Guy Leshem

Lightweight adaptive Random-Forest for IoT rule generation and execution

Abstract The area of the Internet of Things is growing rapidly. The volume of transmitted data over the various sensors is growing accordingly. Sensors typically are low in resources of storage, memory and processing power. Data security and privacy are part of the major concerns and drawbacks of this growing domain. Sensor traffic analysis has become an increasingly important domain to protect IoT infrastructures from intruders. An IoT network intrusion detection system is required to monitor and analyze the traffic and predict possible attacks. Machine leaning techniques can automatically extract normal and abnormal patterns from a large set of training sensors data. Due to the high volume of traffic and the need for real-time reaction, accurate threat discovery is mandatory. This work focuses on designing a lightweight comprehensive IoT rules generation and execution framework. It is composed of three components, a machine learning rule discovery, a threat prediction model builder and tools to ensure timely reaction to rules violation and un-standardized and ongoing changes in traffic behavior. The generated detection model is expected to identify in real-time exceptions and notify the system accordingly. We use Random-Forest (RF) as the machine learning platform for rules discovery and real-time anomaly detection. To allow RF adaptation to IoT we propose several improvements to make it lightweight and propose a process that combines IoT network capabilities; messaging and resource sharing, to build a comprehensive and efficient IoT security framework.

A study on anomaly detection ensembles

Abstract An anomaly, or outlier, is an object exhibiting differences that suggest it belongs to an as-yet undefined class or category. Early detection of anomalies often proves of great importance because they may correspond to events such as fraud, spam, or device malfunctions. By automating the creation of a ranking or list of deviations, we can save time and decrease the cognitive overload of the individuals or groups responsible for responding to such events. Over the years many anomaly and outlier metrics have been developed. In this paper we propose a clustering-based score ensembling method for outlier detection. Using benchmark datasets we evaluate quantitatively the robustness and accuracy of different ensemble strategies. We find that ensembling strategies offer only limited value for increasing overall performance, but provide robustness by negating the influence of severely underperforming models.

Explaining small business InfoSec posture using social theories

Purpose This study aims to investigate information technology security practices of very small enterprises. Design/methodology/approach The authors perform a formal information security field study using a representative sample. Using the Control Objectives for IT (COBIT) framework, the authors evaluate 67 information security controls and perform 206 related tests. The authors state six hypotheses about the findings and accept or reject those using inferential statistics. The authors explain findings using the social comparison theory and the rare events bias theory. Findings Only one-third of all the controls examined were designed properly and operated as expected. About half of the controls were either ill-designed or did not operate as intended. The social comparison theory and the rare events bias theory explain managers’s reliance on small experience samples which in turn leads to erroneous comprehension of their business environment, which relates to information security. Practical implications This information is valuable to executive branch policy makers striving to reduce information security vulnerability on local and national levels and small business organizations providing information and advice to their members. Originality/value Information security surveys are usually over-optimistic and avoid self-incrimination, yielding results that are less accurate than field work. To obtain grounded facts, the authors used the field research approach to gather qualitative and quantitative data by physically visiting active organizations, interviewing managers and staff, observing processes and reviewing written materials such as policies, procedure and logs, in accordance to common practices of security audits.

Brief Announcement: Image Authentication Using Hyperspectral Layers

Access control systems using face recognition, are widely implemented. This technic lacks the ability to bypass it. To avoid it, an authentication process is required. In this paper we propose a new security image-signature, which authenticates the given image. The proposed signature is generated from the corresponding hyperspectral image layers. The process extracts unique patterns from the hyperspectral layers, these are collected to build a unique biometric signature for the related person. Experiments show the potential of enhancing image authentication using the proposed signature.

An Adaptive Classification Framework for Data Streaming Anomaly Detection

Predicting the behavior of a system, we usually analyze its past data to discover common patterns and other classification artifacts. This process consumes considerable computational power and data storage. We propose an approach and a system, which requires much less resources without compromising prediction capabilities and accuracy. It employs three basic methods: common behavior graph, contour surrounding the graph, and entropy calculation methods. When the system is about to be implemented for a specific domain, the optimized combination of these three methods is considered, such that it fits the unique nature of the domain and its corresponding data type. In this work, we propose a framework and a process assisting system designers, finding the optimal methods for the case at hand. We demonstrate our approach with a case study of meteorological data collected over 15 years to classify and detect anomalies in new data.

Sparse sampling for sensing temporal data — building an optimized envelope

IoT systems collect vast amounts of data which can be used in order to track and analyze the structure of future recorded data. However, due to limited computational power, bandwith, and storage capabilities, this data cannot be stored as is, but rather must be reduced in such a way so that the abilities to analyze future data, based on past data, will not be compromised. We propose a parameterized method of sampling the data in an optimal way. Our method has three parameters — an averaging method for constructing an average data cycle from past observations, an envelope method for defining an interval around the average data cycle, and an entropy method for comparing new data cycles to the constructed envelope. These parameters can be adjusted according to the nature of the data, in order to find the optimal representation for classifying new cycles as well as for identifying anomalies and predicting future cycle behavior. In this work we concentrate on finding the optimal envelope, given an averaging method and an entropy method. We demonstrate with a case study of meteorological data regarding El Ninio years.

Offensive Information Warfare Revisited: Social Media Use in Man-Made Crises

Socio-technical forecasts that materialized are of particular interest, as they are based on basic principles that must hold true for a long time, and thus worthy of special attention. The exploitation of the Internet as a vehicle for psychological and physical battle has been anticipated ever since the Internet became a world-wide phenomenon. Its potential for abuse by terrorist groups motivated Valeri & Knights to compile a list of key predictions, without the benefit of the hindsight afforded by the post-millennial terrorist attacks on the USA & Europe, and before social media was conceived. This paper evaluates some of their predictions in light of the massive social media and network attacks that occurred in Israel and Syria. Additionally, the paper examines how attacked governments and nations respond. The authors find that some of the key predictions advanced by Valeri and Knights have proven accurate. Offensive information warfare attacks have and will continue to influence policies, budgets and civic voluntary participation to counter such attacks.

Expert-Based Fusion Algorithm of an Ensemble of Anomaly Detection Algorithms

Data fusion systems are widely used in various areas such as sensor networks, robotics, video and image processing, and intelligent system design. Data fusion is a technology that enables the process of combining information from several sources in order to form a unified picture or a decision. Today, anomaly detection algorithms (ADAs) are in use in a wide variety of applications (e.g. cyber security systems, etc.). In particular, in this research we focus on the process of integrating the output of multiple ADAs that perform within a particular domain. More specifically, we propose a two stage fusion process, which is based on the expertise of the individual ADA that is derived in the first step. The main idea of the proposed method is to identify multiple types of outliers and to find a set of expert outlier detection algorithms for each type. We propose to use semi-supervised methods. Preliminary experiments for the single-type outlier case are provided where we show that our method outperforms other benchmark methods that exist in the literature.