Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888908
Lu Zhang, R. Cushing, P. Grosso
Machine learning techniques are widely used to detect intrusions in the cyber security field. However, most machine learning models are vulnerable to poisoning attacks, in which malicious samples are injected into the training dataset to manipulate the classifier's performance. In this paper, we first evaluate the accuracy degradation of OC-SVM classifiers with 3 different poisoning strategies with the ADLA-FD public dataset and a real world dataset. Secondly, we propose a saniti-zation mechanism based on the DBSCAN clustering algorithm. In addition, we investigate the influences of different distance metrics and different dimensionality reduction techniques and evaluate the sensitivity of the DBSCAN parameters. The ex-perimental results show that the poisoning attacks can degrade the performance of the OC-SVM classifier to a large degree, with an accuracy equal to 0.5 in most settings. The proposed sanitization method can filter out poisoned samples effectively for both datasets. The accuracy after sanitization is very close or even higher to the original value.
{"title":"Defending OC-SVM based IDS from poisoning attacks","authors":"Lu Zhang, R. Cushing, P. Grosso","doi":"10.1109/DSC54232.2022.9888908","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888908","url":null,"abstract":"Machine learning techniques are widely used to detect intrusions in the cyber security field. However, most machine learning models are vulnerable to poisoning attacks, in which malicious samples are injected into the training dataset to manipulate the classifier's performance. In this paper, we first evaluate the accuracy degradation of OC-SVM classifiers with 3 different poisoning strategies with the ADLA-FD public dataset and a real world dataset. Secondly, we propose a saniti-zation mechanism based on the DBSCAN clustering algorithm. In addition, we investigate the influences of different distance metrics and different dimensionality reduction techniques and evaluate the sensitivity of the DBSCAN parameters. The ex-perimental results show that the poisoning attacks can degrade the performance of the OC-SVM classifier to a large degree, with an accuracy equal to 0.5 in most settings. The proposed sanitization method can filter out poisoned samples effectively for both datasets. The accuracy after sanitization is very close or even higher to the original value.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124784186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888910
Joshua Streiff, Naheem Noah, Sanchari Das
The current set of reactive regulatory agencies, legal protections, and market forces have proven inadequate for managing the security and privacy of the Internet of Things (IoT). Given the ubiquitous nature of IoT devices, current cybersecurity and privacy laws fail to enforce the protections of the data of vulnerable populations. The most vulnerable of these users are children, who are at the most significant risk of harm and least adequately protected by the current regime of controls for devices such as smart toys. In this paper, we review the currently existing regulatory and legal controls related to IoT devices while giving a brief overview of privacy & security policies that govern the data access, retention, and usage policies of children's smart toys. We detail the impact of such security and privacy vulnerabilities by conducting three case studies on IoT smart toys, including FisherPrice's SmartBear, Spiral Toys CloudPet Unicorn, and Owl's SmartWatch. Finally, we establish reasons for the complete restructuring of the responsibilities, requirements, and proactive options for implementing cybersecurity rules by IoT device manufacturers.
{"title":"A Call for a New Privacy & Security Regime for IoT Smart Toys","authors":"Joshua Streiff, Naheem Noah, Sanchari Das","doi":"10.1109/DSC54232.2022.9888910","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888910","url":null,"abstract":"The current set of reactive regulatory agencies, legal protections, and market forces have proven inadequate for managing the security and privacy of the Internet of Things (IoT). Given the ubiquitous nature of IoT devices, current cybersecurity and privacy laws fail to enforce the protections of the data of vulnerable populations. The most vulnerable of these users are children, who are at the most significant risk of harm and least adequately protected by the current regime of controls for devices such as smart toys. In this paper, we review the currently existing regulatory and legal controls related to IoT devices while giving a brief overview of privacy & security policies that govern the data access, retention, and usage policies of children's smart toys. We detail the impact of such security and privacy vulnerabilities by conducting three case studies on IoT smart toys, including FisherPrice's SmartBear, Spiral Toys CloudPet Unicorn, and Owl's SmartWatch. Finally, we establish reasons for the complete restructuring of the responsibilities, requirements, and proactive options for implementing cybersecurity rules by IoT device manufacturers.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127054605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888846
Jawhara Aljabri, A. L. Michala, Jeremy Singer
The digitalisation of industrial manufacturing needs the support of systems technology to enhance the efficiency of manufacturing operations, product quality, and smart decisions. This digitalisation can be achieved by the industrial internet of things (IIoT). IIoT has played a powerful role in smart manufacturing by performing real-time analysis for a large volume of data. One possible approach to perform these operations in a secure and privacy-preserving manner is to utilise cryptographic solutions. In previous work, we proposed searchable encryption with an access control algorithm for IIoT based on an edge-cloud architecture, namely ELSA. This paper extends ELSA to illustrate the correlation between the number of keywords and ELSA performance. This extension supports annotating records with multiple keywords in trapdoor and record storage and allows the record to be returnable with single-keyword queries. In addition, the experiments demonstrate the scalability and efficiency of ELSA with an increasing number of keywords and complexity.
{"title":"ELSA: Edge Lightweight Searchable Attribute-based encryption Multi-keyword Scalability","authors":"Jawhara Aljabri, A. L. Michala, Jeremy Singer","doi":"10.1109/DSC54232.2022.9888846","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888846","url":null,"abstract":"The digitalisation of industrial manufacturing needs the support of systems technology to enhance the efficiency of manufacturing operations, product quality, and smart decisions. This digitalisation can be achieved by the industrial internet of things (IIoT). IIoT has played a powerful role in smart manufacturing by performing real-time analysis for a large volume of data. One possible approach to perform these operations in a secure and privacy-preserving manner is to utilise cryptographic solutions. In previous work, we proposed searchable encryption with an access control algorithm for IIoT based on an edge-cloud architecture, namely ELSA. This paper extends ELSA to illustrate the correlation between the number of keywords and ELSA performance. This extension supports annotating records with multiple keywords in trapdoor and record storage and allows the record to be returnable with single-keyword queries. In addition, the experiments demonstrate the scalability and efficiency of ELSA with an increasing number of keywords and complexity.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128192969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888943
Yash Khare, Kumud Lakara, M. S. Inukonda, Sparsh Mittal, Mahesh Chandra, Arvind Kaushik
In this paper, we present novel bit-flip attack (BFA) algorithms for DNNs, along with techniques for defending against the attack. Our attack algorithms leverage information about the layer importance, such that a layer is considered important if it has high-ranked feature maps. We first present a classwise-targeted attack that degrades the accuracy of just one class in the dataset. Comparative evaluation with related works shows the effectiveness of our attack algorithm. We finally propose multiple novel defense strategies against untargeted BFAs. We comprehensively evaluate the robustness of both large-scale CNNs (VGG19, ResNext50, AlexNet and Res Net) and compact CNNs (MobileNet-v2, ShuffleNet, GoogleNet and SqueezeNet) towards BFAs. We also reveal a valuable insight that compact CNNs are highly vulnerable to not only well-crafted BFAs such as ours, but even random BFAs. Also, defense strategies are less effective on compact CNNs. This fact makes them unsuitable for use in security-critical domains. Source code is released at https://sites.google.com/view/dsc-2022-paper-bit-flip-attack.
{"title":"Design and Analysis of Novel Bit-flip Attacks and Defense Strategies for DNNs","authors":"Yash Khare, Kumud Lakara, M. S. Inukonda, Sparsh Mittal, Mahesh Chandra, Arvind Kaushik","doi":"10.1109/DSC54232.2022.9888943","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888943","url":null,"abstract":"In this paper, we present novel bit-flip attack (BFA) algorithms for DNNs, along with techniques for defending against the attack. Our attack algorithms leverage information about the layer importance, such that a layer is considered important if it has high-ranked feature maps. We first present a classwise-targeted attack that degrades the accuracy of just one class in the dataset. Comparative evaluation with related works shows the effectiveness of our attack algorithm. We finally propose multiple novel defense strategies against untargeted BFAs. We comprehensively evaluate the robustness of both large-scale CNNs (VGG19, ResNext50, AlexNet and Res Net) and compact CNNs (MobileNet-v2, ShuffleNet, GoogleNet and SqueezeNet) towards BFAs. We also reveal a valuable insight that compact CNNs are highly vulnerable to not only well-crafted BFAs such as ours, but even random BFAs. Also, defense strategies are less effective on compact CNNs. This fact makes them unsuitable for use in security-critical domains. Source code is released at https://sites.google.com/view/dsc-2022-paper-bit-flip-attack.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"184 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134101514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the era of big data, the acquisition and utilization of information becomes difficult with the skyrocketing amount of data. It is often difficult for ordinary users to find the in-formation or items they need, and personalized recommendation systems can solve this problem well. Currently, recommendation systems increasingly adopt models based on deep learning. The most critical issue in using deep learning for recommendation systems is how to use neural networks to accurately learn user representation vectors and item representation vectors. Many deep learning models used a single vector to represent users, but users' interests were often diverse. Therefore, some researchers consider using multiple vectors to represent user interests, and each interest vector corresponds to a category of items. This method sounds more scientific. However, these models still have problems. Their interpretation of user interests stays at the item level, and does not go deep into the item feature level. In order to solve this problem, we consider user interests from the perspective of item characteristics, and propose 3M (Multi-task, Multi-interest, Multi-feature) model. The 3M model trains multiple interest vectors for each user and extracts multiple characteristic vectors for each item at the same time, then uses a multi-task learning model to connect the characteristic vectors with the interest vectors and train them to obtain multiple interest scores. According to the multiple interest scores, the user click probability can be obtained. Experiments show that our model performs significantly better than the classic CTR(Click - Through Rate) prediction model on the experimental dataset.
{"title":"Multi-task Learning Model based on Multiple Characteristics and Multiple Interests for CTR prediction","authors":"Yufeng Xie, Mingchu Li, Kun Lu, Syed Bilal Hussain Shah, Xiao Zheng","doi":"10.1109/DSC54232.2022.9888898","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888898","url":null,"abstract":"In the era of big data, the acquisition and utilization of information becomes difficult with the skyrocketing amount of data. It is often difficult for ordinary users to find the in-formation or items they need, and personalized recommendation systems can solve this problem well. Currently, recommendation systems increasingly adopt models based on deep learning. The most critical issue in using deep learning for recommendation systems is how to use neural networks to accurately learn user representation vectors and item representation vectors. Many deep learning models used a single vector to represent users, but users' interests were often diverse. Therefore, some researchers consider using multiple vectors to represent user interests, and each interest vector corresponds to a category of items. This method sounds more scientific. However, these models still have problems. Their interpretation of user interests stays at the item level, and does not go deep into the item feature level. In order to solve this problem, we consider user interests from the perspective of item characteristics, and propose 3M (Multi-task, Multi-interest, Multi-feature) model. The 3M model trains multiple interest vectors for each user and extracts multiple characteristic vectors for each item at the same time, then uses a multi-task learning model to connect the characteristic vectors with the interest vectors and train them to obtain multiple interest scores. According to the multiple interest scores, the user click probability can be obtained. Experiments show that our model performs significantly better than the classic CTR(Click - Through Rate) prediction model on the experimental dataset.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129285847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888854
Thalia M. Laing, Eduard Marin, M. Ryan, Joshua Schiffman, Gaetan Wattiau
Hardware tokens are increasingly used to support second-factor and passwordless authentication schemes. While these devices improve security over weaker factors like passwords, they suffer from a number of security and practical issues. We present the design and implementation of Symbolon, a system that allows users to authenticate to an online service in a secure and flexible manner by using multiple personal devices (e.g., their smartphone and smart watch) together, in place of a password. The core idea behind Symbolon is to let users authenticate only if they carry a sufficient number of their personal devices and give explicit consent. We use threshold cryptography at the client side to protect against strong adversaries while overcoming the limitations of multi-factor authentication in terms of flexibility. Symbolon is compatible with FIDO servers, but improves the client-side experience compared to FIDO in terms of security, privacy, and user control. We design Symbolon such that the user can (i) authenticate using a flexible selection of devices, which we call “authenticators”; (ii) define fine-grained threshold policies that enforce user consent without involving or modifying online services; and (iii) add or revoke authenticators without needing to generate new cryptographic keys or manually (un)register them with online services. Finally, we present a detailed design and analyse the security, privacy and practical properties of Symbolon; this includes a formal proof using ProVerif to show the required security properties are satisfied.
{"title":"Symbolon: Enabling Flexible Multi-device-based User Authentication","authors":"Thalia M. Laing, Eduard Marin, M. Ryan, Joshua Schiffman, Gaetan Wattiau","doi":"10.1109/DSC54232.2022.9888854","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888854","url":null,"abstract":"Hardware tokens are increasingly used to support second-factor and passwordless authentication schemes. While these devices improve security over weaker factors like passwords, they suffer from a number of security and practical issues. We present the design and implementation of Symbolon, a system that allows users to authenticate to an online service in a secure and flexible manner by using multiple personal devices (e.g., their smartphone and smart watch) together, in place of a password. The core idea behind Symbolon is to let users authenticate only if they carry a sufficient number of their personal devices and give explicit consent. We use threshold cryptography at the client side to protect against strong adversaries while overcoming the limitations of multi-factor authentication in terms of flexibility. Symbolon is compatible with FIDO servers, but improves the client-side experience compared to FIDO in terms of security, privacy, and user control. We design Symbolon such that the user can (i) authenticate using a flexible selection of devices, which we call “authenticators”; (ii) define fine-grained threshold policies that enforce user consent without involving or modifying online services; and (iii) add or revoke authenticators without needing to generate new cryptographic keys or manually (un)register them with online services. Finally, we present a detailed design and analyse the security, privacy and practical properties of Symbolon; this includes a formal proof using ProVerif to show the required security properties are satisfied.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114246908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Because the hardware capabilities of narrowband IoT devices are not enough to carry powerful antivirus software or security mechanisms so that some scholars have used deep learning to help with intrusion detection. Narrowband IoT devices are more vulnerable to low-rate denial-of-service attacks due to the low upper limit of the connection rate. However, the rate and number of such attacks are not obvious. Therefore, even when training with datasets provided by large organizations, the amount of data for low-rate denial-of-service attacks is very sparse, resulting in poor detection accuracy. This study proposes an interpretable method based on statistical models to simplify the model so that it responds only to specific attacks. The experimental results show that our method can effectively detect specific attacks.
{"title":"Using Poisson Distribution to Enhance CNN-based NB-IoT LDoS Attack Detection","authors":"Jiang Zeng, Li-En Chang, Hsin-Hung Cho, Chi-Yuan Chen, Han-Chieh Chao, Kuo-Hui Yeh","doi":"10.1109/DSC54232.2022.9888864","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888864","url":null,"abstract":"Because the hardware capabilities of narrowband IoT devices are not enough to carry powerful antivirus software or security mechanisms so that some scholars have used deep learning to help with intrusion detection. Narrowband IoT devices are more vulnerable to low-rate denial-of-service attacks due to the low upper limit of the connection rate. However, the rate and number of such attacks are not obvious. Therefore, even when training with datasets provided by large organizations, the amount of data for low-rate denial-of-service attacks is very sparse, resulting in poor detection accuracy. This study proposes an interpretable method based on statistical models to simplify the model so that it responds only to specific attacks. The experimental results show that our method can effectively detect specific attacks.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126112594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888939
A. Alsalemi, A. Amira, H. Malekmohamadi, Kegong Diao
Deep Learning (DL) is increasingly empowering technology and engineering in a plethora of ways, especially when big data processing is a core requirement. Many challenges, however, arise when solely depending on cloud computing for Artificial Intelligence (AI), such as data privacy, communication latency, and power consumption. Despite the elevating popularity of edge computing, its overarching issue is not the lack of technical specifications in many edge computing platforms but the sparsity of comprehensive documentation on how to correct utilize hardware to run ML and DL algorithms. Due to its specialized nature, installing the full version of TensorFlow, a common ML library, on an edge device is a complicated procedure that is seldom successful, due to the many dependent software libraries needed to be compatible with varying architectures of edge computing devices. Henceforth, in this paper, we present a novel technical guide on setting up the TensorFlow Lite, a lightweight version of TensorFlow, and demonstrate a complete workflow of model training, validation, and testing on the ODROID-XU4. Results are presented for a case study on energy data classification using the outlined model show almost 7 times higher computational performance compared to cloud-based AI.
深度学习(DL)正以多种方式日益增强技术和工程的能力,尤其是当大数据处理成为核心需求时。然而,当人工智能(AI)完全依赖云计算时,会出现许多挑战,例如数据隐私、通信延迟和功耗。尽管边缘计算越来越受欢迎,但其首要问题不是许多边缘计算平台缺乏技术规范,而是关于如何正确利用硬件运行ML和DL算法的综合文档的稀疏性。由于其特殊性,在边缘设备上安装完整版本的TensorFlow(一个通用的ML库)是一个复杂的过程,很少成功,因为许多依赖的软件库需要与边缘计算设备的不同架构兼容。因此,在本文中,我们提出了一个关于设置TensorFlow Lite (TensorFlow的轻量级版本)的新技术指南,并在ODROID-XU4上演示了一个完整的模型训练、验证和测试工作流。使用概述模型进行能源数据分类的案例研究结果显示,与基于云的人工智能相比,计算性能提高了近7倍。
{"title":"Facilitating Deep Learning for Edge Computing: A Case Study on Data Classification","authors":"A. Alsalemi, A. Amira, H. Malekmohamadi, Kegong Diao","doi":"10.1109/DSC54232.2022.9888939","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888939","url":null,"abstract":"Deep Learning (DL) is increasingly empowering technology and engineering in a plethora of ways, especially when big data processing is a core requirement. Many challenges, however, arise when solely depending on cloud computing for Artificial Intelligence (AI), such as data privacy, communication latency, and power consumption. Despite the elevating popularity of edge computing, its overarching issue is not the lack of technical specifications in many edge computing platforms but the sparsity of comprehensive documentation on how to correct utilize hardware to run ML and DL algorithms. Due to its specialized nature, installing the full version of TensorFlow, a common ML library, on an edge device is a complicated procedure that is seldom successful, due to the many dependent software libraries needed to be compatible with varying architectures of edge computing devices. Henceforth, in this paper, we present a novel technical guide on setting up the TensorFlow Lite, a lightweight version of TensorFlow, and demonstrate a complete workflow of model training, validation, and testing on the ODROID-XU4. Results are presented for a case study on energy data classification using the outlined model show almost 7 times higher computational performance compared to cloud-based AI.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121961677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888803
Sharifah Roziah Mohd Kassim, Solahuddin Bin Shamsuddin, Shujun Li, B. Arief
Computer Security Incident Response Teams (CSIRTs) have been established at national and organisational levels to respond to and mitigate cyber incidents. National CSIRTs play a critical role in defending a nation's infrastructure from cyber attacks. However, the research literature lacks studies that can provide first-hand insights on current operational practices in national CSIRTs and challenges faced by staff at national CSIRTs. This paper provides personal observations and opinions from two members of staff at MyCERT (Malaysia's national CSIRT), regarding important areas of national CSIRTs' operational practices including cross-CSIRT collaboration, the lack of systematic use of data and tools, and the lack of evaluation of data and tools used. We hope this paper can help stimulate more research and work to address some of the gaps we identified.
{"title":"How National CSIRTs Operate: Personal Observations and Opinions from MyCERT","authors":"Sharifah Roziah Mohd Kassim, Solahuddin Bin Shamsuddin, Shujun Li, B. Arief","doi":"10.1109/DSC54232.2022.9888803","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888803","url":null,"abstract":"Computer Security Incident Response Teams (CSIRTs) have been established at national and organisational levels to respond to and mitigate cyber incidents. National CSIRTs play a critical role in defending a nation's infrastructure from cyber attacks. However, the research literature lacks studies that can provide first-hand insights on current operational practices in national CSIRTs and challenges faced by staff at national CSIRTs. This paper provides personal observations and opinions from two members of staff at MyCERT (Malaysia's national CSIRT), regarding important areas of national CSIRTs' operational practices including cross-CSIRT collaboration, the lack of systematic use of data and tools, and the lack of evaluation of data and tools used. We hope this paper can help stimulate more research and work to address some of the gaps we identified.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"28 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121896987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888835
Spencer Vecile, Kyle Lacroix, Katarina Grolinger, J. Samarabandu
As technologies advance, so do the attacks on them. Cybersecurity plays a significant role in society to protect everyone. Malicious URLs are links designed to promote scams, attacks, and frauds. Companies often have web filtering algorithms that will blacklist specific URLs as malicious; however, due to privacy concerns, they will not give outside entities access to their cybersecurity data. Unfortunately, this lack of data creates a dire need for more data in cybersecurity research and machine learning applications. This paper proposes using machine learning to generate new synthetic URLs characteristically indistinguishable from the data they replace. To do this two character-level long short-term memory (LSTM) models were trained, one to generate malicious URLs and one to generate benign URLs. To assess the quality of the synthetic data two tests were performed. (1) Classify the URLs into malicious and benign to ensure the characteristics of the original data were preserved. (2) Use the Levenstein ratio to check the similarity between the real and synthetic URLs to ensure sufficient anonymization. The results from the classification test show that the synthetic data classifier only slightly underperformed the real data classifier; however, with having accuracy, precision, recall, sensitivity, and specificity above 99%, it can be concluded that the characteristics of the malicious and benign URLs were preserved. The Levenstein ratio tests showed a mean of 67% and 79% similarity for the benign and malicious URLs, respectively. In the end, the character-level LSTM model successfully generated an anonymized, synthetic dataset, that was characteristically similar to the original, which could pave the way for the publication of many more datasets in this way.
{"title":"Malicious and Benign URL Dataset Generation Using Character-Level LSTM Models","authors":"Spencer Vecile, Kyle Lacroix, Katarina Grolinger, J. Samarabandu","doi":"10.1109/DSC54232.2022.9888835","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888835","url":null,"abstract":"As technologies advance, so do the attacks on them. Cybersecurity plays a significant role in society to protect everyone. Malicious URLs are links designed to promote scams, attacks, and frauds. Companies often have web filtering algorithms that will blacklist specific URLs as malicious; however, due to privacy concerns, they will not give outside entities access to their cybersecurity data. Unfortunately, this lack of data creates a dire need for more data in cybersecurity research and machine learning applications. This paper proposes using machine learning to generate new synthetic URLs characteristically indistinguishable from the data they replace. To do this two character-level long short-term memory (LSTM) models were trained, one to generate malicious URLs and one to generate benign URLs. To assess the quality of the synthetic data two tests were performed. (1) Classify the URLs into malicious and benign to ensure the characteristics of the original data were preserved. (2) Use the Levenstein ratio to check the similarity between the real and synthetic URLs to ensure sufficient anonymization. The results from the classification test show that the synthetic data classifier only slightly underperformed the real data classifier; however, with having accuracy, precision, recall, sensitivity, and specificity above 99%, it can be concluded that the characteristics of the malicious and benign URLs were preserved. The Levenstein ratio tests showed a mean of 67% and 79% similarity for the benign and malicious URLs, respectively. In the end, the character-level LSTM model successfully generated an anonymized, synthetic dataset, that was characteristically similar to the original, which could pave the way for the publication of many more datasets in this way.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122235087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: