Pub Date : 2019-06-01DOI: 10.1109/ICDIS.2019.00012
Leonard Renners, Felix Heine, Carsten Kleiner, G. Rodosek
Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results.
{"title":"Design and Evaluation of an Approach for Feedback-Based Adaptation of Incident Prioritization","authors":"Leonard Renners, Felix Heine, Carsten Kleiner, G. Rodosek","doi":"10.1109/ICDIS.2019.00012","DOIUrl":"https://doi.org/10.1109/ICDIS.2019.00012","url":null,"abstract":"Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115548857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-06-01DOI: 10.1109/ICDIS.2019.00016
J. Jiménez, K. Goseva-Popstojanova
Even though malware detection is an active area of research, not many works have used features extracted from physical properties, such as power consumption. This paper is focused on malware detection using power consumption and network traffic data collected using our experimental testbed. Seven power-based and eighteen network traffic-based features were extracted and ten supervised machine learning algorithms were used for classification. The main findings include: (1) Among the best performing learners, Random Forest had the highest F-score and close to the highest G-score. (2) Power data extracted from the +12V CPU rails led to better performance than power data from the other three voltage rails. (3) Using only power-based features provided better performance than using only network traffic-based features; using both types of features had the best performance. (4) Feature selection based on information gain was used to identify the smallest numbers of features sufficient to successfully distinguish malware from non-malicious software. The top eleven features provided the same performance as using all 25 features. Five out of seven power-based features were among the top eleven features.
{"title":"Malware Detection Using Power Consumption and Network Traffic Data","authors":"J. Jiménez, K. Goseva-Popstojanova","doi":"10.1109/ICDIS.2019.00016","DOIUrl":"https://doi.org/10.1109/ICDIS.2019.00016","url":null,"abstract":"Even though malware detection is an active area of research, not many works have used features extracted from physical properties, such as power consumption. This paper is focused on malware detection using power consumption and network traffic data collected using our experimental testbed. Seven power-based and eighteen network traffic-based features were extracted and ten supervised machine learning algorithms were used for classification. The main findings include: (1) Among the best performing learners, Random Forest had the highest F-score and close to the highest G-score. (2) Power data extracted from the +12V CPU rails led to better performance than power data from the other three voltage rails. (3) Using only power-based features provided better performance than using only network traffic-based features; using both types of features had the best performance. (4) Feature selection based on information gain was used to identify the smallest numbers of features sufficient to successfully distinguish malware from non-malicious software. The top eleven features provided the same performance as using all 25 features. Five out of seven power-based features were among the top eleven features.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131161981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-06-01DOI: 10.1109/ICDIS.2019.00033
Ming Li, P. Hawrylak, J. Hale
The network attack graph is a powerful tool for analyzing network security, but the generation of a large-scale graph is non-trivial. The main challenge is from the explosion of network state space, which greatly increases time and storage costs. In this paper, three parallel algorithms are proposed to generate scalable attack graphs. An OpenMP-based programming implementation is used to test their performance. Compared with the serial algorithm, the best performance from the proposed algorithms provides a 10X speedup.
{"title":"Concurrency Strategies for Attack Graph Generation","authors":"Ming Li, P. Hawrylak, J. Hale","doi":"10.1109/ICDIS.2019.00033","DOIUrl":"https://doi.org/10.1109/ICDIS.2019.00033","url":null,"abstract":"The network attack graph is a powerful tool for analyzing network security, but the generation of a large-scale graph is non-trivial. The main challenge is from the explosion of network state space, which greatly increases time and storage costs. In this paper, three parallel algorithms are proposed to generate scalable attack graphs. An OpenMP-based programming implementation is used to test their performance. Compared with the serial algorithm, the best performance from the proposed algorithms provides a 10X speedup.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"699 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131846316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-06-01DOI: 10.1109/ICDIS.2019.00030
M. Quweider, Bassam Arshad, Hansheng Lei, Liyu Zhang, Fitratullah Khan
We present a novel automatic supervised object recognition algorithm based on a scale and rotation invariant Fourier descriptors algorithm. The algorithm is hierarchical in nature allowing it to capture the inherent intra-contour spatial relationships between the parent and child contours of an object by building a tree-structure of the top-level contours that make the distinctive features of the object to be recognized. A set of distance metrics are combined to measure the similarity between two objects under the hierarchical model. To test the algorithm, a diverse database of shapes is created and used to train standard classification algorithms, for shape-labeling. The implemented algorithm takes advantage of the multi-threaded architecture and GPU efficient image-processing functions present in OpenCV wherever possible, speeding up the running time and making it efficient for use in real-time applications. The technique is successfully tested on common traffic and road signs of real-world images, with excellent overall performance that is robust to low-to-moderate noise levels.
{"title":"An Accelerated Hierarchical Approach for Object Shape Extraction and Recognition","authors":"M. Quweider, Bassam Arshad, Hansheng Lei, Liyu Zhang, Fitratullah Khan","doi":"10.1109/ICDIS.2019.00030","DOIUrl":"https://doi.org/10.1109/ICDIS.2019.00030","url":null,"abstract":"We present a novel automatic supervised object recognition algorithm based on a scale and rotation invariant Fourier descriptors algorithm. The algorithm is hierarchical in nature allowing it to capture the inherent intra-contour spatial relationships between the parent and child contours of an object by building a tree-structure of the top-level contours that make the distinctive features of the object to be recognized. A set of distance metrics are combined to measure the similarity between two objects under the hierarchical model. To test the algorithm, a diverse database of shapes is created and used to train standard classification algorithms, for shape-labeling. The implemented algorithm takes advantage of the multi-threaded architecture and GPU efficient image-processing functions present in OpenCV wherever possible, speeding up the running time and making it efficient for use in real-time applications. The technique is successfully tested on common traffic and road signs of real-world images, with excellent overall performance that is robust to low-to-moderate noise levels.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128923203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-04DOI: 10.1109/ICDIS.2019.00027
Elham Shaabani, Ashkan Sadeghi-Mobarakeh, Hamidreza Alvari, P. Shakarian
Pathogenic Social Media (PSM) accounts such as terrorist supporter accounts and fake news writers have the capability of spreading disinformation to viral proportions. Early detection of PSM accounts is crucial as they are likely to be key users to make malicious information "viral". In this paper, we adopt the causal inference framework along with graph-based metrics in order to distinguish PSMs from normal users within a short time of their activities. We propose both supervised and semi-supervised approaches without taking the network information and content into account. Results on a real-world the dataset from Twitter accentuates the advantage of our proposed frameworks. We show our approach achieves 0.28 improvement in F1 score over existing approaches with the precision of 0.90 and F1 score of 0.63.
{"title":"An End-to-End Framework to Identify Pathogenic Social Media Accounts on Twitter","authors":"Elham Shaabani, Ashkan Sadeghi-Mobarakeh, Hamidreza Alvari, P. Shakarian","doi":"10.1109/ICDIS.2019.00027","DOIUrl":"https://doi.org/10.1109/ICDIS.2019.00027","url":null,"abstract":"Pathogenic Social Media (PSM) accounts such as terrorist supporter accounts and fake news writers have the capability of spreading disinformation to viral proportions. Early detection of PSM accounts is crucial as they are likely to be key users to make malicious information \"viral\". In this paper, we adopt the causal inference framework along with graph-based metrics in order to distinguish PSMs from normal users within a short time of their activities. We propose both supervised and semi-supervised approaches without taking the network information and content into account. Results on a real-world the dataset from Twitter accentuates the advantage of our proposed frameworks. We show our approach achieves 0.28 improvement in F1 score over existing approaches with the precision of 0.90 and F1 score of 0.63.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128410155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-02-05DOI: 10.1109/ICDIS.2019.00014
Hamidreza Alvari, Soumajyoti Sarkar, P. Shakarian
The ease of use of the Internet has enabled violent extremists such as the Islamic State of Iraq and Syria (ISIS) to easily reach large audience, build personal relationships and increase recruitment. Social media are primarily based on the reports they receive from their own users to mitigate the problem. Despite efforts of social media in suspending many accounts, this solution is not guaranteed to be effective, because not all extremists are caught this way, or they can simply return with another account or migrate to other social networks. In this paper, we design an automatic detection scheme that using as little as three groups of information related to usernames, profile, and textual content of users, determines whether or not a given username belongs to an extremist user. We first demonstrate that extremists are inclined to adopt usernames that are similar to the ones that their like-minded have adopted in the past. We then propose a detection framework that deploys features which are highly indicative of potential online extremism. Results on a real-world ISIS-related dataset from Twitter demonstrate the effectiveness of the methodology in identifying extremist users.
{"title":"Detection of Violent Extremists in Social Media","authors":"Hamidreza Alvari, Soumajyoti Sarkar, P. Shakarian","doi":"10.1109/ICDIS.2019.00014","DOIUrl":"https://doi.org/10.1109/ICDIS.2019.00014","url":null,"abstract":"The ease of use of the Internet has enabled violent extremists such as the Islamic State of Iraq and Syria (ISIS) to easily reach large audience, build personal relationships and increase recruitment. Social media are primarily based on the reports they receive from their own users to mitigate the problem. Despite efforts of social media in suspending many accounts, this solution is not guaranteed to be effective, because not all extremists are caught this way, or they can simply return with another account or migrate to other social networks. In this paper, we design an automatic detection scheme that using as little as three groups of information related to usernames, profile, and textual content of users, determines whether or not a given username belongs to an extremist user. We first demonstrate that extremists are inclined to adopt usernames that are similar to the ones that their like-minded have adopted in the past. We then propose a detection framework that deploys features which are highly indicative of potential online extremism. Results on a real-world ISIS-related dataset from Twitter demonstrate the effectiveness of the methodology in identifying extremist users.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130189350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-02-05DOI: 10.1109/ICDIS.2019.00013
Hamidreza Alvari, P. Shakarian
Over the past years, political events and public opinion on the Web have been allegedly manipulated by accounts dedicated to spreading disinformation and performing malicious activities on social media. These accounts hereafter referred to as "Pathogenic Social Media (PSM)" accounts, are often controlled by terrorist supporters, water armies or fake news writers and hence can pose threats to social media and general public. Understanding and analyzing PSMs could help social media firms devise sophisticated and automated techniques that could be deployed to stop them from reaching their audience and consequently reduce their threat. In this paper, we leverage the well-known statistical technique "Hawkes Process" to quantify the influence of PSM accounts on the dissemination of malicious information on social media platforms. Our findings on a real world ISIS-related dataset from Twitter indicate that PSMs are significantly different from regular users in making a message viral. Specifically, we observed that PSMs do not usually post URLs from mainstream news sources. Instead, their tweets usually receive large impact on audience, if contained URLs from Facebook and alternative news outlets. In contrary, tweets posted by regular users receive nearly equal impression regardless of the posted URLs and their sources. Our findings can further shed light on understanding and detecting PSM accounts.
{"title":"Hawkes Process for Understanding the Influence of Pathogenic Social Media Accounts","authors":"Hamidreza Alvari, P. Shakarian","doi":"10.1109/ICDIS.2019.00013","DOIUrl":"https://doi.org/10.1109/ICDIS.2019.00013","url":null,"abstract":"Over the past years, political events and public opinion on the Web have been allegedly manipulated by accounts dedicated to spreading disinformation and performing malicious activities on social media. These accounts hereafter referred to as \"Pathogenic Social Media (PSM)\" accounts, are often controlled by terrorist supporters, water armies or fake news writers and hence can pose threats to social media and general public. Understanding and analyzing PSMs could help social media firms devise sophisticated and automated techniques that could be deployed to stop them from reaching their audience and consequently reduce their threat. In this paper, we leverage the well-known statistical technique \"Hawkes Process\" to quantify the influence of PSM accounts on the dissemination of malicious information on social media platforms. Our findings on a real world ISIS-related dataset from Twitter indicate that PSMs are significantly different from regular users in making a message viral. Specifically, we observed that PSMs do not usually post URLs from mainstream news sources. Instead, their tweets usually receive large impact on audience, if contained URLs from Facebook and alternative news outlets. In contrary, tweets posted by regular users receive nearly equal impression regardless of the posted URLs and their sources. Our findings can further shed light on understanding and detecting PSM accounts.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127114852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: