Hyoungshick Kim

Centrality prediction in dynamic human contact networks

Real technological, social and biological networks evolve over time. Predicting their future topology has applications to epidemiology, targeted marketing, network reliability and routing in ad hoc and peer-to-peer networks. The key problem for such applications is usually to identify the nodes that will be in more important positions in the future. Previous researchers had used ad hoc prediction functions. In this paper, we evaluate ways of predicting a nodes future importance under three important metrics, namely degree, closeness centrality, and betweenness centrality, using empirical data on human contact networks collected using mobile devices. We find that node importance is highly predictable due to both periodic and legacy effects of human social behaviour, and we design reasonable prediction functions. However human behaviour is not the same in all circumstances: the centrality of students at Cambridge is best correlated both daily and hourly, no doubt due to hourly lecture schedules, while academics at conferences exhibit rather flat closeness centrality, no doubt because conference attendees are generally trying to speak to new people at each break. This highlights the utility of having a number of different metrics for centrality in dynamic networks, so as to identify typical patterns and predict behaviour. We show that the best-performing prediction functions are 25% more accurate on average than simply using the previous centrality value. These prediction functions can be efficiently computed in linear time, and are thus practical for processing dynamic networks in real-time.

Hybrid spam filtering for mobile communication

Spam messages are an increasing threat to mobile communication. Several mitigation techniques have been proposed, including white and black listing, challenge-response and content-based filtering. However, none are perfect and it makes sense to use a combination rather than just one. We propose an anti-spam framework based on the hybrid of content-based filtering and challenge-response. A message, that has been classified as uncertain through content-based filtering, is checked further by sending a challenge to the message sender. An automated spam generator is unlikely to send back a correct response, in which case, the message is classified as spam. Our simulation results show the trade-off between the accuracy of anti-spam classifiers and the incurring traffic overhead, and demonstrate that our hybrid framework is capable of achieving high accuracy regardless of the content-based filtering algorithm being used.

Social Authentication: Harder Than It Looks

A number of web service firms have started to authenticate users via their social knowledge, such as whether they can identify friends from photos. We investigate attacks on such schemes. First, attackers often know a lot about their targets; most people seek to keep sensitive information private from others in their social circle. Against close enemies, social authentication is much less effective. We formally quantify the potential risk of these threats. Second, when photos are used, there is a growing vulnerability to face-recognition algorithms, which are improving all the time. Network analysis can identify hard challenge questions, or tell a social network operator which users could safely use social authentication; but it could make a big difference if photos weren’t shared with friends of friends by default. This poses a dilemma for operators: will they tighten their privacy default settings, or will the improvement in security cost too much revenue?

Influential Neighbours Selection for Information Diffusion in Online Social Networks

The problem of maximizing information diffusion through a network is a topic of considerable recent interest. A conventional problem is to select a set of any arbitrary k nodes as the initial influenced nodes so that they can effectively disseminate the information to the rest of the network. However, this model is usually unrealistic in online social networks since we cannot typically choose arbitrary nodes in the network as the initial influenced nodes. From the point of view of an individual user who wants to spread information as much as possible, a more reasonable model is to try to initially share the information with only some of its neighbours rather than a set of any arbitrary nodes; but how can these neighbours be effectively chosen? We empirically study how to design more effective neighbours selection strategies to maximize information diffusion. Our experimental results through intensive simulation on several real- world network topologies show that an effective neighbours selection strategy is to use node degree information for short-term propagation while a naive random selection is also adequate for long-term propagation to cover more than half of a network. We also discuss the effects of the number of initial activated neighbours. If we particularly select the highest degree nodes as initial activated neighbours, the number of initial activated neighbours is not an important factor at least for long-term propagation of information.

Phishing detection with popular search engines: simple and effective

We propose a new phishing detection heuristic based on the search results returned from popular web search engines such as Google, Bing and Yahoo. The full URL of a website a user intends to access is used as the search string, and the number of results returned and ranking of the website are used for classification. Most of the time, legitimate websites get back large number of results and are ranked first, whereas phishing websites get back no result and/or are not ranked at all. To demonstrate the effectiveness of our approach, we experimented with four well-known classification algorithms --- Linear Discriminant Analysis, Naive Bayesian, K -Nearest Neighbour, and Support Vector Machine --- and observed their performance. The K -Nearest Neighbour algorithm performed best, achieving true positive rate of 98% and false positive and false negative rates of 2%. We used new legitimate websites and phishing websites as our dataset to show that our approach works well even on newly launched websites/webpages --- such websites are often misclassified in existing blacklisting and whitelisting approaches.

On the Effectiveness of Pattern Lock Strength Meters: Measuring the Strength of Real World Pattern Locks

We propose an effective pattern lock strength meter to help users choose stronger pattern locks on Android devices. To evaluate the effectiveness of the proposed meter with a real world dataset (i.e., with complete ecological validity), we created an Android application called EnCloud that allows users to encrypt their Dropbox files. 101 pattern locks generated by real EnCloud users were collected and analyzed, where some portion of the users were provided with the meter support. Our statistical analysis indicates that about 10% of the pattern locks that were generated without the meter support could be compromised through just 16 guessing attempts. As for the pattern locks that were generated with the meter support, that number goes up to 48 guessing attempts, showing significant improvement in security. Our recommendation is to implement a strength meter in the next version of Android.

An Experimental Evaluation of Robustness of Networks

Models of conflict in networks provide insights into applications ranging from epidemiology to guerilla warfare. Barabási, Albert, and Jeong modeled selective attacks on networks in which an attacker targets high-order nodes to destroy connectivity; Nagaraja and Anderson extended this to iterated attacks where the attacker and defender take turns removing and rebuilding nodes and edges according to given strategies. We extend the iterative model by introducing the cost required to perform network operations. This gives a much finer granularity than previous models, whether we are interested in network resilience against random failures or intentional attacks. We empirically study how to design more effective attacks and/or defenses through intensive simulation on several well-known network topologies, including the three real-world networks. In particular, an effective defense against many attacks is to add new links connecting low-centrality nodes to maintain the overall balance of network centrality.

A Framework for Security Services Based on Software-Defined Networking

This paper proposes a framework for security services using Software-Defined Networking (SDN) and specifies requirements for such a framework. It describes two representative security services, such as (i) centralized firewall system and (ii) centralized DDoS-attack mitigation system. For each service, this paper discusses the limitations of legacy systems and presents a possible SDN-based system to protect network resources by controlling suspicious and dangerous network traffic that can be regarded as security attacks.

Security challenges with network functions virtualization

Abstract The advent of network functions virtualization (NFV) has revolutionized numerous network-based applications due to its several benefits such as flexibility, manageability, scalability, and security. By the software-based virtualization of network functions on a single infrastructure, NFV provides users with a framework that dynamically provisions various network services in a flexible manner. However, NFV faces several security challenges (e.g., multi-tenancy and live migration) which make it vulnerable to some cybersecurity attacks (e.g., side-channel attacks and shared resource misuse attacks). In this paper, we provide an overview of NFV, discuss potentially serious security threats on NFV and introduce effective countermeasures to mitigate those threats. Finally, we suggest some practical solutions to provide a trustworthy platform for NFV.

STOP: Socio-Temporal Opportunistic Patching of short range mobile malware

Mobile phones are integral to everyday life with emails, social networking, online banking and other applications; however, the wealth of private information accessible increases economic incentives for attackers. Compared with fixed networks, mobile malware can replicate through both long range messaging and short range radio technologies; the former can be filtered by the network operator but determining the best method of containing short range malware is an open problem. While global software updates are sometimes possible, they are often not practical. An alternative and more efficient strategy is to distribute the patch to the key nodes so that they can opportunistically disseminate it to the rest of the network via short range encounters; but how can these key nodes be identified in a highly dynamic network topology? In this paper, we address these questions by presenting Socio- Temporal Opportunistic Patching (STOP), a two-tier predictive mobile malware containment system: devices collect co-location data in a decentralized manner and report to a central server which processes and targets delivery of hot fixes to a small subset of k devices at runtime; in turn mobile devices spread the patch opportunistically. The STOP system is underpinned by a recent theoretical framework for analysing dynamic networks that takes into account temporal information of links. Using empirical contact traces, we find firstly, the top-k ranking temporal centrality nodes are highly correlated with past time windows; and secondly, simple prediction functions can be designed to select the set of top-k nodes that are optimal for patch spreading.