{"title":"Digital Forensic Reconstruction of a Program Action","authors":"Ahmed F. Shosha, L. Tobin, P. Gladyshev","doi":"10.1109/SPW.2013.17","DOIUrl":"https://doi.org/10.1109/SPW.2013.17","url":null,"abstract":"Forensic analysis of a suspect program is a daily challenge encounters forensic analysts and law-enforcement. It requires determining the behavior of a suspect program found in a computer system subject to investigation and attempting to reconstruct actions that have been invoked in the system. In this research paper, a forensic analysis approach for suspect programs in an executable binary form is introduced. The proposed approach aims to reconstruct high level forensic actions and approximate action arguments from low level machine instructions; That is, reconstructed actions will assist in forensic inferences of evidence and traces caused by an action invocation in a system subject to forensics investigation.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121735274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Craigslist Scams and Community Composition: Investigating Online Fraud Victimization","authors":"Vaibhav Garg, Shirin Nilizadeh","doi":"10.1109/SPW.2013.21","DOIUrl":"https://doi.org/10.1109/SPW.2013.21","url":null,"abstract":"Offline, crime and resulting victimization is not individual incidence. It is also hampered or encouraged by the community in which it is situated. Are community characteristics relevant for victimization online? This paper examines the prevalence of Craigslist-based (automobile) scams across 30 American cities. Our methodology analyses historical scam data and its relationship with economic, structural, and cultural characteristics of the communities that are exposed to fraudulent advertising. We find that Craigslist scams are not random, but targeted towards specific communities. The resulting policy insight is for creating public awareness campaigns addressing educated white males, as they are the most vulnerable.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131153000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Antorweep Chakravorty, T. Wlodarczyk, Chunming Rong
{"title":"Privacy Preserving Data Analytics for Smart Homes","authors":"Antorweep Chakravorty, T. Wlodarczyk, Chunming Rong","doi":"10.1109/SPW.2013.22","DOIUrl":"https://doi.org/10.1109/SPW.2013.22","url":null,"abstract":"A framework for maintaining security & preserving privacy for analysis of sensor data from smart homes, without compromising on data utility is presented. Storing the personally identifiable data as hashed values withholds identifiable information from any computing nodes. However the very nature of smart home data analytics is establishing preventive care. Data processing results should be identifiable to certain users responsible for direct care. Through a separate encrypted identifier dictionary with hashed and actual values of all unique sets of identifiers, we suggest re-identification of any data processing results. However the level of re-identification needs to be controlled, depending on the type of user accessing the results. Generalization and suppression on identifiers from the identifier dictionary before re-introduction could achieve different levels of privacy preservation. In this paper we propose an approach to achieve data security & privacy through out the complete data lifecycle: data generation/collection, transfer, storage, processing and sharing.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134392399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hoda Eldardiry, E. Bart, Juan Liu, J. Hanley, B. Price, Oliver Brdiczka
{"title":"Multi-Domain Information Fusion for Insider Threat Detection","authors":"Hoda Eldardiry, E. Bart, Juan Liu, J. Hanley, B. Price, Oliver Brdiczka","doi":"10.1109/SPW.2013.14","DOIUrl":"https://doi.org/10.1109/SPW.2013.14","url":null,"abstract":"Malicious insiders pose significant threats to information security, and yet the capability of detecting malicious insiders is very limited. Insider threat detection is known to be a difficult problem, presenting many research challenges. In this paper we report our effort on detecting malicious insiders from large amounts of work practice data. We propose novel approaches to detect two types of insider activities: (1) blendin anomalies, where malicious insiders try to behave similar to a group they do not belong to, and (2) unusual change anomalies, where malicious insiders exhibit changes in their behavior that are dissimilar to their peers' behavioral changes. Our first contribution focuses on detecting blend-in malicious insiders. We propose a novel approach by examining various activity domains, and detecting behavioral inconsistencies across these domains. Our second contribution is a method for detecting insiders with unusual changes in behavior. The key strength of this proposed approach is that it avoids flagging common changes that can be mistakenly detected by typical temporal anomaly detection mechanisms. Our third contribution is a method that combines anomaly indicators from multiple sources of information.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132085390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Methods and Metrics for Evaluating Analytic Insider Threat Tools","authors":"F. Greitzer, T. Ferryman","doi":"10.1109/SPW.2013.34","DOIUrl":"https://doi.org/10.1109/SPW.2013.34","url":null,"abstract":"The insider threat is a prime security concern for government and industry organizations. As insider threat programs come into operational practice, there is a continuing need to assess the effectiveness of tools, methods, and data sources, which enables continual process improvement. This is particularly challenging in operational environments, where the actual number of malicious insiders in a study sample is not known. The present paper addresses the design of evaluation strategies and associated measures of effectiveness; several quantitative/statistical significance test approaches are described with examples, and a new measure, the Enrichment Ratio, is proposed and described as a means of assessing the impact of proposed tools on the organization's operations.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114570557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Elise T. Axelrad, P. Sticha, Oliver Brdiczka, Jianqiang Shen
{"title":"A Bayesian Network Model for Predicting Insider Threats","authors":"Elise T. Axelrad, P. Sticha, Oliver Brdiczka, Jianqiang Shen","doi":"10.1109/SPW.2013.35","DOIUrl":"https://doi.org/10.1109/SPW.2013.35","url":null,"abstract":"This paper introduces a Bayesian network model for the motivation and psychology of the malicious insider. First, an initial model was developed based on results in the research literature, highlighting critical variables for the prediction of degree of interest in a potentially malicious insider. Second, a survey was conducted to measure these predictive variables in a common sample of normal participants. Third, a structural equation model was constructed based on the original model, updated based on a split-half sample of the empirical survey data and validated against the other half of the dataset. Fourth, the Bayesian network was adjusted in light of the results of the empirical analysis. Fifth, the updated model was used to develop an upper bound on the quality of model predictions of its own simulated data. When empirical data regarding psychological predictors were input to the model, predictions of counterproductive behavior approached the upper bound of model predictiveness.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123340029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Preventing Cell Phone Intrusion and Theft using Biometrics","authors":"Donny Jacob Ohana, Liza Phillips, Lei Chen","doi":"10.1109/SPW.2013.19","DOIUrl":"https://doi.org/10.1109/SPW.2013.19","url":null,"abstract":"Most cell phones use a password, PIN, or visual pattern to secure the phone. With these types of security methods being used, there is much vulnerability. Another alternative is biometric authentication. Biometric security systems have been researched for many years. Some mobile manufacturers have implemented fingerprint scanners into their phones, such as the old Fujitsu F505i [7] and the current Motorola Atrix. Since theft of cell phones is becoming more common every day, there is a real need for a security system that not only protects the data, but the phone itself. It is proposed through this research that a biometric security system be the alternative to knowledge-based and password-based authentication. Furthermore, a device dongle must be implemented into this infrastructure to establish a reliable security system that deters theft for the majority; biometrics alone is not sufficient. Cell phones need power and must be charged almost daily. A biometric phone charger that acts as a dongle with a solid state relay, will be presented as a viable solution to theft in this research. Additionally, it will be shown through the results of this research that a system dependant only on biometrics is unreliable and unsecure. Essentially, a mobile security system that combines biometrics with dongle technology is believed to be the ideal solution for limiting the black market of stolen cell phones; without the biometric charger/dongle, the stolen cell phone would be rendered useless.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125524232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The Cloud Needs Cross-Layer Data Handling Annotations","authors":"Martin Henze, R. Hummen, Klaus Wehrle","doi":"10.1109/SPW.2013.31","DOIUrl":"https://doi.org/10.1109/SPW.2013.31","url":null,"abstract":"Nowadays, an ever-increasing number of service providers takes advantage of the cloud computing paradigm in order to efficiently offer services to private users, businesses, and governments. However, while cloud computing allows to transparently scale back-end functionality such as computing and storage, the implied distributed sharing of resources has severe implications when sensitive or otherwise privacy-relevant data is concerned. These privacy implications primarily stem from the in-transparency of the involved backend providers of a cloud-based service and their dedicated data handling processes. Likewise, back-end providers cannot determine the sensitivity of data that is stored or processed in the cloud. Hence, they have no means to obey the underlying privacy regulations and contracts automatically. As the cloud computing paradigm further evolves towards federated cloud environments, the envisioned integration of different cloud platforms adds yet another layer to the existing in-transparencies. In this paper, we discuss initial ideas on how to overcome these existing and dawning data handling in-transparencies and the accompanying privacy concerns. To this end, we propose to annotate data with sensitivity information as it leaves the control boundaries of the data owner and travels through to the cloud environment. This allows to signal privacy properties across the layers of the cloud computing architecture and enables the different stakeholders to react accordingly.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116706794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The Probabilistic Provenance Graph","authors":"Nwokedi C. Idika, Mayank Varia, Harry Phan","doi":"10.1109/SPW.2013.27","DOIUrl":"https://doi.org/10.1109/SPW.2013.27","url":null,"abstract":"Previous provenance models have assumed that there is complete certainty in the provenance relationships. But what if this assumption does not hold? In this work, emaiwe propose a probabilistic provenance graph (PPG) model to characterize scenarios where provenance relationships are uncertain. We describe two motivating examples. The first example demonstrates the uncertainty associated with the provenance of an email. The second example demonstrates and characterizes the uncertainty associated with the provenance of statements in documents.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116276255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"On Evaluating IP Traceback Schemes: A Practical Perspective","authors":"Vahid Aghaei-Foroushani, Nur Zincir-Heywood","doi":"10.1109/SPW.2013.13","DOIUrl":"https://doi.org/10.1109/SPW.2013.13","url":null,"abstract":"This paper presents an evaluation of two promising schemes for tracing cyber-attacks, the well-known Deterministic Packet Marking, DPM, and a novel marking scheme for IP traceback, Deterministic Flow Marking, DFM. First of all we explore the DPM in detail and then by investigating the DFM, we analyze the pros and cons of both approaches in depth in terms of practicality and feasibility, so that shortcomings of each scheme are highlighted. This evaluation is based on CAIDA Internet traces October 2012 dataset. The results show that using DFM may reduce as many as 90% of marked packets on average required for tracing attacks with no false positives, while it eliminates the spoofed marking embedded by the attacker as well as compromised routers in the attack path. Moreover, unlike DPM that traces the attack up to the ingress interface of the edge router close to the attacker, DFM allows the victim to trace the origin of incorrect or spoofed source addresses up to the attacker node, even if the attack has been originated from a network behind a network address translation (NAT), firewall, or a proxy server.","PeriodicalId":383569,"journal":{"name":"2013 IEEE Security and Privacy Workshops","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128020034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
