The high mobility of Army tactical networks, combined with their close proximity to hostile actors, elevates the risks associated with short-range network attacks. The connectivity model for such short range connections under active operations is extremely fluid, and highly dependent upon the physical space within which the element is operating, as well as the patterns of movement within that space. To handle these dependencies, we introduce the notion of "key cyber-physical terrain": locations within an area of operations that allow for effective control over the spread of proximity-dependent malware in a mobile tactical network, even as the elements of that network are in constant motion with an unpredictable pattern of node-to-node connectivity. We provide an analysis of movement models and approximation strategies for finding such critical nodes, and demonstrate via simulation that we can identify such key cyber-physical terrain quickly and effectively.
{"title":"Identifying Key Cyber-Physical Terrain","authors":"Brian Thompson, Richard E. Harang","doi":"10.1145/3041008.3041015","DOIUrl":"https://doi.org/10.1145/3041008.3041015","url":null,"abstract":"The high mobility of Army tactical networks, combined with their close proximity to hostile actors, elevates the risks associated with short-range network attacks. The connectivity model for such short range connections under active operations is extremely fluid, and highly dependent upon the physical space within which the element is operating, as well as the patterns of movement within that space. To handle these dependencies, we introduce the notion of \"key cyber-physical terrain\": locations within an area of operations that allow for effective control over the spread of proximity-dependent malware in a mobile tactical network, even as the elements of that network are in constant motion with an unpredictable pattern of node-to-node connectivity. We provide an analysis of movement models and approximation strategies for finding such critical nodes, and demonstrate via simulation that we can identify such key cyber-physical terrain quickly and effectively.","PeriodicalId":137012,"journal":{"name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126587543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern detection systems use sensor outputs available in the deployment environment to probabilistically identify attacks. These systems are trained on past or synthetic feature vectors to create a model of anomalous or normal behavior. Thereafter, run-time collected sensor outputs are compared to the model to identify attacks (or the lack of attack). While this approach to detection has been proven to be effective in many environments, it is limited to training on only features that can be reliably collected at detection time. Hence, they fail to leverage the often vast amount of ancillary information available from past forensic analysis and post-mortem data. In short, detection systems do not train (and thus do not learn from) features that are unavailable or too costly to collect at run-time. Recent work proposed an alternate model construction approach that integrates forensic "privilege" information---features reliably available at training time, but not at run-time---to improve accuracy and resilience of detection systems. In this paper, we further evaluate two of proposed techniques to model training with privileged information: knowledge transfer, and model influence. We explore the cultivation of privileged features, the efficiency of those processes and their influence on the detection accuracy. We observe that the improved integration of privileged features makes the resulting detection models more accurate. Our evaluation shows that use of privileged information leads to up to 8.2% relative decrease in detection error for fast-flux bot detection over a system with no privileged information, and 5.5% for malware classification.
{"title":"Feature Cultivation in Privileged Information-augmented Detection","authors":"Z. B. Celik, P. Mcdaniel, R. Izmailov","doi":"10.1145/3041008.3041018","DOIUrl":"https://doi.org/10.1145/3041008.3041018","url":null,"abstract":"Modern detection systems use sensor outputs available in the deployment environment to probabilistically identify attacks. These systems are trained on past or synthetic feature vectors to create a model of anomalous or normal behavior. Thereafter, run-time collected sensor outputs are compared to the model to identify attacks (or the lack of attack). While this approach to detection has been proven to be effective in many environments, it is limited to training on only features that can be reliably collected at detection time. Hence, they fail to leverage the often vast amount of ancillary information available from past forensic analysis and post-mortem data. In short, detection systems do not train (and thus do not learn from) features that are unavailable or too costly to collect at run-time. Recent work proposed an alternate model construction approach that integrates forensic \"privilege\" information---features reliably available at training time, but not at run-time---to improve accuracy and resilience of detection systems. In this paper, we further evaluate two of proposed techniques to model training with privileged information: knowledge transfer, and model influence. We explore the cultivation of privileged features, the efficiency of those processes and their influence on the detection accuracy. We observe that the improved integration of privileged features makes the resulting detection models more accurate. Our evaluation shows that use of privileged information leads to up to 8.2% relative decrease in detection error for fast-flux bot detection over a system with no privileged information, and 5.5% for malware classification.","PeriodicalId":137012,"journal":{"name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127202959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nishant Vishwamitra, Xiang Zhang, Jonathan Tong, Hongxin Hu, Feng Luo, Robin M. Kowalski, Joseph P. Mazer
Cyberbullying in Online Social Networks (OSNs) has emerged as one of the most severe social concerns. Cyberbullying can be described as a form of bullying where a perpetrator uses electronic means to cause harm to a victim. With the proliferation of smartphone technology in present times, there has been a steady shift in the usage of OSNs from traditional computers to mobile devices. However, existing systems that defend against cyberbullying are largely applicable only to traditional computing platforms and cannot be directly applied to detect cyberbullying in mobile platforms. To address such a critical issue, we investigate an innovative mobile cyberbullying defense system called MCDefender that can effectively detect and prevent cyberbullying in mobile OSNs. We first analyze the key challenges that differentiate cyberbullying conditions in traditional and mobile platforms. We then investigate a two-level detection mechanism for comprehensive cyberbullying detection in mobile OSNs where cyberbullying can be quickly detected before a cyberbullying message is sent through a mobile device and hidden cyberbullying attacks can be also detected through a more fine-grained and context-aware analysis. To demonstrate the feasibility of our approach, we implement and evaluate an Android application based on MCDefender. Our evaluation results show that our mobile application can detect cyberbullying with a high accuracy of 98.9% for OSNs.
{"title":"MCDefender: Toward Effective Cyberbullying Defense in Mobile Online Social Networks","authors":"Nishant Vishwamitra, Xiang Zhang, Jonathan Tong, Hongxin Hu, Feng Luo, Robin M. Kowalski, Joseph P. Mazer","doi":"10.1145/3041008.3041013","DOIUrl":"https://doi.org/10.1145/3041008.3041013","url":null,"abstract":"Cyberbullying in Online Social Networks (OSNs) has emerged as one of the most severe social concerns. Cyberbullying can be described as a form of bullying where a perpetrator uses electronic means to cause harm to a victim. With the proliferation of smartphone technology in present times, there has been a steady shift in the usage of OSNs from traditional computers to mobile devices. However, existing systems that defend against cyberbullying are largely applicable only to traditional computing platforms and cannot be directly applied to detect cyberbullying in mobile platforms. To address such a critical issue, we investigate an innovative mobile cyberbullying defense system called MCDefender that can effectively detect and prevent cyberbullying in mobile OSNs. We first analyze the key challenges that differentiate cyberbullying conditions in traditional and mobile platforms. We then investigate a two-level detection mechanism for comprehensive cyberbullying detection in mobile OSNs where cyberbullying can be quickly detected before a cyberbullying message is sent through a mobile device and hidden cyberbullying attacks can be also detected through a more fine-grained and context-aware analysis. To demonstrate the feasibility of our approach, we implement and evaluate an Android application based on MCDefender. Our evaluation results show that our mobile application can detect cyberbullying with a high accuracy of 98.9% for OSNs.","PeriodicalId":137012,"journal":{"name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125225748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kyrre Wahl Kongsgård, N. Nordbotten, Federico Mancini, P. Engelstad
During the recent years there has been an increased focus on preventing and detecting insider attacks and data thefts. A promising approach has been the construction of data loss prevention systems (DLP) that scan outgoing traffic for sensitive data. However, these automated systems are plagued with a high false positive rate. In this paper we introduce the concept of a meta-score that uses the aggregated output from DLP systems to detect and flag behavior indicative of data leakage. The proposed internal/insider threat score is built on the idea of detecting discrepancies between the userassigned sensitivity level and the sensitivity level inferred by the DLP system, and captures the likelihood that a given entity is leaking data. The practical usefulness of the proposed score is demonstrated on the task of identifying likely internal threats.
{"title":"An Internal/Insider Threat Score for Data Loss Prevention and Detection","authors":"Kyrre Wahl Kongsgård, N. Nordbotten, Federico Mancini, P. Engelstad","doi":"10.1145/3041008.3041011","DOIUrl":"https://doi.org/10.1145/3041008.3041011","url":null,"abstract":"During the recent years there has been an increased focus on preventing and detecting insider attacks and data thefts. A promising approach has been the construction of data loss prevention systems (DLP) that scan outgoing traffic for sensitive data. However, these automated systems are plagued with a high false positive rate. In this paper we introduce the concept of a meta-score that uses the aggregated output from DLP systems to detect and flag behavior indicative of data leakage. The proposed internal/insider threat score is built on the idea of detecting discrepancies between the userassigned sensitivity level and the sensitivity level inferred by the DLP system, and captures the likelihood that a given entity is leaking data. The practical usefulness of the proposed score is demonstrated on the task of identifying likely internal threats.","PeriodicalId":137012,"journal":{"name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130677110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Attacks and New Detection Method Session","authors":"Wenyaw Chan","doi":"10.1145/3252735","DOIUrl":"https://doi.org/10.1145/3252735","url":null,"abstract":"","PeriodicalId":137012,"journal":{"name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125758064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","authors":"","doi":"10.1145/3041008","DOIUrl":"https://doi.org/10.1145/3041008","url":null,"abstract":"","PeriodicalId":137012,"journal":{"name":"Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130442247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: