Presentation

file

Visible to the public A Formal Security Analysis of Zigbee

The rapid increase in the number of IoT devices in recent years indi-cates how much financial investment and efforts the tech-industries and the device manufacturers have put in. Unfortunately, this ag-gressive competition can give rise to poor quality IoT devices that are prone to adversarial attacks. To make matter worse, these at-tacks can compromise not only security but also safety, since an IoT device can directly operate on the physical world. Many recently reported attacks are due to the insecurity present in the underlying communication protocol stacks, and ZigBee is one of them.

file

Visible to the public WOLF: Automated Machine Learning Workflow Management Framework for Malware Detection and Other Applications

Applying machine learning techniques to solve real-world prob-lems is a highly iterative process. The process from idea to code and then to experiment may require up to thousands of iterations to find the optimum set of hyper-parameters. Also, it is hard to find best machine learning techniques for a given dataset. The WOLF framework has been designed to simultaneously automate the pro-cess of selecting the best algorithm and searching for the optimum hyper-parameters.

file

Visible to the public Neutralizing Manipulation of Critical Data by Enforcing Data-Instruction Dependency

In this paper, we propose a new approach to neutralize attacks that tamper with critical program data. Our technique uses a sequence of instructions as a trap against the illicit modification of the critical data. In a nutshell, we set up a dependency such that the contin-ued execution of the program is contingent upon the successful execution of the instruction sequence and the successful execution of the instruction sequence is contingent upon the integrity of the critical data.

file

Visible to the public Automated Influence and the Challenge of Cognitive Security

Advances in AI are powering increasingly precise and widespread computational propaganda, posing serious threats to national se-curity. The military and intelligence communities are starting to discuss ways to engage in this space, but the path forward is still unclear. These developments raise pressing ethical questions, about which existing ethics frameworks are silent. Understanding these challenges through the lens of "cognitive security," we argue, offers a promising approach.

file

Visible to the public Can We Use Software Bugs to Identify Software Vulnerability Strategies

Daily horror stories related to software vulnerabilities necessitates the understanding of how vulnerabilities are discovered. Identifi-cation of data sources that can be leveraged to understand how vulnerabilities are discovered could aid cybersecurity researchers to characterize exploitation of vulnerabilities. The goal of the paper is to help cybersecurity researchers in characterizing vulnerabilities by conducting an empirical study of software bug reports.

file

Visible to the public Cyber Threat Modeling and Validation: Port Scanning and Detection

Port scanning is a commonly applied technique in the discovery phase of cyber attacks. As such, defending against them has long been the subject of many research and modeling efforts. Though modeling efforts can search large parameter spaces to find effective defensive parameter settings, confidence in modeling results can be hampered by limited or omitted validation efforts. In this paper, we introduce a novel, mathematical model that describes port scanning progress by an attacker and intrusion detec-tion by a defender.

file

Visible to the public Exploring Hackers Assets: Topics of Interest as Indicators of Compromise

The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and offensive approaches within hackers' territories. In this scope, we proposed a systematic approach to automatically extract "topics of interest, ToI" from hackers' websites. Those can eventually be used as inputs to actionable security controls or Indicators of Compromise (IOS) collectors.

file

Visible to the public RUCKUS: A Cybersecurity Engine for Performing Autonomous Cyber-Physical System

In 2016, the Cyber Grand Challenge (CGC) provided key foundations and motivations for navigating towards an autonomous cybersecurity approach. Since that time, novel strides have been made in the areas of static analysis, vulnerability discovery, patching, and exploit generation. However, a majority of these efforts have been focused on enterprise systems, leaving a gap in the Cyber-Physical System (CPS) domain. With the rise of connected infrastructure and the introduction of 5G communications, CPS are becoming more ingrained within present-day society.

file

Visible to the public The More the Merrier: Adding Hidden Measurements for Anomaly Detection and Mitigation in Industrial Control Systems

Industrial Control Systems (ICS) collect information from a variety of sensors throughout the process, and then use that information to control some physical components. Control engineers usually have to pick which measurements they are going to use and then they purchase sensors to take these measurements. However, in most cases they only need a small subset of all possible measure-ments that can be used.