Clifford Neuman

Cyber defense technology networking and evaluation

Creating an experimental infrastructure for developing next-generation information security technologies.

Reputation-based Trust-Aware Recommender System

The volume of information available grows so large that it is time-consuming for people to find relevant reliable quality information. With the growth of online communities like Web boards and e-commerce communities, a new kind of information is made available - rating given by one user to another user. However, conventional recommender systems compute their recommendations regardless of the recommenders past behaviors and reputation. They omit these significant social elements commonly done in decision making and advice seeking process in the real world. We propose an approach to include the social factors e.g. users past behaviors and reputation together as an element of trust that can be incorporated into the current recommender system framework and show our experiments in order to test our solution

Behavioral-based cheating detection in online first person shooters using machine learning techniques

Cheating in online games comes with many consequences for both players and companies. Therefore, cheating detection and prevention is an important part of developing a commercial online game. Several anti-cheating solutions have been developed by gaming companies. However, most of these companies use cheating detection measures that may involve breaches to users privacy. In our paper, we provide a server-side anti-cheating solution that uses only game logs. Our method is based on defining an honest players behavior and cheaters behavior first. After that, using machine learning classifiers to train cheating models, then detect cheaters. We presented our results in different organizations to show different options for developers, and our methods results gave a very high accuracy in most of the cases. Finally, we provided a detailed analysis of our results with some useful suggestions for online games developers.

Deconstructing the Assessment of Anomaly-based Intrusion Detectors

Anomaly detection is a key strategy for cyber intrusion detection because it is conceptually capable of detecting novel attacks. This makes it an appealing defensive technique for environments such as the nations critical infrastructure that is currently facing increased cyber adversarial activity. When considering deployment within the purview of such critical infrastructures it is imperative that the technology is well understood and reliable, where its performance is benchmarked on the results of principled assessments. This paper works towards such an imperative by analyzing the current state of anomaly detector assessments with a view toward mission critical deployments. We compile a framework of key evaluation constructs that identify how and where current assessment methods may fall short in providing sufficient insight into detector performance characteristics. Within the context of three case studies from literature, we show how error factors that influence the performance of detectors interact with different phases of a canonical evaluation strategy to compromise the integrity of the final results.

The performance of a reliable, request-response transport protocol

This paper studies the behavior of ARDP, a request response transport protocol, when operating in a shared communication infrastructure like the Internet. Our experiments demonstrate that ARDP backs off in the presence of congestion, yet tries to take advantage of available bandwidth. We also show that ARDP is well-behaved when competing for network resources with TCP.

Modeling security policies for mitigating the risk of load altering attacks on smart grid systems

While demand response programs achieve energy efficiency and quality objectives, they bring potential security threats into the Smart Grid. An ability to influence load in the system provides the capability for an attacker to cause system failures and impacts the quality and integrity of the power delivered to customers. This paper presents a security mechanism that monitors and controls load according to security policies during normal system operation. The mechanism monitors, detects, and responds to load altering attacks. The authors examined security requirements of Smart Grid stakeholders and constructed a set of load control policies enforced by the mechanism. A proof of concept prototype was implemented and tested using the simulation environment. By enforcing the proposed policies in this prototype, the system is maintained in a safe state in the presence of load drop attacks.