Visible to the public Biblio

Found 12055 results

Conference Paper
Copty, Fady, Danos, Matan, Edelstein, Orit, Eisner, Cindy, Murik, Dov, Zeltser, Benjamin.  2018.  Accurate Malware Detection by Extreme Abstraction. Proceedings of the 34th Annual Computer Security Applications Conference. :101–111.

Modern malware applies a rich arsenal of evasion techniques to render dynamic analysis ineffective. In turn, dynamic analysis tools take great pains to hide themselves from malware; typically this entails trying to be as faithful as possible to the behavior of a real run. We present a novel approach to malware analysis that turns this idea on its head, using an extreme abstraction of the operating system that intentionally strays from real behavior. The key insight is that the presence of malicious behavior is sufficient evidence of malicious intent, even if the path taken is not one that could occur during a real run of the sample. By exploring multiple paths in a system that only approximates the behavior of a real system, we can discover behavior that would often be hard to elicit otherwise. We aggregate features from multiple paths and use a funnel-like configuration of machine learning classifiers to achieve high accuracy without incurring too much of a performance penalty. We describe our system, TAMALES (The Abstract Malware Analysis LEarning System), in detail and present machine learning results using a 330K sample set showing an FPR (False Positive Rate) of 0.10% with a TPR (True Positive Rate) of 99.11%, demonstrating that extreme abstraction can be extraordinarily effective in providing data that allows a classifier to accurately detect malware.

Li, Peng, Min, Xiao-Cui.  2019.  Accurate Marking Method of Network Attacking Information Based on Big Data Analysis. 2019 International Conference on Intelligent Transportation, Big Data Smart City (ICITBS). :228—231.

In the open network environment, the network offensive information is implanted in big data environment, so it is necessary to carry out accurate location marking of network offensive information, to realize network attack detection, and to implement the process of accurate location marking of network offensive information. Combined with big data analysis method, the location of network attack nodes is realized, but when network attacks cross in series, the performance of attack information tagging is not good. An accurate marking technique for network attack information is proposed based on big data fusion tracking recognition. The adaptive learning model combined with big data is used to mark and sample the network attack information, and the feature analysis model of attack information chain is designed by extracting the association rules. This paper classifies the data types of the network attack nodes, and improves the network attack detection ability by the task scheduling method of the network attack information nodes, and realizes the accurate marking of the network attacking information. Simulation results show that the proposed algorithm can effectively improve the accuracy of marking offensive information in open network environment, the efficiency of attack detection and the ability of intrusion prevention is improved, and it has good application value in the field of network security defense.

Han, YuFei, Shen, Yun.  2016.  Accurate Spear Phishing Campaign Attribution and Early Detection. Proceedings of the 31st Annual ACM Symposium on Applied Computing. :2079–2086.

There is growing evidence that spear phishing campaigns are increasingly pervasive, sophisticated, and remain the starting points of more advanced attacks. Current campaign identification and attribution process heavily relies on manual efforts and is inefficient in gathering intelligence in a timely manner. It is ideal that we can automatically attribute spear phishing emails to known campaigns and achieve early detection of new campaigns using limited labelled emails as the seeds. In this paper, we introduce four categories of email profiling features that capture various characteristics of spear phishing emails. Building on these features, we implement and evaluate an affinity graph based semi-supervised learning model for campaign attribution and detection. We demonstrate that our system, using only 25 labelled emails, achieves 0.9 F1 score with a 0.01 false positive rate in known campaign attribution, and is able to detect previously unknown spear phishing campaigns, achieving 100% 'darkmoon', over 97% of 'samkams' and 91% of 'bisrala' campaign detection using 246 labelled emails in our experiments.

Gordon, Kiel, Davis, Matthew, Birnbaum, Zachary, Dolgikh, Andrey.  2018.  ACE: Advanced CIP Evaluator. Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy. :90-101.

Industrial control systems (ICS) are key enabling systems that drive the productivity and efficiency of omnipresent industries such as power, gas, water treatment, transportation, and manufacturing. These systems consist of interconnected components that communicate over industrial networks using industrial protocols such as the Common Industrial Protocol (CIP). CIP is one of the most commonly used network-based process control protocols, and utilizes an object-oriented communication structure for device to device interaction. Due to this object-oriented structure, CIP communication reveals detailed information about the devices, the communication patterns, and the system, providing an in-depth view of the system. The details from this in-depth system perspective can be utilized as part of a system cybersecurity or discovery approach. However, due to the variety of commands, corresponding parameters, and variable layer structure of the CIP network layer, processing this layer is a challenging task. This paper presents a tool, Advanced CIP Evaluator (ACE), which passively processes the CIP communication layer and automatically extracts device, communication, and system information from observed network traffic. ACE was tested and verified using a representative ICS power generation testbed. Since ACE operates passively, without generating any network traffic of its own, system operations are not disturbed. This novel tool provides ICS information, such as networked devices, communication patterns, and system operation, at a depth and breadth that is unique compared with other known tools.

Guo, Q., Fan, J., Li, N..  2015.  The achieve of power manager application honey-pot based on sandbox. 2015 5th International Conference on Electric Utility Deregulation and Restructuring and Power Technologies (DRPT). :2523–2527.

Honeypot is a common method of attack capture, can maximize the reduction of cyber-attacks. However, its limited application layer simulation makes it impossible to use effectively in power system. Through research on sandboxing technology, this article implements the simulated power manager applications by packaging real power manager applications, in order to expand the honeypot applied range.

Praveena, A..  2017.  Achieving data security in wireless sensor networks using ultra encryption standard version \#x2014; IV algorithm. 2017 International Conference on Innovations in Green Energy and Healthcare Technologies (IGEHT). :1–5.

Nowadays wireless networks are fast, becoming more secure than their wired counterparts. Recent technological advances in wireless networking, IC fabrication and sensor technology have lead to the emergence of millimetre scale devices that collectively form a Wireless Sensor Network (WSN) and are radically changing the way in which we sense, process and transport signals of interest. They are increasingly become viable solutions to many challenging problems and will successively be deployed in many areas in the future such as in environmental monitoring, business, and military applications. However, deploying new technology, without security in mind has often proved to be unreasonably dangerous. This also applies to WSNs, especially those used in applications that monitor sensitive information (e.g., health care applications). There have been significant contributions to overcome many weaknesses in sensor networks like coverage problems, lack in power and making best use of limited network bandwidth, however; work in sensor network security is still in its infancy stage. Security in WSNs presents several well-known challenges stemming from all kinds of resource constraints of individual sensors. The problem of securing these networks emerges more and more as a hot topic. Symmetric key cryptography is commonly seen as infeasible and public key cryptography has its own key distribution problem. In contrast to this prejudice, this paper presents a new symmetric encryption standard algorithm which is an extension of the previous work of the authors i.e. UES version-II and III. Roy et al recently developed few efficient encryption methods such as UES version-I, Modified UES-I, UES version-II, UES version-III. The algorithm is named as Ultra Encryption Standard version — IV algorithm. It is a Symmetric key Cryptosystem which includes multiple encryption, bit-wise reshuffling method and bit-wise columnar transposition method. In the present - ork the authors have performed the encryption process at the bit-level to achieve greater strength of encryption. The proposed method i.e. UES-IV can be used to encrypt short message, password or any confidential key.

Bindschaedler, Vincent, Rane, Shantanu, Brito, Alejandro E., Rao, Vanishree, Uzun, Ersin.  2017.  Achieving Differential Privacy in Secure Multiparty Data Aggregation Protocols on Star Networks. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. :115–125.

We consider the problem of privacy-preserving data aggregation in a star network topology, i.e., several untrusting participants connected to a single aggregator. We require that the participants do not discover each other's data, and the service provider remains oblivious to each participant's individual contribution. Furthermore, the final result is to be published in a differentially private manner, i.e., the result should not reveal the contribution of any single participant to a (possibly external) adversary who knows the contributions of all other participants. In other words, we require a secure multiparty computation protocol that also incorporates a differentially private mechanism. Previous solutions have resorted to caveats such as postulating a trusted dealer to distribute keys to the participants, or introducing additional entities to withhold the decryption key from the aggregator, or relaxing the star topology by allowing pairwise communication amongst the participants. In this paper, we show how to obtain a noisy (differentially private) aggregation result using Shamir secret sharing and additively homomorphic encryption without these mitigating assumptions. More importantly, while we assume semi-honest participants, we allow the aggregator to be stronger than semi-honest, specifically in the sense that he can try to reduce the noise in the differentially private result. To respect the differential privacy requirement, collusions of mutually untrusting entities need to be analyzed differently from traditional secure multiparty computation: It is not sufficient that such collusions do not reveal the data of honest participants; we must also ensure that the colluding entities cannot undermine differential privacy by reducing the amount of noise in the final result. Our protocols avoid this by requiring that no entity – neither the aggregator nor any participant – knows how much noise a participant contributes to the final result. We also ensure that if a cheating aggregator tries to influence the noise term in the differentially private output, he can be detected with overwhelming probability.

Lin, Ping-Hsien, Chang, Yu-Ming, Li, Yung-Chun, Wang, Wei-Chen, Ho, Chien-Chung, Chang, Yuan-Hao.  2018.  Achieving Fast Sanitization with Zero Live Data Copy for MLC Flash Memory. 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). :1–8.
As data security has become the major concern in modern storage systems with low-cost multi-level-cell (MLC) flash memories, it is not trivial to realize data sanitization in such a system. Even though some existing works employ the encryption or the built-in erase to achieve this requirement, they still suffer the risk of being deciphered or the issue of performance degradation. In contrast to the existing work, a fast sanitization scheme is proposed to provide the highest degree of security for data sanitization; that is, every old version of data could be immediately sanitized with zero live-data-copy overhead once the new version of data is created/written. In particular, this scheme further considers the reliability issue of MLC flash memories; the proposed scheme includes a one-shot sanitization design to minimize the disturbance during data sanitization. The feasibility and the capability of the proposed scheme were evaluated through extensive experiments based on real flash chips. The results demonstrate that this scheme can achieve the data sanitization with zero live-data-copy, where performance overhead is less than 1%.
Dong, Qiuxiang, Huang, Dijiang, Luo, Jim, Kang, Myong.  2018.  Achieving Fine-Grained Access Control with Discretionary User Revocation over Cloud Data. 2018 IEEE Conference on Communications and Network Security (CNS). :1—9.
Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.
Yu, Zuoxia, Au, Man Ho, Yang, Rupeng, Lai, Junzuo, Xu, Qiuliang.  2018.  Achieving Flexibility for ABE with Outsourcing via Proxy Re-Encryption. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. :659-672.

Outsourcing the decryption of attribute-based encryption (ABE) ciphertext is a promising way to tackle the question of how users can perform decryption efficiently. However, existing solutions require the type of the target ciphertext to be determined at the setup of the outsourcing scheme. As such, making the target cryptosystems (or the clients) to be versatile becomes an issue that warrants investigations. In this paper, the problem we wish to tackle is to transform an ABE ciphertext to any client who is using the same, or possibly different, public-key encryption (PKE) system with the sender. The problem is of practical interest since it is hard to require all clients to use the same PKE, especially in the case of remote and cross-system data sharing. In addition, we also consider whether robust client-side decryption scheme can be adopted. This feature is not supported in the existing ABE with outsourcing. We introduce cross-system proxy re-encryptions (CS-PRE), a new re-encryption paradigm in which a semi-trusted proxy converts a ciphertext of a source cryptosystem (\$\textparagraphi\_0\$) into a ciphertext for a target cryptosystem (\$\textparagraphi\$). We formalize CS-PRE and present a construction that performs well in the following aspects. (1)Versatility: \$\textparagraphi\_0\$ can be any attribute-based encryption (ABE) within Attrapadung's pair encoding framework. \$\textparagraphi\$ can be any public-key encryption. Furthermore, the keys and public parameters can be generated independently. (2) Compatibility: CS-PRE does not modify the public parameters and keys of \$\textparagraphi\_0\$ and \$\textparagraphi\$. Besides, input for the conversion is an ordinary ciphertext of \$\textparagraphi\_0\$. (3) Efficiency: The computational cost for re-encryption and decryption of the re-encrypted ciphertext are roughly the same as a decryption in \$\textparagraphi\_0\$ and \$\textparagraphi\$ respectively. We prove that our construction is fully secure assuming \$\textparagraphi\_0\$ is secure in Attrapadung's framework and \$\textparagraphi\$ is IND-CPA secure. Furthermore, it remains secure when there are multiple target cryptosystems. As with other proxy re-encryption, CS-PRE enables flexible sharing of cloud data, as the owner can instruct the cloud server to re-encrypt his ciphertext to those for the intended recipient. In addition, it allows lightweight devices to enjoy access to remote data encrypted under powerful but possibly costly encryption, such as functional encryption, by utilizing the server's power in converting the ciphertext to a simpler encryption, such as RSA. Finally, instances of CS-PRE can be viewed as new proxy re-encryption schemes, such as a PRE supporting ABE for regular language to Hierarchical IBE or Doubly Spatial Encryption to lattice-based encryptions (e.g. NTRUCCA).

Green, Benjamin, Krotofil, Marina, Hutchison, David.  2016.  Achieving ICS Resilience and Security Through Granular Data Flow Management. Proceedings of the 2Nd ACM Workshop on Cyber-Physical Systems Security and Privacy. :93–101.

Modern Industrial Control Systems (ICS) rely on enterprise to plant floor connectivity. Where the size, diversity, and therefore complexity of ICS increase, operational requirements, goals, and challenges defined by users across various sub-systems follow. Recent trends in Information Technology (IT) and Operational Technology (OT) convergence may cause operators to lose a comprehensive understanding of end-to-end data flow requirements. This presents a risk to system security and resilience. Sensors were once solely applied for operational process use, but now act as inputs supporting a diverse set of organisational requirements. If these are not fully understood, incomplete risk assessment, and inappropriate implementation of security controls could occur. In search of a solution, operators may turn to standards and guidelines. This paper reviews popular standards and guidelines, prior to the presentation of a case study and conceptual tool, highlighting the importance of data flows, critical data processing points, and system-to-user relationships. The proposed approach forms a basis for risk assessment and security control implementation, aiding the evolution of ICS security and resilience.

Malathi, V., Balamurugan, B., Eshwar, S..  2017.  Achieving Privacy and Security Using QR Code by Means of Encryption Technique in ATM. 2017 Second International Conference on Recent Trends and Challenges in Computational Models (ICRTCCM). :281–285.

Smart Card has complications with validation and transmission process. Therefore, by using peeping attack, the secret code was stolen and secret filming while entering Personal Identification Number at the ATM machine. We intend to develop an authentication system to banks that protects the asset of user's. The data of a user is to be ensured that secure and isolated from the data leakage and other attacks Therefore, we propose a system, where ATM machine will have a QR code in which the information's are encrypted corresponding to the ATM machine and a mobile application in the customer's mobile which will decrypt the encoded QR information and sends the information to the server and user's details are displayed in the ATM machine and transaction can be done. Now, the user securely enters information to transfer money without risk of peeping attack in Automated Teller Machine by just scanning the QR code at the ATM by mobile application. Here, both the encryption and decryption technique are carried out by using Triple DES Algorithm (Data Encryption Standard).

Hong Li, Limin Sun, Haojin Zhu, Xiang Lu, Xiuzhen Cheng.  2014.  Achieving privacy preservation in WiFi fingerprint-based localization. INFOCOM, 2014 Proceedings IEEE. :2337-2345.

WiFi fingerprint-based localization is regarded as one of the most promising techniques for indoor localization. The location of a to-be-localized client is estimated by mapping the measured fingerprint (WiFi signal strengths) against a database owned by the localization service provider. A common concern of this approach that has never been addressed in literature is that it may leak the client's location information or disclose the service provider's data privacy. In this paper, we first analyze the privacy issues of WiFi fingerprint-based localization and then propose a Privacy-Preserving WiFi Fingerprint Localization scheme (PriWFL) that can protect both the client's location privacy and the service provider's data privacy. To reduce the computational overhead at the client side, we also present a performance enhancement algorithm by exploiting the indoor mobility prediction. Theoretical performance analysis and experimental study are carried out to validate the effectiveness of PriWFL. Our implementation of PriWFL in a typical Android smartphone and experimental results demonstrate the practicality and efficiency of PriWFL in real-world environments.

Li, Chunhua, He, Jinbiao, Lei, Cheng, Guo, Chan, Zhou, Ke.  2018.  Achieving Privacy-Preserving CP-ABE Access Control with Multi-Cloud. 2018 IEEE Intl Conf on Parallel Distributed Processing with Applications, Ubiquitous Computing Communications, Big Data Cloud Computing, Social Computing Networking, Sustainable Computing Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom). :801—808.
Cloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user's private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.
Wang, Z., Hu, H., Zhang, C..  2017.  On achieving SDN controller diversity for improved network security using coloring algorithm. 2017 3rd IEEE International Conference on Computer and Communications (ICCC). :1270–1275.

The SDN (Software Defined Networking) paradigm rings flexibility to the network management and is an enabler to offer huge opportunities for network programmability. And, to solve the scalability issue raised by the centralized architecture of SDN, multi-controllers deployment (or distributed controllers system) is envisioned. In this paper, we focus on increasing the diversity of SDN control plane so as to enhance the network security. Our goal is to limit the ability of a malicious controller to compromise its neighboring controllers, and by extension, the rest of the controllers. We investigate a heterogeneous Susceptible-Infectious-Susceptible (SIS) epidemic model to evaluate the security performance and propose a coloring algorithm to increase the diversity based on community detection. And the simulation results demonstrate that our algorithm can reduce infection rate in control plane and our work shows that diversity must be introduced in network design for network security.

Acar, A., Celik, Z. B., Aksu, H., Uluagac, A. S., McDaniel, P..  2017.  Achieving Secure and Differentially Private Computations in Multiparty Settings. 2017 IEEE Symposium on Privacy-Aware Computing (PAC). :49–59.

Sharing and working on sensitive data in distributed settings from healthcare to finance is a major challenge due to security and privacy concerns. Secure multiparty computation (SMC) is a viable panacea for this, allowing distributed parties to make computations while the parties learn nothing about their data, but the final result. Although SMC is instrumental in such distributed settings, it does not provide any guarantees not to leak any information about individuals to adversaries. Differential privacy (DP) can be utilized to address this; however, achieving SMC with DP is not a trivial task, either. In this paper, we propose a novel Secure Multiparty Distributed Differentially Private (SM-DDP) protocol to achieve secure and private computations in a multiparty environment. Specifically, with our protocol, we simultaneously achieve SMC and DP in distributed settings focusing on linear regression on horizontally distributed data. That is, parties do not see each others’ data and further, can not infer information about individuals from the final constructed statistical model. Any statistical model function that allows independent calculation of local statistics can be computed through our protocol. The protocol implements homomorphic encryption for SMC and functional mechanism for DP to achieve the desired security and privacy guarantees. In this work, we first introduce the theoretical foundation for the SM-DDP protocol and then evaluate its efficacy and performance on two different datasets. Our results show that one can achieve individual-level privacy through the proposed protocol with distributed DP, which is independently applied by each party in a distributed fashion. Moreover, our results also show that the SM-DDP protocol incurs minimal computational overhead, is scalable, and provides security and privacy guarantees.

Liu, Qin, Pei, Shuyu, Xie, Kang, Wu, Jie, Peng, Tao, Wang, Guojun.  2018.  Achieving Secure and Effective Search Services in Cloud Computing. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1386–1391.
One critical challenge of today's cloud services is how to provide an effective search service while preserving user privacy. In this paper, we propose a wildcard-based multi-keyword fuzzy search (WMFS) scheme over the encrypted data, which tolerates keyword misspellings by exploiting the indecomposable property of primes. Compared with existing secure fuzzy search schemes, our WMFS scheme has the following merits: 1) Efficiency. It eliminates the requirement of a predefined dictionary and thus supports updates efficiently. 2) High accuracy. It eliminates the false positive and false negative introduced by specific data structures and thus allows the user to retrieve files as accurate as possible. 3) Flexibility. It gives the user great flexibility to specify different search patterns including keyword and substring matching. Extensive experiments on a real data set demonstrate the effectiveness and efficiency of our scheme.
Fang, Y., Dickerson, S. J..  2017.  Achieving Swarm Intelligence with Spiking Neural Oscillators. 2017 IEEE International Conference on Rebooting Computing (ICRC). :1–4.

Mimicking the collaborative behavior of biological swarms, such as bird flocks and ant colonies, Swarm Intelligence algorithms provide efficient solutions for various optimization problems. On the other hand, a computational model of the human brain, spiking neural networks, has been showing great promise in recognition, inference, and learning, due to recent emergence of neuromorphic hardware for high-efficient and low-power computing. Through bridging these two distinct research fields, we propose a novel computing paradigm that implements the swarm intelligence with a population of coupled spiking neural oscillators in basic leaky integrate-and-fire (LIF) model. Our model behaves as a meta-heuristic searching conducted by multiple collaborative agents. In this design, the oscillating neurons serve as agents in the swarm, search for solutions in frequency coding and communicate with each other through spikes. The firing rate of each agent is adaptive to other agents with better solutions and the optimal solution is rendered as the swarm synchronization is reached. We apply the proposed method to the parameter optimization in several test objective functions and demonstrate its effectiveness and efficiency. Our new computing paradigm expands the computational power of coupled spiking neurons in the field of solving optimization problem and brings opportunities for the connection between individual intelligence and swarm intelligence.

Gafurov, Davrondzhon, Hurum, Arne Erik, Markman, Martin.  2018.  Achieving Test Automation with Testers Without Coding Skills: An Industrial Report. Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. :749–756.
We present a process driven test automation solution which enables delegating (part of) automation tasks from test automation engineer (expensive resource) to test analyst (non-developer, less expensive). In our approach, a test automation engineer implements test steps (or actions) which are executed automatically. Such automated test steps represent user actions in the system under test and specified by a natural language which is understandable by a non-technical person. Then, a test analyst with a domain knowledge organizes automated steps combined with test input to create an automated test case. It should be emphasized that the test analyst does not need to possess programming skills to create, modify or execute automated test cases. We refine benchmark test automation architecture to be better suitable for an effective separation and sharing of responsibilities between the test automation engineer (with coding skills) and test analyst (with a domain knowledge). In addition, we propose a metric to empirically estimate cooperation between test automation engineer and test analyst's works. The proposed automation solution has been defined based on our experience in the development and maintenance of Helsenorg, the national electronic health services in Norway which has had over one million of visits per month past year, and we still use it to automate the execution of regression tests.
Liao, Xiaojing, Yuan, Kan, Wang, XiaoFeng, Li, Zhou, Xing, Luyi, Beyah, Raheem.  2016.  Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :755–766.

To adapt to the rapidly evolving landscape of cyber threats, security professionals are actively exchanging Indicators of Compromise (IOC) (e.g., malware signatures, botnet IPs) through public sources (e.g. blogs, forums, tweets, etc.). Such information, often presented in articles, posts, white papers etc., can be converted into a machine-readable OpenIOC format for automatic analysis and quick deployment to various security mechanisms like an intrusion detection system. With hundreds of thousands of sources in the wild, the IOC data are produced at a high volume and velocity today, which becomes increasingly hard to manage by humans. Efforts to automatically gather such information from unstructured text, however, is impeded by the limitations of today's Natural Language Processing (NLP) techniques, which cannot meet the high standard (in terms of accuracy and coverage) expected from the IOCs that could serve as direct input to a defense system. In this paper, we present iACE, an innovation solution for fully automated IOC extraction. Our approach is based upon the observation that the IOCs in technical articles are often described in a predictable way: being connected to a set of context terms (e.g., "download") through stable grammatical relations. Leveraging this observation, iACE is designed to automatically locate a putative IOC token (e.g., a zip file) and its context (e.g., "malware", "download") within the sentences in a technical article, and further analyze their relations through a novel application of graph mining techniques. Once the grammatical connection between the tokens is found to be in line with the way that the IOC is commonly presented, these tokens are extracted to generate an OpenIOC item that describes not only the indicator (e.g., a malicious zip file) but also its context (e.g., download from an external source). Running on 71,000 articles collected from 45 leading technical blogs, this new approach demonstrates a remarkable performance: it generated 900K OpenIOC items with a precision of 95% and a coverage over 90%, which is way beyond what the state-of-the-art NLP technique and industry IOC tool can achieve, at a speed of thousands of articles per hour. Further, by correlating the IOCs mined from the articles published over a 13-year span, our study sheds new light on the links across hundreds of seemingly unrelated attack instances, particularly their shared infrastructure resources, as well as the impacts of such open-source threat intelligence on security protection and evolution of attack strategies.

Liao, Xiaojing, Yuan, Kan, Wang, XiaoFeng, Li, Zhou, Xing, Luyi, Beyah, Raheem.  2016.  Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :755–766.

To adapt to the rapidly evolving landscape of cyber threats, security professionals are actively exchanging Indicators of Compromise (IOC) (e.g., malware signatures, botnet IPs) through public sources (e.g. blogs, forums, tweets, etc.). Such information, often presented in articles, posts, white papers etc., can be converted into a machine-readable OpenIOC format for automatic analysis and quick deployment to various security mechanisms like an intrusion detection system. With hundreds of thousands of sources in the wild, the IOC data are produced at a high volume and velocity today, which becomes increasingly hard to manage by humans. Efforts to automatically gather such information from unstructured text, however, is impeded by the limitations of today's Natural Language Processing (NLP) techniques, which cannot meet the high standard (in terms of accuracy and coverage) expected from the IOCs that could serve as direct input to a defense system. In this paper, we present iACE, an innovation solution for fully automated IOC extraction. Our approach is based upon the observation that the IOCs in technical articles are often described in a predictable way: being connected to a set of context terms (e.g., "download") through stable grammatical relations. Leveraging this observation, iACE is designed to automatically locate a putative IOC token (e.g., a zip file) and its context (e.g., "malware", "download") within the sentences in a technical article, and further analyze their relations through a novel application of graph mining techniques. Once the grammatical connection between the tokens is found to be in line with the way that the IOC is commonly presented, these tokens are extracted to generate an OpenIOC item that describes not only the indicator (e.g., a malicious zip file) but also its context (e.g., download from an external source). Running on 71,000 articles collected from 45 leading technical blogs, this new approach demonstrates a remarkable performance: it generated 900K OpenIOC items with a precision of 95% and a coverage over 90%, which is way beyond what the state-of-the-art NLP technique and industry IOC tool can achieve, at a speed of thousands of articles per hour. Further, by correlating the IOCs mined from the articles published over a 13-year span, our study sheds new light on the links across hundreds of seemingly unrelated attack instances, particularly their shared infrastructure resources, as well as the impacts of such open-source threat intelligence on security protection and evolution of attack strategies.

Burley, Diana, Bishop, Matt, Kaza, Siddharth, Gibson, David S., Hawthorne, Elizabeth, Buck, Scott.  2017.  ACM Joint Task Force on Cybersecurity Education. Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education. :683–684.
In this special session, members of the ACM Joint Task Force (JTF) on Cybersecurity Education will provide an overview of the task force mission, objectives, and release a draft of the curricular guidelines. After the overview, task force members will engage session participants in the curricular development process and solicit feedback on the draft guidelines.
Kimmich, J. M., Schlesinger, A., Tschaikner, M., Ochmann, M., Frank, S..  2018.  Acoustical Analysis of Coupled Rooms Applied to the Deutsche Oper Berlin. 2018 Joint Conference - Acoustics. :1–9.
The aim of the project SIMOPERA is to simulate and optimize the acoustics in large and complex rooms, with special focus on the Deutsche Oper Berlin as an example of application. Firstly, characteristic subspaces of the opera are considered such as the orchestra pit, the stage and the auditorium. Special attention is paid to the orchestra pit, where high sound pressure levels can occur, leading to noise related risks for the musicians. However, lowering the sound pressure level in the orchestra pit should not violate other objectives as the propagation of sound into the auditorium, the balance between the stage performers and the orchestra across the hall, and the mutual audibility between performers and orchestra members. For that reason, a hybrid simulation method consisting of the wave-based Finite Element Method (FEM) and the Boundary Element Method (BEM) for low frequencies and geometrical methods like the mirror source method and ray tracing for higher frequencies is developed in order to determine the relevant room acoustic quantities such as impulse response functions, reverberation time, clarity, center time etc. Measurements in the opera will continuously accompany the numerical calculations. Finally, selected constructive means for reducing the sound level in the orchestra pit will be analyzed.
Canfora, Gerardo, Medvet, Eric, Mercaldo, Francesco, Visaggio, Corrado Aaron.  2016.  Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection. Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics. :50–57.

Android malware is becoming very effective in evading detection techniques, and traditional malware detection techniques are demonstrating their weaknesses. Signature based detection shows at least two drawbacks: first, the detection is possible only after the malware has been identified, and the time needed to produce and distribute the signature provides attackers with window of opportunities for spreading the malware in the wild. For solving this problem, different approaches that try to characterize the malicious behavior through the invoked system and API calls emerged. Unfortunately, several evasion techniques have proven effective to evade detection based on system and API calls. In this paper, we propose an approach for capturing the malicious behavior in terms of device resource consumption (using a thorough set of features), which is much more difficult to camouflage. We describe a procedure, and the corresponding practical setting, for extracting those features with the aim of maximizing their discriminative power. Finally, we describe the promising results we obtained experimenting on more than 2000 applications, on which our approach exhibited an accuracy greater than 99%.

Settanni, G., Shovgenya, Y., Skopik, F., Graf, R., Wurzenberger, M., Fiedler, R..  2017.  Acquiring Cyber Threat Intelligence through Security Information Correlation. 2017 3rd IEEE International Conference on Cybernetics (CYBCONF). :1–7.

Cyber Physical Systems (CPS) operating in modern critical infrastructures (CIs) are increasingly being targeted by highly sophisticated cyber attacks. Threat actors have quickly learned of the value and potential impact of targeting CPS, and numerous tailored multi-stage cyber-physical attack campaigns, such as Advanced Persistent Threats (APTs), have been perpetrated in the last years. They aim at stealthily compromising systems' operations and cause severe impact on daily business operations such as shutdowns, equipment damage, reputation damage, financial loss, intellectual property theft, and health and safety risks. Protecting CIs against such threats has become as crucial as complicated. Novel distributed detection and reaction methodologies are necessary to effectively uncover these attacks, and timely mitigate their effects. Correlating large amounts of data, collected from a multitude of relevant sources, is fundamental for Security Operation Centers (SOCs) to establish cyber situational awareness, and allow to promptly adopt suitable countermeasures in case of attacks. In our previous work we introduced three methods for security information correlation. In this paper we define metrics and benchmarks to evaluate these correlation methods, we assess their accuracy, and we compare their performance. We finally demonstrate how the presented techniques, implemented within our cyber threat intelligence analysis engine called CAESAIR, can be applied to support incident handling tasks performed by SOCs.