Baris Coskun

Spatio–Temporal Transform Based Video Hashing

Identification and verification of a video clip via its fingerprint find applications in video browsing, database search and security. For this purpose, the video sequence must be collapsed into a short fingerprint using a robust hash function based on signal processing operations. We propose two robust hash algorithms for video based both on the discrete cosine transform (DCT), one on the classical basis set and the other on a novel randomized basis set (RBT). The robustness and randomness properties of the proposed hash functions are investigated in detail. It is found that these hash functions are resistant to signal processing and transmission impairments, and therefore can be instrumental in building database search, broadcast monitoring and watermarking applications for video. The DCT hash is more robust, but lacks security aspect, as it is easy to find different video clips with the same hash value. The RBT based hash, being secret key based, does not allow this and is more secure at the cost of a slight loss in the receiver operating curves

Comparative evaluation of semifragile watermarking algorithms

Semifragile watermarking techniques aim to prevent tam- pering and fraudulent use of modified images. A semifragile water- mark monitors the integrity of the content of the image but not its numerical representation. Therefore, the watermark is designed so that the integrity is proven if the content of the image has not been tampered with, despite some mild processing on the image. How- ever, if parts of the image are replaced with the wrong key or are heavily processed, the watermark information should indicate evi- dence of forgery. We compare the performance of eight semifragile watermarking algorithms in terms of their miss probability under forgery attack, and in terms of false alarm probability under nonma- licious signal processing operations that preserve the content and quality of the image. We propose desiderata for semifragile water- marking algorithms and indicate the promising algorithms among existing ones.

Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts

In this work we show that once a single peer-to-peer (P2P) bot is detected in a network, it may be possible to efficiently identify other members of the same botnet in the same network even before they exhibit any overtly malicious behavior. Detection is based on an analysis of connections made by the hosts in the network. It turns out that if bots select their peers randomly and independently (i.e. unstructured topology), any given pair of P2P bots in a network communicate with at least one mutual peer outside the network with a surprisingly high probability. This, along with the low probability of any other host communicating with this mutual peer, allows us to link local nodes within a P2P botnet together. We propose a simple method to identify potential members of an unstructured P2P botnet in a network starting from a known peer. We formulate the problem as a graph problem and mathematically analyze a solution using an iterative algorithm. The proposed scheme is simple and requires only flow records captured at network borders. We analyze the efficacy of the proposed scheme using real botnet data, including data obtained from both observing and crawling the Nugache botnet.

Tamper Detection Based on Regularity of Wavelet Transform Coefficients

Powerful digital media editing tools make producing good quality forgeries very easy for almost anyone. Therefore, proving the authenticity and integrity of digital media becomes increasingly important. In this work, we propose a simple method to detect image tampering operations that involve sharpness/blurriness adjustment. Our approach is based on the assumption that if a digital image undergoes a copy-paste type of forgery, average sharpness/blurriness value of the forged region is expected to be different as compared to the non-tampered parts of the image. The method of estimating sharpness/blurriness value of an image is based on the regularity properties of wavelet transform coefficients which involves measuring the decay of wavelet transform coefficients across scales. Our preliminary results show that the estimated sharpness/blurriness scores can be used to identify tampered areas of the image.

Confusion/Diffusion Capabilities of Some Robust Hash Functions

Perceptual hash functions have been recently proposed as cryptographic primitives for multimedia security applications. However, many of these hash functions have been designed with signal processing robustness issues and have not addressed the key issues of confusion and diffusion that are central to the security of conventional hash functions. In this paper we give a definition for confusion and diffusion for perceptual hash functions and show how many common perceptual hash functions do not display desirable confusion/diffusion properties.

Robust video hash extraction

We propose a perceptual video hash function for broadcast monitoring and database search applications. The method consists of binarized low-frequency components of the 3D-DCT transform of video sequences. A video sequence is first brought to a standard frame size and frame length and then processed to yield the hash. Simulation experiments show that the perceptual hash function is unique for different video content, but that it remains invariant under selected signal processing attacks.

VPMN: virtual private mobile network towards mobility-as-a-service

In this paper we present our vision for a mobile network infrastructure that embraces advances in virtualization to dynamically create private, resource isolated, customizable, end-to-end mobile networks. We describe an architecture for such a virtual private mobile network (VPMN) infrastructure and present a number of use cases that illustrate the requirements and trade-offs to consider in their realization and the benefits that can be achieved.

Mitigating SMS spam by online detection of repetitive near-duplicate messages

Short Message Service (SMS) spam is increasingly becoming a problem for many telecommunication service providers. Not only do SMS spam messages use mobile network resources abusively, but also in many cases they represent malware propagation vectors for mobile devices. In this work, we propose a network-based online detection method for SMS spam messages. The proposed scheme uses robust text signatures to identify similar messages that are sent excessively in the SMS platform and is robust against slight modifications in SMS spam messages. Additionally, the method uses a fast online algorithm which can be deployed in large carrier networks to detect spam activities before too many spam messages are delivered. It does not store SMS message contents, therefore it does not compromise the privacy of mobile subscribers.

Online Sketching of Network Flows for Real-Time Stepping-Stone Detection

We present an efficient and robust stepping-stone detection scheme based on succinct packet-timing sketches of network flows. The proposed scheme employs an online algorithm to continuously maintain short sketches of flows from a stream of captured packets at the network boundary. These sketches are then used to identify pairs of network flows with similar packet-timing characteristics, which indicates potential stepping-stones. Succinct flow sketches enable the proposed scheme to compare a given pair of flows in constant time. In addition, flow sketches identify pairs of correlated flows from a given list of flows in sub-quadratic time, thereby allowing a more scalable solution as compared to known schemes. Finally, the proposed scheme is resistant to random delays and chaff, which are often employed by attackers to evade detection. To explore its efficacy, we mathematically analyze the robustness properties of the proposed flow sketch. We also experimentally measure the detection performance of the proposed scheme.

Gangs of the internet: Towards automatic discovery of peer-to-peer communities

Internet Service Providers and network administrators currently lack effective means for discovering and tracking peer-to-peer (P2P) applications on their networks. This ability would be very useful in various ways such as enforcing security policies on the use of P2P applications (e.g. banning file-sharing networks such as Bit Torrent), mitigating malicious P2P networks (i.e. botnets), or allocating network resources appropriately to improve network performance. To provide this ability, in this work we propose a method to discover P2P networks (both benign and malicious) from network flow records captured at the boundary of a tier-1 Internet backbone provider. The basic idea is that flows belonging to P2P applications can be modeled as observations from a mixed membership statistical model, with P2P applications acting as latent variables. Hence the communication patterns of hosts (who-talks-to-whom), as measured at the edge of a large network, can be decomposed into constituent application-layer P2P communities without any human effort in selecting specific features. This allows for automatic identification and isolation of P2P communities of interest, including those that take deliberate measures to remain hidden, as well as new or evolving ones such as P2P Botnets. In large scale experiments on flow records from a portion of IPv4 space of size /8, we demonstrate that the proposed method is able to detect a number of well known P2P networks, as well as a few evolving malicious P2P botnets.