Visible to the public Automated Response Actions 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Automated Response Actions 2015

A recurring problem in cybersecurity is the need to automate systems to reduce human effort and error and to be able to react rapidly and accurately to an intrusion or insertion. The articles cited here describe a number of interesting approaches related to the Science of Security hard topics, including resilience and composability.

Ossenbuhl, S.; Steinberger, J.; Baier, H., "Towards Automated Incident Handling: How to Select an Appropriate Response against a Network-Based Attack?," in IT Security Incident Management & IT Forensics (IMF), 2015 Ninth International Conference on, pp. 51-67, 18-20 May 2015. doi: 10.1109/IMF.2015.13

Abstract: The increasing amount of network-based attacks evolved to one of the top concerns responsible for network infrastructure and service outages. In order to counteract these threats, computer networks are monitored to detect malicious traffic and initiate suitable reactions. However, initiating a suitable reaction is a process of selecting an appropriate response related to the identified network-based attack. The process of selecting a response requires to take into account the economics of an reaction e.g., risks and benefits. The literature describes several response selection models, but they are not widely adopted. In addition, these models and their evaluation are often not reproducible due to closed testing data. In this paper, we introduce a new response selection model, called REASSESS, that allows to mitigate network-based attacks by incorporating an intuitive response selection process that evaluates negative and positive impacts associated with each countermeasure. We compare REASSESS with the response selection models of IE-IRS, ADEPTS, CS-IRS, and TVA and show that REASSESS is able to select the most appropriate response to an attack in consideration of the positive and negative impacts and thus reduces the effects caused by an network-based attack. Further, we show that REASSESS is aligned to the NIST incident life cycle. We expect REASSESS to help organizations to select the most appropriate response measure against a detected network-based attack, and hence contribute to mitigate them.

Keywords: computer network security; telecommunication traffic; ADEPTS; CS-IRS; IE-IRS; NIST incident life cycle; REASSESS; TVA; automated incident handling; closed testing data; computer network monitoring; malicious traffic detection; network infrastructure; network-based attack; network-based attacks; reaction initiation; response selection models; service outages; Adaptation models; Biological system modeling; Delays; Internet; NIST; Network topology; Security; automatic mitigation; cyber security; intrusion response systems; network security}, (ID#: 15-8904)



Goldman, R.P.; Burstein, M.; Benton, J.; Kuter, U.; Mueller, J.; Robertson, P.; Cerys, D.; Hoffman, A.; Bobrow, R., "Active Perception for Cyber Intrusion Detection and Defense," in Self-Adaptive and Self-Organizing Systems Workshops (SASOW), 2015 IEEE International Conference on, pp. 92-101, 21-25 Sept. 2015.doi: 10.1109/SASOW.2015.20

Abstract: This paper describes an automated process of active perception for cyber defense. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. Our cognitive agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet mission-centered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

Keywords: decision theory; security of data; active perception; cognitive agent; critical network assets; cyber intrusion defense; cyber intrusion detection; decision theory; direct sensors; mission-centered decision-making; neuroscience; value of information; Context; Malware; Sensor phenomena and characterization; Servers; Visualization; Workstations; IDS correlation; active perception; cyber defense; intrusion detection (ID#: 15-8905)



Patil, Sushant; Parmar, Urvil; Karegaonkar, Rohit, "Automated Software Testing for High-End Touch Screen Automotive Displays," in Transportation Electrification Conference (ITEC), 2015 IEEE International, pp. 1-4, 27-29 Aug. 2015. doi: 10.1109/ITEC-India.2015.7386880

Abstract: The Current Methodologies of virtual and Automated Testing on touch screen displays are limited, since, minor screen changes and display software updates will cause the automated tests to fail and hence there will be a need to fix them. Addition of new items to a drop-down list, movement of buttons, reusability and conversion of Test scripts for similar devices will be a cumbersome job. The general approach of testing Display manually, is not feasible due to sluggishness, monotony and repetitiveness of work, which can cause manual errors in different volumes at different times, it will also reduce the option of Batch executions of tests 24???7. The automated approach for testing such Displays through XY coordinates pointing on screen, taking Screen captures and using optical character recognition for verification methods are non-reliable and affects the performance of testing. This makes automating a test difficult, causes a high amount of risk as well as high maintenance costs. This paper offers recent ideas and its implementation of software testing, on touch screen Displays, which are widely used in sophisticated passenger cars as well as in off-highway equipment like tractors, construction and Forestry etc. In this method of testing the Display's User interface, we use ???Test Events??? which are linked with different objects/Icons on displays. Every user action like selecting menu item from dropdown, pressing button, swiping, turning pages are considered as unique actions, and these actions are then bundled with unique Object Id data to create the events on the Display. These user events are simulated automatically and the response is monitored and logged for identifying and analyzing Software defects. The architecture is based on "Data Driven Model" where test data is separated from script in order to take care of any changes in quick and agile way. The Data such as unique references to objects and Pools on the screen are placed in SQL Database, this enables- to access data from different locations by multiple users. Though, the approach can be widely applied to majority of Touch screen applications, we restrict the scope of this paper to automotive domain due to the Standards and protocol used during implementation.

Keywords: Automation; Computer architecture; Databases; Manuals; Servers; Software; Testing (ID#: 15-8906)



Kumar, R.; Kumar, S., "Automated Fault Tolerant System for Control Computational Power in Desktop Grid," in Advance Computing Conference (IACC), 2015 IEEE International, pp. 818-821, 12-13 June 2015. doi: 10.1109/IADCC.2015.7154820

Abstract: Fault tolerant Resource consumption in Desktop grid is a motivational area in research. The present research paper focuses on the dimensions of Fault Tolerant resource usage especially in area of available computational power. Desktop grid resources are accountable for generation of computational power. Alchemi Desktop middleware is useful for collection of computational power on diverse machines in Microsoft window based environment. Failure and Fault in execution side can create serious problem, in addition to a direct impact on computational power in Real Time Environment. In the Environment of faults, control on the available computational power is very necessary in grid middleware. This problem has not been addressed so far. Alchemi Desktop Grid Middleware provides a manual Procedure for control of computational power in Real Time Environment. There is no automated mechanism available for controlling the processing power in alchemi desktop grid. This Research work has proposed, designed & developed automated framework for Alchemi Grid middleware. Framework can take control on available computational power in Real Time Environment at Time of Fault in execution processes. Testing for the framework is done in Real Time environment. Results after test show that framework gives quick response for controlling available computational power. Framework is able to detect defective process machine and correct fault in milliseconds which will cooperative to maintain level of available computational power In Real time Environment. This Research work has tried to eliminate Manual Procedure for controlling computational power by using automated Method for quick action in case of execution side faults.

Keywords: fault tolerant computing; grid computing; middleware; power aware computing; real-time systems; Alchemi desktop middleware; Microsoft Window based environment; alchemi desktop grid; automated fault tolerant system; automated mechanism; control computational power; desktop grid resource; fault tolerant resource consumption; grid middleware; real time environment; Fault tolerance; Fault tolerant systems; Grid computing; Local area networks; Middleware; Process control; Real-time systems; Alche; Computational Power; Middleware; fault Tolerant (ID#: 15-8907)



Tasdighi, M.; Kezunovic, M., "Impact Analysis of Network Topology Change on Transmission Distance Relay Settings," in Power & Energy Society General Meeting, 2015 IEEE, pp. 1-5, 26-30 July 2015. doi: 10.1109/PESGM.2015.7286152

Abstract: One big challenge raised by frequent topology change in today's power system is assessing the system protection security and dependability afterwards. This paper reviews the setting algorithm for the distance relays and proposes an automated setting calculation module. The calculation procedure is broken down into blocks which could be processed in parallel in order to improve the computation speed. The module could be used to assess the system protection vulnerabilities following a topology change in instances when multiple switching actions are done in response to occurrence of cascading faults or as a result of intentional control action. The module performance is tested on New England 39-bus and IEEE 118-bus systems. A sensitivity analysis in the form of N-2 contingency impact on the network relay settings is conducted on both test systems.

Keywords: IEEE standards; power system faults; power system protection; power system security; relay protection; sensitivity analysis; IEEE 118-bus system; N-2 contingency; New England 39-bus system; cascading fault occurrence; network topology analysis; power system protection; power system security; sensitivity analysis; transmission distance relay setting; Circuit faults; Impedance; Network topology; Protective relaying; Switches; Topology; N-2 contingency; Power system protection security and dependability phase distance settings; relay ranking; topology control; vulnerability (ID#: 15-8908)



Songfan Yang; Le An; Kafai, M.; Bhanu, B., "To Skip or Not to Skip? A Dataset of Spontaneous Affective Response of Online Advertising (SARA) for Audience Behavior Analysis," in Automatic Face and Gesture Recognition (FG), 2015 11th IEEE International Conference and Workshops on, vol. 1, pp. 1-8, 4-8 May 2015. doi: 10.1109/FG.2015.7163153

Abstract: In marketing and advertising research, “zapping” is defined as the action when a viewer skips a commercial advertisement. Researchers analyze audience's behavior in order to prevent zapping, which helps advertisers to design effective commercial advertisements. Since emotions can be used to engage consumers, in this paper, we leverage automated facial expression analysis to understand consumers' zapping behavior. To this end, we collect 612 sequences of spontaneous facial expression videos by asking 51 participants to watch 12 advertisements from three different categories, namely Car, Fast Food, and Running Shoe. In addition, the participants also provide self-reported reasons of zapping. We adopt a data-driven approach to formulate a zapping/non-zapping binary classification problem. With an in-depth analysis of expression response, specifically smile, we show a strong correlation between zapping behavior and smile response. We also show that the classification performance of different ad categories correlates with the ad's intention for amusement. The video dataset and self-reports are available upon request for the research community to study and analyze the viewers' behavior from their facial expressions.

Keywords: advertising data processing; face recognition; image classification; image sequences; video signal processing; SARA; audience behavior analysis; automated facial expression analysis; car; consumer zapping behavior; data-driven approach; effective commercial advertisement design; fast food; marketing research; running shoe; smile response; spontaneous affective response of online advertising dataset; spontaneous facial expression video sequences; video dataset; zapping-nonzapping binary classification problem; Advertising; Data collection; Face; Face recognition; Footwear; Videos; YouTube (ID#: 15-8909)



Azuma, S.-I.; Nakamoto, T.; Izumi, S.; Kitao, T.; Maruta, I., "Randomized Automated Demand Response for Real-Time Pricing," in Innovative Smart Grid Technologies Conference (ISGT), 2015 IEEE Power & Energy Society, pp. 1-5, 18-20 Feb. 2015. doi: 10.1109/ISGT.2015.7131807

Abstract: Automated demand response (ADR) is an essential technology for demand management such as real-time pricing. A major issue for ADR is the design of the units which control electric supply to each electric devise according to the price, so as to benefit both the supplier and consumer sides. Although a kind of universal design principle must be useful for the issue, it has never been established so far. This paper thus attempts to derive a design principle of the ADR units for real-time pricing and proposes ADR units based on it. First, as a design principle, it is clarified that the heterogeneity of the consumer-side actions is essential to control the total electric power consumption. Based on it, we propose randomized ADR units to artificially produce the heterogeneity. In each proposed unit, a random number is generated and electric power is provided to the connected electric devise only if a price-dependent condition is satisfied for the resulting random number. The proposed units enable the consumers to automatically buy electricity with a low price and allow the supplier to control the total consumption. They also guarantee the scalability of the resulting real-time pricing system.

Keywords: demand side management; power consumption; pricing; demand management; electric supply control; random number generation; randomized ADR unit design principle; randomized automated demand response; real-time pricing; total electric power consumption control; Conferences; Load management; Power supplies; Pricing; Real-time systems; Smart grids (ID#: 15-8910)



Akhoun, I.; Bestel, J.; Pracht, P.; El-Zir, E.; Van-den-Abbeele, T., "Automated Classification of Electrically-Evoked Compound Action Potentials," in Neural Engineering (NER), 2015 7th International IEEE/EMBS Conference on, pp. 687-690, 22-24 April 2015. doi: 10.1109/NER.2015.7146716

Abstract: Electrically-evoked compound action potentials (ECAPs) is an objective measure of peripheral neural encoding of electrical stimulation delivered by cochlear implants (CIs) at the auditory nerve level. ECAPs play a key role in automated CI fitting and outcome diagnosis, as long as presence of genuine ECAP is accurately detected automatically. Combination of ECAP amplitudes and signal-to-noise ratio are shown to efficiently detect true responses, by comparing them to subjective visual expert judgments. Corresponding optimal thresholds were calculated from Receiver-Operating-Characteristic curves. This was conducted separately on three artifact rejection methods: alternate polarity, masker-probe and modified-masker-probe. This model resulted in sensitivity and specificity error of 3.3% in learning, 3.5% in testing and 5.0% in verification. It was found that the following combination of ECAP amplitude and signal-to-noise ratio would be accurate predictors: 22 μV and 1.3 dB SNR thresholds for alternate polarity, 35 μV and -0.2 dB for masker-probe and 44 μV and -0.2 dB for modified-masker-probe.

Keywords: bioelectric potentials; cochlear implants; medical signal processing; neurophysiology; sensitivity analysis; signal classification; signal denoising; ECAP amplitudes; artifact rejection methods; auditory nerve level; automated CI fitting; automated classification; cochlear implants; electrical stimulation; electrically-evoked compound action potentials; modified-masker-probe; outcome diagnosis; peripheral neural encoding; receiver-operating characteristic curves; signal-to-noise ratio; specificity error; subjective visual expert judgments; Biomedical measurement; Current measurement; Pollution measurement; Sensitivity; Signal to noise ratio; Testing; Visualization; biomedical signal processing; cochlear implants; data mining (ID#: 15-8911)



Varnavsky, A.N., "Automated System for Correction of Functional State of Production Workers," in Control and Communications (SIBCON), 2015 International Siberian Conference on, pp. 1-4, 21-23 May 2015. doi: 10.1109/SIBCON.2015.7147315

Abstract: The article discusses the creation of automated system for correction of negative functional states of production workers on the basis of application equipment USB-6008 and the programming environment LabVIEW National Instruments. The USB-6008 is used for the removal of bioelectric signals worker whose analysis is a virtual instrument used to assess the presence of negative conditions and issue the necessary corrective action. Describes the version of the implementation of the automated system.

Keywords: medical signal processing; occupational health; virtual instrumentation; LabVIEW national instrument programming environment;USB-6008 application equipment; automated system; bioelectric signal removal; negative functional state correction; production workers; virtual instrument; Fatigue; Instruments; Productivity; Programming environments; Skin; Stress; USB-6008; corrective action; galvanic skin response; the correction of functional state; the negative functional status; virtual instrument (ID#: 15-8912)



Mobasheri, A.; Bakillah, M., "Towards a Unified Infrastructure for Automated Management and Integration of Heterogeneous Geo-Datasets in Disaster Response," in Geoscience and Remote Sensing Symposium (IGARSS), 2015 IEEE International, pp.  4570-4573, 26-31 July 2015. doi: 10.1109/IGARSS.2015.7326845

Abstract: Disaster response actors and decision makers need to perform several tasks and decisions in a short time. Handling such tasks requires access to sufficient, relevant and up-to-date datasets. Some of these datasets are static such as road network infrastructure and map of buildings. While several other kind of required information are dynamic and change during the occurrence of disaster. Such information may include number of casualties, wind speed, wind direction, road obstacles, etc. Semantic integration of various sources of information is the key to making efficient and fast actions by the actors in the filed as well as top-level decision makers. In this paper, we elaborate on the research challenges of data integration from multiple heterogeneous sources by proposing the system architecture of ASSIST (Access, Semantic Search and Integration Service and Translation). The paper concludes with discussing the future work on this smart service.

Keywords: disasters; emergency management; geographic information systems; geophysics computing; roads; wind; ASSIST system architecture; Access, Semantic Search and Integration Service and Translation; automated disaster management; building map; disaster occurrence; disaster response; geodataset;road network infrastructure; road obstacle; wind direction; wind speed; Disaster management; Floods; Geospatial analysis; Real-time systems; Semantics; Spatial databases; Wireless sensor networks; Data integration; Disaster response; Geo-Sensor web; Semantic Web; VGI (ID#: 15-8913)



Fuller, T.R.; Deane, G.E., "Creating Complex Applications via Self-Adapting Autonomous Agents in an Intelligent System Framework," in Self-Adaptive and Self-Organizing Systems (SASO), 2015 IEEE 9th International Conference on, pp. 164-165, 21-25 Sept. 2015. doi: 10.1109/SASO.2015.27

Abstract: In this paper, we present a process, developed over years of practical commercial use, where applications accomplishing a wide variety of complex tasks are created from a common framework, through the use, recombination and iterative refinement of autonomous agents in a Multi-Agent Intelligent System. Driven by a need to solve real-world problems, our focus is to make businesses run more efficiently in an increasingly complex world of systems and software that must work together seamlessly. By listening closely to our customers' problems, we discovered points of commonality, as well as patterns of anomalies related to the flow of data through communication channels and data processing systems, include accounting, inventory, customer relationship management, scheduling systems and many more. We solved their problems through the creation of an Intelligent System, where we defined and implemented software agents that were highly configurable, responsive in real-time and useable in various settings. Autonomous agents adhere to a standard format of three major components: the goal or triggering criteria, the action, and the adaptation response. Agents run within a common Intelligent System framework and agent libraries provide a vast set of component behaviors to build applications from. Agents have one or more of the following component behaviors: sensory aware, geo-position aware, temporally aware, API aware, device aware, and many more. Additionally, there are manager-level agents whose goal is to keep the overall system in balance, through dynamic resource allocation on a system level. To prove the viability of this process, we present a variety of applications representing wide ranging behaviors, many with overlapping agents, created via this approach, all of which are in active commercial use. Finally, we discuss future enhancements toward self-organization, where end users express their requirements declaratively to solve larger business needs, resulting in the automatic instantiation of a solution specific intelligent system.

Keywords: application program interfaces; business data processing; customer relationship management; multi-agent systems; resource allocation; scheduling; software agents; API aware behavior; agent libraries; business needs; businesses; complex applications; component behaviors; customer relationship management; device aware behavior; dynamic resource allocation; geo-position aware behavior; intelligent system framework; iterative refinement; manager-level agents; multiagent intelligent system; scheduling systems; self-adapting autonomous agents; sensory aware behavior; software agents; solution specific intelligent system; temporally aware behavior; Conferences; application framework; artificial intelligence; automated integration; autonomous agent; dynamic processing; multi-agent intelligent system; resource allocation (ID#: 15-8914)



Meraoumia, A.; Chitroub, S.; Bouridane, A., "An Automated Ear Identification System Using Gabor Filter Responses," in New Circuits and Systems Conference (NEWCAS), 2015 IEEE 13th International, pp. 1-4, 7-10 June 2015. doi: 10.1109/NEWCAS.2015.7182085

Abstract: About some years ago, several biometric technologies are considered mature enough to be a new tool for security and ear-based person identification is one of these technologies. This technology provides a reliable, low cost and user-friendly viable solution for a range of access control applications. In this paper, we propose an efficient online personal identification system based on ear images. In this purpose, the identification algorithm aims to extract, for each ear, a specific set of features. Based on Gabor filter response, three ear features have been used in order to extract different and complementary information: phase, module and a combination of the real and imaginary parts. Using these features, several combinations are tested in the fusion phase in order to achieve an optimal multi-representation system which leads to a better identification accuracy. The obtained experimental results show that the system yields the best performance for identifying a person and it is able to provide the highest degree of biometrics-based system security.

Keywords: Gabor filters; biometrics (access control);ear; feature extraction; image fusion; Gabor filter response; automated ear identification system; biometrics-based system security; ear-based person identification; feature extraction; fusion phase; multirepresentation system; online personal identification system; Accuracy; Biomedical imaging; Biometrics (access control);Databases; Ear; Feature extraction; System performance; Biometrics; Data fusion;Ear; Gabor filter; Identification (ID#: 15-8915)



Kumar, G.; Saini, H., "Secure Composition of ECC-PAKE Protocol for Multilayer Consensus Using Signcryption," in Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, pp. 740-745, 4-6 April 2015. doi: 10.1109/CSNT.2015.91

Abstract: The manuscript provides a derivation approach based on the challenge response session specific protocol, wherever similar methods are applies for alternative algorithms, such as Diffie-Hellman, RSA, Elliptic Curve Cryptography etc. The only change in the primitive generators. Further, described the key generation for password authenticated key exchange for multilayer consensus and then after signcryption approach applied which logically combines the computational cost and communicational cost into a single stride. Proposed methodology using signcryption potentially reduces the overall computation time, needed for key generation and signature. The results of multilayer consensus key generation approach are tested on SPAN and Automated Validation of Internet Security Protocol Architecture (AVISAP) tool.

Keywords: cryptographic protocols; Diffie-Hellman; ECC-PAKE protocol; RSA; SPAN; automated validation of internet security protocol architecture tool; challenge response session specific protocol; elliptic curve cryptography; multilayer consensus; password authenticated key exchange; primitive generators; secure composition; signcryption; Elliptic curve cryptography; Encryption; Nonhomogeneous media; Protocols; Challenge-Response; ECC; MCEPAK; PDS; Secure composition; Signcryption (ID#: 15-8916)



Al-Ali, Zaid; Al-Duwairi, Basheer; Al-Hammouri, Ahmad T., "Handling System Overload Resulting from DDoS Attacks and Flash Crowd Events," in Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on, pp. 512-512, 3-5 Nov. 2015. doi: 10.1109/CSCloud.2015.66

Abstract: This paper presents a system that provides mitigation for DDoS attacks as a service, and is capable of handling flash crowd events at the same time. Providing DDoS protection as a service represents an important solution especially for Websites that have limited resources with no infrastructure in place for defense against these attacks. The proposed system is composed of two main components: (i) The distributed CAPTCHA service, which comprises a large number of powerful nodes geographically and suitably distributed in the Internet acting as a large distributed firewall, and (ii) The HTTP redirect module, which is a stateless HTTP server that redirects Web requests destined to the targeted Webserver to one of the CAPTCHA nodes. The CAPTCHA node can then segregate legitimate clients from automated attacks by requiring them to solve a challenge. Upon successful response, legitimate clients (humans) are forwarded through a given CAPTCHA node to the Webserver.

Keywords: Ash; CAPTCHAs; Computer crime; Conferences; Relays; Servers (ID#: 15-8917)



Balfour, R.E., "Building The “Internet of Everything” (IoE) for First Responders," in Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long Island, pp. 1-6, 1-1 May 2015. doi: 10.1109/LISAT.2015.7160172

Abstract: The “Internet of Everything” (IoE) describes the “bringing together of people, process, data, and things to make networked connections more relevant and valuable than ever before”. IoE encompasses both machine-to-machine (M2M) and Internet-of-Things (IoT) technologies, and it is the pervasiveness of IoE than can be leveraged to achieve many things for many people, including first responders. The emerging IoE will continue to evolve over the next ten years and beyond, but the IoT can happen now, with automated M2M communications bringing first responder communications and situational awareness to the leading-edge of IoE-leveraged technology - exactly where they belong as they risk their lives to protect and save others. Presented here are a number of technological capabilities that are critical to achieving the IoE, especially for first responders and emergency managers, including (a) Security; (b) a global M2M standard; (c) powerful four-dimensional M2M applications; and (d) Data Privacy and trust. For advanced security, Software Defined network Perimeters (SDP) can provide the critical functionality to protect and secure M2M nodes in an ad-hoc M2M IoT/IoE network. Without a secure, dynamic, M2M network, the vision of an emergency responder instantly communicating with a “smart building” would not be feasible. But with SDP, it can, and will, happen. SDP enables an ad-hoc, secure M2M network to rapidly deploy and “hide in plain sight”. In an emergency response situation, this is exactly what we need. For M2M/IoT to go mobile and leverage global IoE capabilities anywhere (which is what emergency responders need as emergency locations are somewhat unpredictable and change every day), a global industry standard must be, and is being, developed: oneM2M. And the existing fourDscape® technology/platform could quickly support a oneM2M system structure that can be deployed in the short term, with the fo- rDscape browser providing powerful M2M IoT/IoE applications and 4D visualizations. Privacy-by-design principles can also be applied and other critical related issues addressed beyond privacy (i.e. once privacy is achieved and available IoE sensors/data can be leveraged), such as trusting, scaling, hacking, and securing M2M IoT/IoE devices and systems. Without the full package of IoE innovation embracing the very public IoE world in a very private and secure way, and can continue to evolve in parallel with emerging commercial IoE technology, first responders would not be able to leverage the commercial state-of-the-art in the short term and in the years to come. Current technology innovation can change that.

 Keywords: Internet of Things; computer crime; data privacy; data visualisation; innovation management; software defined networking; trusted computing;4D visualizations; Internet of Everything; Internet-of-Things technologies; IoE pervasiveness; IoT technologies; M2M network security;SDP; ad-hoc M2M IoT/IoE network; ad-hoc network; automated M2M communications; data privacy; emergency responder; emergency response situation; four-dimensional M2M applications; fourDscape browser; global IoE capabilities; global M2M standard; global industry standard; hacking; machine-to-machine; oneM2M system structure; privacy-by-design principles; responder communications; situational awareness; smart building; software defined network perimeters; technology innovation; trust;Ad hoc networks; Buildings; Computer architecture; Mobile communication; Security; Tablet computers; Internet-of-Everything; Internet-of-Things; IoE; IoT; M2M; Machine-to-Machine; PbD; Privacy-by-Design; SDP; Software Defined Network Perimeters; fourDscape (ID#: 15-8918)



Hegarty, Rob; Haggerty, John, "SlackStick: Signature-Based File Identification for Live Digital Forensics Examinations," in Intelligence and Security Informatics Conference (EISIC), 2015 European, pp. 24-29, 7-9 Sept. 2015. doi: 10.1109/EISIC.2015.28

Abstract: A digital forensics investigation may involve procedures for both live forensics and for gathering evidence from a device in a forensics laboratory. Due to the focus on capturing volatile data during a live forensics investigation, tools have been developed that are aimed at capturing specific data surrounding state information. However, there may be circumstances whereby non-volatile data analysis, such as the identification of files of interest, is also required. In such an investigation, the ability to use file-wise, or hash, signatures is precluded due to pre-processing requirements by the forensics tools. Therefore, this paper presents SlackStick, a novel automated approach run from a USB memory device for the identification of files of interest or non-volatile evidence triage using an alternative signature scheme. Moreover, the approach may be used by inexpert users during a first-response phase of an investigation. The results of the case study presented in this paper demonstrate the applicability of the approach.

Keywords: Computers; Digital forensics; File systems; Object recognition; Operating systems; Digital forensics; file signatures; live investigations (ID#: 15-8919)



Knirsch, F.; Engel, D.; Frincu, M.; Prasanna, V., "Model-Based Assessment for Balancing Privacy Requirements and Operational Capabilities in the Smart Grid," in Innovative Smart Grid Technologies Conference (ISGT), 2015 IEEE Power & Energy Society, pp. 1-5, 18-20 Feb. 2015. doi: 10.1109/ISGT.2015.7131805

Abstract: The smart grid changes the way energy is produced and distributed. In addition both, energy and information is exchanged bidirectionally among participating parties. Therefore heterogeneous systems have to cooperate effectively in order to achieve a common high-level use case, such as smart metering for billing or demand response for load curtailment. Furthermore, a substantial amount of personal data is often needed for achieving that goal. Capturing and processing personal data in the smart grid increases customer concerns about privacy and in addition, certain statutory and operational requirements regarding privacy aware data processing and storage have to be met. An increase of privacy constraints, however, often limits the operational capabilities of the system. In this paper, we present an approach that automates the process of finding an optimal balance between privacy requirements and operational requirements in a smart grid use case and application scenario. This is achieved by formally describing use cases in an abstract model and by finding an algorithm that determines the optimum balance by forward mapping privacy and operational impacts. For this optimal balancing algorithm both, a numeric approximation and - if feasible - an analytic assessment are presented and investigated. The system is evaluated by applying the tool to a real-world use case from the University of Southern California (USC) microgrid.

Keywords: approximation theory; distributed power generation; power generation protection; power system security; smart power grids; USC microgrid; University of Southern California; billing; common high-level use case; demand response; forward mapping privacy; heterogeneous systems; load curtailment; model-based assessment; numeric approximation; operational capabilities; operational requirement; optimal balancing algorithm; privacy requirements; privacy-aware data processing; privacy-aware data storage; smart grid; smart metering; Data privacy; Mathematical model; Merging; Numerical models; Privacy; Security; Smart grids (ID#: 15-8920)



Ferreira, A.; Lenzini, G., "An Analysis of Social Engineering Principles in Effective Phishing," in Socio-Technical Aspects in Security and Trust (STAST), 2015 Workshop on, pp. 9-16, 13-13 July 2015. doi: 10.1109/STAST.2015.10

Abstract: Phishing is a widespread practice and a lucrative business. It is invasive and hard to stop: a company needs to worry about all emails that all employees receive, while an attacker only needs to have a response from a key person, e.g., a finance or human resources' responsible, to cause a lot of damages. Some research has looked into what elements make phishing so successful. Many of these elements recall strategies that have been studied as principles of persuasion, scams and social engineering. This paper identifies, from the literature, the elements which reflect the effectiveness of phishing, and manually quantifies them within a phishing email sample. Most elements recognised as more effective in phishing commonly use persuasion principles such as authority and distraction. This insight could lead to better automate the identification of phishing emails and devise more appropriate countermeasures against them.

Keywords: computer crime; social aspects of automation; unsolicited e-mail; authority; distraction; effective phishing; persuasion principles; phishing emails identification; scams; social engineering principles; Decision making; Electronic mail; Internet; Psychology; Security; Social network services; classification; phishing emails; principles of persuasion; social engineering (ID#: 15-8921)



Proudfoot, J.G.; Jenkins, J.L.; Burgoon, J.K.; Nunamaker, J.F., "Deception is in the Eye of the Communicator: Investigating Pupil Diameter Variations in Automated Deception Detection Interviews," in Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on, pp. 97-102, 27-29 May 2015. doi: 10.1109/ISI.2015.7165946

Abstract: Deception is pervasive, often leading to adverse consequences for individuals, organizations, and society. Information systems researchers are developing tools and evaluating sensors that can be used to augment human deception judgments. One sensor exhibiting particular promise is the eye tracker. Prior work evaluating eye trackers for deception detection has focused on the detection and interpretation of brief eye behavior variations in response to stimuli (e.g, images) or interview questions. However, research is needed to understand how eye behaviors evolve over the course of an interaction with a deception detection system. Using latent growth curve modeling, we test how pupil diameter evolves over one's interaction with a deception detection system. The results indicate that pupil diameter changes over the course of a deception detection interaction, and that these trends are indicative of deception during the interaction, regardless if incriminating target items are shown.

Keywords: behavioural sciences computing; gaze tracking; image sensors; object detection; automated deception detection interviews; communicator eye; deception detection interaction; deception detection system; eye behavior variations; eye stimuli; eye tracker; human deception judgments; information systems; latent growth curve modeling; pupil diameter variations; sensor; Accuracy; Analytical models; Information systems; Interviews; Organizations; Sensors; deception detection systems; eye tracking; latent growth curve modeling; pupil diameter (ID#: 15-8922)



Khandal, D.; Somwanshi, D., "A Novel Cost Effective Access Control and Auto Filling Form System Using QR Code," in Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, pp. 1-5, 10-13 Aug. 2015. doi: 10.1109/ICACCI.2015.7275575

Abstract: QR codes are used to store information in two dimensional grids which can be decoded quickly. The proposed work here deals with Quick response (QR) code extending its encoding and decoding implementation to design a new articulated user authentication and access control mechanism. The work also proposes a new simultaneous registration system for offices and organizations. The proposed system retrieves the candidate's information from their QR identification code and transfers the data to the digital application form, along with granting authentication to authorized QR image from the database. The system can improve the quality of service and thus it can increase the productivity of any organization.

Keywords: QR codes; authorisation; cryptography; decoding; image coding; information retrieval; information storage; quality of service; QR identification code; articulated user authentication design; authorized QR image; auto filling form system; candidate information retrieval; cost effective access control system; data transfer; decoding implementation; digital application form; encoding implementation; information storage; offices; organizations; quality of service improvement; quick response code; registration system; two-dimensional grid; Decoding; Handwriting recognition; IEC; ISO; Image recognition; Magnetic resonance imaging; Monitoring; Authentication; Automated filling form; Code Reader; Embedded system; Encoding-Decoding; Proteus; QR codes; Security (ID#: 15-8923)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.