Biblio

Preventing unauthorized access to sensitive data is an exceedingly complex access control problem. In this keynote, I will break down the data breach problem and give insights into how organizations could and should do to reduce their risks. The talk will start with discussing the technical reasons behind some of the recent high-profile data breach incidents (e.g., in Equifax, Target), as well as pointing out the threats of inadvertent or accidental data leaks. Then, I will show that there are usually multiple points to stop data breach and give an overview of the relevant state-of-the-art solutions. I will focus on some of the recent algorithmic advances in preventing inadvertent data loss, including set-based and alignment-based screening techniques, outsourced screening, and GPU-based performance acceleration. I will also briefly discuss the role of non-technical factors (e.g., organizational culture on security) in data protection. Because of the cat-and-mouse-game nature of cybersecurity, achieving absolute data security is impossible. However, proactively securing critical data paths through strategic planning and placement of security tools will help reduce the risks. I will also point out a few exciting future research directions, e.g., on data leak detection as a cloud security service and deep learning for reducing false alarms in continuous authentication and the prickly insider-threat detection.

Data Provenance has created an emerging requirement for technologies that enable end users to access, evaluate, and act on the provenance of data in recent years. In the era of Big Data, the amount of data created by corporations around the world has grown each year. As an example, both in the Social Media and e-Science domains, data is growing at an unprecedented rate. As the data has grown rapidly, information on the origin and lifecycle of the data has also grown. In turn, this requires technologies that enable the clarification and interpretation of data through the use of data provenance. This study proposes methodologies towards the visualization of W3C-PROV-O Specification compatible provenance data. The visualizations are done by summarization and comparison of the data provenance. We facilitated the testing of these methodologies by providing a prototype, extending an existing open source visualization tool. We discuss the usability of the proposed methodologies with an experimental study; our initial results show that the proposed approach is usable, and its processing overhead is negligible.

Computer and network accountability is to make every action in computers and networks accountable. In order to achieve accountability, we need to answer the following questions: what did it happen? When did it happen? Who did it? In order to achieve accountability, the first step is to record what exactly happened. Therefore, an accountable logging is needed and implemented in computers and networks. Our previous work proposed a novel accountable logging methodology called Flow-Net. However, how to storage the huge amount of Flow-net logs into databases is not clear. In this paper, we try to answer this question.

Threat actors can be persistent, motivated and agile, and they leverage a diversified and extensive set of tactics, techniques, and procedures to attain their goals. In response to that, organizations establish threat intelligence programs to improve their defense capabilities and mitigate risk. Actionable threat intelligence is integrated into security information and event management systems (SIEM) forming a threat intelligence platform. A threat intelligence platform aggregates log data from multiple disparate sources by deploying numerous collection agents and provides centralized analysis and reporting of an organization's security events for identifying malicious activity. Sysmon logs is a data source that has received considerable attention for endpoint visibility. Approaches for threat detection using Sysmon have been proposed mainly focusing on search engines (NoSQL database systems). This paper presents a new automated threat assessment system that relies on the analysis of continuous incoming feeds of Sysmon logs. The system is based on a cyber threat intelligence ontology and analyses Sysmon logs to classify software in different threat levels and augment cyber defensive capabilities through situational awareness, prediction, and automated courses of action.

Distributed Denial of Service (DDoS) attacks are intense and are targeted to major infrastructure, governments and military organizations in each country. There are a lot of mitigations about DDoS, and the concept of Content Delivery Network (CDN) has been able to avoid attacks on websites. However, since the existing CDN system is fundamentally centralized, it may be difficult to prevent DDoS. This paper describes the distributed CDN Schema using Private Blockchain which solves the problem of participation of existing transparent and unreliable nodes. This will explain DDoS mitigation that can be used by military and government agencies.

Systematically reasoning about the fine-grained causes of events in a real-world distributed system is challenging. Causality, from the distributed systems literature, can be used to compute the causal history of an arbitrary event in a distributed system, but the event's causal history is an over-approximation of the true causes. Data provenance, from the database literature, precisely describes why a particular tuple appears in the output of a relational query, but data provenance is limited to the domain of static relational databases. In this paper, we present wat-provenance: a novel form of provenance that provides the benefits of causality and data provenance. Given an arbitrary state machine, wat-provenance describes why the state machine produces a particular output when given a particular input. This enables system developers to reason about the causes of events in real-world distributed systems. We observe that automatically extracting the wat-provenance of a state machine is often infeasible. Fortunately, many distributed systems components have simple interfaces from which a developer can directly specify wat-provenance using a technique we call wat-provenance specifications. Leveraging the theoretical foundations of wat-provenance, we implement a prototype distributed debugging framework called Watermelon.

Logistic regression (LR) is used in many areas due to its simplicity and interpretability. While at the same time, those two properties limit its classification accuracy. Deep neural networks (DNNs), instead, achieve state-of-the-art performance in many domains. However, the nonlinearity and complexity of DNNs make it less interpretable. To balance interpretability and classification performance, we propose a novel nonlinear model, Deep Embedding Logistic Regression (DELR), which augments LR with a nonlinear dimension-wise feature embedding. In DELR, each feature embedding is learned through a deep and narrow neural network and LR is attached to decide feature importance. A compact and yet powerful model, DELR offers great interpretability: it can tell the importance of each input feature, yield meaningful embedding of categorical features, and extract actionable changes, making it attractive for tasks such as market analysis and clinical prediction.

The aim of this investigation is to classify real-life facial images into one of six types of emotions. For solving this problem, we propose to use deep machine learning algorithms and convolutional neural network (CNN). CNN is a modern type of neural network, which allows for rapid detection of various objects, as well as to make an effective object classification. For acceleration of CNN learning stage, we use supercomputer NVIDIA DGX-1. This process was implemented in parallel on a large number of independent streams on GPU. Numerical experiments for algorithms were performed on the images of Multi-Pie image database with various lighting of scene and angle rotation of head. For developed models, several metrics of quality were calculated. The designing algorithm was used in real-time video processing in human-computer interaction systems. Moreover, expression recognition can apply in such fields as retail analysis, security, video games, animations, psychiatry, automobile safety, educational software, etc.

With the widespread diffusion of powerful media editing tools, falsifying images and videos has become easier and easier in the last few years. Fake multimedia, often used to support fake news, represents a growing menace in many fields of life, notably in politics, journalism, and the judiciary. In response to this threat, the signal processing community has produced a major research effort. A large number of methods have been proposed for source identification, forgery detection and localization, relying on the typical signal processing tools. The advent of deep learning, however, is changing the rules of the game. On one hand, new sophisticated methods based on deep learning have been proposed to accomplish manipulations that were previously unthinkable. On the other hand, deep learning provides also the analyst with new powerful forensic tools. Given a suitably large training set, deep learning architectures ensure usually a significant performance gain with respect to conventional methods, and a much higher robustness to post-processing and evasions. In this talk after reviewing the main approaches proposed in the literature to ensure media authenticity, the most promising solutions relying on Convolutional Neural Networks will be explored with special attention to realistic scenarios, such as when manipulated images and videos are spread out over social networks. In addition, an analysis of the efficacy of adversarial attacks on such methods will be presented.

With the amount of data has been rapidly growing over recent decades, binary hashing has become an attractive approach for fast search over large databases, in which the high-dimensional data such as image, video or text is mapped into a low-dimensional binary code. Searching in this hamming space is extremely efficient which is independent of the data size. A lot of methods have been proposed to learn this binary mapping. However, to make the binary codes conserves the input information, previous works mostly resort to mean squared error, which is prone to lose a lot of input information [11]. On the other hand, most of the previous works adopt the norm constraint or approximation on the hidden representation to make it as close as possible to binary, but the norm constraint is too strict that harms the expressiveness and flexibility of the code. In this paper, to generate desirable binary codes, we introduce two adversarial training procedures to the hashing process. We replace the L2 reconstruction error with an adversarial training process to make the codes reserve its input information, and we apply another adversarial learning discriminator on the hidden codes to make it proximate to binary. With the adversarial training process, the generated codes are getting close to binary while also conserves the input information. We conduct comprehensive experiments on both supervised and unsupervised hashing applications and achieves a new state of the arts result on many image hashing benchmarks.

Software testing is very important for software quality assurance. However, the test activity is not a simple task and requires good planning to be successful. It is in this context that the automation of tests gains importance. This paper presents the experience of defining and implementing a test automation strategy for functional tests based on the Brazilian Test Process Improvement Model (MPT.Br) in an IT company. The results of this work include the improvement of the testing process used by the company, the increase in the test coverage and the reduction of time used to perform regression tests.

Many recent advances of network caching focus on i) more effectively modeling the preferences of a regional user group to different web contents, and ii) reducing the cost of content delivery by storing the most popular contents in regional caches. However, the context under which the users interact with the network system usually causes tremendous variations in a user group's preferences on the contents. To effectively leverage such contextual information for more efficient network caching, we propose a novel mechanism to incorporate context-aware collaborative filtering into demand-driven caching. By differentiating the characterization of user interests based on a priori contexts, our approach seeks to enhance the cache performance with a more dynamic and fine-grained cache allocation process. In particular, our approach is general and adapts to various types of context information. Our evaluation shows that this new approach significantly outperforms previous non-demand-driven caching strategies by offering much higher cached content rate, especially when utilizing the contextual information.

Synchrophasor technology is used for real-time control and monitoring in smart grid. Previous works in literature identified critical vulnerabilities in IEEE C37.118.2 synchrophasor communication standard. To protect synchrophasor-based systems, stealthy cyber-attacks and effective defense mechanisms still need to be investigated.This paper investigates how an attacker can develop a custom tool to execute stealthy man-in-the-middle attacks against synchrophasor devices. In particular, four different types of attack capabilities have been demonstrated in a real synchrophasor-based synchronous islanding testbed in laboratory: (i) command injection attack, (ii) packet drop attack, (iii) replay attack and (iv) stealthy data manipulation attack. With deep technical understanding of the attack capabilities and potential physical impacts, this paper also develops and tests a distributed Intrusion Detection System (IDS) following NIST recommendations. The functionalities of the proposed IDS have been validated in the testbed for detecting aforementioned cyber-attacks. The paper identified that a distributed IDS with decentralized decision making capability and the ability to learn system behavior could effectively detect stealthy malicious activities and improve synchrophasor network security.

In recent years, service providers, such as mobile operators providing wireless services, collected location data in enormous extent with the increase of the usages of mobile phones. Vertical businesses, such as banks, may want to use this location information for their own scenarios. However, service providers cannot directly provide these private data to the vertical businesses because of the privacy and legal issues. In this demo, we show how privacy preserving solutions can be utilized using such location-based queries without revealing each organization's sensitive data. In our demonstration, we used partially homomorphic cryptosystem in our protocols and showed practicality and feasibility of our proposed solution.

Data lineage is a fundamental type of information that describes the relationships between input and output data items in a workflow. As such, an immense amount of data-intensive applications with logic over the input-output relationships can be expressed declaratively in lineage terms. Unfortunately, many applications resort to hand-tuned implementations because either lineage systems are not fast enough to meet their requirements or due to no knowledge of the lineage capabilities. Recently, we introduced a set of implementation design principles and associated techniques to optimize lineage-enabled database engines and realized them in our prototype database engine, namely, Smoke. In this demonstration, we showcase lineage as the building block across a variety of data-intensive applications, including tooltips and details on demand; crossfilter; and data profiling. In addition, we show how Smoke outperforms alternative lineage systems to meet or improve on existing hand-tuned implementations of these applications.

The internet-of-things (IoT) consists of embedded devices and their networks of communication as they form decentralized frameworks of ubiquitous computing services. Within such decentralized systems the potential for malicious actors to impact the system is significant, with far-reaching consequences. Hence this work addresses the challenge of providing IoT systems engineers with a framework to elicit privacy and security design considerations, specifically for indoor adaptive smart environments. It introduces a new ambient intelligence indoor adaptive environment framework (CORE) which leverages multiple forms of data, and aims to elicit the privacy and security needs of this representative system. This contributes both a new adaptive IoT framework, but also an approach to systematically derive privacy and security design requirements via a combined and modified OCTAVE-Allegro and Privacy-by-Design methodology. This process also informs the future developments and evaluations of the CORE system, toward engineering more secure and private IoT systems.

Research has observed context factors like occasion and time as influential factors for predicting whether or not to share a location with online friends. In other domains like social networks, personality was also found to play an important role. Furthermore, users are seeking a fine-grained disclosement policy that also allows them to display an obfuscated location, like the center of the current city, to some of their friends. In this paper, we observe which context factors and personality measures can be used to predict the correct privacy level out of seven privacy levels, which include obfuscation levels like center of the street or current city. Our results show that a prediction is possible with a precision 20% better than a constant value. We will give design indications to determine which context factors should be recorded, and how much the precision can be increased if personality and privacy measures are recorded using either a questionnaire or automated text analysis.

Research has observed context factors like occasion and time as influential factors for predicting whether or not to share a location with online friends. In other domains like social networks, personality was also found to play an important role. Furthermore, users are seeking a fine-grained disclosement policy that also allows them to display an obfuscated location, like the center of the current city, to some of their friends. In this paper, we observe which context factors and personality measures can be used to predict the correct privacy level out of seven privacy levels, which include obfuscation levels like center of the street or current city. Our results show that a prediction is possible with a precision 20% better than a constant value. We will give design indications to determine which context factors should be recorded, and how much the precision can be increased if personality and privacy measures are recorded using either a questionnaire or automated text analysis.

The general idea to achieve error detection and correction is to add some extra bit to an original message, in which the receiver can use to check the flexibility of the message which has been delivered, and to recover the noisy data. Turbo code is one of the forward error correction method, which is able to achieve the channel capacity, with nearer Shannon limit, encoding and decoding of text and images are performed. Methods and the working have been explained in this paper. The error has also introduced and detection and correction of errors have been achieved. Transmission will be secure it can secure the information by the theft.

Mobile ad hoc network (MANET) requires extraneous energy effectualness and legion intelligence for which a best clustered based approach is pertained called the “Bee-Ad Hoc-C”. In MANET the mechanism of multi-hop routing is imperative but may leads to a challenging issue like lack of data privacy during communication. ECC (Elliptical Curve Cryptography) is integrated with the Bee clustering approach to provide an energy efficient and secure data delivery system. Even though it ensures data confidentiality, data reliability is still disputable such as data dropping attack, Black hole attack (Attacker router drops the data without forwarding to destination). In such cases the technique of overhearing is utilized by the neighbor routers and the packet forwarding statistics are measured based on the ratio between the received and forwarded packets. The presence of attack is detected if the packet forwarding ratio is poor in the network which paves a way to the alternate path identification for a reliable data transmission. The proposed work is an integration of SC-AODV along with ECC in Bee clustering approach with an extra added overhearing technique which n on the whole ensures data confidentiality, data reliability and energy efficiency.

Assuring the integrity of biometric fingerprint templates in fingerprint databases is of paramount importance. Fingerprint templates contain a set of fingerprint minutiae which are various points of interest in a fingerprint. Most times, it is assumed that the stored biometric fingerprint templates are well protected and, as such, researchers are more concerned with improving/developing biometric systems that will not suffer from an unacceptable rate of false alarms and/or missed detections. The introduction of forensic techniques into biometrics for biometric template manipulation detection is of great importance and little research has been carried in this area. This paper investigates possible forensic techniques that could be used for stored biometric fingerprint templates tampering detection. A Support Vector Machine (SVM) classification approach is used for this task. The original and tampered templates are used to train the SVM classifier. The fingerprint datasets from the Biometrics Ideal Test (BIT) [13] are used for training and testing the classifier. Our proposed approach detects alterations with an accuracy of 90.5%.

Robotic vehicles (RVs), such as drones and ground rovers, are a type of cyber-physical systems that operate in the physical world under the control of computing components in the cyber world. Despite RVs' robustness against natural disturbances, cyber or physical attacks against RVs may lead to physical malfunction and subsequently disruption or failure of the vehicles' missions. To avoid or mitigate such consequences, it is essential to develop attack detection techniques for RVs. In this paper, we present a novel attack detection framework to identify external, physical attacks against RVs on the fly by deriving and monitoring Control Invariants (CI). More specifically, we propose a method to extract such invariants by jointly modeling a vehicle's physical properties, its control algorithm and the laws of physics. These invariants are represented in a state-space form, which can then be implemented and inserted into the vehicle's control program binary for runtime invariant check. We apply our CI framework to eleven RVs, including quadrotor, hexarotor, and ground rover, and show that the invariant check can detect three common types of physical attacks – including sensor attack, actuation signal attack, and parameter attack – with very low runtime overhead.

Ransomeware is the most prevalent malicious software in 2017 that encrypts the files in a victim's machine and demands money, i.e., ransom, for decrypting the files. The global damage cost and financial losses of individuals and organizations due to ransomware is increasing year by year. Therefore, fighting against ransomware is an urgent issue. In this paper, we propose a ransomware detection scheme using support vector machines (SVMs), which is one of supervised machine learning algorithms. The key idea of the proposed scheme is to let a SVM learn the API calls of ransomware as its features so that the SVM detects unseen ransomware. Unlike the existing solutions, our scheme looks into the API call history in more detail. The testbeds using real 276 ransomware with San-box demonstrate that the proposed scheme improves the correct detection rate of ransomware.

In this paper, we present a work-in-progress approach to detect integrity attacks to Smart Grids by analyzing the readings from smart meters. Our approach is based on process mining and time-evolving graphs. In particular, process mining is used to discover graphs, from the dataset collecting the readings over a time period, that represent the behaviour of a customer. The time-evolving graphs are then compared in order to detect anomalous behavior of a customer. To evaluate the feasibility of our approach, we have conducted preliminary experiments by using the dataset provided by the Ireland's Commission for Energy Regulation (CER).

Sybil security threat in vehicular ad hoc networks (VANETs) has attracted much attention in recent times. The attacker introduces malicious nodes with multiple identities. As the roadside unit fails to synchronize its clock with legitimate vehicles, unintended vehicles are identified, and therefore erroneous messages will be sent to them. This paper proposes a novel biologically inspired spider-monkey time synchronization technique for large-scale VANETs to boost packet delivery time synchronization at minimized energy consumption. The proposed technique is based on the metaheuristic stimulated framework approach by the natural spider-monkey behavior. An artificial spider-monkey technique is used to examine the Sybil attacking strategies on VANETs to predict the number of vehicular collisions in a densely deployed challenge zone. Furthermore, this paper proposes the pseudocode algorithm randomly distributed for energy-efficient time synchronization in two-way packet delivery scenarios to evaluate the clock offset and the propagation delay in transmitting the packet beacon message to destination vehicles correctly. The performances of the proposed technique are compared with existing protocols. It performs better over long transmission distances for the detection of Sybil in dynamic VANETs' system in terms of measurement precision, intrusion detection rate, and energy efficiency.