Visible to the public Biblio

Filters: Keyword is expert systems  [Clear All Filters]
2020-10-12
Ifedayo, Oladeji R., Zamora, Ramon, Lie T., Tek.  2019.  Modelling an Adaptable Multi-Objective Fuzzy Expert System Based Transmission Network Transfer Capacity Enhancement. 2019 Australian New Zealand Control Conference (ANZCC). :237–242.

The need to enhance the performance of existing transmission network in line with economic and technical constraints is crucial in a competitive market environment. This paper models the total transfer capacity (TTC) improvement using optimally placed thyristor-controlled series capacitors (TCSC). The system states were evaluated using distributed slack bus (DSB) and continuous power flow (CPF) techniques. Adaptable logic relations was modelled based on security margin (SM), steady state and transient condition collapse voltages (Uss, Uts) and the steady state line power loss (Plss), through which line suitability index (LSI) were obtained. The fuzzy expert system (FES) membership functions (MF) with respective degrees of memberships are defined to obtain the best states. The LSI MF is defined high between 0.2-0.8 to provide enough protection under transient disturbances. The test results on IEEE 30 bus system show that the model is feasible for TTC enhancement under steady state and N-1 conditions.

Rudd-Orthner, Richard N M, Mihaylova, Lyudmilla.  2019.  An Algebraic Expert System with Neural Network Concepts for Cyber, Big Data and Data Migration. 2019 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT). :1–6.

This paper describes a machine assistance approach to grading decisions for values that might be missing or need validation, using a mathematical algebraic form of an Expert System, instead of the traditional textual or logic forms and builds a neural network computational graph structure. This Experts System approach is also structured into a neural network like format of: input, hidden and output layers that provide a structured approach to the knowledge-base organization, this provides a useful abstraction for reuse for data migration applications in big data, Cyber and relational databases. The approach is further enhanced with a Bayesian probability tree approach to grade the confidences of value probabilities, instead of the traditional grading of the rule probabilities, and estimates the most probable value in light of all evidence presented. This is ground work for a Machine Learning (ML) experts system approach in a form that is closer to a Neural Network node structure.

Jharko, Elena, Promyslov, Vitaly, Iskhakov, Andrey.  2019.  Extending Functionality of Early Fault Diagnostic System for Online Security Assessment of Nuclear Power Plant. 2019 International Russian Automation Conference (RusAutoCon). :1–6.

The new instrumentation and control (I&C) systems of the nuclear power plants (NPPs) improve the ability to operate the plant enhance the safety and performance of the NPP. However, they bring a new type of threat to the NPP's industry-cyber threat. The early fault diagnostic system (EDS) is one of the decision support systems that might be used online during the operation stage. The EDS aim is to prevent the incident/accident evolution by a timely troubleshooting process during any plant operational modes. It means that any significative deviation of plant parameters from normal values is pointed-out to plant operators well before reaching any undesired threshold potentially leading to a prohibited plant state, together with the cause that has generated the deviation. The paper lists the key benefits using the EDS to counter the cyber threat and proposes the framework for cybersecurity assessment using EDS during the operational stage.

Khosravi, Morteza, Fereidunian, Alireza.  2019.  Enhancing Smart Grid Cyber-Security Using A Fuzzy Adaptive Autonomy Expert System. 2019 Smart Grid Conference (SGC). :1–6.

Smart Grid cyber-security sounds to be a critical issue, because of widespread development of information technology. To achieve secure and reliable operation, the complexity of human automation interaction (HAI) necessitates more sophisticated and intelligent methodologies. In this paper, an adaptive autonomy fuzzy expert system is developed using gradient descent algorithm to determine the Level of Automation (LOA), based on the changing of Performance Shaping Factors (PSF). These PSFs indicate the effects of environmental conditions on the performance of HAI. The major advantage of this method is that the fuzzy rule or membership function can be learnt without changing the form of the fuzzy rule in conventional fuzzy control. Because of data shortage, Leave-One-Out Cross-Validation (LOOCV) technique is applied for assessing how the results of proposed system generalizes to the new contingency situations. The expert system database is extracted from superior experts' judgments. In order to regard the importance of each PSF, weighted rules are also considered. In addition, some new environmental conditions are introduced that has not been seen before. Nine scenarios are discussed to reveal the performance of the proposed system. Results confirm that the presented fuzzy expert system can effectively calculates the proper LOA even in the new contingency situations.

Luma, Artan, Abazi, Blerton, Aliu, Azir.  2019.  An approach to Privacy on Recommended Systems. 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). :1–5.
Recommended systems are very popular nowadays. They are used online to help a user get the desired product quickly. Recommended Systems are found on almost every website, especially big companies such as Facebook, eBay, Amazon, NetFlix, and others. In specific cases, these systems help the user find a book, movie, article, product of his or her preference, and are also used on social networks to meet friends who share similar interests in different fields. These companies use referral systems because they bring amazing benefits in a very fast time. To generate more accurate recommendations, recommended systems are based on the user's personal information, eg: different ratings, history observation, personal profiles, etc. Use of these systems is very necessary but the way this information is received, and the privacy of this information is almost constantly ignored. Many users are unaware of how their information is received and how it is used. This paper will discuss how recommended systems work in different online companies and how safe they are to use without compromising their privacy. Given the widespread use of these systems, an important issue has arisen regarding user privacy and security. Collecting personal information from recommended systems increases the risk of unwanted exposure to that information. As a result of this paper, the reader will be aware of the functioning of Recommended systems, the way they receive and use their information, and will also discuss privacy protection techniques against Recommended systems.
2020-03-09
Hettiarachchi, Charitha, Do, Hyunsook.  2019.  A Systematic Requirements and Risks-Based Test Case Prioritization Using a Fuzzy Expert System. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security (QRS). :374–385.

The use of risk information can help software engineers identify software components that are likely vulnerable or require extra attention when testing. Some studies have shown that the requirements risk-based approaches can be effective in improving the effectiveness of regression testing techniques. However, the risk estimation processes used in such approaches can be subjective, time-consuming, and costly. In this research, we introduce a fuzzy expert system that emulates human thinking to address the subjectivity related issues in the risk estimation process in a systematic and an efficient way and thus further improve the effectiveness of test case prioritization. Further, the required data for our approach was gathered by employing a semi-automated process that made the risk estimation process less subjective. The empirical results indicate that the new prioritization approach can improve the rate of fault detection over several existing test case prioritization techniques, while reducing threats to subjective risk estimation.

2020-01-02
Siser, Anton, Maris, Ladislav, Rehák, David, Pellowski, Witalis.  2018.  The Use of Expert Judgement as the Method to Obtain Delay Time Values of Passive Barriers in the Context of the Physical Protection System. 2018 International Carnahan Conference on Security Technology (ICCST). :1–5.

Due to its costly and time-consuming nature and a wide range of passive barrier elements and tools for their breaching, testing the delay time of passive barriers is only possible as an experimental tool to verify expert judgements of said delay times. The article focuses on the possibility of creating and utilizing a new method of acquiring values of delay time for various passive barrier elements using expert judgements which could add to the creation of charts where interactions between the used elements of mechanical barriers and the potential tools for their bypassing would be assigned a temporal value. The article consists of basic description of methods of expert judgements previously applied for making prognoses of socio-economic development and in other societal areas, which are called soft system. In terms of the problem of delay time, this method needed to be modified in such a way that the prospective output would be expressible by a specific quantitative value. To achieve this goal, each stage of the expert judgements was adjusted to the use of suitable scientific methods to select appropriate experts and then to achieve and process the expert data. High emphasis was placed on evaluation of quality and reliability of the expert judgements, which takes into account the specifics of expert selection such as their low numbers, specialization and practical experience.

Alam, Md Jamshed, Kamrul, MD. Imtiaz, Zia Ur Rashid, S. M., Rashid, Syed Zahidur.  2018.  An Expert System Based on Belief Rule to Assess Bank Surveillance Security. 2018 International Conference on Innovations in Science, Engineering and Technology (ICISET). :451–454.
Surveillance is the monitoring of the behavior, activities or other changing information whereas security means the state of being protected from harmful activities. Nowadays proper surveillance security is considered as a challenging issue in the world and security has become a major concern from real life to virtual life. Tech-giants are implementing new solutions & techniques for better security assessment. This paper illustrates the design and implementation of a Belief Rule Based Expert System (BRBES) to overcome the uncertainty problems during bank security assessment. The proposed expert system has been developed based on generic Belief Rule Based (BRB) inference methodology using Evidential Reasoning algorithm (RIMER). Real-time security data has been taken from several banks of Bangladesh in conjunction with the expert's opinion to construct the knowledge base. This expert system provides more reliable and effective result under uncertainties which is better than any other traditional expert's prediction. Real life case studies were used for the validation of this system. Also, the outcome is compared with the real-life security system. Furthermore, the architectural design, implementation and utilization of an expert system to assess bank security under uncertainty are also discussed in this paper.
Shabanov, Boris, Sotnikov, Alexander, Palyukh, Boris, Vetrov, Alexander, Alexandrova, Darya.  2019.  Expert System for Managing Policy of Technological Security in Uncertainty Conditions: Architectural, Algorithmic, and Computing Aspects. 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :1716–1721.

The paper discusses the architectural, algorithmic and computing aspects of creating and operating a class of expert system for managing technological safety of an enterprise, in conditions of a large flow of diagnostic variables. The algorithm for finding a faulty technological chain uses expert information, formed as a set of evidence on the influence of diagnostic variables on the correctness of the technological process. Using the Dempster-Schafer trust function allows determining the overall probability measure on subsets of faulty process chains. To combine different evidence, the orthogonal sums of the base probabilities determined for each evidence are calculated. The procedure described above is converted into the rules of the knowledge base production. The description of the developed prototype of the expert system, its architecture, algorithmic and software is given. The functionality of the expert system and configuration tools for a specific type of production are under discussion.

Yu, Jianguo, Tian, Pei, Feng, Haonan, Xiao, Yan.  2018.  Research and Design of Subway BAS Intrusion Detection Expert System. 2018 IEEE 3rd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). :152–156.
The information security of urban rail transit system faces great challenges. As a subsystem of the subway, BAS is short for Building Automation System, which is used to monitor and manage subway equipment and environment, also facing the same problem. Based on the characteristics of BAS, this paper designed a targeted intrusion detection expert system. This paper focuses on the design of knowledge base and the inference engine of intrusion detection system based on expert system. This study laid the foundation for the research on information security of the entire rail transit system.
Talasila, Prasad, Kakrambe, Mihir, Rai, Anurag, Santy, Sebastin, Goveas, Neena, Deshpande, Bharat M..  2018.  BITS Darshini: A Modular, Concurrent Protocol Analyzer Workbench. Proceedings of the 19th International Conference on Distributed Computing and Networking. :54:1–54:10.
Network measurements are essential for troubleshooting and active management of networks. Protocol analysis of captured network packet traffic is an important passive network measurement technique used by researchers and network operations engineers. In this work, we present a measurement workbench tool named BITS Darshini (Darshini in short) to enable scientific network measurements. We have created Darshini as a modular, concurrent web application that stores experimental meta-data and allows users to specify protocol parse graphs. Darshini performs protocol analysis on a concurrent pipeline architecture, persists the analysis to a database and provides the analysis results via a REST API service. We formulate the problem of mapping protocol parse graph to a concurrent pipeline as a graph embedding problem. Our tool, Darshini, performs protocol analysis up to transport layer and is suitable for the study of small and medium-sized networks. Darshini enables secure collaboration and consultations with experts.
Jung, Byungho, Kim, Taeguen, Im, Eul Gyu.  2018.  Malware Classification Using Byte Sequence Information. Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems. :143–148.

The number of new malware and new malware variants have been increasing continuously. Security experts analyze malware to capture the malicious properties of malware and to generate signatures or detection rules, but the analysis overheads keep increasing with the increasing number of malware. To analyze a large amount of malware, various kinds of automatic analysis methods are in need. Recently, deep learning techniques such as convolutional neural network (CNN) and recurrent neural network (RNN) have been applied for malware classifications. The features used in the previous approches are mostly based on API (Application Programming Interface) information, and the API invocation information can be obtained through dynamic analysis. However, the invocation information may not reflect malicious behaviors of malware because malware developers use various analysis avoidance techniques. Therefore, deep learning-based malware analysis using other features still need to be developed to improve malware analysis performance. In this paper, we propose a malware classification method using the deep learning algorithm based on byte information. Our proposed method uses images generated from malware byte information that can reflect malware behavioral context, and the convolutional neural network-based sentence analysis is used to process the generated images. We performed several experiments to show the effecitveness of our proposed method, and the experimental results show that our method showed higher accuracy than the naive CNN model, and the detection accuracy was about 99%.

Aslan, Ça\u grı B., Sa\u glam, Rahime Belen, Li, Shujun.  2018.  Automatic Detection of Cyber Security Related Accounts on Online Social Networks: Twitter As an Example. Proceedings of the 9th International Conference on Social Media and Society. :236–240.
Recent studies have revealed that cyber criminals tend to exchange knowledge about cyber attacks in online social networks (OSNs). Cyber security experts are another set of information providers on OSNs who frequently share information about cyber security incidents and their personal opinions and analyses. Therefore, in order to improve our knowledge about evolving cyber attacks and the underlying human behavior for different purposes (e.g., crime investigation, understanding career development of cyber criminals and cyber security professionals, detection of impeding cyber attacks), it will be very useful to detect cyber security related accounts on OSNs automatically, and monitor their activities. This paper reports our preliminarywork on automatic detection of cyber security related accounts on OSNs using Twitter as an example. Three machine learning based classification algorithms were applied and compared: decision trees, random forests, and SVM (support vector machines). Experimental results showed that both decision trees and random forests had performed well with an overall accuracy over 95%, and when random forests were used with behavioral features the accuracy had reached as high as 97.877%.
Trotter, Ludwig, Prange, Sarah, Khamis, Mohamed, Davies, Nigel, Alt, Florian.  2018.  Design Considerations for Secure and Usable Authentication on Situated Displays. Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia. :483–490.
Users often need to authenticate at situated displays in order to, for example, make purchases, access sensitive information, or confirm an identity. However, the exposure of interactions in public spaces introduces a large attack surface (e.g., observation, smudge or thermal attacks). A plethora of authentication models and input modalities that aim at disguising users' input has been presented in the past. However, a comprehensive analysis on the requirements for secure and usable authentication on public displays is still missing. This work presents 13 design considerations suitable to inform practitioners and researchers during the development process of authentication systems for situated displays in public spaces. It draws on a comprehensive analysis of prior literature and subsequent discussion with five experts in the fields of pervasive displays, human-computer-interaction and usable security.
Ur, Blase.  2018.  SIGCHI Outstanding Dissertation Award – Supporting Password Decisions with Data. Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems. :Award1:1–Award1:3.
Abstract Despite decades of research into developing abstract security advice and improving interfaces, users still struggle to make passwords. Users frequently create passwords that are predictable for attackers [1, 9] or make other decisions (e.g., reusing the same password across accounts) that harm their security [2, 8]. In this thesis,1 I use data-driven methods to better understand how users choose passwords and how attackers guess passwords. I then combine these insights into a better password-strength meter that provides real-time, data-driven feedback about the user's password. I first quantify the impact on password security and usability of showing users different password-strength meters that score passwords using basic heuristics. I find in a 2,931- participant online study that meters that score passwords stringently and present their strength estimates visually lead users to create stronger passwords without significantly impacting password memorability [6]. Second, to better understand how attackers guess passwords, I perform comprehensive experiments on password-cracking approaches. I find that simply running these approaches in their default configuration is insufficient, but considering multiple well-configured approaches in parallel can serve as a proxy for guessing by an expert in password forensics [9]. The third and fourth sections of this thesis delve further into how users choose passwords. Through a series of analyses, I pinpoint ways in which users structure semantically significant content in their passwords [7]. I also examine the relationship between users' perceptions of password security and passwords' actual security, finding that while users often correctly judge the security impact of individual password characteristics, wide variance in their understanding of attackers may lead users to judge predictable passwords as sufficiently strong [5]. Finally, I integrate these insights into an open-source2 password-strength meter that gives users data-driven feedback about their specific password. This meter uses neural networks [3] and numerous carefully combined heuristics to score passwords and generate data-driven text feedback about a given password. I evaluate this meter through a ten-participant laboratory study and 4,509-participant online study [4]. Under the more common password-composition policy we tested, we find that the data-driven meter with detailed feedback leads users to create more secure, and no less memorable, passwords than a meter with only a bar as a strength indicator. In sum, the objective of this thesis is to demonstrate how integrating data-driven insights about how users create and how attackers guess passwords into a tool that presents real-time feedback can help users make better passwords.
Wolf, Flynn, Kuber, Ravi, Aviv, Adam J..  2018.  How Do We Talk Ourselves Into These Things? Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems. :LBW502:1–LBW502:6.

Biometric authentication offers promise for mobile security, but its adoption can be controversial, both from a usability and security perspective. We describe a preliminary study, comparing recollections of biometric adoption by computer security experts and non-experts collected in semi-structured interviews. Initial decisions and thought processes around biometric adoption were recalled, as well as changes in those views over time. These findings should serve to better inform security education across differing levels of technical experience. Preliminary findings indicate that both user groups were influenced by similar sources of information; however, expert users differed in having more professional requirements affecting choices (e.g., BYOD). Furthermore, experts often added biometric authentication methods opportunistically during device updates, despite describing higher security concern and caution. Non-experts struggled with the setting up fingerprint biometrics, leading to poor adoption. Further interviews are still being conducted.

Gallagher, Kevin, Patil, Sameer, Dolan-Gavitt, Brendan, McCoy, Damon, Memon, Nasir.  2018.  Peeling the Onion's User Experience Layer: Examining Naturalistic Use of the Tor Browser. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1290–1305.

The strength of an anonymity system depends on the number of users. Therefore, User eXperience (UX) and usability of these systems is of critical importance for boosting adoption and use. To this end, we carried out a study with 19 non-expert participants to investigate how users experience routine Web browsing via the Tor Browser, focusing particularly on encountered problems and frustrations. Using a mixed-methods quantitative and qualitative approach to study one week of naturalistic use of the Tor Browser, we uncovered a variety of UX issues, such as broken Web sites, latency, lack of common browsing conveniences, differential treatment of Tor traffic, incorrect geolocation, operational opacity, etc. We applied this insight to suggest a number of UX improvements that could mitigate the issues and reduce user frustration when using the Tor Browser.

Hagan, Matthew, Kang, BooJoong, McLaughlin, Kieran, Sezer, Sakir.  2018.  Peer Based Tracking Using Multi-Tuple Indexing for Network Traffic Analysis and Malware Detection. 2018 16th Annual Conference on Privacy, Security and Trust (PST). :1–5.

Traditional firewalls, Intrusion Detection Systems(IDS) and network analytics tools extensively use the `flow' connection concept, consisting of five `tuples' of source and destination IP, ports and protocol type, for classification and management of network activities. By analysing flows, information can be obtained from TCP/IP fields and packet content to give an understanding of what is being transferred within a single connection. As networks have evolved to incorporate more connections and greater bandwidth, particularly from ``always on'' IoT devices and video and data streaming, so too have malicious network threats, whose communication methods have increased in sophistication. As a result, the concept of the 5 tuple flow in isolation is unable to detect such threats and malicious behaviours. This is due to factors such as the length of time and data required to understand the network traffic behaviour, which cannot be accomplished by observing a single connection. To alleviate this issue, this paper proposes the use of additional, two tuple and single tuple flow types to associate multiple 5 tuple communications, with generated metadata used to profile individual connnection behaviour. This proposed approach enables advanced linking of different connections and behaviours, developing a clearer picture as to what network activities have been taking place over a prolonged period of time. To demonstrate the capability of this approach, an expert system rule set has been developed to detect the presence of a multi-peered ZeuS botnet, which communicates by making multiple connections with multiple hosts, thus undetectable to standard IDS systems observing 5 tuple flow types in isolation. Finally, as the solution is rule based, this implementation operates in realtime and does not require post-processing and analytics of other research solutions. This paper aims to demonstrate possible applications for next generation firewalls and methods to acquire additional information from network traffic.

Mar\'ın, Gonzalo, Casas, Pedro, Capdehourat, Germán.  2019.  Deep in the Dark - Deep Learning-Based Malware Traffic Detection Without Expert Knowledge. 2019 IEEE Security and Privacy Workshops (SPW). :36–42.

With the ever-growing occurrence of networking attacks, robust network security systems are essential to prevent and mitigate their harming effects. In recent years, machine learning-based systems have gain popularity for network security applications, usually considering the application of shallow models, where a set of expert handcrafted features are needed to pre-process the data before training. The main problem with this approach is that handcrafted features can fail to perform well given different kinds of scenarios and problems. Deep Learning models can solve this kind of issues using their ability to learn feature representations from input raw or basic, non-processed data. In this paper we explore the power of deep learning models on the specific problem of detection and classification of malware network traffic, using different representations for the input data. As a major advantage as compared to the state of the art, we consider raw measurements coming directly from the stream of monitored bytes as the input to the proposed models, and evaluate different raw-traffic feature representations, including packet and flow-level ones. Our results suggest that deep learning models can better capture the underlying statistics of malicious traffic as compared to classical, shallow-like models, even while operating in the dark, i.e., without any sort of expert handcrafted inputs.

Harris, Albert, Snader, Robin, Kravets, Robin.  2018.  Aggio: A Coupon Safe for Privacy-Preserving Smart Retail Environments. 2018 IEEE/ACM Symposium on Edge Computing (SEC). :174–186.

Researchers and industry experts are looking at how to improve a shopper's experience and a store's revenue by leveraging and integrating technologies at the edges of the network, such as Internet-of-Things (IoT) devices, cloud-based systems, and mobile applications. The integration of IoT technology can now be used to improve purchasing incentives through the use of electronic coupons. Research has shown that targeted electronic coupons are the most effective and coupons presented to the shopper when they are near the products capture the most shoppers' dollars. Although it is easy to imagine coupons being broadcast to a shopper's mobile device over a low-power wireless channel, such a solution must be able to advertise many products, target many individual shoppers, and at the same time, provide shoppers with their desired level of privacy. To support this type of IoT-enabled shopping experience, we have designed Aggio, an electronic coupon distribution system that enables the distribution of localized, targeted coupons while supporting user privacy and security. Aggio uses cryptographic mechanisms to not only provide security but also to manage shopper groups e.g., bronze, silver, and gold reward programs) and minimize resource usage, including bandwidth and energy. The novel use of cryptographic management of coupons and groups allows Aggio to reduce bandwidth use, as well as reduce the computing and energy resources needed to process incoming coupons. Through the use of local coupon storage on the shopper's mobile device, the shopper does not need to query the cloud and so does not need to expose all of the details of their shopping decisions. Finally, the use of privacy preserving communication between the shopper's mobile device and the CouponHubs that are distributed throughout the retail environment allows the shopper to expose their location to the store without divulging their location to all other shoppers present in the store.

Muszynska, Maria, Michels, Denise, von Zezschwitz, Emanuel.  2018.  Not On My Phone: Exploring Users' Conception of Related Permissions. Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems. :LBW508:1–LBW508:6.

Many smartphone security mechanisms prompt users to decide on sensitive resource requests. This approach fails if corresponding implications are not understood. Prior work identified ineffective user interfaces as a cause for insufficient comprehension and proposed augmented dialogs. We hypothesize that, prior to interface-design, efficient security dialogs require an underlying permission model based on user demands. We believe, that only an implementation which corresponds to users\guillemotright mental models, in terms of the handling, granularity and grouping of permission requests, allows for informed decisions. In this work, we propose a study design which leverages materialization for the extraction of the mental models. We present preliminary results of three Focus Groups. The findings indicate that the materialization provided sufficient support for non-experts to understand and discuss this complex topic. In addition to this, the results indicate that current permission approaches do not match users\guillemotright demands for information and control.

2019-12-09
Khokhlov, Igor, Jain, Chinmay, Miller-Jacobson, Ben, Heyman, Andrew, Reznik, Leonid, Jacques, Robert St..  2018.  MeetCI: A Computational Intelligence Software Design Automation Framework. 2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1-8.

Computational Intelligence (CI) algorithms/techniques are packaged in a variety of disparate frameworks/applications that all vary with respect to specific supported functionality and implementation decisions that drastically change performance. Developers looking to employ different CI techniques are faced with a series of trade-offs in selecting the appropriate library/framework. These include resource consumption, features, portability, interface complexity, ease of parallelization, etc. Considerations such as language compatibility and familiarity with a particular library make the choice of libraries even more difficult. The paper introduces MeetCI, an open source software framework for computational intelligence software design automation that facilitates the application design decisions and their software implementation process. MeetCI abstracts away specific framework details of CI techniques designed within a variety of libraries. This allows CI users to benefit from a variety of current frameworks without investigating the nuances of each library/framework. Using an XML file, developed in accordance with the specifications, the user can design a CI application generically, and utilize various CI software without having to redesign their entire technology stack. Switching between libraries in MeetCI is trivial and accessing the right library to satisfy a user's goals can be done easily and effectively. The paper discusses the framework's use in design of various applications. The design process is illustrated with four different examples from expert systems and machine learning domains, including the development of an expert system for security evaluation, two classification problems and a prediction problem with recurrent neural networks.

2019-07-01
Napoli, Daniela.  2018.  Developing Accessible and Usable Security (ACCUS) Heuristics. Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems. :SRC16:1-SRC16:6.

Currently, usable security and web accessibility design principles exist separately. Although literature at the intersect of accessibility and security is developing, it is limited in its understanding of how users with vision loss operate the web securely. In this paper, we propose heuristics that fuse the nuances of both fields. With these heuristics, we evaluate 10 websites and uncover several issues that can impede users' ability to abide by common security advice.

2019-06-17
Frey, Sylvain, Rashid, Awais, Anthonysamy, Pauline, Pinto-Albuquerque, Maria, Naqvi, Syed Asad.  2018.  The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game. Proceedings of the 40th International Conference on Software Engineering. :496-496.

Motivation: The security of any system is a direct consequence of stakeholders' decisions regarding security requirements. Such decisions are taken with varying degrees of expertise, and little is currently understood about how various demographics - security experts, general computer scientists, managers - approach security decisions and the strategies that underpin those decisions. What are the typical decision patterns, the consequences of such patterns and their impact on the security of the system in question? Nor is there any substantial understanding of how the strategies and decision patterns of these different groups contrast. Is security expertise necessarily an advantage when making security decisions in a given context? Answers to these questions are key to understanding the "how" and "why" behind security decision processes. The Game: In this talk1, we present a tabletop game: Decisions and Disruptions (D-D)2 that tasks a group of players with managing the security of a small utility company while facing a variety of threats. The game is kept short - 2 hours - and simple enough to be played without prior training. A cyber-physical infrastructure, depicted through a Lego\textregistered board, makes the game easy to understand and accessible to players from varying backgrounds and security expertise, without being too trivial a setting for security experts. Key insights: We played D-D with 43 players divided into homogeneous groups: 4 groups of security experts, 4 groups of nontechnical managers and 4 groups of general computer scientists. • Strategies: Security experts had a strong interest in advanced technological solutions and tended to neglect intelligence gathering, to their own detriment. Managers, too, were technology-driven and focused on data protection while neglecting human factors more than other groups. Computer scientists tended to balance human factors and intelligence gathering with technical solutions, and achieved the best results of the three demographics. • Decision Processes: Technical experience significantly changes the way players think. Teams with little technical experience had shallow, intuition-driven discussions with few concrete arguments. Technical teams, and the most experienced in particular, had much richer debates, driven by concrete scenarios, anecdotes from experience, and procedural thinking. Security experts showed a high confidence in their decisions - despite some of them having bad consequences - while the other groups tended to doubt their own skills - even when they were playing good games. • Patterns: A number of characteristic plays were identified, some good (balance between priorities, open-mindedness, and adapting strategies based on inputs that challenge one's pre-conceptions), some bad (excessive focus on particular issues, confidence in charismatic leaders), some ugly ("tunnel vision" syndrome by over-confident players). These patterns are documented in the full paper - showing the virtue of the positive ones, discouraging the negative ones, and inviting the readers to do their own introspection. Conclusion: Beyond the analysis of the security decisions of the three demographics, there is a definite educational and awareness-raising aspect to D-D (as noted consistently by players in all our subject groups). Game boxes will be brought to the conference for demonstration purposes, and the audience will be invited to experiment with D-D themselves, make their own decisions, and reflect on their own perception of security.

2019-03-25
Le, Van-Khoa, Beauseroy, Pierre, Grall-Maes, Edith.  2018.  Abnormal Trajectory Detection for Security Infrastructure. Proceedings of the 2Nd International Conference on Digital Signal Processing. :1–5.

In this work, an approach for the automatic analysis of people trajectories is presented, using a multi-camera and card reader system. Data is first extracted from surveillance cameras and card readers to create trajectories which are sequences of paths and activities. A distance model is proposed to compare sequences and calculate similarities. The popular unsupervised model One-Class Support Vector Machine (One-Class SVM) is used to train a detector. The proposed method classifies trajectories as normal or abnormal and can be used in two modes: off-line and real-time. Experiments are based on data simulation corresponding to an attack scenario proposed by a security expert. Results show that the proposed method successfully detects the abnormal sequences in the scenario with very low false alarm rate.