J. Hajny, Sara Ricci, Edmundas Piesarskas, Marek Sikora
The paper aims at minimizing the skills gaps and skills shortages on the cybersecurity job market by empowering education and training institutions during the process of creation of new cybersecurity study programs. We provide a complex cybersecurity skills framework based on standardized definitions that helps with the identification of skills and knowledge necessary for cybersecurity work positions. Furthermore, we practically implement the framework in the form of an interactive web application for cybersecurity curricula design. The app, called Curricula Designer, is built upon the framework and allows intuitive design of higher-education curricula and their analysis with respect to requirements of work roles already defined in widely-accepted standards. Using the analytical functions, it is easy to identify missing content in the courses and precisely structure the study program so that the graduates are well-prepared to enter the job market. The Curricula Designer is described in details in this paper, including user interface and technical background, and a link for public free access is provided to serve all education and training institutions.
{"title":"Cybersecurity Curricula Designer","authors":"J. Hajny, Sara Ricci, Edmundas Piesarskas, Marek Sikora","doi":"10.1145/3465481.3469183","DOIUrl":"https://doi.org/10.1145/3465481.3469183","url":null,"abstract":"The paper aims at minimizing the skills gaps and skills shortages on the cybersecurity job market by empowering education and training institutions during the process of creation of new cybersecurity study programs. We provide a complex cybersecurity skills framework based on standardized definitions that helps with the identification of skills and knowledge necessary for cybersecurity work positions. Furthermore, we practically implement the framework in the form of an interactive web application for cybersecurity curricula design. The app, called Curricula Designer, is built upon the framework and allows intuitive design of higher-education curricula and their analysis with respect to requirements of work roles already defined in widely-accepted standards. Using the analytical functions, it is easy to identify missing content in the courses and precisely structure the study program so that the graduates are well-prepared to enter the job market. The Curricula Designer is described in details in this paper, including user interface and technical background, and a link for public free access is provided to serve all education and training institutions.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"277 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133044665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ons Chikhaoui, Aida Ben Chehida Douss, Ryma Abassi, S. Fatmi
In Vehicular Ad hoc NETworks (VANETs), vehicles exchange safety messages containing valuable information about traffic environment to increase roads’ safety. The critical nature of these messages entails securing them before considering them. In this context, the credibility and the accuracy assessment of these included safety information arises as a necessity since the consumption of false or imprecise ones by vehicles may cause hazardous consequences. To treat this requirement, we proposed the scheme [1] enabling vehicles to evaluate the credibility and the accuracy of the contents of the safety messages exchanged in VANETs. That scheme is based on three modules: a reputation module, a time and location closeness estimation module, and a majority module. A vehicle can use these modules in a separated or joint way according to the circumstances. Since that scheme is error prone, we conducted in [2], a formal validation, using inference system, to prove the soundness and the completeness of these three modules and their combination. In this paper, we complete that formal validation of [1] by handling the junctions of the three basic modules two by two. To do this, we first completed the inference system in [2] so that the junctions of the three modules two by two become incorporated. A formal verification using this holistic inference system was proposed in a second step to prove the soundness and the completeness of these junctions. This verification's obtained results confirmed the validity of the said junctions for being sound and complete.
{"title":"Formal Validation of Credibility and Accuracy Assessment of Safety Messages in VANETs","authors":"Ons Chikhaoui, Aida Ben Chehida Douss, Ryma Abassi, S. Fatmi","doi":"10.1145/3465481.3470103","DOIUrl":"https://doi.org/10.1145/3465481.3470103","url":null,"abstract":"In Vehicular Ad hoc NETworks (VANETs), vehicles exchange safety messages containing valuable information about traffic environment to increase roads’ safety. The critical nature of these messages entails securing them before considering them. In this context, the credibility and the accuracy assessment of these included safety information arises as a necessity since the consumption of false or imprecise ones by vehicles may cause hazardous consequences. To treat this requirement, we proposed the scheme [1] enabling vehicles to evaluate the credibility and the accuracy of the contents of the safety messages exchanged in VANETs. That scheme is based on three modules: a reputation module, a time and location closeness estimation module, and a majority module. A vehicle can use these modules in a separated or joint way according to the circumstances. Since that scheme is error prone, we conducted in [2], a formal validation, using inference system, to prove the soundness and the completeness of these three modules and their combination. In this paper, we complete that formal validation of [1] by handling the junctions of the three basic modules two by two. To do this, we first completed the inference system in [2] so that the junctions of the three modules two by two become incorporated. A formal verification using this holistic inference system was proposed in a second step to prove the soundness and the completeness of these junctions. This verification's obtained results confirmed the validity of the said junctions for being sound and complete.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127619697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Petr Dzurenda, Sara Ricci, Raúl Casanova Marqués, J. Hajny, P. Cika
In this article, we present two novel authenticated key agreement (AKA) schemes that are easily implementable and efficient even on constrained devices. Both schemes are constructed over elliptic curves and extend Schonorr’s signature of knowledge protocol. To the best of our knowledge, we introduce a first AKA protocol based on the proof of knowledge concept. This concept allows a client to prove its identity to a server via secret information while the server can learn nothing about the secret. Furthermore, we extend our protocol via secret sharing to support client multi-device authentication and multi-factor authentication features. In particular, the secret of the client can be distributed among the client’s devices. The experimental analysis shows that our secret sharing AKA (SSAKA) can establish a secure communication channel in less than 600 ms for one secondary device and 128-bit security strength. The protocol is fast even on very constrained secondary devices, where in most of cases takes less than 500 ms. Note that the time consumption depends on the computational capabilities of the hardware.
{"title":"Secret Sharing-based Authenticated Key Agreement Protocol","authors":"Petr Dzurenda, Sara Ricci, Raúl Casanova Marqués, J. Hajny, P. Cika","doi":"10.1145/3465481.3470057","DOIUrl":"https://doi.org/10.1145/3465481.3470057","url":null,"abstract":"In this article, we present two novel authenticated key agreement (AKA) schemes that are easily implementable and efficient even on constrained devices. Both schemes are constructed over elliptic curves and extend Schonorr’s signature of knowledge protocol. To the best of our knowledge, we introduce a first AKA protocol based on the proof of knowledge concept. This concept allows a client to prove its identity to a server via secret information while the server can learn nothing about the secret. Furthermore, we extend our protocol via secret sharing to support client multi-device authentication and multi-factor authentication features. In particular, the secret of the client can be distributed among the client’s devices. The experimental analysis shows that our secret sharing AKA (SSAKA) can establish a secure communication channel in less than 600 ms for one secondary device and 128-bit security strength. The protocol is fast even on very constrained secondary devices, where in most of cases takes less than 500 ms. Note that the time consumption depends on the computational capabilities of the hardware.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115367695","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The architectures presented in the literature, and current practices and solutions for computing statistics on data from health registries distributed across the world are manual and suffers from security and privacy problems. In this paper, we suggest a solution design with a infrastructure architecture providing improved security, automation and privacy guarantees compared to the related works. Our solution builds on top of the key research accomplishments from several areas such as distributed computing, blockchain, cryptography, and medical informatics rather than completely re-inventing the wheel from scratch for the healthcare domain. The proposed architecture is currently being prototyped in the Cancer Registry of Norway.
{"title":"DeCanSec: A Decentralized Architecture for Secure Statistical Computations on Distributed Health Registry Data","authors":"Narasimha Raghavan, J. Nygård","doi":"10.1145/3465481.3470071","DOIUrl":"https://doi.org/10.1145/3465481.3470071","url":null,"abstract":"The architectures presented in the literature, and current practices and solutions for computing statistics on data from health registries distributed across the world are manual and suffers from security and privacy problems. In this paper, we suggest a solution design with a infrastructure architecture providing improved security, automation and privacy guarantees compared to the related works. Our solution builds on top of the key research accomplishments from several areas such as distributed computing, blockchain, cryptography, and medical informatics rather than completely re-inventing the wheel from scratch for the healthcare domain. The proposed architecture is currently being prototyped in the Cancer Registry of Norway.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114940265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Human-robot collaboration is on the increase and having a major impact on areas such as manufacturing, where the abilities of the human worker, augmented by those of the robot, bring increased flexibility and performance. However, close collaboration, including physical interaction, brings with it complex safety and security issues that were previously mitigated by human-robot segregation and isolated control networks. Exoskeletons pose a particularly interesting case whereby physical coupling of the user and robot is required throughout operation. We envisage the use of continuous authentication to exoskeletons, i.e. to ensure a user is who they claim to be, and that they have sufficient authority to operate the device for the duration of its use. In this paper we demonstrate such an approach to behavioural biometrics using data acquired through wearable sensors (hand manipulations recorded by a sensorised glove) while the user performs a selection of industrial tasks, including handling loads and inserting screws. The results show that the approach can discriminate between users with a low Equal Error Rate (EER; <3% in the worst case analysed). We believe that such an approach will also benefit other applications where wearables are used in robot control, such as in tele-operation.
{"title":"Continuous User Authentication for Human-Robot Collaboration","authors":"Shurook S. Almohamade, John A. Clark, James Law","doi":"10.1145/3465481.3470025","DOIUrl":"https://doi.org/10.1145/3465481.3470025","url":null,"abstract":"Human-robot collaboration is on the increase and having a major impact on areas such as manufacturing, where the abilities of the human worker, augmented by those of the robot, bring increased flexibility and performance. However, close collaboration, including physical interaction, brings with it complex safety and security issues that were previously mitigated by human-robot segregation and isolated control networks. Exoskeletons pose a particularly interesting case whereby physical coupling of the user and robot is required throughout operation. We envisage the use of continuous authentication to exoskeletons, i.e. to ensure a user is who they claim to be, and that they have sufficient authority to operate the device for the duration of its use. In this paper we demonstrate such an approach to behavioural biometrics using data acquired through wearable sensors (hand manipulations recorded by a sensorised glove) while the user performs a selection of industrial tasks, including handling loads and inserting screws. The results show that the approach can discriminate between users with a low Equal Error Rate (EER; <3% in the worst case analysed). We believe that such an approach will also benefit other applications where wearables are used in robot control, such as in tele-operation.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116861122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enrico Bacis, Dario Facchinetti, M. Guarnieri, Marco Rosa, Matthew Rossi, S. Paraboschi
A Time-Lock enables the release of a secret at a future point in time. Many approaches implement Time-Locks as cryptographic puzzles, binding the recovery of the secret to the solution of the puzzle. Since the time required to find the puzzle’s solution may vary due to a multitude of factors, including the computational effort spent, these solutions may not suit all scenarios. To overcome this limitation, we propose I Told You Tomorrow (ITYT), a novel way of implementing time-locked secrets based on smart contracts. ITYT relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles. We implement a prototype of ITYT on top of the Ethereum blockchain. The prototype leverages secure Multi-Party Computation to avoid any single point of trust. We also analyze resiliency to attacks with the help of economic game theory, in the context of rational adversaries. The experiments demonstrate the low cost and limited resource consumption associated with our approach.
时间锁允许在未来的某个时间点释放秘密。许多方法将时间锁实现为密码谜题,将秘密的恢复与谜题的解决绑定在一起。由于找到谜题解决方案所需的时间可能因多种因素而异,包括所花费的计算量,因此这些解决方案可能不适合所有场景。为了克服这一限制,我们提出了I Told You Tomorrow (ITYT),这是一种基于智能合约实现时间锁定秘密的新方法。ITYT依靠区块链来衡量时间的流逝,它将阈值密码学与经济激励和惩罚相结合,以取代密码学难题。我们在以太坊区块链之上实现了一个ITYT的原型。该原型利用安全的多方计算来避免任何单点信任。我们还在理性对手的背景下,借助经济博弈论分析对攻击的弹性。实验证明了该方法的低成本和有限的资源消耗。
{"title":"I Told You Tomorrow: Practical Time-Locked Secrets using Smart Contracts","authors":"Enrico Bacis, Dario Facchinetti, M. Guarnieri, Marco Rosa, Matthew Rossi, S. Paraboschi","doi":"10.1145/3465481.3465765","DOIUrl":"https://doi.org/10.1145/3465481.3465765","url":null,"abstract":"A Time-Lock enables the release of a secret at a future point in time. Many approaches implement Time-Locks as cryptographic puzzles, binding the recovery of the secret to the solution of the puzzle. Since the time required to find the puzzle’s solution may vary due to a multitude of factors, including the computational effort spent, these solutions may not suit all scenarios. To overcome this limitation, we propose I Told You Tomorrow (ITYT), a novel way of implementing time-locked secrets based on smart contracts. ITYT relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles. We implement a prototype of ITYT on top of the Ethereum blockchain. The prototype leverages secure Multi-Party Computation to avoid any single point of trust. We also analyze resiliency to attacks with the help of economic game theory, in the context of rational adversaries. The experiments demonstrate the low cost and limited resource consumption associated with our approach.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128566885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Anomaly detection in video streams with imbalanced data and real-time constraints is a challenging task of computer vision. This paper proposes a novel real-time approach for real-world video anomaly detection exploiting a supervised learning methodology. In particular, we present a deep learning architecture based on the analysis of contextual, spatial, and motion information extracted from the video. A data balancing strategy based on hard-mining and adaptive framerate is used to avoid overfitting and increase detection accuracy. The approach defines an extended taxonomy by differentiating anomalies in ”soft” and ”hard”. A novel anomaly detection score based on a sigmoidal function has been introduced to reduce false positive rate while maintaining a high level of true positive rate. The proposed methodology has been validated with a set of experiments on a well-known video anomaly dataset: UCF-CRIME. The experiments on the testbed demonstrate the impact of the contextual information and data balancing on the classification performances, considering only ”hard” anomalies during training and that the proposed model can achieve state-of-the-art performances while minimizing resource consumption.
{"title":"A Real-Time Deep Learning Approach for Real-World Video Anomaly Detection","authors":"S. Petrocchi, Giacomo Giorgi, M. Cimino","doi":"10.1145/3465481.3470099","DOIUrl":"https://doi.org/10.1145/3465481.3470099","url":null,"abstract":"Anomaly detection in video streams with imbalanced data and real-time constraints is a challenging task of computer vision. This paper proposes a novel real-time approach for real-world video anomaly detection exploiting a supervised learning methodology. In particular, we present a deep learning architecture based on the analysis of contextual, spatial, and motion information extracted from the video. A data balancing strategy based on hard-mining and adaptive framerate is used to avoid overfitting and increase detection accuracy. The approach defines an extended taxonomy by differentiating anomalies in ”soft” and ”hard”. A novel anomaly detection score based on a sigmoidal function has been introduced to reduce false positive rate while maintaining a high level of true positive rate. The proposed methodology has been validated with a set of experiments on a well-known video anomaly dataset: UCF-CRIME. The experiments on the testbed demonstrate the impact of the contextual information and data balancing on the classification performances, considering only ”hard” anomalies during training and that the proposed model can achieve state-of-the-art performances while minimizing resource consumption.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128590657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Malware is a primary concern in cybersecurity, being one of the attacker’s favorite cyberweapons. Over time, malware evolves not only in complexity but also in diversity and quantity. Malware analysis automation is thus crucial. In this paper we present ECDGs, a shorter call graph representation, and a new similarity function that is accurate and robust. Toward this goal, we revisit some principles of malware analysis research to define basic primitives and an evaluation paradigm addressed for the setup of more reliable experiments. Our benchmark shows that our similarity function is very efficient in practice, achieving speedup rates of 3.30x and 354,11x wrt. radiff2 for the standard and the cache-enhanced implementations, respectively. Our evaluations generate clusters that produce almost unerring results - homogeneity score of 0.983 for the accuracy phase - and marginal information loss for a highly polluted dataset - NMI score of 0.974 between initial and final clusters of the robustness phase. Overall, ECDGs and our similarity function enable autonomous frameworks for malware search and clustering that can assist human-based analysis or improve classification models for malware analysis.
{"title":"Accurate and Robust Malware Analysis through Similarity of External Calls Dependency Graphs (ECDG)","authors":"Cassius Puodzius, Olivier Zendra, Annelie Heuser, Lamine Noureddine","doi":"10.1145/3465481.3470115","DOIUrl":"https://doi.org/10.1145/3465481.3470115","url":null,"abstract":"Malware is a primary concern in cybersecurity, being one of the attacker’s favorite cyberweapons. Over time, malware evolves not only in complexity but also in diversity and quantity. Malware analysis automation is thus crucial. In this paper we present ECDGs, a shorter call graph representation, and a new similarity function that is accurate and robust. Toward this goal, we revisit some principles of malware analysis research to define basic primitives and an evaluation paradigm addressed for the setup of more reliable experiments. Our benchmark shows that our similarity function is very efficient in practice, achieving speedup rates of 3.30x and 354,11x wrt. radiff2 for the standard and the cache-enhanced implementations, respectively. Our evaluations generate clusters that produce almost unerring results - homogeneity score of 0.983 for the accuracy phase - and marginal information loss for a highly polluted dataset - NMI score of 0.974 between initial and final clusters of the robustness phase. Overall, ECDGs and our similarity function enable autonomous frameworks for malware search and clustering that can assist human-based analysis or improve classification models for malware analysis.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127285814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The virtualization of computing resources provided by containers has gained increasing attention and has been widely used in cloud computing. This new demand for container technology has been growing and the use of Docker and Kubernetes is considerable. According to recent technology surveys, containers are now mainstream. However, currently, one of the major challenges rises from the fact that multiple containers, with different owners, may cohabit on the same host. In container-based multi-tenant environments, security issues are of major concern. In this paper we investigate the performance of container-level anomaly-based intrusion detection systems for multi-tenant applications. We investigate the use of Bag of System Calls (BoSC) technique and the sliding window with the classifier and we consider eight machine learning algorithms for classification purposes. We show that among the eight machine learning algorithms, the best classification results are obtained with Decision Tree and Random Forest which lead to an F-Measure of 99.8%, using a sliding window with a size of 30 and the BoSC algorithm in both cases. We also show that, although both Decision Tree and Random Forest algorithms leads to the best classification results, the Decision Tree algorithm has a shorter execution time and consumes less CPU and memory than the Random Forest.
{"title":"Performance Evaluation of Container-Level Anomaly-Based Intrusion Detection Systems for Multi-Tenant Applications Using Machine Learning Algorithms","authors":"Marcos Cavalcanti, Pedro R. M. Inácio, M. Freire","doi":"10.1145/3465481.3470066","DOIUrl":"https://doi.org/10.1145/3465481.3470066","url":null,"abstract":"The virtualization of computing resources provided by containers has gained increasing attention and has been widely used in cloud computing. This new demand for container technology has been growing and the use of Docker and Kubernetes is considerable. According to recent technology surveys, containers are now mainstream. However, currently, one of the major challenges rises from the fact that multiple containers, with different owners, may cohabit on the same host. In container-based multi-tenant environments, security issues are of major concern. In this paper we investigate the performance of container-level anomaly-based intrusion detection systems for multi-tenant applications. We investigate the use of Bag of System Calls (BoSC) technique and the sliding window with the classifier and we consider eight machine learning algorithms for classification purposes. We show that among the eight machine learning algorithms, the best classification results are obtained with Decision Tree and Random Forest which lead to an F-Measure of 99.8%, using a sliding window with a size of 30 and the BoSC algorithm in both cases. We also show that, although both Decision Tree and Random Forest algorithms leads to the best classification results, the Decision Tree algorithm has a shorter execution time and consumes less CPU and memory than the Random Forest.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131003856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Prior research literature shows that there has been considerable work done in the last decade in the area of image de-identification (DeID) for privacy protection. With the advances made in privacy enhancing image DeID techniques, there have been research studies on different DeID performance evaluation approaches for determining the effectiveness of these methods. Existing approaches for evaluating DeID methods can be classified into three separate categories - analysis of privacy versus utility, analysis of viewer experience-based user studies, and analysis of robustness against adversarial attacks. However, none of these categorized approaches have utilized person re-identification (ReID) for evaluating DeID. Additionally, there are no previous research studies that have analyzed the threat of ReID to DeID. In this paper, we present a unique experimental case study that demonstrates how ReID can be used successfully for evaluating the efficacy of DeID techniques, and how, in the process, we can assess the threat of ReID to DeID. We describe a novel approach, in which a selected ReID algorithm is pitted against multiple DeID techniques to test the robustness of these DeID methods, and to determine if ReID can pose a threat to DeID as an adversary. Through this approach, we compare the DeID performances based upon how effectively they can deter successful ReID in the privacy enhanced versions of the ReID image dataset. Our preliminary results show how we can potentially evaluate DeID and compare DeID performances by analyzing the extents to which they are able to successfully resist re-identification i.e., by studying the impact of DeID on the ReID performances.
{"title":"Determining the Robustness of Privacy Enhancing DeID Against the ReID Adversary: An Experimental Study","authors":"Ankur Chattopadhyay, R. Ruska, Levi Pfantz","doi":"10.1145/3465481.3469210","DOIUrl":"https://doi.org/10.1145/3465481.3469210","url":null,"abstract":"Prior research literature shows that there has been considerable work done in the last decade in the area of image de-identification (DeID) for privacy protection. With the advances made in privacy enhancing image DeID techniques, there have been research studies on different DeID performance evaluation approaches for determining the effectiveness of these methods. Existing approaches for evaluating DeID methods can be classified into three separate categories - analysis of privacy versus utility, analysis of viewer experience-based user studies, and analysis of robustness against adversarial attacks. However, none of these categorized approaches have utilized person re-identification (ReID) for evaluating DeID. Additionally, there are no previous research studies that have analyzed the threat of ReID to DeID. In this paper, we present a unique experimental case study that demonstrates how ReID can be used successfully for evaluating the efficacy of DeID techniques, and how, in the process, we can assess the threat of ReID to DeID. We describe a novel approach, in which a selected ReID algorithm is pitted against multiple DeID techniques to test the robustness of these DeID methods, and to determine if ReID can pose a threat to DeID as an adversary. Through this approach, we compare the DeID performances based upon how effectively they can deter successful ReID in the privacy enhanced versions of the ReID image dataset. Our preliminary results show how we can potentially evaluate DeID and compare DeID performances by analyzing the extents to which they are able to successfully resist re-identification i.e., by studying the impact of DeID on the ReID performances.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130220961","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: