Pub Date : 2020-05-14DOI: 10.4108/eai.13-7-2018.164560
Alem Fitwi, Meng Yuan, S. Nikouei, Yu Chen
The collection of personal information about individuals, including the minor members of a family, by closedcircuit television (CCTV) cameras creates a lot of privacy concerns. Revealing children’s identifications or activities may compromise their well-being. In this paper, we propose a novel Minor Privacy protection solution using Real-time video processing at the Edge (MiPRE). It is refined to be feasible and accurate to identify minors and apply appropriate privacy-preserving measures accordingly. State of the art deep learning architectures are modified and repurposed to maximize the accuracy of MiPRE. A pipeline extracts face from the input frames and identify minors. Then, a lightweight algorithm scrambles the faces of the minors to anonymize them. Over 20,000 labeled sample points collected from open sources are used for classification. The quantitative experimental results show the superiority of MiPRE with an accuracy of 92.1% with nearreal-time performance. Received on 01 May 2020; accepted on 12 May 2020; published on 14 May 2020
{"title":"Minor Privacy Protection by Real-time Children Identification and Face Scrambling at the Edge","authors":"Alem Fitwi, Meng Yuan, S. Nikouei, Yu Chen","doi":"10.4108/eai.13-7-2018.164560","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.164560","url":null,"abstract":"The collection of personal information about individuals, including the minor members of a family, by closedcircuit television (CCTV) cameras creates a lot of privacy concerns. Revealing children’s identifications or activities may compromise their well-being. In this paper, we propose a novel Minor Privacy protection solution using Real-time video processing at the Edge (MiPRE). It is refined to be feasible and accurate to identify minors and apply appropriate privacy-preserving measures accordingly. State of the art deep learning architectures are modified and repurposed to maximize the accuracy of MiPRE. A pipeline extracts face from the input frames and identify minors. Then, a lightweight algorithm scrambles the faces of the minors to anonymize them. Over 20,000 labeled sample points collected from open sources are used for classification. The quantitative experimental results show the superiority of MiPRE with an accuracy of 92.1% with nearreal-time performance. Received on 01 May 2020; accepted on 12 May 2020; published on 14 May 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123131281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability commit identification tool based on hierarchical attention network (HAN) to expand existing vulnerability dataset. HAN can model the input data at the word and sentence levels respectively and pay attention to the changes in the characteristics of different words in different categories, which improves the classification performance. Experimental results show that the accuracy and F1 of our model both achieve 92%. Through the vulnerability fix commit, researchers can quickly locate the vulnerable code. And extracting vulnerable code from open-source software can effectively expand the current dataset due to the enormous number of open-source software. Received on 14 April 2020; accepted on 05 May 2020; published on 12 May 2020
{"title":"Identify Vulnerability Fix Commits Automatically Using Hierarchical Attention Network","authors":"Mingxin Sun, Wenjie Wang, Hantao Feng, Hongu Sun, Yuqing Zhang","doi":"10.4108/eai.13-7-2018.164552","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.164552","url":null,"abstract":"The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability commit identification tool based on hierarchical attention network (HAN) to expand existing vulnerability dataset. HAN can model the input data at the word and sentence levels respectively and pay attention to the changes in the characteristics of different words in different categories, which improves the classification performance. Experimental results show that the accuracy and F1 of our model both achieve 92%. Through the vulnerability fix commit, researchers can quickly locate the vulnerable code. And extracting vulnerable code from open-source software can effectively expand the current dataset due to the enormous number of open-source software. Received on 14 April 2020; accepted on 05 May 2020; published on 12 May 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116957115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-12DOI: 10.4108/eai.13-7-2018.164551
Afsah Anwar, Aminollah Khormali, Jinchun Choi, Hisham Alasmary, Saeed Salem, Daehun Nyang, David A. Mohaisen
Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the e ff ect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the e ff ect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be a ff ected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not a ff ected at all.
{"title":"Measuring the Cost of Software Vulnerabilities","authors":"Afsah Anwar, Aminollah Khormali, Jinchun Choi, Hisham Alasmary, Saeed Salem, Daehun Nyang, David A. Mohaisen","doi":"10.4108/eai.13-7-2018.164551","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.164551","url":null,"abstract":"Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the e ff ect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the e ff ect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be a ff ected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not a ff ected at all.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131522723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-04-19DOI: 10.4108/eai.30-11-2021.172305
J. Bassey, Xiangfang Li, Lijun Qian
In this paper, we propose Device Authentication Code (DAC), a novel method for authenticating IoT devices with wireless interface by exploiting their radio frequency (RF) signatures. The proposed DAC is based on RF fingerprinting, information theoretic method, feature learning, and discriminatory power of deep learning. Specifically, an autoencoder is used to automatically extract features from the RF traces, and the reconstruction error is used as the DAC and this DAC is unique to the device and the particular message of interest. Then Kolmogorov-Smirnov (K-S) test is used to match the distribution of the reconstruction error generated by the autoencoder and the received message, and the result will determine whether the device of interest belongs to an authorized user. We validate this concept on two experimentally collected RF traces from six ZigBee and five universal software defined radio peripheral (USRP) devices, respectively. The traces span a range of Signalto- Noise Ratio by varying locations and mobility of the devices and channel interference and noise to ensure robustness of the model. Experimental results demonstrate that DAC is able to prevent device impersonation by extracting salient features that are unique to any wireless device of interest and can be used to identify RF devices. Furthermore, the proposed method does not need the RF traces of the intruder during model training yet be able to identify devices not seen during training, which makes it practical.
{"title":"Device Authentication Codes based on RF Fingerprinting using Deep Learning","authors":"J. Bassey, Xiangfang Li, Lijun Qian","doi":"10.4108/eai.30-11-2021.172305","DOIUrl":"https://doi.org/10.4108/eai.30-11-2021.172305","url":null,"abstract":"In this paper, we propose Device Authentication Code (DAC), a novel method for authenticating IoT devices with wireless interface by exploiting their radio frequency (RF) signatures. The proposed DAC is based on RF fingerprinting, information theoretic method, feature learning, and discriminatory power of deep learning. Specifically, an autoencoder is used to automatically extract features from the RF traces, and the reconstruction error is used as the DAC and this DAC is unique to the device and the particular message of interest. Then Kolmogorov-Smirnov (K-S) test is used to match the distribution of the reconstruction error generated by the autoencoder and the received message, and the result will determine whether the device of interest belongs to an authorized user. We validate this concept on two experimentally collected RF traces from six ZigBee and five universal software defined radio peripheral (USRP) devices, respectively. The traces span a range of Signalto- Noise Ratio by varying locations and mobility of the devices and channel interference and noise to ensure robustness of the model. Experimental results demonstrate that DAC is able to prevent device impersonation by extracting salient features that are unique to any wireless device of interest and can be used to identify RF devices. Furthermore, the proposed method does not need the RF traces of the intruder during model training yet be able to identify devices not seen during training, which makes it practical.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"180 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132833372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-04-15DOI: 10.4108/eai.13-7-2018.163979
A. Imoize, Boluwatife Samuel Ben-Adeola, J. Adebisi
The escalating cases of security threats on the global scene, especially in the cyberspace, demands urgent need to deploy sophisticated measures to mitigate these calamitous threats. To this end, various lock mechanisms have been developed and deployed to prevent access to control systems from potential intruders. This paper provides a solution to this pervasive problem, addressing concerns on the physical and virtual components of an access control system. A locally generated One-Time-Passkeys (OTPs) was created, leveraging ambient noise as entropy input. The system was deployed on an Arduino microcontroller embedded in a safe-cabinet secured with a 12V solenoid lock. The design was implemented and tested against standard metrics. Results achieved include algorithmic optimizations of existing local OTP protocol implementations, and the realization of a safe lock module, which interfaces with a mobile application developed on Android over a secured Bluetooth connection.
{"title":"Development of a Multifactor-Security-Protocol System Using Ambient Noise Synthesis","authors":"A. Imoize, Boluwatife Samuel Ben-Adeola, J. Adebisi","doi":"10.4108/eai.13-7-2018.163979","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.163979","url":null,"abstract":"The escalating cases of security threats on the global scene, especially in the cyberspace, demands urgent need to deploy sophisticated measures to mitigate these calamitous threats. To this end, various lock mechanisms have been developed and deployed to prevent access to control systems from potential intruders. This paper provides a solution to this pervasive problem, addressing concerns on the physical and virtual components of an access control system. A locally generated One-Time-Passkeys (OTPs) was created, leveraging ambient noise as entropy input. The system was deployed on an Arduino microcontroller embedded in a safe-cabinet secured with a 12V solenoid lock. The design was implemented and tested against standard metrics. Results achieved include algorithmic optimizations of existing local OTP protocol implementations, and the realization of a safe lock module, which interfaces with a mobile application developed on Android over a secured Bluetooth connection.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"131 4-5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131402516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack. Received on 29 March 2020; accepted on 02 April 2020; published on 07 April 2020
如今,语音控制成为一种流行的应用程序,它允许人们更方便地与他们的设备进行通信。亚马逊Echo是围绕Alexa设计的,能够控制设备,例如智能灯等。此外,在IFTTT (if-this-then-that)服务的帮助下,亚马逊Echo的技能组合得到了显著提高。然而,享受这些便利的人们可能不会考虑安全问题。因此,仔细研究Echo的语音控制攻击面和相应的影响变得非常重要。在本文中,我们提出了MUTAE (manipulation Users ' Trust on Amazon Echo)攻击来远程破坏Echo的语音控制接口。考虑到用户对Echo的信任程度,我们还进行了安全分析,并根据不同的后果进行了分类。最后,我们还提出了保护Echo免受MUTAE攻击的缓解技术。2020年3月29日收到;2020年4月2日验收;发布于2020年4月7日
{"title":"Manipulating Users' Trust on Amazon Echo: Compromising Smart Home from Outside","authors":"Yuxuan Chen, Xuejing Yuan, Aohui Wang, Kai Chen, Shengzhi Zhang, Heqing Huang","doi":"10.4108/eai.13-7-2018.163924","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.163924","url":null,"abstract":"Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack. Received on 29 March 2020; accepted on 02 April 2020; published on 07 April 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132863274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-19DOI: 10.4108/eai.13-7-2018.163213
Qais Tasali, Christine Sublett, Eugene Y. Vasserman
INTRODUCTION: In medical cyber-physical systems (mCPS), availability must be prioritized over other security properties, making it challenging to craft least-privilege authorization policies which preserve patient safety and confidentiality even during emergency situations. For example, unauthorized access to device(s) connected to a patient or an app controlling these devices could result in patient harm. Previous work has suggested a virtual version of “Break the Glass” (BTG), an analogy to breaking a physical barrier to access a protected emergency resource such as a fire extinguisher or “crash cart”. In healthcare, BTG is used to override access controls and allow for unrestricted access to resources, e.g. Electronic Health Records. After a “BTG event” completes, the actions of all concerned parties are audited to validate the reasons and legitimacy for the override. OBJECTIVES: Medical BTG has largely been treated as an all-or-nothing scenario: either a means to obtain unrestricted access is provided, or BTG is not supported. We show how to handle BTG natively within the ABAC model, maintaining full compatibility with existing access control frameworks, putting BTG in the policy domain rather than requiring framework modifications. This approach also makes BTG more flexible, allowing for fine-grained facility-specific policies, and even automates auditing in many situations, while maintaining the principle of least-privilege. METHODS: We do this by constructing a BTG “meta-policy” which works with existing access control policies by explicitly allowing override when requested. RESULTS: We present a sample BTG policy and formally verify that the resulting combined set of access control policies correctly satisfies the goals of the original policy set and allows expanded access during a BTG event. We show how to use the same verification methods to check new policies, easing the process of crafting least-privilege policies. Received on 21 December 2019; accepted on 18 February 2020; published on 19 February 2020
{"title":"Controlled BTG: Toward Flexible Emergency Override in Interoperable Medical Systems","authors":"Qais Tasali, Christine Sublett, Eugene Y. Vasserman","doi":"10.4108/eai.13-7-2018.163213","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.163213","url":null,"abstract":"INTRODUCTION: In medical cyber-physical systems (mCPS), availability must be prioritized over other security properties, making it challenging to craft least-privilege authorization policies which preserve patient safety and confidentiality even during emergency situations. For example, unauthorized access to device(s) connected to a patient or an app controlling these devices could result in patient harm. Previous work has suggested a virtual version of “Break the Glass” (BTG), an analogy to breaking a physical barrier to access a protected emergency resource such as a fire extinguisher or “crash cart”. In healthcare, BTG is used to override access controls and allow for unrestricted access to resources, e.g. Electronic Health Records. After a “BTG event” completes, the actions of all concerned parties are audited to validate the reasons and legitimacy for the override. OBJECTIVES: Medical BTG has largely been treated as an all-or-nothing scenario: either a means to obtain unrestricted access is provided, or BTG is not supported. We show how to handle BTG natively within the ABAC model, maintaining full compatibility with existing access control frameworks, putting BTG in the policy domain rather than requiring framework modifications. This approach also makes BTG more flexible, allowing for fine-grained facility-specific policies, and even automates auditing in many situations, while maintaining the principle of least-privilege. METHODS: We do this by constructing a BTG “meta-policy” which works with existing access control policies by explicitly allowing override when requested. RESULTS: We present a sample BTG policy and formally verify that the resulting combined set of access control policies correctly satisfies the goals of the original policy set and allows expanded access during a BTG event. We show how to use the same verification methods to check new policies, easing the process of crafting least-privilege policies. Received on 21 December 2019; accepted on 18 February 2020; published on 19 February 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125135704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-08-01DOI: 10.4108/eai.13-7-2018.162797
S. Alqahtani, Shujun Li, Haiyue Yuan, P. Rusconi
Proactive password checkers have been widely used to persuade users to select stronger passwords by providing machine-generated strength ratings of passwords. If such ratings do not match human-generated ratings of human users, there can be a loss of trust in PPCs. In order to study the effectiveness of PPCs, it would be useful to investigate how human users perceive such machine- and human-generated ratings in terms of their trust, which has been rarely studied in the literature. To fill this gap, we report a large-scale crowdsourcing study with over 1,000 workers. The participants were asked to choose which of the two ratings they trusted more. The passwords were selected based on a survey of over 100 human password experts. The results revealed that participants exhibited four distinct behavioral patterns when the passwords were hidden, and many changed their behaviors significantly after the passwords were disclosed, suggesting their reported trust was influenced by their own judgments.
{"title":"Human-Generated and Machine-Generated Ratings of Password Strength: What Do Users Trust More?","authors":"S. Alqahtani, Shujun Li, Haiyue Yuan, P. Rusconi","doi":"10.4108/eai.13-7-2018.162797","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.162797","url":null,"abstract":"Proactive password checkers have been widely used to persuade users to select stronger passwords by providing machine-generated strength ratings of passwords. If such ratings do not match human-generated ratings of human users, there can be a loss of trust in PPCs. In order to study the effectiveness of PPCs, it would be useful to investigate how human users perceive such machine- and human-generated ratings in terms of their trust, which has been rarely studied in the literature. To fill this gap, we report a large-scale crowdsourcing study with over 1,000 workers. The participants were asked to choose which of the two ratings they trusted more. The passwords were selected based on a survey of over 100 human password experts. The results revealed that participants exhibited four distinct behavioral patterns when the passwords were hidden, and many changed their behaviors significantly after the passwords were disclosed, suggesting their reported trust was influenced by their own judgments.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123875062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-08-01DOI: 10.4108/eai.13-7-2018.162808
Md Ali Reza Al Amin, S. Shetty, L. Njilla, Deepak K. Tosh, Charles Kamouha
In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users. Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an advanced level cyber-attack plan. To thwart the reconnaissance mission and counterattack plan, the cyber defender needs to come up with a state-of-the-art cyber defense strategy. In this paper, we model a dynamic deception system (DDS) which will not only thwart reconnaissance mission but also steer the attacker towards fake network to achieve a fake goal state. In our model, we also capture the attacker’s capability using a belief matrix which is a joint probability distribution over the security states and attacker types. Experiments conducted on the prototype implementation of our DDS confirm that the defender can make the decision whether to spend more resources or save resources based on attacker types and thwart reconnaissance mission.
{"title":"Attacker Capability based Dynamic Deception Model for Large-Scale Networks","authors":"Md Ali Reza Al Amin, S. Shetty, L. Njilla, Deepak K. Tosh, Charles Kamouha","doi":"10.4108/eai.13-7-2018.162808","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.162808","url":null,"abstract":"In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users. Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an advanced level cyber-attack plan. To thwart the reconnaissance mission and counterattack plan, the cyber defender needs to come up with a state-of-the-art cyber defense strategy. In this paper, we model a dynamic deception system (DDS) which will not only thwart reconnaissance mission but also steer the attacker towards fake network to achieve a fake goal state. In our model, we also capture the attacker’s capability using a belief matrix which is a joint probability distribution over the security states and attacker types. Experiments conducted on the prototype implementation of our DDS confirm that the defender can make the decision whether to spend more resources or save resources based on attacker types and thwart reconnaissance mission.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133710164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-08-01DOI: 10.4108/eai.13-7-2018.162809
Yi Li, Kaiqi Xiong, Xiangyang Li
Emails have been widely used in our daily life. It is important to understand user behaviors regarding email security situation assessments. However, there are very challenging and limited studies on email user behaviors. To study user security-related behaviors, we design and investigate an email test platform to understand how users behave differently when they read emails, some of which are phishing. Specifically, we conduct two experimental studies, where participants take part in our experiments on site in a lab contained environment and online through Amazon Mechanical Turk that are referred to on-site study and online study, respectively. In the two experimental studies, we design questionnaires for the two studies and use a set of emails including phishing emails from the real world with some necessary modifications for personal information protection. Furthermore, we develop necessary software tools to collect experimental data include participants’ basic background information, time measurement, mouse movement, and their answers to survey questions. Based on the collected data, we investigate what factors, such as intervention, phishing types, and an incentive mechanism, play a key role in user behaviors when phishing attacks occur. The difficulty of such investigation is due to the qualitative analysis of user behaviors and the limited number of data in the on-site study. For these reasons, we develop an approach to quantify user behavior metrics and reduce the number of user attributes by evaluating the significance of each attribute and analyzing the correlation of attributes. Moreover, we propose a machine learning framework, which contains attribute reduction, to find a critical point that classifies the performance of a participant into either ‘good’ or ‘bad’ through 10-fold cross-validation with randomly selected attributes cross-validation models. The proposed machine learning model can be used to predict the performance of a user based on the user profile. Our data analysis shows that intervention and an incentive mechanism play a significant role while phishing type I is more harmful to users compared to the other two types. The findings of this research can be used to help a user identify a phishing attack and prevent the user from being a victim of such an attack. Received on 21 November 2019; accepted on 13 January 2020; published on 29 January 2020
{"title":"Applying Machine Learning Techniques to Understand User Behaviors When Phishing Attacks Occur","authors":"Yi Li, Kaiqi Xiong, Xiangyang Li","doi":"10.4108/eai.13-7-2018.162809","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.162809","url":null,"abstract":"Emails have been widely used in our daily life. It is important to understand user behaviors regarding email security situation assessments. However, there are very challenging and limited studies on email user behaviors. To study user security-related behaviors, we design and investigate an email test platform to understand how users behave differently when they read emails, some of which are phishing. Specifically, we conduct two experimental studies, where participants take part in our experiments on site in a lab contained environment and online through Amazon Mechanical Turk that are referred to on-site study and online study, respectively. In the two experimental studies, we design questionnaires for the two studies and use a set of emails including phishing emails from the real world with some necessary modifications for personal information protection. Furthermore, we develop necessary software tools to collect experimental data include participants’ basic background information, time measurement, mouse movement, and their answers to survey questions. Based on the collected data, we investigate what factors, such as intervention, phishing types, and an incentive mechanism, play a key role in user behaviors when phishing attacks occur. The difficulty of such investigation is due to the qualitative analysis of user behaviors and the limited number of data in the on-site study. For these reasons, we develop an approach to quantify user behavior metrics and reduce the number of user attributes by evaluating the significance of each attribute and analyzing the correlation of attributes. Moreover, we propose a machine learning framework, which contains attribute reduction, to find a critical point that classifies the performance of a participant into either ‘good’ or ‘bad’ through 10-fold cross-validation with randomly selected attributes cross-validation models. The proposed machine learning model can be used to predict the performance of a user based on the user profile. Our data analysis shows that intervention and an incentive mechanism play a significant role while phishing type I is more harmful to users compared to the other two types. The findings of this research can be used to help a user identify a phishing attack and prevent the user from being a victim of such an attack. Received on 21 November 2019; accepted on 13 January 2020; published on 29 January 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126571075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: