UMBC ebiquity

Archive for the 'Security' Category

Detecting Botnets Using a Collaborative Situational-Aware IDPS

February 17th, 2016, by Tim Finin, posted in Ontologies, Security, Semantic Web

M. Lisa Mathews, Anupam Joshi and Tim Finin, Detecting Botnets Using a Collaborative Situational-Aware IDPS, 2nd Int. Conf. on Information Systems Security and Privacy, Rome, IT, February 2016

Botnet attacks turn susceptible victim computers into bots that perform various malicious activities while under the control of a botmaster. Some examples of the damage they cause include denial of service, click fraud, spamware, and phishing. These attacks can vary in the type of architecture and communication protocol used, which might be modified during the botnet lifespan. Intrusion detection and prevention systems are one way to safeguard the cyber-physical systems we use, but they have difficulty detecting new or modified attacks, including botnets. Only known attacks whose signatures have been identified and stored in some form can be discovered by most of these systems. Also, traditional IDPSs are point-based solutions incapable of utilizing information from multiple data sources and have difficulty discovering new or more complex attacks. To address these issues, we are developing a semantic approach to intrusion detection that uses a variety of sensors collaboratively. Leveraging information from these heterogeneous sources leads to a more robust, situational-aware IDPS that is better equipped to detect complicated attacks such as botnets.

Using Data Analytics to Detect Anomalous States in Vehicles

December 28th, 2015, by Tim Finin, posted in Big data, cybersecurity, Datamining, Machine Learning, Security


Sandeep Nair, Sudip Mittal and Anupam Joshi, Using Data Analytics to Detect Anomalous States in Vehicles, Technical Report, December 2015.

Vehicles are becoming more and more connected, this opens up a larger attack surface which not only affects the passengers inside vehicles, but also people around them. These vulnerabilities exist because modern systems are built on the comparatively less secure and old CAN bus framework which lacks even basic authentication. Since a new protocol can only help future vehicles and not older vehicles, our approach tries to solve the issue as a data analytics problem and use machine learning techniques to secure cars. We develop a hidden markov model to detect anomalous states from real data collected from vehicles. Using this model, while a vehicle is in operation, we are able to detect and issue alerts. Our model could be integrated as a plug-n-play device in all new and old cars.

Are you in control or being controlled in your vehicle?

October 25th, 2015, by Tim Finin, posted in Pervasive Computing, Security

In this week’s ebiquity meeting (10:30am Monday, 26 October 2015 in ITE346 at UMBC), Sandeep Nair will talk about his research on securing the cyber-physical systems in modern vehicles.

Vehicles changed from being just mechanical devices which will just obey the commands to a smarter Sensor-ECU-Actuator systems which sense the surroundings and take necessary smart actions. A modern car has around forty to hundred different ECU’s, possibly communicating, to make intelligent decisions. But recently, there is a lot of buzz in the research community on hacking and taking control of vehicles. These literature describe and document the different ways to take control of vehicles. In this talk, we will first discuss what makes this kind of hacking possible? Then we will continue with different logical ways to do this and discuss some proposed mechanisms to protect it. We then propose a context aware mechanism which can detect these unsafe behaviors in the vehicle and describe the challenges associated with them.

talk: Is your personal data at risk? App analytics to the rescue

September 26th, 2015, by Tim Finin, posted in cybersecurity, Machine Learning, Privacy, Security

Is your personal data at risk?
App analytics to the rescue

Prajit Kumar Das

10:30am Monday, 28 September 28 2015, ITE346

According to Virustotal, a prominent virus and malware tool, the Google Play Store has a few thousand apps from major malware families. Given such a revelation, access control systems for mobile data management, have reached a state of critical importance. We propose the development of a system which would help us detect the pathways using which user’s data is being stolen from their mobile devices. We use a multi layered approach which includes app meta data analysis, understanding code patterns and detecting and eventually controlling dynamic data flow when such an app is installed on a mobile device. In this presentation we focus on the first part of our work and discuss the merits and flaws of our unsupervised learning mechanism to detect possible malicious behavior from apps in the Google Play Store.

talk: Attribute-based Fine Grained Access Control for Triple Stores

September 12th, 2015, by Tim Finin, posted in Security, Semantic Web


In the 14-09-2015 ebiquity meeting, Ankur Padia will talk about his recent work aimed at providing access control for an RDF triple store.

Attribute-based Fine Grained Access Control for Triple Stores

Ankur Padia, UMBC

The maturation of semantic web standards and associated web-based data representations like have made RDF a popular model for representing graph data and semi-structured knowledge. However, most existing SPARQL endpoint supports simple access control mechanism preventing its use for many applications. To protect the data stored in RDF stores, we describe a framework to support attribute-based fine grained access control and explore its feasibility. We implemented a prototype of the system and used it to carry out an initial analysis on the relation between access control policies, query execution time, and size of the RDF dataset.

For more information, see: Ankur Padia Tim Finin and Anupam Joshi, Attribute-based Fine Grained Access Control for Triple Stores, 3rd Society, Privacy and the Semantic Web – Policy and Technology workshop (PrivOn 2015), 14th Int. Semantic Web Conf., Oct. 2015.

Access control for a triplestore linked data fragments interface

April 19th, 2015, by Tim Finin, posted in OWL, Privacy, RDF, Security, Semantic Web

In this week’s meeting (10-11am Tue, April 21), Ankur Padia will present work in progress on providing access control to an RDF triple store.

Triple store access control for a linked data fragments interface
Ankur Padia, UMBC

The maturation of Semantic Web standards and associated web-based data representations such as have made RDF a popular model for representing graph data and semi-structured knowledge. Triple stores are used to store and query an RDF dataset and often expose a SPARQL endpoint service on the Web for public access. Most existing SPARQL endpoints support very simple access control mechanisms if any at all, preventing their use for many applications where fine-grained privacy or data security is important. We describe new work on access control for a linked data fragments interface, i.e. one that accepts queries consisting one or more triple patterns and responds with all matching triples that the authenticated querier can access.

Preventing SQLIA and OJVMWCU, a web service utility for Oracle RDBMS

April 6th, 2015, by Tim Finin, posted in Security

In this week’s meeting, Sandeep Nair will talk about his work on ‘Preventing SQLIA and OJVMWCU, a web service utility for Oracle RDBMS‘ at 10:00am Tuesday, 7 April 2015 in ITE 346.

SQL Injection attacks have a long history dating back to 1999, but OWASP still maintains Injection attacks, which includes SQLIA, as the top rated vulnerability, due to the simplicity to perform and the high impact it can cause. SIAP is a project aimed at an automated attempt to secure ASP .NET with C# based web applications. The second tool OjvmWCU is a tool which is released with Oracle RDBMS 12.1, which allows users to call SOAP based web services using PLSQL!

Ebiquity alumna Lalana Kagal featured for privacy work

June 15th, 2014, by Tim Finin, posted in alumni, Ebiquity, Privacy, Security, Semantic Web

Congratulations to ebiquity alumna Lalana Kagal (Ph.D. 2004) for being featured on MIT’s home page recently for recent work with Ph.D. student Oshani Seneviratne on enabling people to track how their private data is used online. You can read more about their work via this MIT news item and in their paper Enabling Privacy Through Transparency which will be presented next month in the 2014 IEEE Privacy Security and Trust conference.

Detecting fake and malicious Twitter accounts

April 25th, 2013, by Sandhya Krishnan, posted in Security, Social media, Twitter

There has recently been a spike in the number of compromised Twitter accounts, which has increased concerns about the trustworthiness of information broadcast on Twitter and other social networks.  Just yesterday, the Associated Press Twitter account (@AP) was hacked and used to send out a false Twitter post about explosions at the White House. Last weekend saw Twitter accounts of CBS News (@60minutes@48hours) compromised. Corporate accounts belonging to Burger King and Jeep were also hacked in February this year.

We are working on techniques to predict that a given account is “fake” (falsely appears to represent a person or organization) or has been compromised and is being used to spreading malicious content.  Our approach analyses the account’s metadata, properties, network structure and the content in its posts. We also use both content and network analysis to identify the “real” account handle when multiple accounts appear or claim to represent the same person or organization on Twitter.

We recently analyzed a case where both @DeltaAssist and @flydeltassist appeared to represent Delta Airlines.  In February 2013, @flydeltaAssist, which turned out not to be associated with Delta, began tweeting an offer of free tickets if users “followed” them.  Eventually, the account was banned as a fake handle by Twitter. Our approach was able to answer the question “Which one of them belongs to the real Delta Airlines?” by analyzing the tweets and social network of these handles.

We are still in the process of writing up our research and evaluation results and hope to be able to post more about it soon.

The State of Cyber Security in 2011

February 6th, 2011, by Tim Finin, posted in cybersecurity, Security

Charles Croom Charles Croom, of Lockheed Martin will talk about "The State of Cyber Security 2011" at the UMBC Visionaries in IT Forum at 8:00am on Wednesday, February 23rd at the BWI Airport Marriott. The event is free but registration requested.

Croom joined Lockheed Martin Information Systems & Global Solutions as Vice President of Cyber Security Solutions in October of 2008. In this capacity, he shapes the corporation’s cyber security strategy with insight from his 35 years of distinguished service, leadership, and technology experience from the U.S. Air Force. He co-chaired a National Security Telecommunications Advisory Committee Task Force on “Strengthening Government and Private Sector Collaboration” which issued a May 2009 report recommending that the President direct the establishment of a Joint Coordinating Center. He currently serves on the Boards of the National Cyber Security Alliance (NCSA) and the Internet Security Alliance (ISA).

Croom retired as a U.S. Air Force Lieutenant General, Director of the Defense Information Systems Agency (DISA), and the Commander of the Joint Task Force for Global Network Operations in September 2008. While at DISA, he led a worldwide organization of more than 6,600 military and civilian personnel to serve the information technology and telecommunications needs of the President, Secretary of Defense, Joint Chiefs of Staff, combatant commanders, and other Department of Defense stakeholders.

NIST guidelines for smart grid cybersecurity, 2/15/11 UMBC

January 24th, 2011, by Tim Finin, posted in cybersecurity, Privacy, Security, smart grid

The North American electric power system has been called the world’s largest interconnected machine and is a key part of our national infrastructure. The power grid is evolving to better exploit modern information technology and become more integrated with our cyber infrastructure. This presents unprecedented opportunities for enhanced management and efficiency but also introduces vulnerabilities for intrusions, cascading disruptions, malicious attacks, inappropriate manipulations and other threats. Similar issues are foreseen for other cyber-physical infrastructure systems including industrial control systems, transportation, water, natural gas and waste disposal.

A one-day Smart Grid Cyber Security Conference will be held at UMBC on February 15, hosted by the UMBC Computer Science and Electrical Engineering Department and Maryland Clean Energy Technology Incubator. The conference will be a comprehensive presentation by the National Institute of Standards and Technology regarding an Inter-agency Report 7628 (NISTIR 7628) named Guidelines for Smart Grid Cyber Security which is a critically important document for guiding government, regulatory organizations, industry and academia on Smart Grid cybersecurity. This regional outreach conference is valuable to any organization that is planning, integrating, executing or developing cyber technology for the Smart Grid.

The conference is free, but participants are asked to register in advance to help us organize for the correct number of participants.

A full copy of the 600 page report is available here.

JASON report on the Science of Cyber-Security

December 20th, 2010, by Tim Finin, posted in cybersecurity, Privacy, Security

The DoD-sponsored JASON study group was asked to consider the question of whether there is a ‘science’ to cyber-security or if it is fundamentally empirical. They released an 88-page report last month, Science of Cyber-Security with the following abstract:

“JASON was requested by the DoD to examine the theory and practice of cyber-security, and evaluate whether there are underlying fundamental principles that would make it possible to adopt a more scientific approach, identify what is needed in creating a science of cyber-security, and recommend specific ways in which scientific methods can be applied. Our study identified several sub-?elds of computer science that are specifically relevant and also provides some recommendations on further developing the science of cyber-security.”

The report discusses to general technical approaches to putting cyber-security on a scientific foundation. The first is based on the standard collection of frameworks and tools grounded in logic and mathematics such as cryptography, game theory, model checking and software verification. The second is grounding cyber-security on a model based on an analog to immunology in biological systems.

It concludes with some observations, recommendations and responses to nine questions that were included in their charge. One interesting observation is that cyber-security, unlike the physical sciences, involves adversaries, so its foundation will use many different tools and methods. A recommendation is that the government establish cyber-security research centers in universities and other research organizations with a “long time horizon and periodic reviews of accomplishments”.

You are currently browsing the archives for the Security category.

  Home | Archive | Login | Feed