Eckhard Pfluegel

Confidential Communication Techniques for Virtual Private Social Networks

In this paper, we are concerned with techniques for establishing confidentiality of user-generated content (UGC), shared in centralised and untrusted online social networks (OSNs). We describe how the concepts of secret sharing and steganography can be combined to result in a technique for sending confidential messages, as part of a proposed architecture for a virtual private social network (VPSN). We consider the types of UGC confidentiality threats that the VPSN can mitigate, based on those of a decentralised online social network (DOSN). We also postulate the concept of a virtual distributed online social network (VDOSN) in which a VPSN is established across multiple centralised OSNs.

An evaluation of feature selection and reduction algorithms for network IDS data

Intrusion detection is concerned with monitoring and analysing events occurring in a computer system in order to discover potential malicious activity. Data mining, which is part of the procedure of knowledge discovery in databases, is the process of analysing the collected data to find patterns or correlations. As the amount of data collected, store and processed only increases, so does the significance and importance of intrusion detection and data mining. A dataset that has been particularly exposed to research is the dataset used for the Third International Knowledge Discovery and Data Mining Tools competition, KDD99. The KDD99 dataset has been used to identify what data mining techniques relate to certain attack and employed to demonstrate that decision trees are more efficient than the Naïve Bayes model when it comes to detecting new attacks. When it comes to detecting network intrusions, the C4.5 algorithm performs better than SVM. The aim of our research is to evaluate and compare the usage of various feature selection and reduction algorithms against publicly available datasets. In this contribution, the focus is on feature selection and reduction algorithms. Three feature selection algorithms, consisting of an attribute evaluator and a test method, have been used. Initial results indicate that the performance of the classifier is unaffected by reducing the number of attributes.

SWIMS (Speech-Based Web Interface for Mathematics Using Statistical Language Models): An Intelligent Editing Assistant for Mathematical Text

This paper describes the development and evaluation of an intelligent web-based interface for editing mathematical text that assists the user with the aid of the predictive and corrective power of statistical language models. It offers options for predicting what will appear next (analogous to predictive text for SMS messages) and identifying likely errors due to simple mistakes on the users part in order to assist in correcting the errors. Using text-stream input, we investigate the utility of the error identification by studying the proportion of times the correct version of the complete mathematical expression appears within the M most likely alternatives suggested by our system. We aim to integrate these facilities into our existing Talk Maths system.

Interactive error correction using statistical language models in a client-server interface for editing mathematical text

Learning and using mathematical notation poses particular difficulties for people with various disabilities, partly due to its wide range of symbols and rather complicated layout. These pose great challenges, often affecting the educational and career opportunities of people who are visually impaired or have limited (or no) use of their hands or arms. Assistive systems to alleviate these difficulties would be of considerable benefit to such groups of people

Improved software vulnerability patching techniques using CVSS and game theory

Software vulnerability patching is a crucial part of vulnerability management and is informed by using effective vulnerability scoring techniques. The Common Vulnerability Scoring System (CVSS) provides an open framework for assessing the severity of software vulnerabilities based on metrics capturing their individual, intrinsic characteristics. In this paper, we enhance the use of CVSS for vulnerability scoring with the help of game theory by modelling an attacker-defender scenario and arguing that, under the assumption of rational behaviour of the players, an effective vulnerability patching strategy could be achieved with an optimal strategy, solving the game. We have implemented our strategies as new functionality in the software tool CAESAIR [1]. This research builds on our previous work [2], where we have used CVSS to inform the design of the utility functions, by performing the Nash equilibrium analysis of the game. Our findings may result in more accurate defence strategies for system administrators.

Designing utility functions for game-theoretic cloud security assessment: a case for using the common vulnerability scoring system

In recent years, cloud computing has emerged as a key computing paradigm because of its ubiquitous, convenient and scalable on-demand access to a shared pool of computing resources. Although the use of the cloud has many advantages, a great number of security threats exist affecting assets that are present in a cloud environment. In order to mitigate these threats, frameworks have been developed to asses the security of an organisation, based on analysing risks to critical assets. However, these frameworks are not yet sufficiently developed to specifically address risks in cloud environments. In this paper, we advocate the use of game theory to improve the security assessment of cloud environments, in particular the risk analysis step in OCTAVE. We extend previous game-theoretic models for security risk assessment within cloud environments by designing cost and benefit functions that are to a large extent informed by the Common Vulnerability Scoring System (CVSS).

Moving assets to the cloud: A game theoretic approach based on trust

Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the users asset, exploiting vulnerabilities on either the users system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.

A layered defense mechanism for a social engineering aware perimeter

While many cyber security organizations urge the corporate world to use defence-in-depth to create vigilant network perimeters, the human factor is often overlooked. Security evaluation frameworks focus mostly on critical assets of an organization and technical aspects of prevailing risks. There is consequently no specific framework to identify, categorize, analyse and mitigate social engineering related risks. This paper identifies the requirement for such a framework through an in-depth investigation of an actual organization and extensive analysis of existing methodologies. On the basis of this a layered defence strategy SERA is developed, starting with the basic building blocks for social-engineering aware risk analysis. A chronological attack classification framework is presented as an enhancement of existing frameworks on social engineering.

Securing Neighbourhood Discovery for Mobile Ad-Hoc Networks

We propose the use of a secure topology discovery scheme, based on certificate-less public key management, as part of a proposed secure version of the Neighbourhood Discovery Protocol (NHDP) for Mobile Ad-Hoc Networks. We provide an initial evaluation of the computational cost of sending secure HELLO messages, based on an Android app deployed within a small test-bed environment.

Chaos-based image encryption using an AONT mode of operation

Chaos-based cryptography is a promising and emerging field that offers a large variety of techniques particularly suitable for applications such as image encryption. The fundamental characteristics of chaotic systems are closely related to the properties of a strong cryptosystem. Most research on chaos-based encryption does not concentrate on the aspect of encryption modes of operation. This paper introduces a new chaos-based image encryption scheme using an all-or-nothing transform (AONT) mode of operation. This results in a novel non-separable chaos-based mode which we have implemented and evaluated. Our results show that the AONT mode achieves a security gain with little overhead on the overall efficiency of the encryption.