Visible to the public Biblio

Found 145 results

Filters: First Letter Of Title is U  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T [U] V W X Y Z   [Show ALL]
U
Biagioni, E..  2014.  Ubiquitous Interpersonal Communication over Ad-hoc Networks and the Internet. System Sciences (HICSS), 2014 47th Hawaii International Conference on. :5144-5153.

The hardware and low-level software in many mobile devices are capable of mobile-to-mobile communication, including ad-hoc 802.11, Bluetooth, and cognitive radios. We have started to leverage this capability to provide interpersonal communication both over infrastructure networks (the Internet), and over ad-hoc and delay-tolerant networks composed of the mobile devices themselves. This network is decentralized in the sense that it can function without any infrastructure, but does take advantage of infrastructure connections when available. All interpersonal communication is encrypted and authenticated so packets may be carried by devices belonging to untrusted others. The decentralized model of security builds a flexible trust network on top of the social network of communicating individuals. This social network can be used to prioritize packets to or from individuals closely related by the social network. Other packets are prioritized to favor packets likely to consume fewer network resources. Each device also has a policy that determines how many packets may be forwarded, with the goal of providing useful interpersonal communications using at most 1% of any given resource on mobile devices. One challenge in a fully decentralized network is routing. Our design uses Rendezvous Points (RPs) and Distributed Hash Tables (DHTs) for delivery over infrastructure networks, and hop-limited broadcast and Delay Tolerant Networking (DTN) within the wireless ad-hoc network.

Caballero-Gil, Pino, Caballero-Gil, Cándido, Molina-Gil, Jezabel.  2018.  Ubiquitous System to Monitor Transport and Logistics. Proceedings of the 15th ACM International Symposium on Performance Evaluation of Wireless Ad Hoc, Sensor, & Ubiquitous Networks. :71–75.
In the management of transport and logistics, which includes the delivery, movement and collection of goods through roads, ports and airports, participate, in general, many different actors. The most critical aspects of supply chain systems include time, space and interdependencies. Besides, there are several security challenges that can be caused both by unintentional and intentional errors. With all this in mind, this work proposes the combination of technologies such as RFID, GPS, WiFi Direct and LTE/3G to automate product authentication and merchandise tracking, reducing the negative effects caused either by mismanagement or attacks against the process of the supply chain. In this way, this work proposes a ubiquitous management scheme for the monitoring through the cloud of freight and logistics systems, including demand management, customization and automatic replenishment of out-of-stock goods. The proposal implies an improvement in the efficiency of the systems, which can be quantified in a reduction of time and cost in the inventory and distribution processes, and in a greater facility for the detection of counterfeit versions of branded articles. In addition, it can be used to create safer and more efficient schemes that help companies and organizations to improve the quality of the service and the traceability of the transported goods.
Zhang, Lin, Zhang, Zhenfeng, Hu, Xuexian.  2016.  UC-secure Two-Server Password-Based Authentication Protocol and Its Applications. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :153–164.

A two-server password-based authentication (2PA) protocol is a special kind of authentication primitive that provides additional protection for the user's password. Through a 2PA protocol, a user can distribute his low-entropy password between two authentication servers in the initialization phase and authenticate himself merely via a matching password in the login phase. No single server can learn any information about the user's password, nor impersonate the legitimate user to authenticate to the honest server. In this paper, we first formulate and realize the security definition of two-server password-based authentication in the well-known universal composability (UC) framework, which thus provides desirable properties such as composable security. We show that our construction is suitable for the asymmetric communication model in which one server acts as the front-end server interacting directly with the user and the other stays backstage. Then, we show that our protocol could be easily extended to more complicate password-based cryptographic protocols such as two-server password-authenticated key exchange (2PAKE) and two-server password-authenticated secret sharing (2PASS), which enjoy stronger security guarantees and better efficiency performances in comparison with the existing schemes.

Alamri, N., Chow, C. E., Aljaedi, A., Elgzil, A..  2018.  UFAP: Ultra-fast handoff authentication protocol for wireless mesh networks. 2018 Wireless Days (WD). :1–8.
Wireless mesh networking (WMN) is a new technology aimed to introduce the benefits of using multi-hop and multi-path to the wireless world. However, the absence of a fast and reliable handoff protocol is a major drawback especially in a technology designed to feature high mobility and scalability. We propose a fast and efficient handoff authentication protocol for wireless mesh networks. It is a token-based authentication protocol using pre-distributed parameters. We provide a performance comparison among our protocol, UFAP, and other protocols including EAP-TLS and EAP-PEAP tested in an actual setup. Performance analysis will prove that our proposed handoff authentication protocol is 250 times faster than EAP-PEAP and 500 times faster than EAP-TLS. The significant improvement in performance allows UFAP to provide seamless handoff and continuous operation even for real-time applications which can only tolerate short delays under 50 ms.
Benjamin Andow, Akhil Acharya, Dengfeng Li, University of Illinois at Urbana-Champaign, William Enck, Kapil Singh, Tao Xie, University of Illinois at Urbana-Champaign.  2017.  UiRef: Analysis of Sensitive User Inputs in Android Applications. 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017).

Mobile applications frequently request sensitive data. While prior work has focused on analyzing sensitive-data uses originating from well-dened API calls in the system, the security and privacy implications of inputs requested via application user interfaces have been widely unexplored. In this paper, our goal is to understand the broad implications of such requests in terms of the type of sensitive data being requested by applications.

To this end, we propose UiRef (User Input REsolution Framework), an automated approach for resolving the semantics of user inputs requested by mobile applications. UiRef’s design includes a number of novel techniques for extracting and resolving user interface labels and addressing ambiguity in semantics, resulting in signicant improvements over prior work.We apply UiRef to 50,162 Android applications from Google Play and use outlier analysis to triage applications with questionable input requests. We identify concerning developer practices, including insecure exposure of account passwords and non-consensual input disclosures to third parties. These ndings demonstrate the importance of user-input semantics when protecting end users.

Rizzi, Francesco, Morris, Karla, Sargsyan, Khachik, Mycek, Paul, Safta, Cosmin, Debusschere, Bert, LeMaitre, Olivier, Knio, Omar.  2016.  ULFM-MPI Implementation of a Resilient Task-Based Partial Differential Equations Preconditioner. Proceedings of the ACM Workshop on Fault-Tolerance for HPC at Extreme Scale. :19–26.

We present a task-based domain-decomposition preconditioner for partial differential equations (PDEs) resilient to silent data corruption (SDC) and hard faults. The algorithm exploits a reformulation of the PDE as a sampling problem, followed by a regression-based solution update that is resilient to SDC. We adopt a server-client model implemented using the User Level Fault Mitigation MPI (MPI-ULFM). All state information is held by the servers, while clients only serve as computational units. The task-based nature of the algorithm and the capabilities of ULFM are complemented at the algorithm level to support missing tasks, making the application resilient to hard faults affecting the clients. Weak and strong scaling tests up to \textasciitilde115k cores show an excellent performance of the application with efficiencies above 90%, demonstrating the suitability to run at large scale. We demonstrate the resilience of the application for a 2D elliptic PDE by injecting SDC using a random single bit-flip model, and hard faults in the form of clients crashing. We show that in all cases, the application converges to the right solution. We analyze the overhead caused by the faults, and show that, for the test problem considered, the overhead incurred due to SDC is minimal compared to that from the hard faults.

Christopher Hannon, Illinois Institute of Technology, Dong Jin, Illinois Institute of Technology, Chen Chen, Argonne National Laboratory, Jianhui Wang, Argonne National Laboratory.  2017.  Ultimate Forwarding Resilience in OpenFlow Networks. ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2017).

Software defined networking is a rapidly expanding networking paradigm that aims to separate the control logic from the forwarding devices. Through centralized control, network operators are able to deploy and manage more efficient forwarding strategies. Traditionally, when the network undergoes a change through maintenance, failure, or cyber attack, the centralized controller processes these events and deploys new forwarding rules reactively. This work provides a strategy that does not require a controller in order to maintain connectivity while only using features within the existing OpenFlow protocol version 1.3 or greater. In this paper we illustrate why forwarding resiliency is desired in OpenFlow networks and provide an algorithm that computes the flow entries required to achieve maximal forwarding resiliency in presence of both multiple link and controller failures on any arbitrary network.

Hubaux, Jean-Pierre.  2016.  The Ultimate Frontier for Privacy and Security: Medicine. Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :1–1.

Personalized medicine brings the promise of better diagnoses, better treatments, a higher quality of life and increased longevity. To achieve these noble goals, it exploits a number of revolutionary technologies, including genome sequencing and DNA editing, as well as wearable devices and implantable or even edible biosensors. In parallel, the popularity of "quantified self" gadgets shows the willingness of citizens to be more proactive with respect to their own health. Yet, this evolution opens the door to all kinds of abuses, notably in terms of discrimination, blackmailing, stalking, and subversion of devices. After giving a general description of this situation, in this talk we will expound on some of the main concerns, including the temptation to permanently and remotely monitor the physical (and metabolic) activity of individuals. We will describe the potential and the limitations of techniques such as cryptography (including secure multi-party computation), trusted hardware and differential privacy. We will also discuss the notion of consent in the face of the intrinsic correlations of human data. We will argue in favor of a more systematic, principled and cross-disciplinary research effort in this field and will discuss the motives of the various stakeholders.

Imani, Mohsen, Gupta, Saransh, Rosing, Tajana.  2017.  Ultra-Efficient Processing In-Memory for Data Intensive Applications. Proceedings of the 54th Annual Design Automation Conference 2017. :6:1–6:6.

Recent years have witnessed a rapid growth in the domain of Internet of Things (IoT). This network of billions of devices generates and exchanges huge amount of data. The limited cache capacity and memory bandwidth make transferring and processing such data on traditional CPUs and GPUs highly inefficient, both in terms of energy consumption and delay. However, many IoT applications are statistical at heart and can accept a part of inaccuracy in their computation. This enables the designers to reduce complexity of processing by approximating the results for a desired accuracy. In this paper, we propose an ultra-efficient approximate processing in-memory architecture, called APIM, which exploits the analog characteristics of non-volatile memories to support addition and multiplication inside the crossbar memory, while storing the data. The proposed design eliminates the overhead involved in transferring data to processor by virtually bringing the processor inside memory. APIM dynamically configures the precision of computation for each application in order to tune the level of accuracy during runtime. Our experimental evaluation running six general OpenCL applications shows that the proposed design achieves up to 20x performance improvement and provides 480x improvement in energy-delay product, ensuring acceptable quality of service. In exact mode, it achieves 28x energy savings and 4.8x speed up compared to the state-of-the-art GPU cores.

Yazicigil, R. T., Nadeau, P., Richman, D., Juvekar, C., Vaidya, K., Chandrakasan, A. P..  2018.  Ultra-Fast Bit-Level Frequency-Hopping Transmitter for Securing Low-Power Wireless Devices. 2018 IEEE Radio Frequency Integrated Circuits Symposium (RFIC). :176-179.

Current BLE transmitters are susceptible to selective jamming due to long dwell times in a channel. To mitigate these attacks, we propose physical-layer security through an ultra-fast bit-level frequency-hopping (FH) scheme by exploiting the frequency agility of bulk acoustic wave resonators (BAW). Here we demonstrate the first integrated bit-level FH transmitter (TX) that hops at 1$μ$s period and uses data-driven random dynamic channel selection to enable secure wireless communications with additional data encryption. This system consists of a time-interleaved BAW-based TX implemented in 65nm CMOS technology with 80MHz coverage in the 2.4GHz ISM band and a measured power consumption of 10.9mW from 1.1V supply.

Shi, Yang, Wei, Wujing, He, Zongjian, Fan, Hongfei.  2016.  An Ultra-lightweight White-box Encryption Scheme for Securing Resource-constrained IoT Devices. Proceedings of the 32Nd Annual Conference on Computer Security Applications. :16–29.

Embedded devices with constrained computational resources, such as wireless sensor network nodes, electronic tag readers, roadside units in vehicular networks, and smart watches and wristbands, are widely used in the Internet of Things. Many of such devices are deployed in untrustable environments, and others may be easy to lose, leading to possible capture by adversaries. Accordingly, in the context of security research, these devices are running in the white-box attack context, where the adversary may have total visibility of the implementation of the built-in cryptosystem with full control over its execution. It is undoubtedly a significant challenge to deal with attacks from a powerful adversary in white-box attack contexts. Existing encryption algorithms for white-box attack contexts typically require large memory use, varying from one to dozens of megabytes, and thus are not suitable for resource-constrained devices. As a countermeasure in such circumstances, we propose an ultra-lightweight encryption scheme for protecting the confidentiality of data in white-box attack contexts. The encryption is executed with secret components specialized for resource-constrained devices against white-box attacks, and the encryption algorithm requires a relatively small amount of static data, ranging from 48 to 92 KB. The security and efficiency of the proposed scheme have been theoretically analyzed with positive results, and experimental evaluations have indicated that the scheme satisfies the resource constraints in terms of limited memory use and low computational cost.

Bondarenko, Olga, De Schepper, Koen, Tsang, Ing-Jyh, Briscoe, Bob, Petlund, Andreas, Griwodz, Carsten.  2016.  Ultra-low Delay for All: Live Experience, Live Analysis. Proceedings of the 7th International Conference on Multimedia Systems. :33:1–33:4.

This demo dramatically illustrates how replacing 'Classic' TCP congestion control (Reno, Cubic, etc.) with a 'Scalable' alternative like Data Centre TCP (DCTCP) keeps queuing delay ultra-low; not just for a select few light applications like voice or gaming, but even when a variety of interactive applications all heavily load the same (emulated) Internet access. DCTCP has so far been confined to data centres because it is too aggressive–-it starves Classic TCP flows. To allow DCTCP to be exploited on the public Internet, we developed DualQ Coupled Active Queue Management (AQM), which allows the two TCP types to safely co-exist. Visitors can test all these claims. As well as running Web-based apps, they can pan and zoom a panoramic video of a football stadium on a touch-screen, and experience how their personalized HD scene seems to stick to their finger, even though it is encoded on the fly on servers accessed via an emulated delay, representing 'the cloud'. A pair of VR goggles can be used at the same time, making a similar point. The demo provides a dashboard so that visitors can not only experience the interactivity of each application live, but they can also quantify it via a wide range of performance stats, updated live. It also includes controls so visitors can configure different TCP variants, AQMs, network parameters and background loads and immediately test the effect.

Kim, D., Shin, D., Shin, D..  2018.  Unauthorized Access Point Detection Using Machine Learning Algorithms for Information Protection. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1876-1878.

With the frequent use of Wi-Fi and hotspots that provide a wireless Internet environment, awareness and threats to wireless AP (Access Point) security are steadily increasing. Especially when using unauthorized APs in company, government and military facilities, there is a high possibility of being subjected to various viruses and hacking attacks. It is necessary to detect unauthorized Aps for protection of information. In this paper, we use RTT (Round Trip Time) value data set to detect authorized and unauthorized APs in wired / wireless integrated environment, analyze them using machine learning algorithms including SVM (Support Vector Machine), C4.5, KNN (K Nearest Neighbors) and MLP (Multilayer Perceptron). Overall, KNN shows the highest accuracy.

Abidin, Aysajan, Argones Rúa, Enrique, Peeters, Roel.  2017.  Uncoupling Biometrics from Templates for Secure and Privacy-Preserving Authentication. Proceedings of the 22Nd ACM on Symposium on Access Control Models and Technologies. :21–29.

Biometrics are widely used for authentication in several domains, services and applications. However, only very few systems succeed in effectively combining highly secure user authentication with an adequate privacy protection of the biometric templates, due to the difficulty associated with jointly providing good authentication performance, unlinkability and irreversibility to biometric templates. This thwarts the use of biometrics in remote authentication scenarios, despite the advantages that this kind of architectures provides. We propose a user-specific approach for decoupling the biometrics from their binary representation before using biometric protection schemes based on fuzzy extractors. This allows for more reliable, flexible, irreversible and unlinkable protected biometric templates. With the proposed biometrics decoupling procedures, biometric metadata, that does not allow to recover the original biometric template, is generated. However, different biometric metadata that are generated starting from the same biometric template remain statistically linkable, therefore we propose to additionally protect these using a second authentication factor (e.g., knowledge or possession based). We demonstrate the potential of this approach within a two-factor authentication protocol for remote biometric authentication in mobile scenarios.

Das, Aveek K., Pathak, Parth H., Chuah, Chen-Nee, Mohapatra, Prasant.  2016.  Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers. Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications. :99–104.

There has been a tremendous increase in popularity and adoption of wearable fitness trackers. These fitness trackers predominantly use Bluetooth Low Energy (BLE) for communicating and syncing the data with user's smartphone. This paper presents a measurement-driven study of possible privacy leakage from BLE communication between the fitness tracker and the smartphone. Using real BLE traffic traces collected in the wild and in controlled experiments, we show that majority of the fitness trackers use unchanged BLE address while advertising, making it feasible to track them. The BLE traffic of the fitness trackers is found to be correlated with the intensity of user's activity, making it possible for an eavesdropper to determine user's current activity (walking, sitting, idle or running) through BLE traffic analysis. Furthermore, we also demonstrate that the BLE traffic can represent user's gait which is known to be distinct from user to user. This makes it possible to identify a person (from a small group of users) based on the BLE traffic of her fitness tracker. As BLE-based wearable fitness trackers become widely adopted, our aim is to identify important privacy implications of their usage and discuss prevention strategies.

Yang, Shouguo, Shi, Zhiqiang, Zhang, Guodong, Li, Mingxuan, Ma, Yuan, Sun, Limin.  2019.  Understand Code Style: Efficient CNN-Based Compiler Optimization Recognition System. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.
Compiler optimization level recognition can be applied to vulnerability discovery and binary analysis. Due to the exists of many different compilation optimization options, the difference in the contents of the binary file is very complicated. There are thousands of compiler optimization algorithms and multiple different processor architectures, so it is very difficult to manually analyze binary files and recognize its compiler optimization level with rules. This paper first proposes a CNN-based compiler optimization level recognition model: BinEye. The system extracts semantic and structural differences and automatically recognize the compiler optimization levels. The model is designed to be very suitable for binary file processing and is easy to understand. We built a dataset containing 80028 binary files for the model training and testing. Our proposed model achieves an accuracy of over 97%. At the same time, BinEye is a fully CNN-based system and it has a faster forward calculation speed, at least 8 times faster than the normal RNN-based model. Through our analysis of the model output, we successfully found the difference in assembly codes caused by the different compiler optimization level. This means that the model we proposed is interpretable. Based on our model, we propose a method to analyze the code differences caused by different compiler optimization levels, which has great guiding significance for analyzing closed source compilers and binary security analysis.
Dao, Ha, Mazel, Johan, Fukuda, Kensuke.  2018.  Understanding Abusive Web Resources: Characteristics and Counter-measures of Malicious Web Resources and Cryptocurrency Mining. Proceedings of the Asian Internet Engineering Conference. :54–61.
Web security is a big concern in the current Internet; users may visit websites that automatically download malicious codes for leaking user's privacy information, or even mildly their web browser may help for someone's cryptomining. In this paper, we analyze abusive web resources (i.e. malicious resources and cryptomining) crawled from the Alexa Top 150,000 sites. We highlight the abusive web resources on Alexa ranking, TLD usage, website geolocation, and domain lifetime. Our results show that abusive resources are spread in the Alexa ranking, websites particularly generic Top Level Domain (TLD) and their recently registered domains. In addition, websites with malicious resources are mainly located in China while cryptomining is located in USA. We further evaluate possible counter-measures against abusive web resources. We observe that ad or privacy block lists are ineffective to block against malicious resources while coin-blocking lists are powerful enough to mitigate in-browser cryptomining. Our observations shed light on a little studied, yet important, aspect of abusive resources, and can help increase user awareness about the malicious resources and drive-by mining on web browsers.
Jim Blythe, University of Southern California, Sean Smith, Dartmouth College.  2015.  Understanding and Accounting for Human Behavior.

Since computers are machines, it's tempting to think of computer security as purely a technical problem. However, computing systems are created, used, and maintained by humans, and exist to serve the goals of human and institutional stakeholders. Consequently, effectively addressing the security problem requires understanding this human dimension.


In this tutorial, we discuss this challenge and survey principal research approaches to it.
 

Invited Tutorial, Symposium and Bootcamp on the Science of Security (HotSoS 2015), April 2015, Urbana, IL.

Feng, Huan, Shin, Kang G..  2016.  Understanding and Defending the Binder Attack Surface in Android. Proceedings of the 32Nd Annual Conference on Computer Security Applications. :398–409.
In Android, communications between apps and system services are supported by a transaction-based Inter-Process Communication (IPC) mechanism. Binder, as the cornerstone of this IPC mechanism, separates two communicating parties as client and server. As with any client-server model, the server should not make any assumption on the validity (sanity) of client-side transaction. To our surprise, we find this principle has frequently been overlooked in the implementation of Android system services. In this paper, we try to answer why developers keep making this seemingly simple mistake by studying more than 100 vulnerabilities on this attack surface. We analyzed these vulnerabilities to find that most of them are rooted at a common confusion of where the actual security boundary is among system developers. We thus highlight the deficiency of testing only on client-side public APIs and argue for the necessity of testing and protection on the Binder interface — the actual security boundary. Specifically, we design and implement BinderCracker, an automatic testing framework that supports context-aware fuzzing and actively manages the dependency between transactions. It does not require the source codes of the component under test, is compatible with services in different layers, and performs much more effectively than simple black-box fuzzing. We also call attention to the attack attribution problem for IPC-based attacks. The lack of OS-level support makes it very difficult to identify the culprit apps even for developers with adb access. We address this issue by providing an informative runtime diagnostic tool that tracks the origin, schema, content, and parsing details of each failed transaction. This brings transparency into the IPC process and provides an essential step for other in-depth analysis or forensics.
Liu, Yepang, Xu, Chang, Cheung, Shing-Chi, Terragni, Valerio.  2016.  Understanding and Detecting Wake Lock Misuses for Android Applications. Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. :396–409.

Wake locks are widely used in Android apps to protect critical computations from being disrupted by device sleeping. Inappropriate use of wake locks often seriously impacts user experience. However, little is known on how wake locks are used in real-world Android apps and the impact of their misuses. To bridge the gap, we conducted a large-scale empirical study on 44,736 commercial and 31 open-source Android apps. By automated program analysis and manual investigation, we observed (1) common program points where wake locks are acquired and released, (2) 13 types of critical computational tasks that are often protected by wake locks, and (3) eight patterns of wake lock misuses that commonly cause functional and non-functional issues, only three of which had been studied by existing work. Based on our findings, we designed a static analysis technique, Elite, to detect two most common patterns of wake lock misuses. Our experiments on real-world subjects showed that Elite is effective and can outperform two state-of-the-art techniques.

Badis, H., Doyen, G., Khatoun, R..  2014.  Understanding botclouds from a system perspective: A principal component analysis. Network Operations and Management Symposium (NOMS), 2014 IEEE. :1-9.

Cloud computing is gaining ground and becoming one of the fast growing segments of the IT industry. However, if its numerous advantages are mainly used to support a legitimate activity, it is now exploited for a use it was not meant for: malicious users leverage its power and fast provisioning to turn it into an attack support. Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use since they can be setup on demand and at very large scale without requiring a long dissemination phase nor an expensive deployment costs. For cloud service providers, preventing their infrastructure from being turned into an Attack as a Service delivery model is very challenging since it requires detecting threats at the source, in a highly dynamic and heterogeneous environment. In this paper, we present the result of an experiment campaign we performed in order to understand the operational behavior of a botcloud used for a DDoS attack. The originality of our work resides in the consideration of system metrics that, while never considered for state-of-the-art botnets detection, can be leveraged in the context of a cloud to enable a source based detection. Our study considers both attacks based on TCP-flood and UDP-storm and for each of them, we provide statistical results based on a principal component analysis, that highlight the recognizable behavior of a botcloud as compared to other legitimate workloads.

Badis, H., Doyen, G., Khatoun, R..  2014.  Understanding botclouds from a system perspective: A principal component analysis. Network Operations and Management Symposium (NOMS), 2014 IEEE. :1-9.

Cloud computing is gaining ground and becoming one of the fast growing segments of the IT industry. However, if its numerous advantages are mainly used to support a legitimate activity, it is now exploited for a use it was not meant for: malicious users leverage its power and fast provisioning to turn it into an attack support. Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use since they can be setup on demand and at very large scale without requiring a long dissemination phase nor an expensive deployment costs. For cloud service providers, preventing their infrastructure from being turned into an Attack as a Service delivery model is very challenging since it requires detecting threats at the source, in a highly dynamic and heterogeneous environment. In this paper, we present the result of an experiment campaign we performed in order to understand the operational behavior of a botcloud used for a DDoS attack. The originality of our work resides in the consideration of system metrics that, while never considered for state-of-the-art botnets detection, can be leveraged in the context of a cloud to enable a source based detection. Our study considers both attacks based on TCP-flood and UDP-storm and for each of them, we provide statistical results based on a principal component analysis, that highlight the recognizable behavior of a botcloud as compared to other legitimate workloads.

Kumar, Sumeet, Carley, Kathleen M..  2016.  Understanding DDoS cyber-attacks using social media analytics. :231–236.

Cyber-attacks are cheap, easy to conduct and often pose little risk in terms of attribution, but their impact could be lasting. The low attribution is because tracing cyber-attacks is primitive in the current network architecture. Moreover, even when attribution is known, the absence of enforcement provisions in international law makes cyber attacks tough to litigate, and hence attribution is hardly a deterrent. Rather than attributing attacks, we can re-look at cyber-attacks as societal events associated with social, political, economic and cultural (SPEC) motivations. Because it is possible to observe SPEC motives on the internet, social media data could be valuable in understanding cyber attacks. In this research, we use sentiment in Twitter posts to observe country-to-country perceptions, and Arbor Networks data to build ground truth of country-to-country DDoS cyber-attacks. Using this dataset, this research makes three important contributions: a) We evaluate the impact of heightened sentiments towards a country on the trend of cyber-attacks received by the country. We find that, for some countries, the probability of attacks increases by up to 27% while experiencing negative sentiments from other nations. b) Using cyber-attacks trend and sentiments trend, we build a decision tree model to find attacks that could be related to extreme sentiments. c) To verify our model, we describe three examples in which cyber-attacks follow increased tension between nations, as perceived in social media.

Kumar, Sumeet, Carley, Kathleen M..  2016.  Understanding DDoS cyber-attacks using social media analytics. :231–236.

Cyber-attacks are cheap, easy to conduct and often pose little risk in terms of attribution, but their impact could be lasting. The low attribution is because tracing cyber-attacks is primitive in the current network architecture. Moreover, even when attribution is known, the absence of enforcement provisions in international law makes cyber attacks tough to litigate, and hence attribution is hardly a deterrent. Rather than attributing attacks, we can re-look at cyber-attacks as societal events associated with social, political, economic and cultural (SPEC) motivations. Because it is possible to observe SPEC motives on the internet, social media data could be valuable in understanding cyber attacks. In this research, we use sentiment in Twitter posts to observe country-to-country perceptions, and Arbor Networks data to build ground truth of country-to-country DDoS cyber-attacks. Using this dataset, this research makes three important contributions: a) We evaluate the impact of heightened sentiments towards a country on the trend of cyber-attacks received by the country. We find that, for some countries, the probability of attacks increases by up to 27% while experiencing negative sentiments from other nations. b) Using cyber-attacks trend and sentiments trend, we build a decision tree model to find attacks that could be related to extreme sentiments. c) To verify our model, we describe three examples in which cyber-attacks follow increased tension between nations, as perceived in social media.

Sawant, Anand Ashok, Aniche, Maurício, van Deursen, Arie, Bacchelli, Alberto.  2018.  Understanding Developers' Needs on Deprecation As a Language Feature. Proceedings of the 40th International Conference on Software Engineering. :561-571.

Deprecation is a language feature that allows API producers to mark a feature as obsolete. We aim to gain a deep understanding of the needs of API producers and consumers alike regarding deprecation. To that end, we investigate why API producers deprecate features, whether they remove deprecated features, how they expect consumers to react, and what prompts an API consumer to react to deprecation. To achieve this goal we conduct semi-structured interviews with 17 third-party Java API producers and survey 170 Java developers. We observe that the current deprecation mechanism in Java and the proposal to enhance it does not address all the needs of a developer. This leads us to propose and evaluate three further enhancements to the deprecation mechanism.