Biblio

Symbolic execution is an important program analysis technique that provides auxiliary execution semantics to execute programs with symbolic rather than concrete values. There has been much recent interest in symbolic execution for automatic test case generation and security vulnerability detection, resulting in various tools being deployed in academia and industry. Nevertheless, (subtype or dynamic) polymorphism of object-oriented programs has been neglected: existing symbolic execution techniques can explore different targets of conditional branches but not different targets of method invocations. We address the problem of how this polymorphism can be expressed in a symbolic execution framework. We propose the notion of symbolic types, which make object types symbolic. With symbolic types,[ various targets of a method invocation can be explored systematically by mutating the type of the receiver object of the method during automatic test case generation. To the best of our knowledge, this is the first attempt to address polymorphism in symbolic execution. Mutation of method invocation targets is critical for effectively testing object-oriented programs, especially libraries. Our experimental results show that symbolic types are significantly more effective than existing symbolic execution techniques in achieving test coverage and finding bugs and security vulnerabilities in OpenJDK.

Dynamic tainting is an important part of modern software engineering research. State-of-the-art tools for debugging, bug detection and program analysis make use of this technique. Nonetheless, the research area based on dynamic tainting still has open questions, among others the automatic generation of program inputs. My proposed work concentrates on the use of dynamic tainting for test case generation. The goal is the generation of complex and valid test inputs from scratch. Therefore, I use byte level taint information enhanced with additional static and dynamic program analysis. This information is used in an evolutionary algorithm to create new offsprings and mutations. Concretely, instead of crossing and mutating the whole input randomly, taint information can be used to define which parts of the input have to be mutated. Furthermore, the taint information may also be used to define evolutionary operators. Eventually, the evolutionary algorithm is able to generate valid inputs for a program. Such inputs can be used together with the taint information for further program analysis, e.g. the generation of input grammars.

In the face of large-scale automated cyber-attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of new attacks and to mitigate the overall damage to users, companies, and the public at large. We advocate a fully automated approach based on machine learning to enable large-scale online service providers to quickly identify potentially compromised accounts. We develop an early warning system for the detection of suspicious account activity with the goal of quick identification and remediation of compromised accounts. We demonstrate the feasibility and applicability of our proposed system in a four month experiment at a large-scale online service provider using real-world production data encompassing hundreds of millions of users. We show that - even using only login data, features with low computational cost, and a basic model selection approach - around one out of five accounts later flagged as suspicious are correctly predicted a month in advance based on one week's worth of their login activity.

This study examines the relationship between task communication and relationship communication, and collaboration by exploring the mediating effect of interpersonal trust in a virtual team environment. A theoretical model was developed to examine this relationship where cognitive trust and affective trust are defined as mediation variables between communication and collaboration. The main results of this study show that firstly, there is a significant correlation with a large effect size between communication, trust, and collaboration. Secondly, interpersonal trust plays an important role as a mediator in the relationship between communication and collaboration, especially in relationship communication within virtual teams.

The rapid digitalisation of the hospitality industry over recent years has brought forth many new points of attack for consideration. The hasty implementation of these systems has created a reality in which businesses are using the technical solutions, but employees have very little awareness when it comes to the threats and implications that they might present. This gap in awareness is further compounded by the existence of preestablished, often rigid, cultures that drive how hospitality businesses operate. Potential attackers are recognising this and the last two years have seen a huge increase in cyber-attacks within the sector.Attempts at addressing the increasing threats have taken the form of technical solutions such as encryption, access control, CCTV, etc. However, a high majority of security breaches can be directly attributed to human error. It is therefore necessary that measures for addressing the rising trend of cyber-attacks go beyond just providing technical solutions and make provision for educating employees about how to address the human elements of security. Inculcating security awareness amongst hospitality employees will provide a foundation upon which a culture of security can be created to promote the seamless and secured interaction of hotel users and technology.One way that the hospitality industry has tried to solve the awareness issue is through their current paper-based training. This is unengaging, expensive and presents limited ways to deploy, monitor and evaluate the impact and effectiveness of the content. This leads to cycles of constant training, making it very hard to initiate awareness, particularly within those on minimum waged, short-term job roles.This paper presents a structured approach for eliciting industry requirement for developing and implementing an immersive Cyber Security Awareness learning platform. It used a series of over 40 interviews and threat analysis of the hospitality industry to identify the requirements fo- designing and implementing cyber security program which encourage engagement through a cycle of reward and recognition. In particular, the need for the use of gamification elements to provide an engaging but gentle way of educating those with little or no desire to learn was identified and implemented. Also presented is a method for guiding and monitoring the impact of their employee's progress through the learning management system whilst monitoring the levels of engagement and positive impact the training is having on the business.

In order to compactly represent a set of data, its medoid (the element with minimum summed distance to all other elements) is a useful choice. This has applications in clustering, compression and visualisation of data. In multimedia data, the set of data is often sampled as a sequence in time or space, such as a video shot or views of a scene. The exact calculation of the medoid may be costly, especially if the distance function between elements is not trivial. While approximation methods for medoid selection exist, we show in this work that they do not perform well on sequences of images. We thus propose a novel algorithm for efficiently selecting an approximate medoid of a temporal sequence and assess its performance on two large-scale video data sets.

Following the recent adoption of deep neural networks (DNN) accross a wide range of applications, adversarial attacks against these models have proven to be an indisputable threat. Adversarial samples are crafted with a deliberate intention of undermining a system. In the case of DNNs, the lack of better understanding of their working has prevented the development of efficient defenses. In this paper, we propose a new defense method based on practical observations which is easy to integrate into models and performs better than state-of-the-art defenses. Our proposed solution is meant to reinforce the structure of a DNN, making its prediction more stable and less likely to be fooled by adversarial samples. We conduct an extensive experimental study proving the efficiency of our method against multiple attacks, comparing it to numerous defenses, both in white-box and black-box setups. Additionally, the implementation of our method brings almost no overhead to the training procedure, while maintaining the prediction performance of the original model on clean samples.

The inherent nature of unattended sensors makes these devices most vulnerable to detection, exploitation, and denial in contested environments. Physical access is often cited as the easiest way to compromise any device or network. A new mechanism for mitigating these types of attacks developed under the Assistant Secretary of Defense for Research and Engineering, ASD(R&E) project, “Smoke Screen in Cyberspace”, was previously demonstrated in a live, over-the-air experiment. Smoke Screen encrypts, slices up, and disburses redundant fragments of files throughout the network. This paper describes enhancements to the disbursement of the file fragments routing improving the efficiency and time to completion of fragment distribution by defining the exact route, fragments should take to the destination. This is the first step in defining a custom protocol for the discovery of participating nodes and the efficient distribution of fragments in a mobile network. Future work will focus on the movement of fragments to avoid traffic analysis and avoid the collection of the entire fragment set that would enable an adversary to reconstruct the original piece of data.

A novel class of auction-based games is formulated to study coordination problems arising from charging a population of electric vehicles (EVs) over a finite horizon. To compete for energy allocation over the horizon, each individual EV submits a multidimensional bid, with the dimension equal to two times the number of time-steps in the horizon. Use of the progressive second price (PSP) auction mechanism ensures that incentive compatibility holds for the auction games. However, due to the cross elasticity of EVs over the charging horizon, the marginal valuation of an individual EV at a particular time is determined by both the demand at that time and the total demand over the entire horizon. This difficulty is addressed by partitioning the allowable set of bid profiles based on the total desired energy over the entire horizon. It is shown that the efficient bid profile over the charging horizon is a Nash equilibrium of the underlying auction game. An update mechanism for the auction game is designed. A numerical example demonstrates that the auction process converges to an efficient Nash equilibrium. The auction-based charging coordination scheme is adapted to a receding horizon formulation to account for disturbances and forecast uncertainty.

In this paper we presents the notion of key-rotatable and security-updatable homomorphic encryption (KR-SU-HE) scheme, which is a class of public-key homomorphic encryption in which the keys and the security of any ciphertext can be rotated and updated while still keeping the underlying plaintext intact and unrevealed. We formalise syntax and security notions for KR-SU-HE schemes and then build a concrete scheme based on the Learning With Errors assumption. We then perform testing implementation to show that our proposed scheme is efficiently practical.

The malicious websites used by drive-by download attacks change their behavior for web client environments. To analyze the behavior of malicious websites, the single-environment analysis cannot obtain sufficient information. Hence, it is difficult to analyze the whole aspect of malicious websites. Also, the code obfuscation and cloaking are used in malicious websites to avoid to be analyzed their behavior. In this paper, we propose an analyzing method that combines decoding of the obfuscation code with dynamic analysis using multi-environment analysis system in order to analyze the behavior of the malicious websites in detail. Furthermore, we present two approaches to improve the multi-environment analysis. The first one is automation of traffic log analysis to reduce the cost of analyzing huge traffic logs between the environments and malicious websites. The second one is multimodal analysis for finding the URL of malicious websites.

Secure logging as an indispensable part of any secure system in practice is well-understood by both academia and industry. However, providing security for audit logs on an untrusted machine in a large distributed system is still a challenging task. The emergence and wide availability of log management tools prompted plenty of work in the security community that allows clients or auditors to verify integrity of the log data. Most recent solutions to this problem focus on the space-efficiency or public verifiability of forward security. Unfortunately, existing secure audit logging schemes have significant performance limitations that make them impractical for realtime large-scale distributed applications: Existing cryptographic hashing is computationally expensive for logging in task intensive or resource-constrained systems especially to prove individual log events, while Merkle-tree approach has fundamental limitations when face with highly concurrent, large-scale log streams due to its serially appending feature. The verification step of Merkle-tree based approach requiring a logarithmic number of hash computations is becoming a bottleneck to improve the overall performance. There is a huge gap between the flux of log streams collected and the computational efficiency of integrity verification in the large-scale distributed systems. In this work, we develop a novel scheme, performance of which favorably compares with the existing solutions. The performance guarantees that we achieve stem from a novel data structure called concurrent authenticated tree, which allows log events concurrently appending and removes the need to wait for append operations to complete sequentially. We implement a prototype using chameleon hashing based on discrete log and Merkle history tree. A comprehensive experimental evaluation of the proposed and existing approaches is used to validate the analytical models and verify our claims. The results demonstrate that our proposed scheme verifying in a concurrent way is significantly more efficient than the previous tree-based approach.

We introduce an emotion influenced robotic path planning solution which offers the possibility of enabling emotions in the robot. The robot can change the speed of the path or learn where it should be and where it should not be. Most existing solutions for robotic path planning have no emotional influences. The most successful emotions were taken and included into the solution of this paper. The results were analyzed with regard to the time and speed it takes for a normal robotic path planning without emotions and with emotions of happiness, fear and novelty.

In financial markets, the variance of stock returns plays an important role to reduce a risk, and daily volatility is often used as one of its measurement. We in this paper focus on Realized Volatility (RV), which is one of the most well-known volatility index. Traditionally regression models have been widely used to estimate it, but Genetic Programming (GP) approaches have been proposed recent years. While regression models estimate a suitable equation for forecasting RV, GP approaches estimate a tree (individual) that consists of economic information. Through evolution process, effective economic information can survive, so GP approaches can not only estimate RV values, but also extract effective information. However, GP approaches need computational efforts to avoid premature convergence. In this paper, we proposed a mutation-base GP approach for RV estimation, and analyze which economic information is needed to estimate RV accurately.

Software-defined networking (SDN) has become a popular technology, being adopted in operational networks and being a hot research topic. Many network testbeds today are used to test new research solutions and would benefit from offering SDN experimentation capabilities to their users. Yet, exposing SDN to experimenters is challenging because experiments must be isolated from each other and limited switch resources must be shared fairly. We outline three different approaches for exposing SDN to experimenters while achieving isolation and fair sharing goals. These solutions use software implementation, shared hardware switches and smart network interface cards to implement SDN in testbeds. These approaches are under development on two operational SDN testbeds: the DeterLab at USC/ISI/Berkeley and the NCL testbed at the National University of Singapore.

The past decade has shown us the power of cyber space and we getting dependent on the same. The exponential evolution in the domain has attracted attackers and defenders of technology equally. This inevitable domain has led to the increase in average human awareness and knowledge too. As we see the attack sophistication grow the protectors have always been a step ahead mitigating the attacks. A study of the various Threat Detection, Protection and Mitigation Systems revealed to us a common similarity wherein users have been totally ignored or the systems rely heavily on the user inputs for its correct functioning. Compiling the above we designed a study wherein user inputs were taken in addition to independent Detection and Prevention systems to identify and mitigate the risks. This approach led us to a conclusion that involvement of users exponentially enhances machine learning and segments the data sets faster for a more reliable output.

Timely and adequate response on the computer security incidents depends on the accurate monitoring of the security situation. The paper investigates the task of refinement of the attack models in the form of attack graphs. It considers some challenges of attack graph generation and possible solutions, including: inaccuracies in specifying the pre- and postconditions of attack actions, processing of cycles in graphs to apply the Bayesian methods for attack graph analysis, mapping of incidents on attack graph nodes, and automatic countermeasure selection for the nodes under the risk. The software prototype that implements suggested solutions is briefly specified. The influence of the modifications on the security monitoring is shown on a case study, and the results of experiments are described.

Protecting data confidentiality and integrity has become increasingly important in modern software. Sometimes, access control mechanisms come short and solutions on the application-level are needed. An approach can rely on enforcing information security using some features provided by certain programming languages. Several different solutions addressing this problem have been presented in literature, and entire new languages or libraries have been built from scratch. Some of them use type systems to let the compiler check for vulnerable code. In this way we are able to rule out those implementations which do not meet a certain security requirement. In this paper we use Haskell's type system to enforce three key properties of information security: non-interference and flexible declassification policies, strict input validation, and secure computations on untainted and trusted values. We present a functional lightweight library for applications with data integrity and confidentiality issues. Our contribute relies on a compile time enforcing of the aforementioned properties. Our library is wholly generalized and might be adapted for satisfying almost every security requirement.

The introduction of automation in cyber-physical systems (CPS) has raised major safety and security concerns. One attack vector is the sensing unit whose measurements can be manipulated by an adversary through attacks such as denial of service and delay injection. To secure an autonomous CPS from such attacks, we use a challenge response authentication (CRA) technique for detection of attack in active sensors data and estimate safe measurements using the recursive least square algorithm. For demonstrating effectiveness of our proposed approach, a car-follower model is considered where the follower vehicle's radar sensor measurements are manipulated in an attempt to cause a collision.

Learning-based systems have been shown to be vulnerable to evasion through adversarial data manipulation. These attacks have been studied under assumptions that the adversary has certain knowledge of either the target model internals, its training dataset or at least classification scores it assigns to input samples. In this paper, we investigate a much more constrained and realistic attack scenario wherein the target classifier is minimally exposed to the adversary, revealing only its final classification decision (e.g., reject or accept an input sample). Moreover, the adversary can only manipulate malicious samples using a blackbox morpher. That is, the adversary has to evade the targeted classifier by morphing malicious samples "in the dark". We present a scoring mechanism that can assign a real-value score which reflects evasion progress to each sample based on the limited information available. Leveraging on such scoring mechanism, we propose an evasion method – EvadeHC? and evaluate it against two PDF malware detectors, namely PDFRate and Hidost. The experimental evaluation demonstrates that the proposed evasion attacks are effective, attaining 100% evasion rate on the evaluation dataset. Interestingly, EvadeHC outperforms the known classifier evasion techniques that operate based on classification scores output by the classifiers. Although our evaluations are conducted on PDF malware classifiers, the proposed approaches are domain agnostic and are of wider application to other learning-based systems.

In recent years, behavioral biometrics have become a popular approach to support continuous authentication systems. Most generally, a continuous authentication system can make two types of errors: false rejects and false accepts. Based on this, the most commonly reported metrics to evaluate systems are the False Reject Rate (FRR) and False Accept Rate (FAR). However, most papers only report the mean of these measures with little attention paid to their distribution. This is problematic as systematic errors allow attackers to perpetually escape detection while random errors are less severe. Using 16 biometric datasets we show that these systematic errors are very common in the wild. We show that some biometrics (such as eye movements) are particularly prone to systematic errors, while others (such as touchscreen inputs) show more even error distributions. Our results also show that the inclusion of some distinctive features lowers average error rates but significantly increases the prevalence of systematic errors. As such, blind optimization of the mean EER (through feature engineering or selection) can sometimes lead to lower security. Following this result we propose the Gini Coefficient (GC) as an additional metric to accurately capture different error distributions. We demonstrate the usefulness of this measure both to compare different systems and to guide researchers during feature selection. In addition to the selection of features and classifiers, some non- functional machine learning methodologies also affect error rates. The most notable examples of this are the selection of training data and the attacker model used to develop the negative class. 13 out of the 25 papers we analyzed either include imposter data in the negative class or randomly sample training data from the entire dataset, with a further 6 not giving any information on the methodology used. Using real-world data we show that both of these decisions lead to significant underestimation of error rates by 63% and 81%, respectively. This is an alarming result, as it suggests that researchers are either unaware of the magnitude of these effects or might even be purposefully attempting to over-optimize their EER without actually improving the system.

Due to the large volumes of data that need to be processed, efficient memory access and data transmission are crucial for high-performance implementations of convolutional neural networks (CNNs). Approximate memory is a promising technique to achieve efficient memory access and data transmission in CNN hardware implementations. To assess the feasibility of applying approximate memory techniques, we propose a framework for the data resilience evaluation (DRE) of CNNs and verify its effectiveness on a suite of prevalent CNNs. Simulation results show that a high degree of data resilience exists in these networks. By scaling the bit-width of the first five dominant data subsets, the data volume can be reduced by 80.38% on average with a 2.69% loss in relative prediction accuracy. For approximate memory with random errors, all the synaptic weights can be stored in the approximate part when the error rate is less than 10–4, while 3 MSBs must be protected if the error rate is fixed at 10–3. These results indicate a great potential for exploiting approximate memory techniques in CNN hardware design.

Traditional countermeasures to relay attacks are difficult to implement on mobile devices due to hardware limitations. Establishing proximity of a payment device and terminal is the central notion of most relay attack countermeasures, and mobile devices offer new and exciting possibilities in this area of research. One such possibility is the use of on-board sensors to measure ambient data at both the payment device and terminal, with a comparison made to ascertain whether the device and terminal are in close proximity. This project focuses on the iPhone, specifically the iPhone 6S, and the potential use of its sensors to both establish proximity to a payment terminal and protect Apple Pay against relay attacks. The iPhone contains 12 sensors in total, but constraints introduced by payment schemes mean only 5 were deemed suitable to be used for this study. A series of mock transactions and relay attack attempts are enacted using an iOS application written specifically for this study. Sensor data is recorded, and then analysed to ascertain its accuracy and suitability for both proximity detection and relay attack countermeasures.

In this paper, we evaluate the usefulness of metrics that assess susceptibility to cascading blackouts. The metrics are computed using a matrix of Line Outage Distribution Factors (LODF, or DFAX matrix). The metrics are compared for several base cases with different load levels of the Western Interconnection (WI). A case corresponding to the September 8, 2011 pre-blackout state is used to compute these metrics and relate them to the origin of the cascading blackout. The correlation between the proposed metrics is determined to check redundancy. The analysis is also used to find vulnerable and critical hot spots in the power system.