GeCos Replacing Experts: Generalizable and Comprehensible Industrial Intrusion Detection

This file was created by the TYPO3 extension bib --- Timezone: UTC Creation date: 2025-03-16 Creation time: 10-18-27 --- Number of references 4 inproceedings 2025-wolsing-geco GeCos Replacing Experts: Generalizable and Comprehensible Industrial Intrusion Detection 2025 8 https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-wolsing-geco.pdf Proceedings of the 34th USENIX Security Symposium (USENIX Sec) Seattle, WA, USA 34th USENIX Security Symposium August 13-15, 2025 accepted 1 KonradWolsing EricWagner LuisaLux KlausWehrle MartinHenze inproceedings 2025-wagner-caiba CAIBA: Multicast Source Authentication for CAN Through Reactive Bit Flipping 2025 6 Proceedings of the 2025 IEEE 10th European Symposium on Security and Privacy (EuroS&P) Venice, Italy 10th European Symposium on Security and Privacy June 30 - July 4, 2025 accepted 1 EricWagner FrederikBasels JanBauer TillZimmermann KlausWehrle MartinHenze inproceedings 2025-fink-hybridmon Advancing Network Monitoring with Packet-Level Records and Selective Flow Aggregation 2025 5 Due to its superior efficiency, network operators frequently prefer flow monitoring over full packet captures. However, packet-level information is crucial for the timely and reliable detection, investigation, and mitigation of security incidents. Currently, no solution effectively balances these two contradicting approaches, forcing network operators to compromise between efficiency and accuracy. In this paper, we thus propose HybridMon, a hybrid solution that combines condensed packet-level monitoring with selective flow-based aggregation to strike a new balance between efficiency and accuracy. Operating on the data plane of P4-programmable switches, HybridMon enables fine-grained, practical, and flexible network monitoring at Tbps speeds. We validate the effectiveness of HybridMon through extensive evaluations using Internet backbone and university campus traffic traces, demonstrating its reliability and performance in network forensics and intrusion detection contexts. Our results show that HybridMon reliably monitors all flows while reducing the output bandwidth to 12 % to 20 % compared to packet monitoring when exporting standard features. Security Services; Control and Data Plane Programmability; Monitoring and Measurements https://www.comsys.rwth-aachen.de/fileadmin/papers/2025/2025-fink-hybridmon.pdf IEEE Proceedings of the 2025 IEEE/IFIP Network Operations and Management Symposium (NOMS '25), May 12-16, 2025, Honolulu, HI, USA Honolulu, HI, USA 2025 IEEE/IFIP Network Operations and Management Symposium May 12-16, 2025 accepted 1 Ina BereniceFink IkeKunze PascalHein JanPennekamp BenjaminStandaert KlausWehrle JanRüth inproceedings 2025_querfurth_transformer Transformer-Based Integrative Patient Representations from Single-Cell RNA Data 2025 4 28 health; rfc; rust Learning Meaningful Representations of Life Workshop (LMRL '25), co-located with the 13th International Conference on Learning Representations (ICLR '25), April 24-28, 2025, Singapore, Singapore Singapore, Singapore April 24-28, 2025 accepted 1 Benediktvon Querfurth JohannesLohmöller JanPennekamp ToreBleckwehl RafaelKramann KlausWehrle SikanderHayat