Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167841
R. Vera-Rodríguez, Patricia Marin-Belinchon, E. González-Sosa, Pedro Tome, J. Ortega-Garcia
Given the growing interest in soft biometrics and its application in many areas related to biometrics, this paper focuses on the automatic extraction of body-based soft biometric attributes from single-shot images. The selected body soft biometrics are: height, shoulder width, hips width, arms length, body complexion and hair colour. For the extraction of these attributes, the Southampton Multi-Biometric Tunnel Database has been used with a total of 222 subjects. Images at far distance between the subject and the camera were considered in order to be able to extract the whole body of the person. Feature extraction is based on distances between key points automatically extracted from the person's silhouette, and also based on pixel information. Support Vector Machines (SVM) are used as the matchers, achieving promising results. Finally, given an image of a person at a distance, the system automatically gives the probability for the classes of each body-based soft biometrics considered, which could be seen as a description of the subject's body. This description could be used to reduce the search space in forensic applications, or to improve the robustness of biometric recognition systems at a distance, especially for face and gait systems, among other applications.
{"title":"Exploring automatic extraction of body-based soft biometrics","authors":"R. Vera-Rodríguez, Patricia Marin-Belinchon, E. González-Sosa, Pedro Tome, J. Ortega-Garcia","doi":"10.1109/CCST.2017.8167841","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167841","url":null,"abstract":"Given the growing interest in soft biometrics and its application in many areas related to biometrics, this paper focuses on the automatic extraction of body-based soft biometric attributes from single-shot images. The selected body soft biometrics are: height, shoulder width, hips width, arms length, body complexion and hair colour. For the extraction of these attributes, the Southampton Multi-Biometric Tunnel Database has been used with a total of 222 subjects. Images at far distance between the subject and the camera were considered in order to be able to extract the whole body of the person. Feature extraction is based on distances between key points automatically extracted from the person's silhouette, and also based on pixel information. Support Vector Machines (SVM) are used as the matchers, achieving promising results. Finally, given an image of a person at a distance, the system automatically gives the probability for the classes of each body-based soft biometrics considered, which could be seen as a description of the subject's body. This description could be used to reduce the search space in forensic applications, or to improve the robustness of biometric recognition systems at a distance, especially for face and gait systems, among other applications.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129931800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167804
Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, A. Ghorbani
Nowadays, there are many serious cyber security threats such as viruses, worms and trojans but without a doubt botnets are one of the largest threats. Although there are numerous ways to discover botnets and mitigate their effects, most methods have problems effecting detection, due to their evasive characteristics. Also, the majority of previous research uses only one data source (e.g. network traffic), which makes the botnet detection process very difficult over a network. This paper proposes a detection and visualization system, BotViz, to visualize botnets by using memory forensics analysis and a new domain generation algorithm detector. BotViz utilizes machine learning techniques to detect anomalous function hooking behaviors. We established a live Zeus botnet to evaluate the efficiency of the BotViz.
{"title":"BotViz: A memory forensic-based botnet detection and visualization approach","authors":"Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, A. Ghorbani","doi":"10.1109/CCST.2017.8167804","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167804","url":null,"abstract":"Nowadays, there are many serious cyber security threats such as viruses, worms and trojans but without a doubt botnets are one of the largest threats. Although there are numerous ways to discover botnets and mitigate their effects, most methods have problems effecting detection, due to their evasive characteristics. Also, the majority of previous research uses only one data source (e.g. network traffic), which makes the botnet detection process very difficult over a network. This paper proposes a detection and visualization system, BotViz, to visualize botnets by using memory forensics analysis and a new domain generation algorithm detector. BotViz utilizes machine learning techniques to detect anomalous function hooking behaviors. We established a live Zeus botnet to evaluate the efficiency of the BotViz.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133313356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167864
R. Fischer, Kevin Lamshoft, J. Dittmann, C. Vielhauer
The term Internet of Things might be regarded as simultaneous occurrence of three important trends. First, the general change from isolated devices to large-scale interconnected and interacting environments. Second, the rapidly increasing numbers of applied hardware and software components. Third, an increasing level of complexity of the individual hardware and software components applied. The connection of a broad range of heterogeneous devices to each other, or to the Internet, results in greater attack potentials and multitudes of attack vectors. Consequently, IT-Security has to deal with highly complex IoT-Structures consisting of large numbers of interconnected, heterogeneous hardware and software components. The exploration of methods for ensuring the security of such environments is a currently emerging field of research. In this work we introduce our idea of a Security-Demonstrator for Home-Automation environments aiming at reproducible, practical Security-Testing. This includes a proposal for a generalized Smart-Home reference-architecture, a detailed technical mapping of the setup, and a preliminary experimental evaluation focused around wireless communication using the Z-Wave protocol.
{"title":"Advanced issues in wireless communication security: Towards a security-demonstrator for smart-home environments","authors":"R. Fischer, Kevin Lamshoft, J. Dittmann, C. Vielhauer","doi":"10.1109/CCST.2017.8167864","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167864","url":null,"abstract":"The term Internet of Things might be regarded as simultaneous occurrence of three important trends. First, the general change from isolated devices to large-scale interconnected and interacting environments. Second, the rapidly increasing numbers of applied hardware and software components. Third, an increasing level of complexity of the individual hardware and software components applied. The connection of a broad range of heterogeneous devices to each other, or to the Internet, results in greater attack potentials and multitudes of attack vectors. Consequently, IT-Security has to deal with highly complex IoT-Structures consisting of large numbers of interconnected, heterogeneous hardware and software components. The exploration of methods for ensuring the security of such environments is a currently emerging field of research. In this work we introduce our idea of a Security-Demonstrator for Home-Automation environments aiming at reproducible, practical Security-Testing. This includes a proposal for a generalized Smart-Home reference-architecture, a detailed technical mapping of the setup, and a preliminary experimental evaluation focused around wireless communication using the Z-Wave protocol.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120839181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167842
Pablo Fernández López, Jorge Sanchez-Casanova, J. Liu-Jimenez, Carlos Morcillo-Marin
This contribution presents an evaluation on the performance of wearable gait recognition of individuals walking in groups. Three case scenarios are presented: Individual, when the user walks alone; Group, in which a group of users walk at the same time at a normal pace; and Formation, in which users walk in military formation. The evaluation was performed with the collaboration of the University Center of the Civil Guard (CUGC), whose students were used to form our database. Since all of their students are instructed to walk in formation, it was possible to perform a study on this particular pattern. This scenario is of interest as it simulates users trying to mimic each other's gait, for instance in a spoofing attack. The database consists of 10 students (7 males, 3 females), and every participant recreated each scenario 8 times The data was collected by a smartphone attached to the waist by means of a holster. With this database, a study on the influence of walking in groups was possible. Results obtained show similar accuracy in the cases of individual and group walking. However, when walking in formation, there is a significant drop in accuracy. These results point out that there is no significant influence of walking alone or with someone else, but, that there is a plausible vulnerability if users decide to walk imitating someone else.
{"title":"Influence of walking in groups in gait recognition","authors":"Pablo Fernández López, Jorge Sanchez-Casanova, J. Liu-Jimenez, Carlos Morcillo-Marin","doi":"10.1109/CCST.2017.8167842","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167842","url":null,"abstract":"This contribution presents an evaluation on the performance of wearable gait recognition of individuals walking in groups. Three case scenarios are presented: Individual, when the user walks alone; Group, in which a group of users walk at the same time at a normal pace; and Formation, in which users walk in military formation. The evaluation was performed with the collaboration of the University Center of the Civil Guard (CUGC), whose students were used to form our database. Since all of their students are instructed to walk in formation, it was possible to perform a study on this particular pattern. This scenario is of interest as it simulates users trying to mimic each other's gait, for instance in a spoofing attack. The database consists of 10 students (7 males, 3 females), and every participant recreated each scenario 8 times The data was collected by a smartphone attached to the waist by means of a holster. With this database, a study on the influence of walking in groups was possible. Results obtained show similar accuracy in the cases of individual and group walking. However, when walking in formation, there is a significant drop in accuracy. These results point out that there is no significant influence of walking alone or with someone else, but, that there is a plausible vulnerability if users decide to walk imitating someone else.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126275786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167833
M. Carvalho, Paulo Bandiera-Paiva
Objective: This article objective is to model authorization process from role-based access control (RBAC) using restrict mode features (separation of duties (SoD) implementation) via Colored Petri Nets (CPN) simulations to map security concerns or limitations of this access control while addressing ISO 14441 requirements for Electronic Health Records (EHR) systems. Method: We have mapped the two separation of duties access control resources from RBAC (static and dynamic) according with National Institute of Standards and Technology (NIST) documentation into a representative process flow using Petri Net formalism. The test scenario included two different physician roles with access permission grants labeled as in conflict if used altogether. Then, we have implemented this flow into a Colored Petri Net simulator (CPN Tools) in order to check RBAC SoD capability to address ISO 14441 privacy requirements to segregate conflicted grants from authenticated users on a general EHR system. The simulations considered conflicts either from a single user or from two users accessing shared patient's private EHR. Conclusion: Colored tokens on Petri Nets models simulating RBAC authorization are useful to demonstrate security policy conflicts during access control authorization process. Tested ISO 14441 privacy demands could be addressed only by including RBAC's dynamic SoD property.
{"title":"Evaluating ISO 14441 privacy requirements on role based access control (RBAC) restrict mode via Colored Petri Nets (CPN) modeling","authors":"M. Carvalho, Paulo Bandiera-Paiva","doi":"10.1109/CCST.2017.8167833","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167833","url":null,"abstract":"Objective: This article objective is to model authorization process from role-based access control (RBAC) using restrict mode features (separation of duties (SoD) implementation) via Colored Petri Nets (CPN) simulations to map security concerns or limitations of this access control while addressing ISO 14441 requirements for Electronic Health Records (EHR) systems. Method: We have mapped the two separation of duties access control resources from RBAC (static and dynamic) according with National Institute of Standards and Technology (NIST) documentation into a representative process flow using Petri Net formalism. The test scenario included two different physician roles with access permission grants labeled as in conflict if used altogether. Then, we have implemented this flow into a Colored Petri Net simulator (CPN Tools) in order to check RBAC SoD capability to address ISO 14441 privacy requirements to segregate conflicted grants from authenticated users on a general EHR system. The simulations considered conflicts either from a single user or from two users accessing shared patient's private EHR. Conclusion: Colored tokens on Petri Nets models simulating RBAC authorization are useful to demonstrate security policy conflicts during access control authorization process. Tested ISO 14441 privacy demands could be addressed only by including RBAC's dynamic SoD property.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128181453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167832
Bryana L. Woo, G. Birch, Jaclynn J. Stubbs, C. Kouhestani
There is a desire to detect and assess unmanned aerial systems (UAS) with a high probability of detection and low nuisance alarm rates in numerous fields of security. Currently available solutions rely upon exploiting electronic signals emitted from the UAS. While these methods may enable some degree of security, they fail to address the emerging domain of autonomous UAS that do not transmit or receive information during the course of a mission. We examine frequency analysis of pixel fluctuation over time to exploit the temporal frequency signature present in imagery data of UAS. This signature is present for autonomous or controlled multirotor UAS and allows for lower pixels-on-target detection. The methodology also acts as a method of assessment due to the distinct frequency signatures of UAS when examined against the standard nuisance alarms such as birds or non-UAS electronic signal emitters. The temporal frequency analysis method is paired with machine learning algorithms to demonstrate a UAS detection and assessment method that requires minimal human interaction. The use of the machine learning algorithm allows each necessary human assess to increase the likelihood of autonomous assessment, allowing for increased system performance over time.
{"title":"Unmanned aerial system detection and assessment through temporal frequency analysis","authors":"Bryana L. Woo, G. Birch, Jaclynn J. Stubbs, C. Kouhestani","doi":"10.1109/CCST.2017.8167832","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167832","url":null,"abstract":"There is a desire to detect and assess unmanned aerial systems (UAS) with a high probability of detection and low nuisance alarm rates in numerous fields of security. Currently available solutions rely upon exploiting electronic signals emitted from the UAS. While these methods may enable some degree of security, they fail to address the emerging domain of autonomous UAS that do not transmit or receive information during the course of a mission. We examine frequency analysis of pixel fluctuation over time to exploit the temporal frequency signature present in imagery data of UAS. This signature is present for autonomous or controlled multirotor UAS and allows for lower pixels-on-target detection. The methodology also acts as a method of assessment due to the distinct frequency signatures of UAS when examined against the standard nuisance alarms such as birds or non-UAS electronic signal emitters. The temporal frequency analysis method is paired with machine learning algorithms to demonstrate a UAS detection and assessment method that requires minimal human interaction. The use of the machine learning algorithm allows each necessary human assess to increase the likelihood of autonomous assessment, allowing for increased system performance over time.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134052729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167790
F. Bisio, Salvatore Saeli, Pierangelo Lombardo, Davide Bernardi, A. Perotti, D. Massa
During the last years, the use of Domain Generation Algorithms (DGAs) has increased with the aim of improving the resiliency of communication between bots and Command and Control (C&C) infrastructure. In this paper, we report on an effective DGA-detection algorithm based on a single network monitoring. The first step of the proposed method is the detection of a bot looking for the C&C and thus querying many automatically generated domains. The second phase consists on the analysis of the resolved DNS requests in the same time interval. The linguistic and semantic features of the collected unresolved and resolved domains are then extracted in order to cluster them and identify the specific bot. Finally, clusters are analyzed in order to reduce false positives. The proposed solution has been evaluated over (1) an ad-hoc network where several known DGAs were injected and (2) the LAN of a company. In the first experiment, we deployed different families of malware employing several DGAs: all the malicious variants were detected by the proposed algorithm. In the real case scenario, the algorithm discovered an infected host in a 15-day-long experimental session, while producing a low false-positive rate during the same period.
{"title":"Real-time behavioral DGA detection through machine learning","authors":"F. Bisio, Salvatore Saeli, Pierangelo Lombardo, Davide Bernardi, A. Perotti, D. Massa","doi":"10.1109/CCST.2017.8167790","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167790","url":null,"abstract":"During the last years, the use of Domain Generation Algorithms (DGAs) has increased with the aim of improving the resiliency of communication between bots and Command and Control (C&C) infrastructure. In this paper, we report on an effective DGA-detection algorithm based on a single network monitoring. The first step of the proposed method is the detection of a bot looking for the C&C and thus querying many automatically generated domains. The second phase consists on the analysis of the resolved DNS requests in the same time interval. The linguistic and semantic features of the collected unresolved and resolved domains are then extracted in order to cluster them and identify the specific bot. Finally, clusters are analyzed in order to reduce false positives. The proposed solution has been evaluated over (1) an ad-hoc network where several known DGAs were injected and (2) the LAN of a company. In the first experiment, we deployed different families of malware employing several DGAs: all the malicious variants were detected by the proposed algorithm. In the real case scenario, the algorithm discovered an infected host in a 15-day-long experimental session, while producing a low false-positive rate during the same period.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114624948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167819
M. U. Aksu, M. Dilek, E. I. Tatli, K. Bicakci, H. I. Dirik, M. Demirezen, Tayfun Aykir
IT system risk assessments are indispensable due to increasing cyber threats within our ever-growing IT systems. Moreover, laws and regulations urge organizations to conduct risk assessments regularly. Even though there exist several risk management frameworks and methodologies, they are in general high level, not defining the risk metrics, risk metrics values and the detailed risk assessment formulas for different risk views. To address this need, we define a novel risk assessment methodology specific to IT systems. Our model is quantitative, both asset and vulnerability centric and defines low and high level risk metrics. High level risk metrics are defined in two general categories; base and attack graph-based. In our paper, we provide a detailed explanation of formulations in each category and make our implemented software publicly available for those who are interested in applying the proposed methodology to their IT systems.
{"title":"A quantitative CVSS-based cyber security risk assessment methodology for IT systems","authors":"M. U. Aksu, M. Dilek, E. I. Tatli, K. Bicakci, H. I. Dirik, M. Demirezen, Tayfun Aykir","doi":"10.1109/CCST.2017.8167819","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167819","url":null,"abstract":"IT system risk assessments are indispensable due to increasing cyber threats within our ever-growing IT systems. Moreover, laws and regulations urge organizations to conduct risk assessments regularly. Even though there exist several risk management frameworks and methodologies, they are in general high level, not defining the risk metrics, risk metrics values and the detailed risk assessment formulas for different risk views. To address this need, we define a novel risk assessment methodology specific to IT systems. Our model is quantitative, both asset and vulnerability centric and defines low and high level risk metrics. High level risk metrics are defined in two general categories; base and attack graph-based. In our paper, we provide a detailed explanation of formulations in each category and make our implemented software publicly available for those who are interested in applying the proposed methodology to their IT systems.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121330722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167854
M. Hatamian, Jetzabel M. Serna
Smartphone ecosystems are considered as a unique source due to the large number of apps which in turn makes an extensive use of personal data. Currently, there is no privacy and security preservation mechanism in smartphone ecosystems to enable users to compare apps in terms of privacy and security protection level, and to alarm them regarding the invasive issues (in terms of privacy and security) of apps before installing them. In this paper, we exploit user comments on app stores as an important source to extract privacy and security invasive (PSI) claims corresponding to apps. Thus, we propose an artificial neural network (ANN)-based ranking model (ARM) in order to classify user comments with privacy and security concerns. Our ranking model is based on three main features namely privacy and security, sentiment, and lifetime analyses as the input of the ranking model along with a novel mathematical formulation in such a way as to maximise the differentiation between comments. The performance results show that ARM is able to classify and predict PSI user comments with accuracy as high as 93.3%. Our findings confirm that due to the functionality of ARM, it has the potential to be widely adopted in smartphone ecosystems.
{"title":"ARM: ANN-based ranking model for privacy and security analysis in smartphone ecosystems","authors":"M. Hatamian, Jetzabel M. Serna","doi":"10.1109/CCST.2017.8167854","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167854","url":null,"abstract":"Smartphone ecosystems are considered as a unique source due to the large number of apps which in turn makes an extensive use of personal data. Currently, there is no privacy and security preservation mechanism in smartphone ecosystems to enable users to compare apps in terms of privacy and security protection level, and to alarm them regarding the invasive issues (in terms of privacy and security) of apps before installing them. In this paper, we exploit user comments on app stores as an important source to extract privacy and security invasive (PSI) claims corresponding to apps. Thus, we propose an artificial neural network (ANN)-based ranking model (ARM) in order to classify user comments with privacy and security concerns. Our ranking model is based on three main features namely privacy and security, sentiment, and lifetime analyses as the input of the ranking model along with a novel mathematical formulation in such a way as to maximise the differentiation between comments. The performance results show that ARM is able to classify and predict PSI user comments with accuracy as high as 93.3%. Our findings confirm that due to the functionality of ARM, it has the potential to be widely adopted in smartphone ecosystems.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131210633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-01DOI: 10.1109/CCST.2017.8167809
Chaima Bensaci, Y. Zennir, D. Pomorski, El-Arkam Mechhoud
The issue investigated in this paper concerns navigation, survey / control and the complexity associated with a mobile multi-robot coordination and cooperation in a complex environment (robotic analysis laboratory), which is little or no known with significant industrial risks, in the presence of human and machines. This group of mobile robots is mainly used to move chemical products, which can lead dangerous accidents (toxic, flammable, explosive …) between the different rooms of the laboratory. The objective of our study is to ensure a good precision in the robots navigation in order to optimize human efforts, reduced error and establishment safety while keeping an eye on robots with good functioning and a desired production. In the literature there are several risk analysis techniques. Among the most used techniques in robotics, the FMEA method (failure modes, effects and criticality analysis). We applied the FMEA method on one robot. Then, the FTA (Fault Tree Analysis) method was chosen to generalize dependability study on all robots. Finally, to manage this level of complexity, a control architecture based on controllers' decomposition into a set of elementary behaviors / controllers (obstacles avoidance and collision between robots, attraction to a target, planning …) was proposed.
{"title":"Complex safety study of intelligent multi-robot navigation in risk's environment","authors":"Chaima Bensaci, Y. Zennir, D. Pomorski, El-Arkam Mechhoud","doi":"10.1109/CCST.2017.8167809","DOIUrl":"https://doi.org/10.1109/CCST.2017.8167809","url":null,"abstract":"The issue investigated in this paper concerns navigation, survey / control and the complexity associated with a mobile multi-robot coordination and cooperation in a complex environment (robotic analysis laboratory), which is little or no known with significant industrial risks, in the presence of human and machines. This group of mobile robots is mainly used to move chemical products, which can lead dangerous accidents (toxic, flammable, explosive …) between the different rooms of the laboratory. The objective of our study is to ensure a good precision in the robots navigation in order to optimize human efforts, reduced error and establishment safety while keeping an eye on robots with good functioning and a desired production. In the literature there are several risk analysis techniques. Among the most used techniques in robotics, the FMEA method (failure modes, effects and criticality analysis). We applied the FMEA method on one robot. Then, the FTA (Fault Tree Analysis) method was chosen to generalize dependability study on all robots. Finally, to manage this level of complexity, a control architecture based on controllers' decomposition into a set of elementary behaviors / controllers (obstacles avoidance and collision between robots, attraction to a target, planning …) was proposed.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125346280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: