Visible to the public Biblio

Found 466 results

Filters: First Letter Of Last Name is W  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V [W] X Y Z   [Show ALL]
W. Guibene, K. E. Nolan, M. Y. Kelly.  2015.  "Survey on Clean Slate Cellular-IoT Standard Proposals". 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. :1596-1599.

In this paper we investigate the proposals made by various industries for the Cellular Internet of Things (C-IoT). We start by introducing the context of C-IoT and demonstrate how this technology is closely linked to the Low Power-Wide Area (LPWA) technologies and networks. An in-depth look and system level evaluation is given for each clean slate technology and a comparison is made based on its specifications.

W. Guibene, K. E. Nolan, M. Y. Kelly.  2015.  "Survey on Clean Slate Cellular-IoT Standard Proposals". 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. :1596-1599.

In this paper we investigate the proposals made by various industries for the Cellular Internet of Things (C-IoT). We start by introducing the context of C-IoT and demonstrate how this technology is closely linked to the Low Power-Wide Area (LPWA) technologies and networks. An in-depth look and system level evaluation is given for each clean slate technology and a comparison is made based on its specifications.

W. Huang, J. Gu, X. Ma.  2015.  "Visual tracking based on compressive sensing and particle filter". 2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE). :1435-1440.

A robust appearance model is usually required in visual tracking, which can handle pose variation, illumination variation, occlusion and many other interferences occurring in video. So far, a number of tracking algorithms make use of image samples in previous frames to update appearance models. There are many limitations of that approach: 1) At the beginning of tracking, there exists no sufficient amount of data for online update because these adaptive models are data-dependent and 2) in many challenging situations, robustly updating the appearance models is difficult, which often results in drift problems. In this paper, we proposed a tracking algorithm based on compressive sensing theory and particle filter framework. Features are extracted by random projection with data-independent basis. Particle filter is employed to make a more accurate estimation of the target location and make much of the updated classifier. The robustness and the effectiveness of our tracker have been demonstrated in several experiments.

W. Ketpan, S. Phonsri, R. Qian, M. Sellathurai.  2015.  "On the Target Detection in OFDM Passive Radar Using MUSIC and Compressive Sensing". 2015 Sensor Signal Processing for Defence (SSPD). :1-5.

The passive radar also known as Green Radar exploits the available commercial communication signals and is useful for target tracking and detection in general. Recent communications standards frequently employ Orthogonal Frequency Division Multiplexing (OFDM) waveforms and wideband for broadcasting. This paper focuses on the recent developments of the target detection algorithms in the OFDM passive radar framework where its channel estimates have been derived using the matched filter concept using the knowledge of the transmitted signals. The MUSIC algorithm, which has been modified to solve this two dimensional delay-Doppler detection problem, is first reviewed. As the target detection problem can be represented as sparse signals, this paper employs compressive sensing to compare with the detection capability of the 2-D MUSIC algorithm. It is found that the previously proposed single time sample compressive sensing cannot significantly reduce the leakage from the direct signal component. Furthermore, this paper proposes the compressive sensing method utilizing multiple time samples, namely l1-SVD, for the detection of multiple targets. In comparison between the MUSIC and compressive sensing, the results show that l1-SVD can decrease the direct signal leakage but its prerequisite of computational resources remains a major issue. This paper also presents the detection performance of these two algorithms for closely spaced targets.

Wade, Mamadou I., Chouikha, Mohamed, Gill, Tepper, Patterson, Wayne, Washington, Talitha M., Zeng, Jianchao.  2019.  Distributed Image Encryption Based On a Homomorphic Cryptographic Approach. 2019 IEEE 10th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :0686–0696.
The objective of this research is to develop a novel image encryption method that can be used to considerably increase the security of encrypted images. To solve this image security problem, we propose a distributed homomorphic image encryption scheme where the images of interest are those in the visible electromagnetic spectrum. In our encryption phase, a red green blue (RGB) image is first separated into its constituent channel images, and then the numerical intensity value of a pixel from each channel is written as a sum of smaller pixel intensity sub-values, leading to having several component images for each of the R, G, and B-channel images. A homomorphic encryption function is used to separately encrypted each of the pixel intensity sub-values in each component image using an encryption key, leading to a distributed image encryption approach. Each of the encrypted component images can be compressed before transmission and/or storage. In our decryption phase, each encrypted component image is decompressed if necessary, and then the homomorphic property of the encryption function is used to transform the product of individually encrypted pixel intensity sub-values in each encrypted component images, to the encryption of their sum, before applying the corresponding decryption function with a decryption key to recover the original pixel's intensity values for each channel image, and then recovering the original RGB image. Furthermore, a special case of an RGB image encryption and decryption where a pixel's intensity value from each channel is written as a sum of only two sub-values is implemented and simulated with a software. The resulting cipher-images are subject to a range of security tests and analyses. Results from these tests shown that our proposed homomorphic image encryption scheme is robust and can resist security attacks, as well as increases the security of the associated encrypted images. Our proposed homomorphic image encryption scheme has produced highly secure encrypted images.
Wadhawan, Yatin, Neuman, Clifford.  2016.  Defending Cyber-Physical Attacks on Oil Pipeline Systems: A Game-Theoretic Approach. Proceedings of the 1st International Workshop on AI for Privacy and Security. :7:1–7:8.

The security of critical infrastructures such as oil and gas cyber-physical systems is a significant concern in today's world where malicious activities are frequent like never before. On one side we have cyber criminals who compromise cyber infrastructure to control physical processes; we also have physical criminals who attack the physical infrastructure motivated to destroy the target or to steal oil from pipelines. Unfortunately, due to limited resources and physical dispersion, it is impossible for the system administrator to protect each target all the time. In this research paper, we tackle the problem of cyber and physical attacks on oil pipeline infrastructure by proposing a Stackelberg Security Game of three players: system administrator as a leader, cyber and physical attackers as followers. The novelty of this paper is that we have formulated a real world problem of oil stealing using a game theoretic approach. The game has two different types of targets attacked by two distinct types of adversaries with different motives and who can coordinate to maximize their rewards. The solution to this game assists the system administrator of the oil pipeline cyber-physical system to allocate the cyber security controls for the cyber targets and to assign patrol teams to the pipeline regions efficiently. This paper provides a theoretical framework for formulating and solving the above problem.

Wadhawan, Yatin, Neuman, Clifford.  2016.  Evaluating Resilience of Gas Pipeline Systems Under Cyber-Physical Attacks: A Function-Based Methodology. Proceedings of the 2Nd ACM Workshop on Cyber-Physical Systems Security and Privacy. :71–80.

In this research paper, we present a function-based methodology to evaluate the resilience of gas pipeline systems under two different cyber-physical attack scenarios. The first attack scenario is the pressure integrity attack on the natural gas high-pressure transmission pipeline. Through simulations, we have analyzed the cyber attacks that propagate from cyber to the gas pipeline physical domain, the time before which the SCADA system should respond to such attacks, and finally, an attack which prevents the response of the system. We have used the combined results of simulations of a wireless mesh network for remote terminal units and of a gas pipeline simulation to measure the shortest Time to Criticality (TTC) parameter; the time for an event to reach the failure state. The second attack scenario describes how a failure of a cyber node controlling power grid functionality propagates from cyber to power to gas pipeline systems. We formulate this problem using a graph-theoretic approach and quantify the resilience of the networks by percentage of connected nodes and the length of the shortest path between them. The results show that parameters such as TTC, power distribution capacity of the power grid nodes and percentage of the type of cyber nodes compromised, regulate the efficiency and resilience of the power and gas networks. The analysis of such attack scenarios helps the gas pipeline system administrators design attack remediation algorithms and improve the response of the system to an attack.

Wadsworth, Anthony, Thanoon, Mohammed I., McCurry, Charles, Sabatto, Saleh Zein.  2019.  Development of IIoT Monitoring and Control Security Scheme for Cyber Physical Systems. 2019 SoutheastCon. :1–5.
Industry 4.0 or the fourth industrial revolution encapsulates future industry development trends to achieve more intelligent manufacturing processes, including reliance on Cyber Physical Systems (CPS). The increase in online access and control given by the incorporation of CPSs introduces a new challenge securing the operations of the CPS in that they are not supported by standard security protocols. This paper describes a process used to effectively protect the operations of an IIoT system by implementing security protocols on the CPS within the IIoT. A series of predefined boundary conditions of the safety critical parameters for which a heating and cooling CPS can safely operate within were established. If the CPS is commended to operate outside of these boundaries, it will disconnect from all external communication network and default to some pre-defined safe-operation mode until the system has been evaluated locally by an administrator and released from the safe-mode. This method was tested and validated by establishing a sample IIoT and CPS testbed setup which monitor and control the temperature of a target environment. An attack was initiated to force the target environment outside of the determined safety-critical parameters. The system responded by disabling all network ports and defaulted to the safe-operation mode established previously.
Wagh, D., Pareek, N., Singh, U..  2017.  Elimination of internal attacksfor PUMA in MANET. 2017 International conference of Electronics, Communication and Aerospace Technology (ICECA). 2:478–482.

Mobile ad hoc networks (MANETs) play a significant role for communication whenever infrastructure is not available. In MANET, the group communication-based applications use the multicast routing protocol, where there is a single sender node and a group of receiver nodes. The benefits of multicast routing protocols are the capability to reduce the communication costs and saving the network resources by reproduction of the message over a shared network. The security is the main concern for multicast routing protocol in MANET, as it includes large number of participants. The security issues become more rigorous in a multicast communication due to its high variedness and routing difficulty. In this paper, we consider the internal attack, namely Multicast Announcement Packet Fabrication Attack on PUMA (Protocol for Unified Multicasting through Announcements). We proposed the security approach to detect the attacks as multicast activity-based overhearing technique, i.e., traffic analysis-based detection method with a unique key value. The performance analysis, shows an improved network performance of proposed approach over PUMA.

Wagner, Alan R..  2018.  An Autonomous Architecture That Protects the Right to Privacy. Proceedings of the 2018 AAAI/ACM Conference on AI, Ethics, and Society. :330–334.

The advent and widespread adoption of wearable cameras and autonomous robots raises important issues related to privacy. The mobile cameras on these systems record and may re-transmit enormous amounts of video data that can then be used to identify, track, and characterize the behavior of the general populous. This paper presents a preliminary computational architecture designed to preserve specific types of privacy over a video stream by identifying categories of individuals, places, and things that require higher than normal privacy protection. This paper describes the architecture as a whole as well as preliminary results testing aspects of the system. Our intention is to implement and test the system on ground robots and small UAVs and demonstrate that the system can provide selective low-level masking or deletion of data requiring higher privacy protection.

Wagner, Paul Georg, Birnstill, Pascal, Beyerer, Jürgen.  2018.  Distributed Usage Control Enforcement Through Trusted Platform Modules and SGX Enclaves. Proceedings of the 23Nd ACM on Symposium on Access Control Models and Technologies. :85–91.
In the light of mobile and ubiquitous computing, sharing sensitive information across different computer systems has become an increasingly prominent practice. This development entails a demand of access control measures that can protect data even after it has been transferred to a remote computer system. In order to address this problem, sophisticated usage control models have been developed. These models include a client side reference monitor (CRM) that continuously enforces protection policies on foreign data. However, it is still unclear how such a CRM can be properly protected in a hostile environment. The user of the data on the client system can influence the client's state and has physical access to the system. Hence technical measures are required to protect the CRM on a system, which is legitimately used by potential attackers. Existing solutions utilize Trusted Platform Modules (TPMs) to solve this problem by establishing an attestable trust anchor on the client. However, the resulting protocols have several drawbacks that make them infeasible for practical use. This work proposes a reference monitor implementation that establishes trust by using TPMs along with Intel SGX enclaves. First we show how SGX enclaves can realize a subset of the existing usage control requirements. Then we add a TPM to establish and protect a powerful enforcement component on the client. Ultimately this allows us to technically enforce usage control policies on an untrusted remote system.
Wahby, Riad S., Ji, Ye, Blumberg, Andrew J., shelat, abhi, Thaler, Justin, Walfish, Michael, Wies, Thomas.  2017.  Full Accounting for Verifiable Outsourcing. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :2071–2086.
Systems for verifiable outsourcing incur costs for a prover, a verifier, and precomputation; outsourcing makes sense when the combination of these costs is cheaper than not outsourcing. Yet, when prior works impose quantitative thresholds to analyze whether outsourcing is justified, they generally ignore prover costs. Verifiable ASICs (VA)—in which the prover is a custom chip—is the other way around: its cost calculations ignore precomputation. This paper describes a new VA system, called Giraffe; charges Giraffe for all three costs; and identifies regimes where outsourcing is worthwhile. Giraffe's base is an interactive proof geared to data-parallel computation. Giraffe makes this protocol asymptotically optimal for the prover and improves the verifier's main bottleneck by almost 3x, both of which are of independent interest. Giraffe also develops a design template that produces hardware designs automatically for a wide range of parameters, introduces hardware primitives molded to the protocol's data flows, and incorporates program analyses that expand applicability. Giraffe wins even when outsourcing several tens of sub-computations, scales to 500x larger computations than prior work, and can profitably outsource parts of programs that are not worthwhile to outsource in full.
Waheed, A., Riaz, M., Wani, M. Y..  2017.  Anti-theft mobile phone security system with the help of BIOS. 2017 International Symposium on Wireless Systems and Networks (ISWSN). :1–6.

Mobile tracking is a key challenge that has been investigated from both practical and theoretical aspects. This paper proposes an anti-theft mobile phone security system using basic input/output system (BIOS). This mobile phone security system allows us to determine the position of mobile device. The proposed security system is based on hardware implementation technique in which mobile is designed in such a way that a mobile can be traced out even if battery and Subscriber Identity Module (SIM) are plug-out. Furthermore, we also consider the usage of BIOS and its importance in our daily life. Our proposed solution will help the designers in improving the device security.

Waitelonis, Jörg, Jürges, Henrik, Sack, Harald.  2016.  Don'T Compare Apples to Oranges: Extending GERBIL for a Fine Grained NEL Evaluation. Proceedings of the 12th International Conference on Semantic Systems. :65–72.
In recent years, named entity linking (NEL) tools were primarily developed as general approaches, whereas today numerous tools are focusing on specific domains such as e.g. the mapping of persons and organizations only, or the annotation of locations or events in microposts. However, the available benchmark datasets used for the evaluation of NEL tools do not reflect this focalizing trend. We have analyzed the evaluation process applied in the NEL benchmarking framework GERBIL [16] and its benchmark datasets. Based on these insights we extend the GERBIL framework to enable a more fine grained evaluation and in deep analysis of the used benchmark datasets according to different emphases. In this paper, we present the implementation of an adaptive filter for arbitrary entities as well as a system to automatically measure benchmark dataset properties, such as the extent of content-related ambiguity and diversity. The implementation as well as a result visualization are integrated in the publicly available GERBIL framework.
Wajahat, Ahsan, Imran, Azhar, Latif, Jahanzaib, Nazir, Ahsan, Bilal, Anas.  2019.  A Novel Approach of Unprivileged Keylogger Detection. 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). :1—6.
Nowadays, computers are used everywhere to carry out daily routine tasks. The input devices i.e. keyboard or mouse are used to feed input to computers. The surveillance of input devices is much important as monitoring the users logging activity. A keylogger also referred as a keystroke logger, is a software or hardware device which monitors every keystroke typed by a user. Keylogger runs in the background that user cannot identify its presence. It can be used as monitoring software for parents to keep an eye on children activity on computers and for the owner to monitor their employees. A keylogger (which can be either spyware or software) is a kind of surveillance software that has the ability to store every keystroke in a log file. It is very dangerous for those systems which use their system for daily transaction purpose i.e. Online Banking Systems. A keylogger is a tool, made to save all the keystroke generated through the machine which sanctions hackers to steal sensitive information without user's intention. Privileged also relies on the access for both implementation and placement by Kernel keylogger, the entire message transmitted from the keyboard drivers, while the programmer simply relies on kernel level facilities that interrupt. This certainly needs a large power and expertise for real and error-free execution. However, it has been observed that 90% of the current keyloggers are running in userspace so they do not need any permission for execution. Our aim is focused on detecting userspace keylogger. Our intention is to forbid userspace keylogger from stealing confidential data and information. For this purpose, we use a strategy which is clearly based on detection manner techniques for userspace keyloggers, an essential category of malware packages. We intend to achieve this goal by matching I/O of all processes with some simulated activity of the user, and we assert detection in case the two are highly correlated. The rationale behind this is that the more powerful stream of keystrokes, the more I/O operations are required by the keylogger to log the keystrokes into the file.
Wakchaure, M., Sarwade, S., Siddavatam, I..  2016.  Reconnaissance of Industrial Control System by deep packet inspection. 2016 IEEE International Conference on Engineering and Technology (ICETECH). :1093–1096.

Industrial Control System (ICS) consists of large number of electronic devices connected to field devices to execute the physical processes. Communication network of ICS supports wide range of packet based applications. A growing issue with network security and its impact on ICS have highlighted some fundamental risks to critical infrastructure. To address network security issues for ICS a clear understanding of security specific defensive countermeasures is required. Reconnaissance of ICS network by deep packet inspection (DPI) consists analysis of the contents of the captured packets in order to get accurate measures of process that uses specific countermeasure to create an aggregated posture. In this paper we focus on novel approach by presenting a technique with captured network traffic. This technique is capable to identify the protocols and extract different features for classification of traffic based on network protocol, header information and payload to understand the whole architecture of complex system. Here we have segregated possible types of attacks on ICS.

Wakenshaw, S. Y. L., Maple, C., Schraefel, M. C., Gomer, R., Ghirardello, K..  2018.  Mechanisms for Meaningful Consent in Internet of Things. Living in the Internet of Things: Cybersecurity of the IoT - 2018. :1–10.

Consent is a key measure for privacy protection and needs to be `meaningful' to give people informational power. It is increasingly important that individuals are provided with real choices and are empowered to negotiate for meaningful consent. Meaningful consent is an important area for consideration in IoT systems since privacy is a significant factor impacting on adoption of IoT. Obtaining meaningful consent is becoming increasingly challenging in IoT environments. It is proposed that an ``apparency, pragmatic/semantic transparency model'' adopted for data management could make consent more meaningful, that is, visible, controllable and understandable. The model has illustrated the why and what issues regarding data management for potential meaningful consent [1]. In this paper, we focus on the `how' issue, i.e. how to implement the model in IoT systems. We discuss apparency by focusing on the interactions and data actions in the IoT system; pragmatic transparency by centring on the privacy risks, threats of data actions; and semantic transparency by focusing on the terms and language used by individuals and the experts. We believe that our discussion would elicit more research on the apparency model' in IoT for meaningful consent.

Walck, Matthew, Wang, Ke, Kim, Hyong S..  2019.  TendrilStaller: Block Delay Attack in Bitcoin. 2019 IEEE International Conference on Blockchain (Blockchain). :1—9.
We present TendrilStaller, an eclipse attack targeting at Bitcoin's peer-to-peer network. TendrilStaller enables an adversary to delay block propagation to a victim for 10 minutes. The adversary thus impedes the victim from getting the latest blockchain state. It only takes as few as one Bitcoin full node and two light weight nodes to perform the attack. The light weight nodes perform a subset of the functions of a full Bitcoin node. The attack exploits a recent block propagation protocol introduced in April 2016. The protocol prescribes a Bitcoin node to select 3 neighbors that can send new blocks unsolicited. These neighbors are selected based on their recent performance in providing blocks quickly. The adversary induces the victim to select 3 attack nodes by having attack nodes send valid blocks to the victim more quickly than other neighbors. For this purpose, the adversary deploys a handful of light weight nodes so that the adversary itself receives new blocks faster. The adversary then performs the attack to delay blocks propagated to the victim. We implement the attack on top of current default Bitcoin protocol We deploy the attack nodes in multiple locations around the globe and randomly select victim nodes. Depending on the round-trip time between the adversary and the victim, 50%-85% of the blocks could be delayed to the victim. We further show that the adoption of light weight nodes greatly increases the attack probability by 15% in average. Finally, we propose several countermeasures to mitigate this eclipse attack.
Walczyński, Maciej, Ryba, Dagmara.  2019.  Effectiveness of the acoustic fingerprint in various acoustical environments. 2019 Signal Processing: Algorithms, Architectures, Arrangements, and Applications (SPA). :137–141.
In this article analysis of the effectiveness of the acoustic algorithm of the fingerprint in the conditions of various acoustic disturbances is presented and described. The described algorithm is stable and should identify music even in the presence of acoustic disturbances. This was checked in a series of tests in four different conditions: silence, street noise, noise from the railway station, noise from inside the moving car during rain. In the case of silence, 10 measurements were taken lasting 7 seconds each. For each of the remaining conditions, 21 attempts were made to identify the work. The capture time for each of the 21 trials was 7 seconds. Every 7 attempts were changed noise volume. Subsequently, they were disruptions at a volume lower than the volume of the intercepted song, another 7 with an altitude similar to the intercepted track, and the last with a much higher volume. The effectiveness of the algorithm was calculated for two different times, and general - for the average of two results. Base of "fingerprints" consisted of 20 previously analyzed music pieces belonging to different musical genres.
Walfield, Neal H., Koch, Werner.  2016.  TOFU for OpenPGP. Proceedings of the 9th European Workshop on System Security. :2:1–2:6.

We present the design and implementation of a trust-on-first-use (TOFU) policy for OpenPGP. When an OpenPGP user verifies a signature, TOFU checks that the signer used the same key as in the past. If not, this is a strong indicator that a key is a forgery and either the message is also a forgery or an active man-in-the-middle attack (MitM) is or was underway. That is, TOFU can proactively detect new attacks if the user had previously verified a message from the signer. And, it can reactively detect an attack if the signer gets a message through. TOFU cannot, however, protect against sustained MitM attacks. Despite this weakness, TOFU's practical security is stronger than the Web of Trust (WoT), OpenPGP's current trust policy, for most users. The problem with the WoT is that it requires too much user support. TOFU is also better than the most popular alternative, an X.509-based PKI, which relies on central servers whose certification processes are often sloppy. In this paper, we outline how TOFU can be integrated into OpenPGP; we address a number of potential attacks against TOFU; and, we show how TOFU can work alongside the WoT. Our implementation demonstrates the practicality of the approach.

Walia, K. S., Shenoy, S., Cheng, Y..  2020.  An Empirical Analysis on the Usability and Security of Passwords. 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI). :1–8.
Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.
Walker, Aaron, Amjad, Muhammad Faisal, Sengupta, Shamik.  2019.  Cuckoo’s Malware Threat Scoring and Classification: Friend or Foe? 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0678–0684.
Malware threat classification involves understanding the behavior of the malicious software and how it affects a victim host system. Classifying threats allows for measured response appropriate to the risk involved. Malware incident response depends on many automated tools for the classification of threat to help identify the appropriate reaction to a threat alert. Cuckoo Sandbox is one such tool which can be used for automated analysis of malware and one method of threat classification provided is a threat score. A security analyst might submit a suspicious file to Cuckoo for analysis to determine whether or not the file contains malware or performs potentially malicious behavior on a system. Cuckoo is capable of producing a report of this behavior and ranks the severity of the observed actions as a score from one to ten, with ten being the most severe. As such, a malware sample classified as an 8 would likely take priority over a sample classified as a 3. Unfortunately, this scoring classification can be misleading due to the underlying methodology of severity classification. In this paper we demonstrate why the current methodology of threat scoring is flawed and therefore we believe it can be improved with greater emphasis on analyzing the behavior of the malware. This allows for a threat classification rating which scales with the risk involved in the malware behavior.
Walker, Aaron, Sengupta, Shamik.  2019.  Insights into Malware Detection via Behavioral Frequency Analysis Using Machine Learning. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :1–6.
The most common defenses against malware threats involves the use of signatures derived from instances of known malware. However, the constant evolution of the malware threat landscape necessitates defense against unknown malware, making a signature catalog of known threats insufficient to prevent zero-day vulnerabilities from being exploited. Recent research has applied machine learning approaches to identify malware through artifacts of malicious activity as observed through dynamic behavioral analysis. We have seen that these approaches mimic common malware defenses by simply offering a method of detecting known malware. We contribute a new method of identifying software as malicious or benign through analysis of the frequency of Windows API system function calls. We show that this is a powerful technique for malware detection because it generates learning models which understand the difference between malicious and benign software, rather than producing a malware signature classifier. We contribute a method of systematically comparing machine learning models against different datasets to determine their efficacy in accurately distinguishing the difference between malicious and benign software.
Walla, Sebastian, Rossow, Christian.  2019.  MALPITY: Automatic Identification and Exploitation of Tarpit Vulnerabilities in Malware. 2019 IEEE European Symposium on Security and Privacy (EuroS P). :590—605.
Law enforcement agencies regularly take down botnets as the ultimate defense against global malware operations. By arresting malware authors, and simultaneously infiltrating or shutting down a botnet's network infrastructures (such as C2 servers), defenders stop global threats and mitigate pending infections. In this paper, we propose malware tarpits, an orthogonal defense that does not require seizing botnet infrastructures, and at the same time can also be used to slow down malware spreading and infiltrate its monetization techniques. A tarpit is a network service that causes a client to stay busy with a network operation. Our work aims to automatically identify network operations used by malware that will block the malware either forever or for a significant amount of time. We describe how to non-intrusively exploit such tarpit vulnerabilities in malware to slow down or, ideally, even stop malware. Using dynamic malware analysis, we monitor how malware interacts with the POSIX and Winsock socket APIs. From this, we infer network operations that would have blocked when provided certain network inputs. We augment this vulnerability search with an automated generation of tarpits that exploit the identified vulnerabilities. We apply our prototype MALPITY on six popular malware families and discover 12 previously-unknown tarpit vulnerabilities, revealing that all families are susceptible to our defense. We demonstrate how to, e.g., halt Pushdo's DGA-based C2 communication, hinder SalityP2P peers from receiving commands or updates, and stop Bashlite's spreading engine.
Wallace, Jayne, Rogers, Jon, Shorter, Michael, Thomas, Pete, Skelly, Martin, Cook, Richard.  2018.  The SelfReflector: Design, IoT and the High Street. Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. :423:1–423:12.
We describe the design of SelfReflector an internet-connected mirror that uses online facial recognition to estimate your age and play music from when it thinks you were 14 years old. The mirror was created for a specific shop (SPeX PisTOls optical boutique), within a research through design project centered on the high street as a space of vital social, economic and environmental exchange that offers a myriad of psychosocial support for people beyond a place to purchase goods. We present in detail how the design emerged as our research interests developed related to IoT and how people use the high street to experiment with, and support sense of self. We discuss SelfReflector in relation to challenges for IoT, facial recognition and surveillance technologies, mirrorness and the values of a craft approach to designing technology centering on the nature of the bespoke and 'one-off'.