Recommender systems provide a valuable mechanism to address the information overload problem by reducing a data set to the items that may be interesting for a particular user. While the quality of recommendations has notably improved in the recent years, the complex algorithms in use lead to high non-transparency for the end user. We propose the usage of interactive visualizations for presenting recommendations. By involving the user in the information reduction process, the quality of recommendations could be enhanced whilst keeping the system's transparency. This work gives first insights by analyzing recommender systems data and matching them to suitable visualization and interaction techniques. The findings are illustrated by means of an example scenario based on a typical real-world setting.
{"title":"Interactive Visualization of Recommender Systems Data","authors":"Christian Richthammer, Johannes Sänger, G. Pernul","doi":"10.1145/3099012.3099014","DOIUrl":"https://doi.org/10.1145/3099012.3099014","url":null,"abstract":"Recommender systems provide a valuable mechanism to address the information overload problem by reducing a data set to the items that may be interesting for a particular user. While the quality of recommendations has notably improved in the recent years, the complex algorithms in use lead to high non-transparency for the end user. We propose the usage of interactive visualizations for presenting recommendations. By involving the user in the information reduction process, the quality of recommendations could be enhanced whilst keeping the system's transparency. This work gives first insights by analyzing recommender systems data and matching them to suitable visualization and interaction techniques. The findings are illustrated by means of an example scenario based on a typical real-world setting.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132442171","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ali Alshawish, Mohamed Amine Abid, S. Rass, H. Meer
Public transportation systems represent an essential sector of any nation's critical infrastructure. Hence, continuity of their services is deemed important and with a high priority to the nations. Concerns over risks like terrorism, criminal offenses, and business revenue loss impose the need for enhancing situation awareness in these systems. However, practices, such as conducting random patrols or regular spot-checks on passengers to prevent or deter potential violations, are strictly limited by the number of available resources (e.g. security staff or fare inspectors) and by the ability of potential opponents (e.g. criminals, or fare evaders) to predict or observe the inspectors' presence patterns. Casting the interactions between these competitive entities (inspectors/security officials and criminals/fare dodgers) into a game-theoretic model will enable involved system operators to 1) find optimal cost-effective (or multi-goal) human resource allocation or spot-check schedules, 2) capture and treat uncertainty due to imperfectness of information, 3) integrate measurements from heterogeneous natures (e.g. statistics, expert opinions, or simulation results). This work applies a game-theoretical model that uses random probability-distribution-valued payoffs to allow playing spot-checking games with diverging actions' outcomes as well as avoiding information loss due to combining several measurements into one representative (e.g. average).
{"title":"Playing a Multi-objective Spot-checking Game in Public Transportation Systems","authors":"Ali Alshawish, Mohamed Amine Abid, S. Rass, H. Meer","doi":"10.1145/3099012.3099019","DOIUrl":"https://doi.org/10.1145/3099012.3099019","url":null,"abstract":"Public transportation systems represent an essential sector of any nation's critical infrastructure. Hence, continuity of their services is deemed important and with a high priority to the nations. Concerns over risks like terrorism, criminal offenses, and business revenue loss impose the need for enhancing situation awareness in these systems. However, practices, such as conducting random patrols or regular spot-checks on passengers to prevent or deter potential violations, are strictly limited by the number of available resources (e.g. security staff or fare inspectors) and by the ability of potential opponents (e.g. criminals, or fare evaders) to predict or observe the inspectors' presence patterns. Casting the interactions between these competitive entities (inspectors/security officials and criminals/fare dodgers) into a game-theoretic model will enable involved system operators to 1) find optimal cost-effective (or multi-goal) human resource allocation or spot-check schedules, 2) capture and treat uncertainty due to imperfectness of information, 3) integrate measurements from heterogeneous natures (e.g. statistics, expert opinions, or simulation results). This work applies a game-theoretical model that uses random probability-distribution-valued payoffs to allow playing spot-checking games with diverging actions' outcomes as well as avoiding information loss due to combining several measurements into one representative (e.g. average).","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128564968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Virtual machine introspection (VMI) is a technology with many possible applications, such as malware analysis and intrusion detection. However, this technique is resource intensive, as inspecting program behavior includes recording of a high number of events caused by the analyzed binary and related processes. In this paper we present an architecture that leverages cloud resources for virtual machine-based malware analysis in order to train a classifier for detecting cloud-specific malware. This architecture is designed while having in mind the resource consumption when applying the VMI-based technology in production systems, in particular the overhead of tracing a large set of system calls. In order to minimize the data acquisition overhead, we use a data-driven approach from the area of resource-aware machine learning. This approach enables us to optimize the trade-off between malware detection performance and the overhead of our VMI-based tracing system.
{"title":"Architecture for Resource-Aware VMI-based Cloud Malware Analysis","authors":"Benjamin Taubmann, Bojan Kolosnjaji","doi":"10.1145/3099012.3099015","DOIUrl":"https://doi.org/10.1145/3099012.3099015","url":null,"abstract":"Virtual machine introspection (VMI) is a technology with many possible applications, such as malware analysis and intrusion detection. However, this technique is resource intensive, as inspecting program behavior includes recording of a high number of events caused by the analyzed binary and related processes. In this paper we present an architecture that leverages cloud resources for virtual machine-based malware analysis in order to train a classifier for detecting cloud-specific malware. This architecture is designed while having in mind the resource consumption when applying the VMI-based technology in production systems, in particular the overhead of tracing a large set of system calls. In order to minimize the data acquisition overhead, we use a data-driven approach from the area of resource-aware machine learning. This approach enables us to optimize the trade-off between malware detection performance and the overhead of our VMI-based tracing system.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128428053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A wide adoption of obfuscation techniques by Android application developers, and especially malware authors, introduces a high degree of complication into the process of reverse engineering, analysis, and security evaluation of third-party and potentially harmful apps.� In this paper we present the early results of our research aiming to provide reliable means for automated deobfuscation of Android apps. According to the underlying approach, deobfuscation of a given app is performed by matching its code parts to the unobfuscated code stored in a database. For this purpose we apply well-known software similarity algorithms, such as SimHash and n-gram based ones. As a source of unobfuscated code can serve open source apps and libraries, as well as previously analyzed and manually deobfuscated code.� Although the presented techniques are generic in their nature, our current prototype mainly targets Proguard, as one of the most widely used protection tools for Android performing primarily renaming obfuscation. The evaluation of the presented Anti-ProGuard tool witnesses its effectiveness for the considered task and supports the feasibility of the proposed approach.
{"title":"Anti-ProGuard: Towards Automated Deobfuscation of Android Apps","authors":"Richard Baumann, Mykola Protsenko, Tilo Müller","doi":"10.1145/3099012.3099020","DOIUrl":"https://doi.org/10.1145/3099012.3099020","url":null,"abstract":"A wide adoption of obfuscation techniques by Android application developers, and especially malware authors, introduces a high degree of complication into the process of reverse engineering, analysis, and security evaluation of third-party and potentially harmful apps.\u0000 In this paper we present the early results of our research aiming to provide reliable means for automated deobfuscation of Android apps. According to the underlying approach, deobfuscation of a given app is performed by matching its code parts to the unobfuscated code stored in a database. For this purpose we apply well-known software similarity algorithms, such as SimHash and n-gram based ones. As a source of unobfuscated code can serve open source apps and libraries, as well as previously analyzed and manually deobfuscated code.\u0000 Although the presented techniques are generic in their nature, our current prototype mainly targets Proguard, as one of the most widely used protection tools for Android performing primarily renaming obfuscation. The evaluation of the presented Anti-ProGuard tool witnesses its effectiveness for the considered task and supports the feasibility of the proposed approach.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129764794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Noëlle Rakotondravony, Johannes Köstler, Hans P. Reiser
The collection of monitoring data in distributed systems can serve many different purposes, such as system status monitoring, performance evaluation, and optimization. There are many well-established approaches for data collection and visualization in these areas. For objectives such as debugging complex distributed applications, in-depth analysis of malicious attacks, and forensic investigations, the joint analysis and visualization of a large variety of data gathered at different layers of the system is of great value. The utilization of heavy-weight monitoring techniques requires a cost-aware on-demand activation of such monitoring.� We present an architecture for an interactive and cost-aware visualization of monitoring data combined from multiple sources in distributed systems. We introduce two distinguishing properties: the possibilities to reconfigure data collection and a cost prediction mechanism that supports the user in a cost-aware, dynamic activation of monitoring components in an interactive in-depth analysis. We illustrate the use of such cost prediction for monitoring using VMI-based mechanisms.
{"title":"Towards a Generic Architecture for Interactive Cost-Aware Visualization of Monitoring Data in Distributed Systems","authors":"Noëlle Rakotondravony, Johannes Köstler, Hans P. Reiser","doi":"10.1145/3099012.3099017","DOIUrl":"https://doi.org/10.1145/3099012.3099017","url":null,"abstract":"The collection of monitoring data in distributed systems can serve many different purposes, such as system status monitoring, performance evaluation, and optimization. There are many well-established approaches for data collection and visualization in these areas. For objectives such as debugging complex distributed applications, in-depth analysis of malicious attacks, and forensic investigations, the joint analysis and visualization of a large variety of data gathered at different layers of the system is of great value. The utilization of heavy-weight monitoring techniques requires a cost-aware on-demand activation of such monitoring.\u0000 We present an architecture for an interactive and cost-aware visualization of monitoring data combined from multiple sources in distributed systems. We introduce two distinguishing properties: the possibilities to reconfigure data collection and a cost prediction mechanism that supports the user in a cost-aware, dynamic activation of monitoring components in an interactive in-depth analysis. We illustrate the use of such cost prediction for monitoring using VMI-based mechanisms.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116333976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Apps written in JavaScript are an easy target for reverse engineering attacks, e.g. to steal the intellectual property or to create a clone of an app. Unprotected JavaScript apps even contain high level information such as developer comments, if those were not explicitly stripped. This fact becomes more and more important with the increasing popularity of JavaScript as language of choice for both web development and hybrid mobile apps. In this paper, we present a novel JavaScript obfuscator based on the Google Closure Compiler, which transforms readable JavaScript source code into a representation much harder to analyze for adversaries. We evaluate this obfuscator regarding its performance impact and its semantics-preserving property.
{"title":"Protecting JavaScript Apps from Code Analysis","authors":"Tobias Groß, Tilo Müller","doi":"10.1145/3099012.3099018","DOIUrl":"https://doi.org/10.1145/3099012.3099018","url":null,"abstract":"Apps written in JavaScript are an easy target for reverse engineering attacks, e.g. to steal the intellectual property or to create a clone of an app. Unprotected JavaScript apps even contain high level information such as developer comments, if those were not explicitly stripped. This fact becomes more and more important with the increasing popularity of JavaScript as language of choice for both web development and hybrid mobile apps. In this paper, we present a novel JavaScript obfuscator based on the Google Closure Compiler, which transforms readable JavaScript source code into a representation much harder to analyze for adversaries. We evaluate this obfuscator regarding its performance impact and its semantics-preserving property.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122124533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The protection of assets, including IT resources, intellectual property and business processes, against security attacks has become a challenging task for organizations. From an economic perspective, firms need to minimize the probability of a successful security incident or attack while staying within the boundaries of their information security budget in order to optimize their investment strategy. In this paper, an optimization model to support information security investment decision-making in organizations is proposed considering the two conflicting objectives (simultaneously minimizing the costs of countermeasures while maximizing the security level). Decision models that support the firms' decisions considering the trade-off between the security level and the investment allocation are beneficial for organizations to facilitate and justify security investment choices.
{"title":"Towards a Multi-objective Optimization Model to Support Information Security Investment Decision-making","authors":"Eva Weishäupl","doi":"10.1145/3099012.3099013","DOIUrl":"https://doi.org/10.1145/3099012.3099013","url":null,"abstract":"The protection of assets, including IT resources, intellectual property and business processes, against security attacks has become a challenging task for organizations. From an economic perspective, firms need to minimize the probability of a successful security incident or attack while staying within the boundaries of their information security budget in order to optimize their investment strategy. In this paper, an optimization model to support information security investment decision-making in organizations is proposed considering the two conflicting objectives (simultaneously minimizing the costs of countermeasures while maximizing the security level). Decision models that support the firms' decisions considering the trade-off between the security level and the investment allocation are beneficial for organizations to facilitate and justify security investment choices.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"212 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122842637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser
A honeypot provides information about the new attack and exploitation methods and allows analyzing the adversary's activities during or after exploitation. One way of an adversary to communicate with a server is via secure shell (SSH). SSH provides secure login, file transfer, X11 forwarding, and TCP/IP connections over untrusted networks. SSH is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords are easily exploited using brute-force attacks.� In this paper, we introduce a Virtual Machine Introspection based SSH honeypot. We discuss the design of the system and how to extract valuable information such as the credential used by the attacker and the entered commands. Our experiments show that the system is able to detect the adversary's activities during and after exploitation, and it has advantages compared to currently used SSH honeypot approaches.
{"title":"Virtual Machine Introspection Based SSH Honeypot","authors":"Stewart Sentanoe, Benjamin Taubmann, Hans P. Reiser","doi":"10.1145/3099012.3099016","DOIUrl":"https://doi.org/10.1145/3099012.3099016","url":null,"abstract":"A honeypot provides information about the new attack and exploitation methods and allows analyzing the adversary's activities during or after exploitation. One way of an adversary to communicate with a server is via secure shell (SSH). SSH provides secure login, file transfer, X11 forwarding, and TCP/IP connections over untrusted networks. SSH is a preferred target for attacks, as it is frequently used with password-based authentication, and weak passwords are easily exploited using brute-force attacks.\u0000 In this paper, we introduce a Virtual Machine Introspection based SSH honeypot. We discuss the design of the system and how to extract valuable information such as the credential used by the attacker and the entered commands. Our experiments show that the system is able to detect the adversary's activities during and after exploitation, and it has advantages compared to currently used SSH honeypot approaches.","PeriodicalId":269698,"journal":{"name":"SHCIS '17","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122499343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: