Visible to the public Hard Problems: Security Metrics 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block



SoS Logo

Hard Problems: Security Metrics



Measurement is at the core of science. The development of accurate metrics is a major element for achieving a true Science of Security. It is also one of the hard problems to solve. The research cited here was presented in 2014 and 2015.

R. Slayton, “Measuring Risk: Computer Security Metrics, Automation, and Learning,” in IEEE Annals of the History of Computing, vol. 37, no. 2, pp. 32-45, Apr.-June 2015. doi: 10.1109/MAHC.2015.30
Abstract: Risk management is widely seen as the basis for cybersecurity in contemporary organizations, but practitioners continue to dispute its value. This article analyzes debate over computer security risk management in the 1970s and 1980s United States, using this debate to enhance our understanding of the value of computer security metrics more generally. Regulators placed a high value on risk analysis and measurement because of their association with objectivity, control, and efficiency. However, practitioners disputed the value of risk analysis, questioning the final measurement of risk. The author argues that computer security risk management was most valuable not because it provided an accurate measure of risk, but because the process of accounting for risks could contribute to organizational learning. Unfortunately, however, organizations were sorely tempted to go through the motions of risk management without engaging in the more difficult process of learning.
Keywords: risk management; security of data; automation; computer security risk management; cybersecurity; organizational learning; risk analysis; risk measurement; Computer security; Government policies; History; Measurement; Risk management; computer security; history of computing; measurement; metrics; policys; risk assessment (ID#: 16-9687)


C. Vellaithurai, A. Srivastava, S. Zonouz and R. Berthier, “CPIndex: Cyber-Physical Vulnerability Assessment for Power-Grid Infrastructures,” in IEEE Transactions on Smart Grid, vol. 6, no. 2, pp. 566-575, March 2015. doi: 10.1109/TSG.2014.2372315
Abstract: To protect complex power-grid control networks, power operators need efficient security assessment techniques that take into account both cyber side and the power side of the cyber-physical critical infrastructures. In this paper, we present CPINDEX, a security-oriented stochastic risk management technique that calculates cyber-physical security indices to measure the security level of the underlying cyber-physical setting. CPINDEX installs appropriate cyber-side instrumentation probes on individual host systems to dynamically capture and profile low-level system activities such as interprocess communications among operating system assets. CPINDEX uses the generated logs along with the topological information about the power network configuration to build stochastic Bayesian network models of the whole cyber-physical infrastructure and update them dynamically based on the current state of the underlying power system. Finally, CPINDEX implements belief propagation algorithms on the created stochastic models combined with a novel graph-theoretic power system indexing algorithm to calculate the cyber-physical index, i.e., to measure the security-level of the system's current cyber-physical state. The results of our experiments with actual attacks against a real-world power control network shows that CPINDEX, within few seconds, can efficiently compute the numerical indices during the attack that indicate the progressing malicious attack correctly.
Keywords: Bayes methods; graph theory; power engineering computing; power grids; power system control; power system security; risk management; stochastic processes; CPIndex; cyber-physical critical infrastructures; cyber-physical security indices; cyber-physical vulnerability assessment; cyber-side instrumentation probes; graph-theoretic power system indexing algorithm; interprocess communications; numerical indices; operating system assets; power network configuration; power operators; power-grid Infrastructures; power-grid control networks; security assessment techniques; security-oriented stochastic risk management technique; stochastic Bayesian network models; Generators; Indexes; Power measurement; Security; Smart grids; Cyber-physical security metrics; cyber-physical systems; intrusion detection systems; situational awareness (ID#: 16-9688)


H. Holm, K. Shahzad, M. Buschle and M. Ekstedt, “P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language,” in IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 6, pp. 626-639, Nov.-Dec. 1 2015.
doi: 10.1109/TDSC.2014.2382574
Abstract: This paper presents the Predictive, Probabilistic Cyber Security Modeling Language (P2CySeMoL), an attack graph tool that can be used to estimate the cyber security of enterprise architectures. P2CySeMoL includes theory on how attacks and defenses relate quantitatively; thus, users must only model their assets and how these are connected in order to enable calculations. The performance of P2CySeMoL enables quick calculations of large object models. It has been validated on both a component level and a system level using literature, domain experts, surveys, observations, experiments and case studies.
Keywords: estimation theory; formal languages; graph theory; probability; security of data; software architecture; P2CySeMoL; attack graph tool; cyber security estimation; enterprise architecture; predictive probabilistic cyber security modeling language; Computational modeling; Computer architecture; Computer security; Data models; Predictive models; Probabilistic logic; attack graphs; risk management; security metrics (ID#: 16-9689)


C. Liu, N. Yang, J. Yuan and R. Malaney, “Location-Based Secure Transmission for Wiretap Channels,” in IEEE Journal on Selected Areas in Communications, vol. 33, no. 7, pp. 1458-1470, July 2015. doi: 10.1109/JSAC.2015.2430211
Abstract: Location information has been shown to be useful for a wide variety of applications in wireless networks, while its role in physical layer security has so far drawn little attention. In this work, we propose a new location-based secure transmission scheme for wiretap channels, where the accurate locations of the sources, destinations and any other authorized transceivers are known, but only an estimate of the eavesdropper's location is available. We outline how such an estimate of the eavesdropper's location can still allow for quantitative assessment of key security metrics. To provide focus, we describe how optimization of the effective secrecy throughput of a relay wiretap channel is obtained in our scheme, and investigate in detail the impact of the location uncertainty on the system performance. The work reported here provides insights into the design of new location-based physical layer security schemes in which the only information available on an eavesdropper is a noisy estimate of her location.
Keywords: optimisation; radio networks; radio transceivers; telecommunication security; wireless channels; authorized transceivers; eavesdropper location; key security metrics; location based secure transmission; location based secure transmission scheme; location information; physical layer security; quantitative assessment; wireless networks; wiretap channels; Physical layer; Relays; Security; Signal to noise ratio; Synchronization; Location; artificial noise; relay networks; wiretap channel (ID#: 16-9690)


L. Wang, K. J. Kim, T. Q. Duong, M. Elkashlan and H. V. Poor, “Security Enhancement of Cooperative Single Carrier Systems,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 1, pp. 90-103, Jan. 2015. doi: 10.1109/TIFS.2014.2360437
Abstract: In this paper, the impact of multiple active eavesdroppers on cooperative single carrier systems with multiple relays and multiple destinations is examined. To achieve the secrecy diversity gains in the form of opportunistic selection, a two-stage scheme is proposed for joint relay and destination selection, in which, after the selection of the relay with the minimum effective maximum signal-to-noise ratio (SNR) to a cluster of eavesdroppers, the destination that has the maximum SNR from the chosen relay is selected. To accurately assess the secrecy performance, exact and asymptotic expressions are obtained in closed form for several security metrics, including the secrecy outage probability, probability of nonzero secrecy rate, and ergodic secrecy rate in frequency selective fading. Based on the asymptotic analysis, key design parameters, such as secrecy diversity gain, secrecy array gain, secrecy multiplexing gain, and power cost, are characterized, from which new insights are drawn. In addition, it is concluded that secrecy performance limits occur when the average received power at the eavesdropper is proportional to the counterpart at the destination. In particular, for the secrecy outage probability, it is confirmed that the secrecy diversity gain collapses to zero with outage floor, whereas for the ergodic secrecy rate, it is confirmed that its slope collapses to zero with capacity ceiling.
Keywords: cooperative communication; probability; relay networks (telecommunication); telecommunication network reliability; telecommunication security; SNR; asymptotic analysis; asymptotic expression; capacity ceiling; cooperative single carrier system security enhancement; ergodic secrecy rate; frequency selective fading; multiple active eavesdropper; multiple relay selection; opportunistic selection; outage probability; secrecy diversity gain; signal-to-noise ratio; two-stage scheme; Diversity methods; Fading; Receivers; Relays; Security; Signal to noise ratio; Wireless communication; Cooperative transmission;  physical layer security; secrecy ergodic rate; secrecy outage probability; single carrier transmission (ID#: 16-9691)


R. Bulbul, P. Sapkota, C. W. Ten, L. Wang and A. Ginter, “Intrusion Evaluation of Communication Network Architectures for Power Substations,” in IEEE Transactions on Power Delivery, vol. 30, no. 3, pp. 1372-1382, June 2015. doi: 10.1109/TPWRD.2015.2409887
Abstract: Electronic elements of a substation control system have been recognized as critical cyberassets due to the increased complexity of the automation system that is further integrated with physical facilities. Since this can be executed by unauthorized users, the security investment of cybersystems remains one of the most important factors for substation planning and maintenance. As a result of these integrated systems, intrusion attacks can impact operations. This work systematically investigates the intrusion resilience of the ten architectures between a substation network and others. In this paper, two network architectures comparing computer-based boundary protection and firewall-dedicated virtual local-area networks are detailed, that is, architectures one and ten. A comparison on the remaining eight architecture models was performed. Mean time to compromise is used to determine the system operational period. Simulation cases have been set up with the metrics based on different levels of attackers' strength. These results as well as sensitivity analysis show that implementing certain architectures would enhance substation network security.
Keywords: firewalls; investment; local area networks; maintenance engineering; power system planning; safety systems; substation automation; substation protection; automation system; communication network architectures; computer-based boundary protection; cybersystems; electronic elements; firewall-dedicated virtual local-area networks; intrusion attacks; intrusion evaluation; intrusion resilience; power substations; security investment; sensitivity analysis; substation control system; substation maintenance; substation network security; substation planning; unauthorized users; Computer architecture; Modems; Protocols; Security; Servers; Substations; Tin; Cyberinfrastructure; electronic intrusion; network security planning; power substation (ID#: 16-9692)


P. L. Yu, G. Verma and B. M. Sadler, “Wireless Physical Layer Authentication via Fingerprint Embedding,” in IEEE Communications Magazine, vol. 53, no. 6, pp. 48-53, June 2015. doi: 10.1109/MCOM.2015.7120016
Abstract: Authentication is a fundamental requirement for secure communications. In this article, we describe a general framework for fingerprint embedding at the physical layer in order to provide message authentication that is secure and bandwidth-efficient. Rather than depending on channel or device characteristics that are outside of our control, deliberate fingerprint embedding for message authentication enables control over performance trade-offs by design. Furthermore, low-power fingerprint designs enhance security by making the authentication tags less accessible to adversaries. We define metrics for communications and authentication performance, and discuss the trade-offs in system design. Results from our wireless software-defined radio experiments validate the theory and demonstrate the low complexity, practicality, and enhanced security of the approach.
Keywords: fingerprint identification; message authentication; telecommunication security; fingerprint embedding; low-power fingerprint designs; secure communications; wireless physical layer authentication; wireless software-defined radio; Authentication; Bit error rate; Fingerprint recognition; Network security; Physical layer; Receivers; Signal to noise ratio; Wireless networks (ID#: 16-9693)


T. Qin, X. Guan, C. Wang and Z. Liu, “MUCM: Multilevel User Cluster Mining Based on Behavior Profiles for Network Monitoring,” in IEEE Systems Journal, vol. 9, no. 4, pp. 1322-1333, Dec. 2015. doi: 10.1109/JSYST.2014.2350019
Abstract: Mastering user's behavior character is important for efficient network management and security monitoring. In this paper, we develop a novel framework named as multilevel user cluster mining (MUCM) to measure user's behavior similarity under different network prefix levels. Focusing on aggregated traffic behavior under different network prefixes cannot only reduce the number of traffic flows but also reveal detailed patterns for a group of users sharing similar behaviors. First, we employ the bidirectional flow and bipartite graphs to model network traffic characteristics in large-scale networks. Four traffic features are then extracted to characterize the user's behavior profiles. Second, an efficient method with adjustable weight factors is employed to calculate the user's behavior similarity, and entropy gain is applied to select the weight factor adaptively. Using the behavior similarity metrics, a simple clustering algorithm based on κ-means is employed to perform user clustering based on behavior profiles. Finally, we examine the applications of behavior clustering in profiling network traffic patterns and detecting anomalous behaviors. The efficiency of our methods is verified with extensive experiments using actual traffic traces collected from the northwest region center of China Education and Research Network (CERNET), and the cluster results can be used for flow control and traffic security monitoring.
Keywords: complex networks; computer network management; computer network security; data mining; graph theory; pattern clustering; CERNET; China Education and Research Network; MUCM; behavior clustering; behavior profiles; behavior similarity metrics; bidirectional flow; bipartite graphs; large-scale networks; multilevel user cluster mining; network management; network monitoring; network prefix levels; network traffic characteristics; north-west region center; profiling network traffic patterns; traffic security monitoring; user behavior character; user behavior profiles; user behavior similarity; weight factor; Communities; Feature extraction; IP networks; Monitoring; Ports (Computers); Protocols; Security; Behavior profiles; different prefix levels; regional flow model; user clustering (ID#: 16-9694)


T. Lv, H. Gao and S. Yang, “Secrecy Transmit Beamforming for Heterogeneous Networks,” in IEEE Journal on Selected Areas in Communications, vol. 33, no. 6, pp. 1154-1170, June 2015. doi: 10.1109/JSAC.2015.2416984
Abstract: In this paper, we pioneer the study of physical-layer security in heterogeneous networks (HetNets). We investigate secure communications in a two-tier downlink HetNet, which comprises one macrocell and several femtocells. Each cell has multiple users and an eavesdropper attempts to wiretap the intended macrocell user. First, we consider an orthogonal spectrum allocation strategy to eliminate co-channel interference, and propose the secrecy transmit beamforming only operating in the macrocell (STB-OM) as a partial solution for secure communication in HetNet. Next, we consider a secrecy-oriented non-orthogonal spectrum allocation strategy and propose two cooperative STBs which rely on the collaboration amongst the macrocell base station (MBS) and the adjacent femtocell base stations (FBSs). Our first cooperative STB is the STB sequentially operating in the macrocell and femtocells (STB-SMF), where the cooperative FBSs individually design their STB matrices and then feed their performance metrics to the MBS for guiding the STB in the macrocell. Aiming to improve the performance of STB-SMF, we further propose the STB jointly designed in the macrocell and femtocells (STB-JMF), where all cooperative FBSs feed channel state information to the MBS for designing the joint STB. Unlike conventional STBs conceived for broadcasting or interference channels, the three proposed STB schemes all entail relatively sophisticated optimizations due to QoS constraints of the legitimate users. To efficiently use these STB schemes, the original optimization problems are reformulated and convex optimization techniques, such as second-order cone programming and semidefinite programming, are invoked to obtain the optimal solutions. Numerical results demonstrate that the proposed STB schemes are highly effective in improving the secrecy rate performance of HetNet.
Keywords: array signal processing; cochannel interference; convex programming; cooperative communication; femtocellular radio; interference suppression; matrix algebra; radio spectrum management; telecommunication security; wireless channels; FBS; MBS; QoS constraint; STB-OM; Secrecy Transmit Beamforming; broadcasting; channel state information; cochannel interference elimination; convex optimization technique; cooperative STB; femtocell base station; heterogeneous network; macrocell base station; optimization problem; orthogonal spectrum allocation strategy; physical-layer security; second-order cone programming; secrecy-oriented nonorthogonal spectrum allocation strategy; secure communication; semidefinite programming; two-tier downlink HetNet; Array signal processing; Femtocells; Interference; Macrocell networks; Quality of service; Resource management; Vectors; Beamforming; femtocell; nonconvex optimization; semidefinite programming (SDP) (ID#: 16-9695)


M. Mozaffari-Kermani, S. Sur-Kolay, A. Raghunathan and N. K. Jha, “Systematic Poisoning Attacks on and Defenses for Machine Learning in Healthcare,” in IEEE Journal of Biomedical and Health Informatics, vol. 19, no. 6, pp. 1893-1905, Nov. 2015. doi: 10.1109/JBHI.2014.2344095
Abstract: Machine learning is being used in a wide range of application domains to discover patterns in large datasets. Increasingly, the results of machine learning drive critical decisions in applications related to healthcare and biomedicine. Such health-related applications are often sensitive, and thus, any security breach would be catastrophic. Naturally, the integrity of the results computed by machine learning is of great importance. Recent research has shown that some machine-learning algorithms can be compromised by augmenting their training datasets with malicious data, leading to a new class of attacks called poisoning attacks. Hindrance of a diagnosis may have life-threatening consequences and could cause distrust. On the other hand, not only may a false diagnosis prompt users to distrust the machine-learning algorithm and even abandon the entire system but also such a false positive classification may cause patient distress. In this paper, we present a systematic, algorithm-independent approach for mounting poisoning attacks across a wide range of machine-learning algorithms and healthcare datasets. The proposed attack procedure generates input data, which, when added to the training set, can either cause the results of machine learning to have targeted errors (e.g., increase the likelihood of classification into a specific class), or simply introduce arbitrary errors (incorrect classification). These attacks may be applied to both fixed and evolving datasets. They can be applied even when only statistics of the training dataset are available or, in some cases, even without access to the training dataset, although at a lower efficacy. We establish the effectiveness of the proposed attacks using a suite of six machine-learning algorithms and five healthcare datasets. Finally, we present countermeasures against the proposed generic attacks that are based on tracking and detecting deviations in various accuracy metrics, and benchmark their effectiveness.
Keywords: health care; learning (artificial intelligence); medical computing; pattern classification; security of data; application domains; arbitrary errors; biomedicine; critical decisions; false diagnosis prompt users; false positive classification; health-related applications; healthcare; life-threatening consequences; machine-learning algorithms; malicious data; patient distress; security breach; systematic poisoning attacks; targeted errors; training datasets; Machine learning algorithms; Malware; Security; Training; Healthcare; machine learning; poisoning attacks; security (ID#: 16-9696)


J. M. Chang, P. C. Tsou, I. Woungang, H. C. Chao and C. F. Lai, “Defending Against Collaborative Attacks by Malicious Nodes in MANETs: A Cooperative Bait Detection Approach,” in IEEE Systems Journal, vol. 9, no. 1, pp. 65-75, March 2015.
doi: 10.1109/JSYST.2013.2296197
Abstract: In mobile ad hoc networks (MANETs), a primary requirement for the establishment of communication among nodes is that nodes should cooperate with each other. In the presence of malevolent nodes, this requirement may lead to serious security concerns; for instance, such nodes may disrupt the routing process. In this context, preventing or detecting malicious nodes launching grayhole or collaborative blackhole attacks is a challenge. This paper attempts to resolve this issue by designing a dynamic source routing (DSR)-based routing mechanism, which is referred to as the cooperative bait detection scheme (CBDS), that integrates the advantages of both proactive and reactive defense architectures. Our CBDS method implements a reverse tracing technique to help in achieving the stated goal. Simulation results are provided, showing that in the presence of malicious-node attacks, the CBDS outperforms the DSR, 2ACK, and best-effort fault-tolerant routing (BFTR) protocols (chosen as benchmarks) in terms of packet delivery ratio and routing overhead (chosen as performance metrics).
Keywords: cooperative communication; mobile ad hoc networks; routing protocols; telecommunication security; BFTR protocol; CBDS; DSR; MANET; best-effort fault-tolerant routing protocol; collaborative blackhole attack; cooperative bait detection approach; dynamic source routing; grayhole attack; malevolent nodes; malicious nodes; packet delivery ratio; reverse tracing; routing overhead; routing process; serious security concerns; Ad hoc networks; Collaboration; Delays; Mobile computing; Routing; Security; Cooperative bait detection scheme (CBDS); collaborative bait detection; collaborative blackhole attacks; detection mechanism; dynamic source routing (DSR); grayhole attacks; malicious node; mobile ad hoc network (MANET) (ID#: 16-9697)


A. Rabbachin, A. Conti and M. Z. Win, “Wireless Network Intrinsic Secrecy,” in IEEE/ACM Transactions on Networking, vol. 23, no. 1, pp. 56-69, Feb. 2015. doi: 10.1109/TNET.2013.2297339
Abstract: Wireless secrecy is essential for communication confidentiality, health privacy, public safety, information superiority, and economic advantage in the modern information society. Contemporary security systems are based on cryptographic primitives and can be complemented by techniques that exploit the intrinsic properties of a wireless environment. This paper develops a foundation for design and analysis of wireless networks with secrecy provided by intrinsic properties such as node spatial distribution, wireless propagation medium, and aggregate network interference. We further propose strategies that mitigate eavesdropping capabilities, and we quantify their benefits in terms of network secrecy metrics. This research provides insights into the essence of wireless network intrinsic secrecy and offers a new perspective on the role of network interference in communication confidentiality.
Keywords: cryptography; interference (signal); radio networks; telecommunication security; aggregate network interference; communication confidentiality; contemporary security system; cryptographic primitive; eavesdropping mitigation; network secrecy metric; node spatial distribution; wireless network intrinsic secrecy; wireless propagation medium; Indexes; Interference; Measurement; Receivers; Transmitters; Wireless networks; Network secrecy; fading channels; interference exploitation; stochastic geometry; wireless networks (ID#: 16-9698)


C. Liang and F. R. Yu, “Wireless Network Virtualization: A Survey, Some Research Issues and Challenges,” in IEEE Communications Surveys & Tutorials, vol. 17, no. 1, pp. 358-380, Firstquarter 2015. doi: 10.1109/COMST.2014.2352118
Abstract: Since wireless network virtualization enables abstraction and sharing of infrastructure and radio spectrum resources, the overall expenses of wireless network deployment and operation can be reduced significantly. Moreover, wireless network virtualization can provide easier migration to newer products or technologies by isolating part of the network. Despite the potential vision of wireless network virtualization, several significant research challenges remain to be addressed before widespread deployment of wireless network virtualization, including isolation, control signaling, resource discovery and allocation, mobility management, network management and operation, and security as well as non-technical issues such as governance regulations, etc. In this paper, we provide a brief survey on some of the works that have already been done to achieve wireless network virtualization, and discuss some research issues and challenges. We identify several important aspects of wireless network virtualization: overview, motivations, framework, performance metrics, enabling technologies, and challenges. Finally, we explore some broader perspectives in realizing wireless network virtualization.
Keywords: mobility management (mobile radio); radio networks; telecommunication computing; virtualisation; control signaling; governance regulations; mobility management; network management; nontechnical issues; performance metrics; radio spectrum resources; resource allocation; resource discovery; wireless network deployment; wireless network virtualization; Business; Indium phosphide; Mobile communication; Virtual private networks; Virtualization; Wireless networks; Wireless network virtualization; abstraction and sharing; cloud computing; cognitive radio and networks; isolation (ID#: 16-9699)


R. Azarderakhsh and M. Mozaffari-Kermani, “High-Performance Two-Dimensional Finite Field Multiplication and Exponentiation for Cryptographic Applications,” in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 34,
no. 10, pp. 1569-1576, Oct. 2015. doi: 10.1109/TCAD.2015.2424928
Abstract: Finite field arithmetic operations have been traditionally used in different applications ranging from error control coding to cryptographic computations. Among these computations are normal basis multiplications and exponentiations which are utilized in efficient applications due to their advantageous characteristics and the fact that squaring (and subsequent powering by two) of elements can be obtained with no hardware complexity. In this paper, we present 2-D decomposition systolic-oriented algorithms to develop systolic structures for digit-level Gaussian normal basis multiplication and exponentiation over GF(2m). The proposed high-performance architectures are suitable for a number of applications, e.g., architectures for elliptic curve Diffie-Hellman key agreement scheme in cryptography. The results of the benchmark of efficiency, performance, and implementation metrics of such architectures through a 65-nm application-specific integrated circuit platform confirm high-performance structures for the multiplication and exponentiation architectures presented in this paper are suitable for high-speed architectures, including cryptographic applications.
Keywords: Galois fields; parallel architectures; public key cryptography; 2D decomposition systolic-oriented algorithms; application-specific integrated circuit platform; cryptographic applications; cryptographic computations; digit-level Gaussian normal basis exponentiation; digit-level Gaussian normal basis multiplication; elliptic curve Diffie-Hellman key agreement scheme; error control coding; exponentiation architectures; finite field arithmetic operations; hardware complexity; high-performance architectures; high-performance structures; high-performance two-dimensional finite field exponentiation; high-performance two-dimensional finite field multiplication; multiplication architectures; systolic structures; Arrays; Complexity theory; Cryptography; Gaussian processes; Hardware; Logic gates; Gaussian normal basis; Gaussian normal basis (GNB); finite field; security; systolic architecture (ID#: 16-9700)


L. Lu and Y. Liu, “Safeguard: User Reauthentication on Smartphones via Behavioral Biometrics,” in IEEE Transactions on Computational Social Systems, vol. 2, no. 3, pp. 53-64, Sept. 2015. doi: 10.1109/TCSS.2016.2517648
Abstract: With the emergence of smartphones as an essential part of daily life, the demand for user reauthentication has increased manifolds. The effective and widely practiced biometric schemes are based upon the principle of “who you are” which utilizes inherent and unique characteristics of the user. In this context, the behavioral biometrics such as sliding dynamics and pressure intensity make use of on-screen sliding movements to infer the user's patterns. In this paper, we present Safeguard, an accurate and efficient smartphone user reauthentication (verification) system based upon on-screen finger movements. The computation and processing is performed at back-end which is transparent to the users. The key feature of the proposed system lies in fine-grained on-screen biometric metrics, i.e., sliding dynamics and pressure intensity, which are unique to each user under diverse scenarios. We first implement our scheme through five machine learning approaches and finally select the support vector machine (SVM)-based approach due to its high accuracy. We further analyze Safeguard to be robust against adversary imitation. We validate the efficacy of our approach through implementation on off-the-shelf smartphone followed by practical evaluation under different scenarios. We process a set of more than 50 000 effective samples derived from a raw dataset of over 10 000 slides collected from each of the 60 volunteers over a period of one month. The experimental results show that Safeguard can verify a user with 0.03% false acceptance rate (FAR) and 0.05% false rejection rate (FRR) within 0.3 s with 15 to 20 slides by the user. The FRR of our system adequately meets the European Standard for Access Control Systems, whereas FAR differs by 0.029%. Our future works aim to integrate multitouch sliding movements in existing scheme.
Keywords: formal verification; inference mechanisms; learning (artificial intelligence); message authentication; mobile computing; smart phones; support vector machines; SVM; Safeguard; adversary imitation; behavioral biometric; machine learning; on-screen sliding movement; smart phone; support vector machine; user pattern inference; user reauthentication system; user verification system; Authentication; Biometrics (access control); Machine learning; Security; Smart phones; Support vector machines; Behavioral biometrics; reauthentication; security; smartphone (ID#: 16-9701)


J. Lu, G. Wang, W. Deng and K. Jia, “Reconstruction-Based Metric Learning for Unconstrained Face Verification,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 1, pp. 79-89, Jan. 2015. doi: 10.1109/TIFS.2014.2363792
Abstract: In this paper, we propose a reconstruction-based metric learning method to learn a discriminative distance metric for unconstrained face verification. Unlike conventional metric learning methods, which only consider the label information of training samples and ignore the reconstruction residual information in the learning procedure, we apply a reconstruction criterion to learn a discriminative distance metric. For each training example, the distance metric is learned by enforcing a margin between the interclass sparse reconstruction residual and interclass sparse reconstruction residual, so that the reconstruction residual of training samples can be effectively exploited to compute the between-class and within-class variations. To better use multiple features for distance metric learning, we propose a reconstruction-based multimetric learning method to collaboratively learn multiple distance metrics, one for each feature descriptor, to remove uncorrelated information for recognition. We evaluate our proposed methods on the Labelled Faces in the Wild (LFW) and YouTube face data sets and our experimental results clearly show the superiority of our methods over both previous metric learning methods and several state-of-the-art unconstrained face verification methods.
Keywords: face recognition; image reconstruction; learning (artificial intelligence); LFW data set; Labelled Faces in the Wild data set; YouTube face data sets; discriminative distance metric; distance metric learning; feature descriptor; interclass sparse reconstruction residual; reconstruction-based multimetric learning method; unconstrained face verification; Face; Feature extraction; Image reconstruction; Learning systems; Measurement; Training; Face recognition; metric learning; reconstruction-based learning
(ID#: 16-9702)


Ahmad Gharanjik, M. R. Bhavani Shankar, Pantelis-Daniel Arapoglou and Björn Ottersten, “Multiple Gateway Transmit Diversity in Q/V Band Feeder Links,” in IEEE Transactions on Communications, vol. 63, no. 3, pp. 916-926, March 2015. doi: 10.1109/TCOMM.2014.2385703
Abstract: Design of high bandwidth and reliable feeder links are central toward provisioning new services on the user link of a multibeam satellite communication system. Toward this, utilization of the Q/V band and an exploitation of multiple gateways (GWs) as a transmit diversity measure for overcoming severe propagation effects are being considered. In this context, this contribution deals with the design of a feeder link comprising N+P GWs (N active and P redundant GWs). Toward provisioning the desired availability, a novel switching scheme is analyzed and practical aspects such as prediction-based switching and switching rate are discussed. Unlike most relevant works, a dynamic rain attenuation model is used to analytically derive average outage probability in the fundamental 1 + 1 GW case. Building on this result, an analysis for the N+P scenario leading to a quantification of the end-to-end performance is provided. This analysis aids system sizing by illustrating the interplay between the number of active and redundant GWs on the chosen metrics: average outage and average switching rate.
Keywords: electromagnetic wave attenuation; probability; satellite communication; Q/V band feeder links; attenuation model; average outage probability; multibeam satellite communication system; multiple gateway transmit diversity; prediction-based switching; reliable feeder links; Attenuation; Correlation; Logic gates; Rain; Satellites; Signal to noise ratio; Switches; $N+P$ scheme; Feeder Link; Gateway Diversity; Gateway diversity; N +P scheme; Q/V Band; Q/V band; Rain Attenuation; Satellite Communication; feeder link; rain attenuation  (ID#: 16-9703)


Y. Xu, Z. Y. Dong, C. Xiao, R. Zhang and K. P. Wong, “Optimal Placement of Static Compensators for Multi-Objective Voltage Stability Enhancement of Power Systems,” in IET Generation, Transmission & Distribution, vol. 9, no. 15, pp. 2144-2151, 
19 November 2015. doi: 10.1049/iet-gtd.2015.0070
Abstract: Static compensators (STATCOMs) are able to provide rapid and dynamic reactive power support within a power system for voltage stability enhancement. While most of previous research focuses on only an either static or dynamic (short-term) voltage stability criterion, this study proposes a multi-objective programming (MOP) model to simultaneously minimise (i) investment cost, (ii) unacceptable transient voltage performance, and (iii) proximity to steady-state voltage collapse. The model aims to find Pareto optimal solutions for flexible and multi-objective decision-making. To account for multiple contingencies and their probabilities, corresponding risk-based metrics are proposed based on respective voltage stability measures. Given the two different voltage stability criteria, a strategy based on Pareto frontier is designed to identify critical contingencies and candidate buses for STATCOM connection. Finally, to solve the MOP model, an improved decomposition-based multi-objective evolutionary algorithm is developed. The proposed model and algorithm are demonstrated on the New England 39-bus test system, and compared with state-of-the-art solution algorithms.
Keywords: Pareto optimisation; cost reduction; evolutionary computation; power system dynamic stability; power system economics; power system reliability; power system security; power system transient stability; probability; risk management; stability criteria; static VAr compensators; voltage regulators; MOP model; New England 39-bus test system; Pareto optimal solutions; decomposition-based multiobjective evolutionary algorithm; dynamic reactive power support; investment cost minimisation; multiobjective decision-making; multiobjective programming model; multiobjective voltage stability enhancement; multiple contingencies; optimal static compensators placement; power system; proximity minimisation; risk-based metrics; steady-state voltage collapse; unacceptable transient voltage performance minimisation; voltage stability criteria; voltage stability measures (ID#: 16-9704)


M. M. E. A. Mahmoud, J. Mišić, K. Akkaya and X. Shen, “Investigating Public-Key Certificate Revocation in Smart Grid,” in IEEE Internet of Things Journal, vol. 2, no. 6, pp. 490-503, Dec. 2015. doi: 10.1109/JIOT.2015.2408597
Abstract: The public key cryptography (PKC) is essential for securing many applications in smart grid. For the secure use of the PKC, certificate revocation schemes tailored to smart grid applications should be adopted. However, little work has been done to study certificate revocation in smart grid. In this paper, we first explain different motivations that necessitate revoking certificates in smart grid. We also identify the applications that can be secured by PKC and thus need certificate revocation. Then, we explain existing certificate revocation schemes and define several metrics to assess them. Based on this assessment, we identify the applications that are proper for each scheme and discuss how the schemes can be modified to fully satisfy the requirements of its potential applications. Finally, we study certificate revocation in pseudonymous public key infrastructure (PPKI), where a large number of certified public/private keys are assigned for each node to preserve privacy. We target vehicles-to-grid communications as a potential application. Certificate revocation in this application is a challenge because of the large number of certificates. We discuss an efficient certificate revocation scheme for PPKI, named compressed certificate revocation lists (CRLs). Our analytical results demonstrate that one revocation scheme cannot satisfy the overhead/security requirements of all smart grid applications. Rather, different schemes should be employed for different applications. Moreover, we used simulations to measure the overhead of the schemes.
Keywords: public key cryptography; smart power grids; PKC; PPKI; pseudonymous public key infrastructure; public key cryptography; public-key certificate revocation; public-private keys; several metrics; smart grid; smart grid applications; vehicles-to-grid communications; Electricity; Measurement; Privacy; Public key; Smart grids; Substations; Certificate revocation schemes; public key cryptography (PKC); smart grid communication security (ID#: 16-9705)


S. Houshmand, S. Aggarwal and R. Flood, “Next Gen PCFG Password Cracking,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 8, pp. 1776-1791, Aug. 2015. doi: 10.1109/TIFS.2015.2428671
Abstract: Passwords continue to remain an important authentication technique. The probabilistic context-free grammar-based password cracking system of Weir et al. was an important addition to dictionary-based password cracking approaches. In this paper, we show how to substantially improve upon this system by systematically adding keyboard patterns and multiword patterns (two or more words in the alphabetic part of a password) to the context-free grammars used in the probabilistic password cracking. Our results on cracking multiple data sets show that by learning these new classes of patterns, we can achieve up to 22% improvement over the original system. In this paper, we also define metrics to help analyze and improve attack dictionaries. Using our approach to improving the dictionary, we achieve an additional improvement of ~33% by increasing the coverage of a standard attack dictionary. Combining both approaches, we can achieve a 55% improvement over the previous system. Our tests were done over fairly long password guessing sessions (up to 85 billion) and thus show the uniform effectiveness of our techniques for long cracking sessions.
Keywords: context-free grammars; security of data; authentication technique; dictionary based password cracking approaches; keyboard patterns; multiword patterns; next Gen PCFG password cracking; password cracking system; probabilistic context-free grammar; probabilistic password cracking; Dictionaries; Grammar; Keyboards; Probabilistic logic; Shape; Smoothing methods; Training; Authentication; Dictionaries; Keyboard patterns; Multiwords; Password cracking; Probabilistic grammars; authentication; dictionaries; multiwords; password cracking; probabilistic grammars (ID#: 16-9706)


H. Alves, C. H. M. de Lima, P. H. J. Nardelli, R. D. Souza and M. Latva-aho, “On the Secrecy of Interference-Limited Networks Under Composite Fading Channels,” in IEEE Signal Processing Letters, vol. 22, no. 9, pp. 1306-1310, Sept. 2015. doi: 10.1109/LSP.2015.2398514
Abstract: This letter deals with the secrecy capacity of the radio channel in interference-limited regime. We assume that interferers are uniformly scattered over the network area according to a Point Poisson Process and the channel model consists of path-loss, log-normal shadowing and Nakagami-m fading. Both the probability of non-zero secrecy capacity and the secrecy outage probability are then derived in closed-form expressions using tools of stochastic geometry and higher-order statistics. Our numerical results show how the secrecy metrics are affected by the disposition of the desired receiver, the eavesdropper and the legitimate transmitter.
Keywords: Nakagami channels; fading channels; log normal distribution; radio receivers; radio transmitters; stochastic processes; telecommunication security; Nakagami-m fading; channel model; composite fading channels; eavesdropper; higher-order statistics; interference-limited networks secrecy; interference-limited regime; nonzero secrecy capacity; path-loss log-normal shadowing; point Poisson process; radio channel; receiver; secrecy capacity; secrecy outage probability; stochastic geometry; transmitter; Capacity planning; Fading; Receivers; Security; Transmitters; Wireless networks; Composite channel (ID#: 16-9707)


T. Anwar and M. Abulaish, “Ranking Radically Influential Web Forum Users,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 6, pp. 1289-1298, June 2015. doi: 10.1109/TIFS.2015.2407313
Abstract: The growing popularity of online social media is leading to its widespread use among the online community for various purposes. In the recent past, it has been found that the web is also being used as a tool by radical or extremist groups and users to practice several kinds of mischievous acts with concealed agendas and promote ideologies in a sophisticated manner. Some of the web forums are predominantly being used for open discussions on critical issues influenced by radical thoughts. The influential users dominate and influence the newly joined innocent users through their radical thoughts. This paper presents an application of collocation theory to identify radically influential users in web forums. The radicalness of a user is captured by a measure based on the degree of match of the commented posts with a threat list. Eleven different collocation metrics are formulated to identify the association among users, and they are finally embedded in a customized PageRank algorithm to generate a ranked list of radically influential users. The experiments are conducted on a standard data set provided for a challenge at ISI-KDD'12 workshop to find radical and infectious threads, members, postings, ideas, and ideologies. Experimental results show that our proposed method outperforms the existing UserRank algorithm. We also found that the collocation theory is more effective to deal with such ranking problem than the textual and temporal similarity-based measures studied earlier.
Keywords: Internet; data mining; social networking (online); ISI-KDD'12 workshop; UserRank algorithm; collocation metrics; collocation theory; customized PageRank algorithm; infectious threads; online community; online social media; radical threads; radically influential Web forum user ranking; temporal similarity-based measures; textual similarity-based measures; user radicalness; Blogs; Communities; Equations; Mathematical model; Measurement; Media; Message systems; Radical user identification; Security informatics; Social media analysis; Users collocation analysis; radical user identification; security informatics; users collocation analysis (ID#: 16-9708)


F. Zhou, W. Huang, Y. Zhao, Y. Shi, X. Liang and X. Fan, “ENTVis: A Visual Analytic Tool for Entropy-Based Network Traffic Anomaly Detection,” in IEEE Computer Graphics and Applications, vol. 35, no. 6, pp. 42-50, Nov.-Dec. 2015. doi: 10.1109/MCG.2015.97
Abstract: Entropy-based traffic metrics have received substantial attention in network traffic anomaly detection because entropy can provide fine-grained metrics of traffic distribution characteristics. However, some practical issues--such as ambiguity, lack of detailed distribution information, and a large number of false positives--affect the application of entropy-based traffic anomaly detection. In this work, we introduce a visual analytic tool called ENTVis to help users understand entropy-based traffic metrics and achieve accurate traffic anomaly detection. ENTVis provides three coordinated views and rich interactions to support a coherent visual analysis on multiple perspectives: the timeline group view for perceiving situations and finding hints of anomalies, the Radviz view for clustering similar anomalies in a period, and the matrix view for understanding traffic distributions and diagnosing anomalies in detail. Several case studies have been performed to verify the usability and effectiveness of our method. A further evaluation was conducted via expert review.
Keywords: data visualisation; entropy; pattern clustering; security of data; ENTVis; anomaly clustering; entropy-based network traffic anomaly detection; traffic distribution characteristic; visual analytic tool; Data visualization; Entropy; Human computer interaction; IP networks; Ports (Computers); Telecommunication traffic; Visual analytics; anomaly detection; computer graphics; cybersecurity; entropy; visual analytics (ID#: 16-9709)


S. Yu, S. Guo and I. Stojmenovic, “Fool Me If You Can: Mimicking Attacks and Anti-Attacks in Cyberspace,” in IEEE Transactions on Computers, vol. 64, no. 1, pp. 139-151, Jan. 2015. doi: 10.1109/TC.2013.191
Abstract: Botnets have become major engines for malicious activities in cyberspace nowadays. To sustain their botnets and disguise their malicious actions, botnet owners are mimicking legitimate cyber behavior to fly under the radar. This poses a critical challenge in anomaly detection. In this paper, we use web browsing on popular web sites as an example to tackle this problem. First of all, we establish a semi-Markov model for browsing behavior. Based on this model, we find that it is impossible to detect mimicking attacks based on statistics if the number of active bots of the attacking botnet is sufficiently large (no less than the number of active legitimate users). However, we also find it is hard for botnet owners to satisfy the condition to carry out a mimicking attack most of the time. With this new finding, we conclude that mimicking attacks can be discriminated from genuine flash crowds using second order statistical metrics. We define a new fine correntropy metrics and show its effectiveness compared to others. Our real world data set experiments and simulations confirm our theoretical claims. Furthermore, the findings can be widely applied to similar situations in other research fields.
Keywords: Markov processes; Web sites; computer network security; entropy; invasive software; online front-ends; statistical analysis; Web browsing behavior;  active bots; active legitimate users; anomaly detection; antiattack mimicking; attack mimicking; attacking botnet; botnet owners; correntropy metrics; cyberspace; flash crowds; legitimate cyber behavior mimicking; malicious actions; malicious activities; second-order statistical metrics; semiMarkov model; Ash; IP networks; Internet; Mathematical model; Measurement; Web pages; Mimicking; detection; flash crowd attack; second order metrics (ID#: 16-9710)


J. Luna, N. Suri, M. Iorga and A. Karmel, “Leveraging the Potential of Cloud Security Service-Level Agreements Through Standards,” in IEEE Cloud Computing, vol. 2, no. 3, pp. 32-40, May-June 2015. doi: 10.1109/MCC.2015.52
Abstract: Despite the undisputed advantages of cloud computing, customers-in particular, small and medium enterprises (SMEs)-still need meaningful understanding of the security and risk-management changes that the cloud entails so they can assess whether this new computing paradigm meets their security requirements. This article presents a fresh view on this problem by surveying and analyzing, from the standardization and risk assessment perspective, the specification of security in cloud service-level agreements (secSLA) as a promising approach to empower customers in assessing and understanding cloud security. Apart from analyzing the proposed risk-based approach and surveying the relevant landscape, this article presents a real-world scenario to support the creation and adoption of secSLAs as enablers for negotiating, assessing, and monitoring the achieved security levels in cloud services.
Keywords: cloud computing; contracts; risk management; security of data; small-to-medium enterprises; software standards; standardisation; SME; secSLA; security in cloud service-level agreement; security requirement; small and medium enterprise; standardization; Cloud computing; Computer security; Interoperability; Measurement; Monitoring; NIST; SLA; cloud; metrics; security assessment; standards (ID#: 16-9711)


G. Han, J. Jiang, L. Shu and M. Guizani, “An Attack-Resistant Trust Model Based on Multidimensional Trust Metrics in Underwater Acoustic Sensor Network,” in IEEE Transactions on Mobile Computing, vol. 14, no. 12, pp. 2447-2459, Dec. 1 2015. doi: 10.1109/TMC.2015.2402120
Abstract: Underwater acoustic sensor networks (UASNs) have been widely used in many applications where a variable number of sensor nodes collaborate with each other to perform monitoring tasks. A trust model plays an important role in realizing collaborations of sensor nodes. Although many trust models have been proposed for terrestrial wireless sensor networks (TWSNs) in recent years, it is not feasible to directly use these trust models in UASNs due to unreliable underwater communication channel and mobile network environment. To achieve accurate and energy efficient trust evaluation in UASNs, an attack-resistant trust model based on multidimensional trust metrics (ARTMM) is proposed in this paper. The ARTMM mainly consists of three types of trust metrics, which are link trust, data trust, and node trust. During the process of trust calculation, unreliability of communication channel and mobility of underwater environment are carefully analyzed. Simulation results demonstrate that the proposed trust model is quite suitable for mobile underwater environment. In addition, the performance of the ARTMM is clearly better than that of conventional trust models in terms of both evaluation accuracy and energy consumption.
Keywords: mobility management (mobile radio); telecommunication network reliability; telecommunication security; underwater acoustic communication; wireless channels; wireless sensor networks; ARTMM; TWSN; UASN; attack-resistant trust model; data trust; energy efficient trust evaluation; link trust; mobile network environment; monitoring tasks; multidimensional trust metrics; node trust; sensor nodes; terrestrial wireless sensor networks; trust calculation process; underwater acoustic sensor network; unreliable underwater communication channel; Bit error rate; Computational modeling; Mathematical model; Packet loss; Predictive models; Multidimensional trust Metrics; Trust Model; Underwater Acoustic Sensor Networks; Underwater acoustic sensor networks; trust model (ID#: 16-9712)


M. Dark and J. Mirkovic, “Evaluation Theory and Practice Applied to Cybersecurity Education,” in IEEE Security & Privacy,
vol. 13, no. 2, pp. 75-80, Mar.-Apr. 2015. doi: 10.1109/MSP.2015.27
Abstract: As more institutions, organizations, schools, and programs launch cybersecurity education programs in an attempt to meet needs that are emerging in a rapidly changing environment, evaluation will be important to ensure that programs are having the desired impact.
Keywords: educational institutions; security of data; cybersecurity education programs; cybersecurity environment; evaluation theory; schools; Computer security; Design methodology; Game theory; Performance evaluation; Program logic; Reliability; cybersecurity; evaluation design; formative evaluation; measurement; metrics; program logic; reliability; summative evaluation; validity (ID#: 16-9713)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.