Home Comments


Selected Publications by Jim Yuill



These papers are from my computer-security research at North Carolina State University.

I was a PhD student there, then later a post-doc researcher and a teaching professor.

For some papers, their “Google Scholar citation count is given.

      This count is the number of scholarly publications that cite the paper, as of 10/2023.

      Approximately, only 25% of scientific papers have over 10 citations, and only 2% have over 100 citations.



Deception-Based Intrusion Detection Systems (IDSes)


Defensive Computer-Security Deception Operations: Processes, Principles and Techniques

      Ph.D. Thesis, North Carolina State University, 2006

      Includes principles for designing deception operations, and two deception-based IDSes

      Google Scholar citation count: 61


Honeyfiles: Deceptive Files for Intrusion Detection

      Proceedings of the 2004 IEEE Workshop on Information Assurance, West Point, NY, June 2004

      A deception-based IDS, which uses bait files for hackers

      Google Scholar citation count: 206



Designing Deception-Operations for Computer Security


Deception for Computer Security Defense

      Technical report for the Office of the Secretary of Defense, January 2004

      Includes principles for designing deception operations, and two deception-based devices

      Google Scholar citation count: N/A (not published)


Using Deception to Hide Things from Hackers: Processes, Principles, and Techniques

      Journal of Information Warfare, November 2006

      A novel model of deceptive hiding, with application to computer security.

      Google Scholar citation count: 111



Computer-Security Incident Response


Intrusion-Detection for Incident Response, Using a Military Battlefield-Intelligence Process

      Computer Networks, Elsevier, October 2000

      Applies the US military’s battlefield-intelligence process to tracking-down hackers on a network

      The link is to an excerpt, and the full paper is available on request.

      Google Scholar citation count: 58


Developing Standardized Processes for Incident Response: Challenges and Opportunities

      18th ACM Conference on Computer and Communications Security, Chicago, IL, October 2011

      Department of Defense Cyber Crime Conference 2012, Atlanta, GA, January 2012

      Slides for a 2-hour tutorial presentation

      Google Scholar citation count: N/A (not published)



Computer-Security Practices and Standards


Choosing System Security-Engineering Practices: Evaluation Criteria and a Selected Survey

      Technical Report, 2008

      3rd International Conference of the Virtual Computing Initiative, Research Triangle Park, NC, October 2009

      Principles for evaluating system security-engineering practices, e.g., NIST, Microsoft’s SDL, etc.

      Google Scholar citation count: N/A (not published)


Common Criteria: A Survey of Its Problems and Criticism

      Technical Report, 2008

      Department of Defense Cyber Crime Conference 2009, St. Louis, MO, January 2009

      Analysis of the literature on Common Criteria, a computer-security standard

      Google Scholar citation count: N/A (not published)