Kok-Seng Wong, Nguyen Anh Tu, Anuar Maratkhan, M. Demirci
The ability to visually track people present in the scene is essential for any surveillance system. However, the widespread deployment and increased advancement of video surveillance systems have raised awareness of privacy to the public, i.e., human identity in the videos. The existing indoor surveillance systems allow people to be watched remotely and recorded continuously but do not prevent any party from viewing activities and collecting personal visual information of people in the videos. Because of this problem, we propose a privacy-preserving framework to provide each user (e.g., parents) with a personalized video where the user see only selected target subjects (e.g., child, teacher, and intruder) while other faces are dynamically masked. The primary services in our framework consist of a video streaming service and a personalized service. The video streaming service is responsible for detecting, segmenting, recognizing, and masking face images of the human subjects in the video. Notably, it classifies human subjects into insider and outsider classes and then applies the de-identification (i.e., masking) to those in the insider class, including the target subjects. Subsequently, the personalized service receives the visual information (i.e., masked and unmasked faces) from the streaming service and processes it at the user's mobile device. The output is then a personalized video for each user. For security reasons, we require the surveillance videos stored in the cloud in an encrypted form. To ensure an individual remains anonymous in a group, we propose a dynamic masking approach to mask the human subjects in the video. Our framework can deliver both reliable visual privacy protection and video utility. For instance, users can have confidence that their target subjects are anonymized in other views. To utilize the personalized video, users can use analytics software installed on their mobile devices to analyze the activities of their target subjects.
{"title":"A Privacy-Preserving Framework for Surveillance Systems","authors":"Kok-Seng Wong, Nguyen Anh Tu, Anuar Maratkhan, M. Demirci","doi":"10.1145/3442520.3442524","DOIUrl":"https://doi.org/10.1145/3442520.3442524","url":null,"abstract":"The ability to visually track people present in the scene is essential for any surveillance system. However, the widespread deployment and increased advancement of video surveillance systems have raised awareness of privacy to the public, i.e., human identity in the videos. The existing indoor surveillance systems allow people to be watched remotely and recorded continuously but do not prevent any party from viewing activities and collecting personal visual information of people in the videos. Because of this problem, we propose a privacy-preserving framework to provide each user (e.g., parents) with a personalized video where the user see only selected target subjects (e.g., child, teacher, and intruder) while other faces are dynamically masked. The primary services in our framework consist of a video streaming service and a personalized service. The video streaming service is responsible for detecting, segmenting, recognizing, and masking face images of the human subjects in the video. Notably, it classifies human subjects into insider and outsider classes and then applies the de-identification (i.e., masking) to those in the insider class, including the target subjects. Subsequently, the personalized service receives the visual information (i.e., masked and unmasked faces) from the streaming service and processes it at the user's mobile device. The output is then a personalized video for each user. For security reasons, we require the surveillance videos stored in the cloud in an encrypted form. To ensure an individual remains anonymous in a group, we propose a dynamic masking approach to mask the human subjects in the video. Our framework can deliver both reliable visual privacy protection and video utility. For instance, users can have confidence that their target subjects are anonymized in other views. To utilize the personalized video, users can use analytics software installed on their mobile devices to analyze the activities of their target subjects.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126307848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Container (or containerization) as one of the new concepts of virtualization, has attracted increasing attention and occupied a considerable amount of market size owing to the inherent lightweight characteristic. However, the lightweight advantage is achieved at the price of the security. Attacks against weak isolation of the container have been reported, and the use of a shared kernel is another targeted vulnerable point. This work aims to provide secure monitoring of containerized applications, which can help i) the infrastructure owner to ensure the running application is harmless, ii) the application owner to detect anomalous behaviors. We propose to use unsupervised introspection tools to perform the non-intrusive monitoring, which leverages the system call traces to classify the anomalies. Since the traditional dataset used for anomaly detection either only focus on network traces or limited to few attributes of system calls, we crafted and collected various normal and abnormal behaviors of a containerized application, and an optimized and open-source system call based dataset has been built. Unsupervised machine learning classifiers are trained over the proposed dataset, a comprehensive case study has been performed and analyzed. The results show the feasibility of unsupervised introspection of containerized applications.
{"title":"Towards Unsupervised Introspection of Containerized Application","authors":"Pinchen Cui, D. Umphress","doi":"10.1145/3442520.3442530","DOIUrl":"https://doi.org/10.1145/3442520.3442530","url":null,"abstract":"Container (or containerization) as one of the new concepts of virtualization, has attracted increasing attention and occupied a considerable amount of market size owing to the inherent lightweight characteristic. However, the lightweight advantage is achieved at the price of the security. Attacks against weak isolation of the container have been reported, and the use of a shared kernel is another targeted vulnerable point. This work aims to provide secure monitoring of containerized applications, which can help i) the infrastructure owner to ensure the running application is harmless, ii) the application owner to detect anomalous behaviors. We propose to use unsupervised introspection tools to perform the non-intrusive monitoring, which leverages the system call traces to classify the anomalies. Since the traditional dataset used for anomaly detection either only focus on network traces or limited to few attributes of system calls, we crafted and collected various normal and abnormal behaviors of a containerized application, and an optimized and open-source system call based dataset has been built. Unsupervised machine learning classifiers are trained over the proposed dataset, a comprehensive case study has been performed and analyzed. The results show the feasibility of unsupervised introspection of containerized applications.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131891164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Email forensics is the subdomain of network forensics, and email spoofing is the most common type of email attack. Email spoofing is a process of creating a forged message by manipulating the sender’s email address so that it appears to the recipient that the originating email is coming from a genuine sender. Spoofed email attack and its detection is a challenging problem in email forensic investigation. Research in the past has tried to address email detection by different mechanisms. This paper tries to improve and fill some of the research gaps from the base paper of R.P Iyer [11]. In our work, we detect spoofed emails received by the user by applying memory forensic approach. Instead of capturing the complete memory dump, we only capture the browser’s live running processes from memory and extract the email header for analysis. This reduces the size of the memory dump and makes detection fast. Also proposed detection algorithm overcomes messageID based detection failures by applying nslookup to fetch MX record to identify the genuine emails. The advantage of memory forensic application for spoofed email detection is that we get guaranteed non-repudiation of the user’s digital footprint in physical memory. The results of the performance analysis show that the entire task can be completed in approximately 1 min with high accuracy with minimum false positives. The proposed method detects spoofed emails without disrupting the regular operation of the testing machine.
{"title":"Identification of Spoofed Emails by applying Email Forensics and Memory Forensics","authors":"Sanjeev Shukla, M. Misra, G. Varshney","doi":"10.1145/3442520.3442527","DOIUrl":"https://doi.org/10.1145/3442520.3442527","url":null,"abstract":"Email forensics is the subdomain of network forensics, and email spoofing is the most common type of email attack. Email spoofing is a process of creating a forged message by manipulating the sender’s email address so that it appears to the recipient that the originating email is coming from a genuine sender. Spoofed email attack and its detection is a challenging problem in email forensic investigation. Research in the past has tried to address email detection by different mechanisms. This paper tries to improve and fill some of the research gaps from the base paper of R.P Iyer [11]. In our work, we detect spoofed emails received by the user by applying memory forensic approach. Instead of capturing the complete memory dump, we only capture the browser’s live running processes from memory and extract the email header for analysis. This reduces the size of the memory dump and makes detection fast. Also proposed detection algorithm overcomes messageID based detection failures by applying nslookup to fetch MX record to identify the genuine emails. The advantage of memory forensic application for spoofed email detection is that we get guaranteed non-repudiation of the user’s digital footprint in physical memory. The results of the performance analysis show that the entire task can be completed in approximately 1 min with high accuracy with minimum false positives. The proposed method detects spoofed emails without disrupting the regular operation of the testing machine.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"459 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116770297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In high level security environments, data protection and leakage prevention remains one of the main challenges. In biometric systems, its most sensitive piece of information, the template, is constantly being exchanged between its building blocks. instead of having one template, in this paper we generate a set of synthetic templates to camouflage the genuine one. To test their indistinguishability, we suppose an attack and compare two different classifications results of reconstructed faces: humans and SVM classifier. For the former, we built a platform where testers could classify a set of random preimages reconstructed from real or synthetic (honey) templates. From an attacker point of view, we noticed that, compared to the SVM classifier, human testers showed better results in terms of classification distinguishability.
{"title":"On the predictability of biometric honey templates, based on Bayesian inference","authors":"Edlira Martiri, Bian Yang","doi":"10.1145/3442520.3442532","DOIUrl":"https://doi.org/10.1145/3442520.3442532","url":null,"abstract":"In high level security environments, data protection and leakage prevention remains one of the main challenges. In biometric systems, its most sensitive piece of information, the template, is constantly being exchanged between its building blocks. instead of having one template, in this paper we generate a set of synthetic templates to camouflage the genuine one. To test their indistinguishability, we suppose an attack and compare two different classifications results of reconstructed faces: humans and SVM classifier. For the former, we built a platform where testers could classify a set of random preimages reconstructed from real or synthetic (honey) templates. From an attacker point of view, we noticed that, compared to the SVM classifier, human testers showed better results in terms of classification distinguishability.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128871087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vulnerability correlation analysis has become a key technique in the field of vulnerability analysis, which effectively addresses the limitation of only analyzing an isolated vulnerability. Even though the existing techniques have demonstrated their effectiveness in assessing the complex relationship between the vulnerabilities, they remain limited in accurately locating critical vulnerabilities. To overcome this issue, we design a vulnerability correlation analysis method, named VCPEC, to discover critical vulnerabilities using extended coritivity theory towards a novel privilege model. The key idea is to construct a vulnerability correlation graph (VCG) according to the system privilege grading strategy and the vulnerability privilege escalation paths, reducing the complexity in the graph. Then use the extended coritivity theory to calculate the core of the VCG, that means the critical vulnerabilities can be further recognized. Thus, by repairing critical vulnerabilities to achieve efficient protection of target system, saving the cost of repairing vulnerabilities. We design and perform experiments to verify the feasibility and efficiency of VCPEC in real-world software systems. And the results show that VCPEC can accurately locate critical vulnerabilities.
{"title":"VCPEC: Vulnerability Correlation Analysis Based on Privilege Escalation and Coritivity Theory","authors":"Xuefei Wang, Rui Ma, Donghai Tian, Xiajing Wang","doi":"10.1145/3442520.3442526","DOIUrl":"https://doi.org/10.1145/3442520.3442526","url":null,"abstract":"Vulnerability correlation analysis has become a key technique in the field of vulnerability analysis, which effectively addresses the limitation of only analyzing an isolated vulnerability. Even though the existing techniques have demonstrated their effectiveness in assessing the complex relationship between the vulnerabilities, they remain limited in accurately locating critical vulnerabilities. To overcome this issue, we design a vulnerability correlation analysis method, named VCPEC, to discover critical vulnerabilities using extended coritivity theory towards a novel privilege model. The key idea is to construct a vulnerability correlation graph (VCG) according to the system privilege grading strategy and the vulnerability privilege escalation paths, reducing the complexity in the graph. Then use the extended coritivity theory to calculate the core of the VCG, that means the critical vulnerabilities can be further recognized. Thus, by repairing critical vulnerabilities to achieve efficient protection of target system, saving the cost of repairing vulnerabilities. We design and perform experiments to verify the feasibility and efficiency of VCPEC in real-world software systems. And the results show that VCPEC can accurately locate critical vulnerabilities.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114257533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: