December 28th, 2015
Vehicles are becoming more and more connected, this opens up a larger attack surface which not only affects the passengers inside vehicles, but also people around them. These vulnerabilities exist because modern systems are built on the comparatively less secure and old CAN bus framework which lacks even basic authentication. Since a new protocol can only help future vehicles and not older vehicles, our approach tries to solve the issue as a data analytics problem and use machine learning techniques to secure cars. We develop a hidden markov model to detect anomalous states from real data collected from vehicles. Using this model, while a vehicle is in operation, we are able to detect and issue alerts. Our model could be integrated as a plug-n-play device in all new and old cars.
December 16th, 2015
Zareen Syed, Ankur Padia, Tim Finin, Lisa Mathews and Anupam Joshi, UCO: Unified Cybersecurity Ontology
, AAAI Workshop on Artificial Intelligence for Cyber Security (AICS), February 2016.
In this paper we describe the Unified Cybersecurity Ontology (UCO) that is intended to support information integration and cyber situational awareness in cybersecurity systems. The ontology incorporates and integrates heterogeneous data and knowledge schemas from different cybersecurity systems and most commonly used cybersecurity standards for information sharing and exchange. The UCO ontology has also been mapped to a number of existing cybersecurity ontologies as well as concepts in the Linked Open Data cloud. Similar to DBpedia which serves as the core for general knowledge in Linked Open Data cloud, we envision UCO to serve as the core for cybersecurity domain, which would evolve and grow with the passage of time with additional cybersecurity data sets as they become available. We also present a prototype system and concrete use cases supported by the UCO ontology. To the best of our knowledge, this is the first cybersecurity ontology that has been mapped to general world ontologies to support broader and diverse security use cases. We compare the resulting ontology with previous efforts, discuss its strengths and limitations, and describe potential future work directions.
November 8th, 2015
In this report, we describe the Unified Cyber Security ontology (UCO) to support situational awareness in cyber security systems. The ontology is an effort to incorporate and integrate heterogeneous information available from different cyber security systems and most commonly used cyber security standards for information sharing and exchange. The ontology has also been mapped to a number of existing cyber security ontologies as well as concepts in the Linked Open Data cloud. Similar to DBpedia which serves as the core for Linked Open Data cloud, we envision UCO to serve as the core for the specialized cyber security Linked Open Data cloud which would evolve and grow with the passage of time with additional cybersecurity data sets as they become available. We also present a prototype system and concrete use-cases supported by the UCO ontology. To the best of our knowledge, this is the first cyber security ontology that has been mapped to general world ontologies to support broader and diverse security use-cases. We compare the resulting ontology with previous efforts, discuss its strengths and limitations, and describe potential future work directions.
September 26th, 2015
Is your personal data at risk?
App analytics to the rescue
10:30am Monday, 28 September 28 2015, ITE346
According to Virustotal, a prominent virus and malware tool, the Google Play Store has a few thousand apps from major malware families. Given such a revelation, access control systems for mobile data management, have reached a state of critical importance. We propose the development of a system which would help us detect the pathways using which user’s data is being stolen from their mobile devices. We use a multi layered approach which includes app meta data analysis, understanding code patterns and detecting and eventually controlling dynamic data flow when such an app is installed on a mobile device. In this presentation we focus on the first part of our work and discuss the merits and flaws of our unsupervised learning mechanism to detect possible malicious behavior from apps in the Google Play Store.
September 1st, 2015
Wenjia Li, Anupam Joshi and Tim Finin, SVM-CASE: An SVM-based Context Aware Security Framework for Vehicular Ad-hoc Networks, IEEE 82nd Vehicular Technology Conf., Boston, Sept. 2015.
Vehicular Ad-hoc Networks (VANETs) are known to be very susceptible to various malicious attacks. To detect and mitigate these malicious attacks, many security mechanisms have been studied for VANETs. In this paper, we propose a context aware security framework for VANETs that uses the Support Vector Machine (SVM) algorithm to automatically determine the boundary between malicious nodes and normal ones. Compared to the existing security solutions for VANETs, The proposed framework is more resilient to context changes that are common in VANETs, such as those due to malicious nodes altering their attack patterns over time or rapid changes in environmental factors, such as the motion speed and transmission range. We compare our framework to existing approaches and present evaluation results obtained from simulation studies.
February 25th, 2015
Ph.D. Dissertation Proposal
User Identification in Wireless Networks
9:00-11:00pm Friday, 27 February 2015, ITE 325B
Wireless communication using the 802.11 specifications is almost ubiquitous in daily life through an increasing variety of platforms. Traditional identification and authentication mechanisms employed for wireless communication commonly mimic physically connected devices and do not account for the broadcast nature of the medium. Both stationary and mobile devices that users interact with are regularly authenticated using a passphrase, pre-shared key, or an authentication server. Current research requires unfettered access to the user’s platform or information that is not normally volunteered.
We propose a mechanism to verify and validate the identity of 802.11 device users by applying machine learning algorithms. Existing work substantiates the application of machine learning for device identification using Commercial Off-The-Shelf (COTS) hardware and algorithms. This research seeks the refinement of and investigation of features relevant to identifying users. The approach is segmented into three main areas: a data ingest platform, processing, and classification.
Initial research proved that we can properly classify target devices with high precision, recall, and ROC using a sufficiently large real-world data set and a limited set of features. The primary contribution of this work is exploring the development of user identification through data observation. A combination of identifying new features, creating an online system, and limiting user interaction is the objective. We will create a prototype system and test the effectiveness and accuracy of it’s ability to properly identify users.
Committee: Drs. Joshi (Chair/Advisor), Nicholas, Younis, Finin, Pearce, Banerjee
October 19th, 2012
Congratulations to Ebiquity founding member Professor Anupam Joshi for his appointment as the Director of the new UMBC Center for Cybersecurity. The center will provide both Maryland and the nation with academic and research leadership, collaboration, innovation, and outreach in this critical discipline by streamlining UMBC's academic, research, workforce development, and technology incubation activities to advance the University's position as a leading research university in cybersecurity-related disciplines.
The center is made up of UMBC faculty and students from many disciplines, including Computer Science, Computer Engineering, Information Systems, Public Policy, Mathematics and Statistics, and Physics. It will expand upon UMBC's pre-existing Cybersersecurity efforts like the Center for Information Security and Assurance, and the Cync Program run by the Cyber Incubator@bwtech.
Progress on achieving the center’s educational goals is off to a fast start with two new major scholarship programs.
Professor Alan Sherman and Dr. Rick Forno received an NSF grant of $2.5 million over five years to fund 22 undergraduate, graduate and professional students studying Information Assurance and Cybersecurity as part of the of the Federal Cyber Scholarship for Service program.
In partnership with UMBC's Center for Women in Technology, the UMBC Center for Cybersecurity will also facilitate a new scholarship program called the UMBC Cyber Scholars Program. Set to launch this January, the scholarship program is funded by a generous $1 million grant from the Nothrop Grumman Foundation.
Learn more about the UMBC Center for Cybersecurity by visiting cybersecurity.umbc.edu and following the Center on Facebook and Twitter.
December 3rd, 2011
A part-time, two person effort UMBC VP for Research Don Engel and his wife Marianne nearly won the DARPA Shredder Challenge. Their entry, Schroddon got a late start, but held the top leaderboard spot for quite a while before being bested by “All Your Shreds Are Belong To U.S.” at the end. The first prize was $50,000 and second was … well, priceless.
February 7th, 2011
UMBC, SAIC, the National Cyber Security Alliance, the Tech Council of Maryland, and the Maryland Department of Business and Economic Development have joined to hold the Maryland Cyber Challenge and Conference on October 21-22, 2001. The event is designed to increase cyber awareness as a career choice in Maryland, improve the appreciation for cyber oriented curriculum in college and high schools, and convey cyber defense as a sport to increase interest in careers involving cyber security.
The competition will be divided into high school, collegiate and professional divisions. Qualifying rounds take place over the Internet between April and August 2011 using SAIC's Cyber Network Exercise System (CyberNEXS), a scalable training, exercise and certification system. The top eight teams in each division will meet at the MDC3 event in October for the final round followed by an award ceremony at UMBC. MDC3 participants will also be able to learn from and network with other cybersecurity professionals, researchers, and scholars at the conference, which will include presentations, a career fair and a vendor exhibition.
For more information see this press release and the SAIC MDC3 site.
February 6th, 2011
Charles Croom, of Lockheed Martin will talk about "The State of Cyber Security 2011" at the UMBC Visionaries in IT Forum at 8:00am on Wednesday, February 23rd at the BWI Airport Marriott. The event is free but registration requested.
Croom joined Lockheed Martin Information Systems & Global Solutions as Vice President of Cyber Security Solutions in October of 2008. In this capacity, he shapes the corporation’s cyber security strategy with insight from his 35 years of distinguished service, leadership, and technology experience from the U.S. Air Force. He co-chaired a National Security Telecommunications Advisory Committee Task Force on “Strengthening Government and Private Sector Collaboration” which issued a May 2009 report recommending that the President direct the establishment of a Joint Coordinating Center. He currently serves on the Boards of the National Cyber Security Alliance (NCSA) and the Internet Security Alliance (ISA).
Croom retired as a U.S. Air Force Lieutenant General, Director of the Defense Information Systems Agency (DISA), and the Commander of the Joint Task Force for Global Network Operations in September 2008. While at DISA, he led a worldwide organization of more than 6,600 military and civilian personnel to serve the information technology and telecommunications needs of the President, Secretary of Defense, Joint Chiefs of Staff, combatant commanders, and other Department of Defense stakeholders.
January 24th, 2011
The North American electric power system has been called the world’s largest interconnected machine and is a key part of our national infrastructure. The power grid is evolving to better exploit modern information technology and become more integrated with our cyber infrastructure. This presents unprecedented opportunities for enhanced management and efficiency but also introduces vulnerabilities for intrusions, cascading disruptions, malicious attacks, inappropriate manipulations and other threats. Similar issues are foreseen for other cyber-physical infrastructure systems including industrial control systems, transportation, water, natural gas and waste disposal.
A one-day Smart Grid Cyber Security Conference will be held at UMBC on February 15, hosted by the UMBC Computer Science and Electrical Engineering Department and Maryland Clean Energy Technology Incubator. The conference will be a comprehensive presentation by the National Institute of Standards and Technology regarding an Inter-agency Report 7628 (NISTIR 7628) named Guidelines for Smart Grid Cyber Security which is a critically important document for guiding government, regulatory organizations, industry and academia on Smart Grid cybersecurity. This regional outreach conference is valuable to any organization that is planning, integrating, executing or developing cyber technology for the Smart Grid.
The conference is free, but participants are asked to register in advance to help us organize for the correct number of participants.
A full copy of the 600 page report is available here.
December 20th, 2010
The DoD-sponsored JASON study group was asked to consider the question of whether there is a ‘science’ to cyber-security or if it is fundamentally empirical. They released an 88-page report last month, Science of Cyber-Security with the following abstract:
“JASON was requested by the DoD to examine the theory and practice of cyber-security, and evaluate whether there are underlying fundamental principles that would make it possible to adopt a more scientific approach, identify what is needed in creating a science of cyber-security, and recommend specific ways in which scientific methods can be applied. Our study identified several sub-?elds of computer science that are specifically relevant and also provides some recommendations on further developing the science of cyber-security.”
The report discusses to general technical approaches to putting cyber-security on a scientific foundation. The first is based on the standard collection of frameworks and tools grounded in logic and mathematics such as cryptography, game theory, model checking and software verification. The second is grounding cyber-security on a model based on an analog to immunology in biological systems.
It concludes with some observations, recommendations and responses to nine questions that were included in their charge. One interesting observation is that cyber-security, unlike the physical sciences, involves adversaries, so its foundation will use many different tools and methods. A recommendation is that the government establish cyber-security research centers in universities and other research organizations with a “long time horizon and periodic reviews of accomplishments”.