axelsson and Geir Olav Dyrkolbotn, Edited book chapter in Advances in Digital Forensics XV, the 15:th IFIP WG 11.9 international conference, January 28-29, 2019. Orlando Florida.
  • Analysis of fraud controls using the PaySim financial simulator, Edgar Alonso Lopez-Rojas, Stefan Axelsson, Dejan Baca, In the special issue on: "New Advances of Modelling and Simulation for Business Processes, Production, Services and Supply chain, International Journal of Simulation and Process Modelling, Vol. 13, No. 4, 2018, Inderscience publishers. The published paper as PDF.
    • Forensics Acquisition - Analysis and Circumvention of Samsung Secure Boot Enforced Common Criteria Mode, Gunnar Alendal, Geir Olav Dyrkolbotn, Stefan Axelsson, Digital Investigation, The Proceedings of the Fifth Annual DFRWS Europe conference, Vol. 24, Supplement, pp. S60-S67, Florence, Italy, March 2018. The published paper as PDF.
    • Digital Forensics Implications of Collusion Attacks on the Lightning Network, Dmytro Piatkivskyi, Stefan Axelsson and Mariusz Nowostawski, Edited book chapter in Advances in Digital Forensics XIII, the 13:th IFIP WG 11.9 international conference, January 30 - February 1, 2017. Orlando Florida. Our final version as PDF.
  • Potential fields in modeling transport over water, Ewa Osekowska, Stefan Axelsson, Bengt Carlsson, edited book chapter in Transport of Water versus Transport over Water-Exploring the Dynamic Interplay of Transport and Water, Carlos Ocampo-Martinez, Rudy R. Negenborn, editors. Chapter 14, pp 259-280, published in the Operations Research/Computer Science Interfaces Series, series volume 58, ISSN 1387-666X, ISBN 978-3-319-16133-4, Springer Verlag, 2015. Our final draft as PDF.
  • Do data loss prevention systems work?, Sara Ghorbanian, Glenn Fryklund, Stefan Axelsson, Edited book chapter in Advances in Digital Forensics XI, the 11:th IFIP WG 11.9 international conference, January 26-28, 2015. Orlando Florida. PDF.
  • VMI-PL: A Monitoring Language for Virtual Platforms Using Virtual Machine Introspection, Florian Westphal, Stefan Axelsson, Christian Neuhaus and Andreas Polze, Digital Investigation, The proceedings of the Fourteenth Annual DFRWS Conference, Vol. 11, S2 (2014), pp. S85-S94, Denver CO, USA, August 2014. Our final draft as PDF.
  • Key-hiding on the ARM platform, Alexander Nilsson, Marcus Andersson, Stefan Axelsson, Digital Investigation (The proceedings of the first annual DFRWS Europe conference), vol. 11S (2014), pp. S63-S67, Amsterdam, Holland, May 7-9, 2014. My final draft as PDF.
  • Using the RetSim simulator for fraud detection research,
  • Edgar Alonso Lopez-Rojas, Dan Gorton, Stefan Axelsson, International Journal of Simulation and Process Modelling (IJSPM), ISSN online: 1740-2131, ISSN print: 1740-2123, Inderscience publishers, 2014. In the Special Issue on: I3M 2013 Modelling and Applied Simulation Multi-Perspective and Multidisciplinary Approaches. Our final draft as PDF.
  • Using Normalised Compression Distance for File Fragment
  • Analysis —What to Look for in a Compressor, Stefan Axelsson, Kamran Ali Bajwa, Mandhapati Venkata Srikanth, in the proceedings of The Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28 - 30, 2013. Available in PDF.
  • Similarity Assessment for Removal of Noisy End User License Agreements
  • Knowledge and Information Systems, Niklas Lavesson, Stefan Axelsson, Knowledge and Information Systems (KAIS), Springer Verlag, In press, accepted Jul 03, 2011. Our final draft as PDF. BibTeX (to come)
  • The Normalised Compression Distance as a file fragment classifier, Stefan Axelsson, Digital Investigation (The Proceedings of the Tenth Annual DFRWS Conference), 7(1), pp. S24-S31, August, 2010. My final draft as PDF. BibTeX.
    • The base-rate fallacy and the difficulty of intrusion detection, Stefan Axelsson, ACM Transactions on Information and System Security (TISSEC), 3(3), pp. 186-205, ACM Press, ISSN: 1094-9224, 2000. Available from ACM. My final draft to ACM (ACM did some typographical changes) in PDF. BibTeX

Refereed conference and workshop contributions

    • Process and procedures, techniques and tools, cyber crime investigations, law enforcement, crimes against children, Hallstein A. Hansen, Stig Andersen, Stefan Axelsson, Svein Hopland, In the proceedings of The ADFSL 2017 Conference on Digital Forensics, Security and Law, At the campus of Embry-Riddle Aeronautical University in Daytona Beach, Florida, May 15-16, 2017. Our final version as PDF.
  • A Review of Computer Simulation for Fraud Detection Research in Financial Datasets, Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of the Future Technologies Conference 2016 (FTC 2016), San Francisco, USA,6-7 December 2016. PDF
  • Paysim: a financial mobile money simulator for fraud detection, Edgar Alonso Lopez-Rojas, Ahmad Elmir, Stefan Axelsson, in the proceedings of the 28th European Modeling and Simulation Symposium 2016 (EMSS 2016), Larnaca, Cyprus, 26-28 September, 2016. PDF
  • Using the RetSim Fraud Simulation Tool to set Thresholds for Triage of Retail Fraud, Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of The 20th Nordic Conference on Secure IT Systems (NORDSEC 2015), Stockholm, Sweden, October 19-21, 2015. PDF
  • BankSim: A Bank Payments Simulator for Fraud Detection Research,
  • Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the Proceedings of the The 26th European Modelling & Simulation Symposium (EMSS 2014), 10-13 Sept. Bordeaux, France, 2014. Our final draft as PDF.
  • Social Simulation of Commercial and Financial Behaviour for Fraud Detection Research, Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of the Social Simulation Conference (SSC 2014), The 10th Conference of the European Social Simulation Association), Sept. 1-5, Barcelona, Spain. Our final draft as PDF.
  • Potential Fields in Maritime Anomaly Detection, Ewa Osekowska, Stefan Axelsson, Bengt Carlsson, In the proceeding of the 3rd International Conference on Models and Technologies for Intelligent Transport Systems, Dresden, Germany, Dec 2-4, 2013, available in PDF.
  • RETSIM: A Shoe Store Agent-based Simulation For Fraud Detection, Edgar Alonso Lopez-Rojas, Stefan Axelsson, and Dan Gorton, in the proceedings of the 25th European Modeling and Simulation Symposium 2013 (EMSS 2013), Athens, Greece, 15-27 September, 2013. Available in PDF (final draft). BibTeX. This paper won the best paper award of the conference out of a total of 97 published papers.
  • Using Data Mining for Static Code Analysis of C, Hannes Tribus, Irene Morrigl, Stefan Axelsson, The proceedings of the 8th International Conference on Advanced Data Mining and Applications (ADMA 2012), Nanjing, China, 15-18 December, 2012. My final draft as PDF, BibTeX.
  • Multi Agent Based Simulation (MABS) of Financial Transactions for Anti Money Laundering (AML), Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of The 17th Nordic Conference on Secure IT Systems (NORDSEC 2012), Karlskrona, Blekinge, Sweden, 31 Oct-2 Nov 2012. PDF. BibTeX
  • Money Laundering Detection using Synthetic Data, Edgar Alonso Lopez-Rojas, Stefan Axelsson, In the proceedings of The 27th annual workshop of the Swedish Artificial Intelligence Society (SAIS), Örebro, Sweden, May 14-15, 2012. PDF, BibTeX.
  • Using normalized compression distance for classifying file fragments, Stefan Axelsson, In the proceedings of the Third International Workshop on Digital Forensics (WSDF'10), (organized in conjunction with ARES 2010), Krakow, Poland, 15-18, February, 2010. Available in PDF, BibTeX.
  • Detecting Defects with an Interactive Code Review Tool Based on Visualisation and Machine Learning, Stefan Axelsson, Dejan Baca, Robert Feldt, Darius Sidlauskas, Denis Kacan, In the proceedings of the 21st International Conference on Software Engineering and Knowledge Engineering (SEKE 2009), Boston, MA, USA, 1-3 Jul, 2009. Available in PDF. BibTeX. The software that is described in the paper has its own Sourceforge project that contains a VIDEO demonstrating the tool in action.
    • Combining A Bayesian Classifier with Visualisation: Understanding the IDS, Stefan Axelsson, In the proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security, (Held in conjunction with the Eleventh ACM Conference on Computer and Communications Security), Oct 29, 2004. Available in PDF. The Bayesvis software is also available and a video that demonstrates the first example in the paper. BibTeX An expanded and corrected version is part of my PhD thesis.
  • Visualising Intrusions: Watching the Webserver, Stefan Axelsson, In the proceedings of the 19th IFIP International Information Security Conference (SEC2004), Tolouse France, 22-27 Aug, 2004. Available in PDF. BibTeX. An expanded and corrected version is part of my PhD thesis.
  • Visualization for Intrusion Detection: Hooking the worm, Stefan Axelsson, In the proceedings of the 8th European Symposium on Research in Computer Security (ESORICS 2003), Springer Verlag: LNCS 2808, 13-15 Oct, Gjövik Norway, 2003. Available in PDF. BibTeX An expanded and corrected version is part of my PhD thesis.
  • The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection, Stefan Axelsson, In Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 1-7, November 1-4, 1999, Kent Ridge Digital Labs, Singapore, Copyright ACM 1999. Available in PDF. BibTeX
  • On a Difficulty of Intrusion Detection, Stefan Axelsson, 2nd Intl. Workshop on Recent Advances in Intrusion Detection (RAID'99), Purdue University, West Lafayette, Indiana, USA, September 7-9, 1999, Available in PDF. BibTeX
  • A Comparison of the Security of Windows NT and UNIX, Hans Hedbom , Stefan Lindskog, Stefan Axelsson, Erland Jonsson, Presented at the Third Nordic Workshop on Secure IT Systems, NORDSEC'98, 5-6 November, 1998, Trondheim, Norway, Available in PDF. BibTeX
  • An Approach to UNIX Security Logging, Stefan Axelsson, Ulf Lindqvist, Ulf Gustafson,Erland Jonsson, In Proceedings of the 21st National Information Systems Security Conference, pp. 62-75, Oct. 5-8, Crystal City, Arlington, VA, USA, 1998, Available in PDF. BibTeX

Technical reports

  • A Systematic Review and Taxonomy of SQL Injection Defence Techniques, Anup Shakya, Dhiraj Aryal, Stefan Axelsson, Unpublished technical report, 2012-06-12. Avaliable in PDF.
  • Visualising the Inner Workings of a Self Learning Classifier: Improving the Usability of Intrusion Detection Systems, Stefan Axelsson, Technical Report No. 2004-12, Department of Computing Science, Chalmers University of Technology, 2004. Available in PDF. BibTeX Part of my PhD thesis above.
  • A Preliminary Attempt to Apply Detection and Estimation Theory to Intrusion Detection, Stefan Axelsson, Technical Report No 00-4, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, March 2000, Available in PDF. BibTeX
  • Intrusion Detection Systems: A Taxonomy and Survey, Stefan Axelsson, Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden,March 2000, Available in PDF. BibTeX
  • Research in Intrusion Detection Systems: A Survey, Stefan Axelsson, Technical Report No 98-17, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, Dec 15, 1998 revised Aug 19, 1999, Available in PDF. BibTeX

Last changed 2019-12-04