发布求助
文献互助 智能选刊 最新文献

Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics最新文献

筛选
英文 中文
Machine Learning Methods for Software Vulnerability Detection 软件漏洞检测的机器学习方法
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180453
Boris Chernis, Rakesh M. Verma
{"title":"Machine Learning Methods for Software Vulnerability Detection","authors":"Boris Chernis, Rakesh M. Verma","doi":"10.1145/3180445.3180453","DOIUrl":"https://doi.org/10.1145/3180445.3180453","url":null,"abstract":"Software vulnerabilities are a primary concern in the IT security industry, as malicious hackers who discover these vulnerabilities can often exploit them for nefarious purposes. However, complex programs, particularly those written in a relatively low-level language like C, are difficult to fully scan for bugs, even when both manual and automated techniques are used. Since analyzing code and making sure it is securely written is proven to be a non-trivial task, both static analysis and dynamic analysis techniques have been heavily investigated, and this work focuses on the former. The contribution of this paper is a demonstration of how it is possible to catch a large percentage of bugs by extracting text features from functions in C source code and analyzing them with a machine learning classifier. Relatively simple features (character count, character diversity, entropy, maximum nesting depth, arrow count, \"if\" count, \"if\" complexity, \"while\" count, and \"for\" count) were extracted from these functions, and so were complex features (character n-grams, word n-grams, and suffix trees). The simple features performed unexpectedly better compared to the complex features (74% accuracy compared to 69% accuracy).","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122410201","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Unsure How to Authenticate on Your VR Headset?: Come on, Use Your Head! 不确定如何在VR耳机上进行身份验证?来吧,动动脑子!
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180450
Tahrima Mustafa, Richard Matovu, Abdul Serwadda, N. Muirhead
{"title":"Unsure How to Authenticate on Your VR Headset?: Come on, Use Your Head!","authors":"Tahrima Mustafa, Richard Matovu, Abdul Serwadda, N. Muirhead","doi":"10.1145/3180445.3180450","DOIUrl":"https://doi.org/10.1145/3180445.3180450","url":null,"abstract":"For security-sensitive Virtual Reality (VR) applications that require the end-user to enter authenticatioan credentials within the virtual space, a VR user's inability to see (potentially malicious entities in) the physical world can be discomforting, and in the worst case could potentially expose the VR user to visual attacks. In this paper, we show that the head, hand and (or) body movement patterns exhibited by a user freely interacting with a VR application contain user-specific information that can be leveraged for user authentication. For security-sensitive VR applications, we argue that such functionality can be used as an added layer of security that minimizes the need for entering the PIN. Based on a dataset of 23 users who interacted with our VR application for two sessions over a period of one month, we obtained mean equal error rates as low as 7% when we authenticated users based on their head and body movement patterns.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114553857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 49
Differential Privacy in the Local Setting 本地设置中的差异隐私
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3190667
Ninghui Li
{"title":"Differential Privacy in the Local Setting","authors":"Ninghui Li","doi":"10.1145/3180445.3190667","DOIUrl":"https://doi.org/10.1145/3180445.3190667","url":null,"abstract":"Differential privacy has been increasingly accepted as the de facto standard for data privacy in the research community. While many algorithms have been developed for data publishing and analysis satisfying differential privacy, there have been few deployment of such techniques.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"SE-12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126579694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Regex-Based Linkography Abstraction Refinement for Information Security 基于regex的信息安全链接图抽象细化
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180446
Abhiram Kothapalli, Robert Mitchell
{"title":"Regex-Based Linkography Abstraction Refinement for Information Security","authors":"Abhiram Kothapalli, Robert Mitchell","doi":"10.1145/3180445.3180446","DOIUrl":"https://doi.org/10.1145/3180445.3180446","url":null,"abstract":"Linkographs have been used in the past to model behavioral patterns for creative professionals. Recently, linkographs have been applied to the context of cyber security to study the behavioral patterns of remote attackers of cyber systems. We propose a human supervised algorithm that refines abstractions to be used for linkographic analysis of common attack patterns. The refinement algorithm attempts to maximize the accuracy of computer-derived linkographs by optimally merging and splitting abstraction classes, represented as regular expressions (regexes). We first describe an algorithm to select and perform a globally optimal merge of two abstraction classes. We then describe a counterpart algorithm to select and split a single abstraction class into two separate ones. We cast a regex as a conjunction of disjunctions and refine it by adding and removing conjunctive and disjunctive elements. We also show how to use the Stoer-Wagner algorithm, normally used for least cost cuts of graphs, to create two optimal subsets of a set of elements.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134351708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Big IoT Data Stream Analytics with Issues in Privacy and Security 大物联网数据流分析与隐私和安全问题
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180455
L. Khan
{"title":"Big IoT Data Stream Analytics with Issues in Privacy and Security","authors":"L. Khan","doi":"10.1145/3180445.3180455","DOIUrl":"https://doi.org/10.1145/3180445.3180455","url":null,"abstract":"Internet of Things (IoT) Devices are monitoring and controlling systems that interact with the physical world by collecting, processing and transmitting data using the internet. IoT devices include home automation systems, smart grid, transportation systems, medical devices, building controls, manufacturing and industrial control systems. With the increase in deployment of IoT devices, there will be a corresponding increase in the amount of data generated by these devices, therefore, resulting in the need of large scale data processing systems to process and extract information for efficient and impactful decision making that will improve quality of living.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133354211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Security Analytics: Adapting Data Science for Security Challenges 安全分析:使数据科学适应安全挑战
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180456
Rakesh M. Verma
{"title":"Security Analytics: Adapting Data Science for Security Challenges","authors":"Rakesh M. Verma","doi":"10.1145/3180445.3180456","DOIUrl":"https://doi.org/10.1145/3180445.3180456","url":null,"abstract":"We review the unique needs of the security domain that necessitate adaptation rather than straightforward application of data science techniques to cyber security. Subsequently, we highlight key data science approaches and best practices, which we believe are more appropriate for the security domain. Unfortunately, the uptake of these approaches and practices has not been satisfactory so far. Hence, we present our reasons and then invite more discussion on why these \"seemingly better ideas\" are not yet so popular as the basic ideas and techniques. We then discuss our experiences with a course on security analytics that we have been teaching for over three years now.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128332922","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
PrivacyGuide PrivacyGuide
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180447
W. Tesfay, Peter Hofmann, Toru Nakamura, S. Kiyomoto, Jetzabel M. Serna
{"title":"PrivacyGuide","authors":"W. Tesfay, Peter Hofmann, Toru Nakamura, S. Kiyomoto, Jetzabel M. Serna","doi":"10.1145/3180445.3180447","DOIUrl":"https://doi.org/10.1145/3180445.3180447","url":null,"abstract":"Nowadays Internet services have dramatically changed the way people interact with each other and many of our daily activities are supported by those services. Statistical indicators show that more than half of the world's population uses the Internet generating about 2.5 quintillion bytes of data on daily basis. While such a huge amount of data is useful in a number of fields, such as in medical and transportation systems, it also poses unprecedented threats for user's privacy. This is aggravated by the excessive data collection and user profiling activities of service providers. Yet, regulation require service providers to inform users about their data collection and processing practices. The de facto way of informing users about these practices is through the use of privacy policies. Unfortunately, privacy policies suffer from bad readability and other complexities which make them unusable for the intended purpose. To address this issue, we introduce PrivacyGuide, a privacy policy summarization tool inspired by the European Union (EU) General Data Protection Regulation (GDPR) and based on machine learning and natural language processing techniques. Our results show that PrivacyGuide is able to classify privacy policy content into eleven privacy aspects with a weighted average accuracy of 74% and further shed light on the associated risk level with an accuracy of 90%.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"51 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126997112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 104
Differentially Private Feature Selection for Data Mining 数据挖掘中的差分私有特征选择
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180452
B. Anandan, Chris Clifton
{"title":"Differentially Private Feature Selection for Data Mining","authors":"B. Anandan, Chris Clifton","doi":"10.1145/3180445.3180452","DOIUrl":"https://doi.org/10.1145/3180445.3180452","url":null,"abstract":"One approach to analysis of private data is ε-differential privacy, a randomization-based approach that protects individual data items by injecting carefully limited noise into results. A challenge in applying this to private data analysis is that the noise added to the feature parameters is directly proportional to the number of parameters learned. While careful feature selection would alleviate this problem, the process of feature selection itself can reveal private information, requiring the application of differential privacy to the feature selection process. In this paper, we analyze the sensitivity of various feature selection techniques used in data mining and show that some of them are not suitable for differentially private analysis due to high sensitivity. We give experimental results showing the value of using low sensitivity feature selection techniques. We also show that the same concepts can be used to improve differentially private decision trees.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127772870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Adversarially Robust Malware Detection Using Monotonic Classification 基于单调分类的对抗鲁棒恶意软件检测
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180449
Inigo Incer, M. Theodorides, Sadia Afroz, D. Wagner
{"title":"Adversarially Robust Malware Detection Using Monotonic Classification","authors":"Inigo Incer, M. Theodorides, Sadia Afroz, D. Wagner","doi":"10.1145/3180445.3180449","DOIUrl":"https://doi.org/10.1145/3180445.3180449","url":null,"abstract":"We propose monotonic classification with selection of monotonic features as a defense against evasion attacks on classifiers for malware detection. The monotonicity property of our classifier ensures that an adversary will not be able to evade the classifier by adding more features. We train and test our classifier on over one million executables collected from VirusTotal. Our secure classifier has 62% temporal detection rate at a 1% false positive rate. In comparison with a regular classifier with unrestricted features, the secure malware classifier results in a drop of approximately 13% in detection rate. Since this degradation in performance is a result of using a classifier that cannot be evaded, we interpret this performance hit as the cost of security in classifying malware.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115244679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
On De-anonymization of Single Tweet Messages 关于单个Tweet消息的去匿名化
Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics Pub Date : 2018-03-21 DOI: 10.1145/3180445.3180451
Hoi Le, R. Safavi-Naini
{"title":"On De-anonymization of Single Tweet Messages","authors":"Hoi Le, R. Safavi-Naini","doi":"10.1145/3180445.3180451","DOIUrl":"https://doi.org/10.1145/3180445.3180451","url":null,"abstract":"In this work, we address the question of whether the authorship of a single tweet can be successfully identified (and in a mixed set with other authors). Here, we present a new authorship identification scheme, which is useful in detecting authorship of short texts such as tweets, in case where only single messages are available. Our authorship identification scheme relies on selecting features that work for the special setting and combine them in order to obtain a better accuracy. This technique demonstrates significant results through out our experiments. Our results can be used to detect authors of illegitimate tweets, fake tweets in a Twitter account or break the privacy of a multi-user account by showing the authors who participate in it.","PeriodicalId":355181,"journal":{"name":"Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134260391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信