José M. Fernandez

A lambic : a privacy-preserving recommender system for electronic commerce

Recommender systems enable merchants to assist customers in finding products that best satisfy their needs. Unfortunately, current recommender systems suffer from various privacy-protection vulnerabilities. Customers should be able to keep private their personal information, including their buying preferences, and they should not be tracked against their will. The commercial interests of merchants should also be protected by allowing them to make accurate recommendations without revealing legitimately compiled valuable information to third parties. We introduce a theoretical approach for a system called Alambic, which achieves the above privacy-protection objectives in a hybrid recommender system that combines content-based, demographic and collaborative filtering techniques. Our system splits customer data between the merchant and a semi-trusted third party, so that neither can derive sensitive information from their share alone. Therefore, the system could only be subverted by a coalition between these two parties.

Sybil attacks as a mitigation strategy against the Storm botnet

The Storm botnet is one of the most sophisticated botnet active today, used for a variety of illicit activities. A key requirement for these activities is the ability by the botnet operators to transmit commands to the bots, or at least to the various segmented portions of the botnet. Disrupting these command and control (C&C) channels therefore becomes an attractive avenue to reducing botnets effectiveness and efficiency. Since the command and control infrastructure of Storm is based on peer-to-peer (P2P) networks, previous work has explored the use of index poisoning, a disruption method developed for file-sharing P2P networks, where the network is inundated with false information about the location of files. In contrast, in this paper we explore the feasibility of Sybil attacks as a mitigation strategy against Storm. The aim here is to infiltrate the botnet with large number of fake nodes (sybils), that seek to disrupt the communication between the bots by inserting themselves in the peer lists of ldquoregularrdquo bots, and eventually re-reroute or disrupt ldquorealrdquo C&C traffic. An important difference with index poisoning attacks is that sybil nodes must remain active and participate in the underlying P2P protocols, in order to remain in the peer list of regular bot nodes. However, they do not have to respond to the botmasterpsilas commands and participate into illicit activities. First, we outline a methodology for mounting practical Sybil attacks on the Storm botnet. Then, we describe our simulation studies, which provide some insights regarding the number of sybils necessary to achieve the desired level of disruption, with respect to the net growth rate of the botnet. We also explore how certain parameters such as the duration of the Sybil attack, and botnet design choices such as the size of a botpsilas peer list, affect the effectiveness of the attack.

Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?

Botnets, in particular the Storm botnet, have been garnering much attention as vehicles for Internet crime. Storm uses a modified version of Overnet, a structured peer-to-peer (P2P) overlay network protocol, to build its command and control (C&C) infrastructure. In this study, we use simulation to determine whether there are any significant advantages or disadvantages to employing structured P2P overlay networks for botnet C&C, in comparison to using unstructured P2P networks or other complex network models. First, we identify some key measures to assess the C&C performance of such infrastructures, and employ these measures to evaluate Overnet, Gnutella (a popular, unstructured P2P overlay network), the Erdős-Renyi random graph model and the Barabasi-Albert scale-free network model. Further, we consider the three following disinfection strategies: a) a randomstrategy that, with effort, can remove randomly selected bots and uses no knowledge of the C&C infrastructure, b) a tree-likestrategy where local information obtained from a disinfected bot (e.g. its peer list) is used to more precisely disinfect new machines, and c) a globalstrategy, where global information such as the degree of connectivity of bots within the C&C infrastructure, is used to target bots whose disinfection will have maximum impact. Our study reveals that while Overnet is less robust to random node failures or disinfections than the other infrastructures modelled, it outperforms them in terms of resilience against the targeted disinfection strategies introduced above. In that sense, Storm designers seem to have made a prudent choice! This work underlines the need to better understand how P2P networks are used, and can be used, within the botnet context, with this domain being quite distinct from their more commonplace usages.

A clinical study of risk factors related to malware infections

The success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of malware attack and defense, there has been much less research reporting on how human behavior interacts with both malware and current malware defenses. In this paper we describe a proof-of-concept field study designed to examine the interactions between users, anti-virus (anti-malware) software, and malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security software through long-term field studies with greater ecological validity than can be achieved through other means.

Aligot: cryptographic function identification in obfuscated binary programs

Analyzing cryptographic implementations has important applications, especially for malware analysis where they are an integral part both of the malware payload and the unpacking code that decrypts this payload. These implementations are often based on well-known cryptographic functions, whose description is publicly available. While potentially very useful for malware analysis, the identification of such cryptographic primitives is made difficult by the fact that they are usually obfuscated. Current state-of-the-art identification tools are ineffective due to the absence of easily identifiable static features in obfuscated code. However, these implementations still maintain the input-output (I/O) relationship of the original function. In this paper, we present a tool that leverages this fact to identify cryptographic functions in obfuscated programs, by retrieving their I/O parameters in an implementation-independent fashion, and comparing them with those of known cryptographic functions. In experimental evaluation, we successfully identified the cryptographic functions TEA, RC4, AES and MD5 both in synthetic examples protected by a commercial-grade packer (AsProtect), and in several obfuscated malware samples (Sality, Waledac, Storm Worm and SilentBanker). In addition, our tool was able to recognize basic operations done in asymmetric ciphers such as RSA.

ALGORITHMIC COOLING OF SPINS: A PRACTICABLE METHOD FOR INCREASING POLARIZATION

An efficient technique to generate ensembles of spins that are highly polarized by external magnetic fields is the Holy Grail in Nuclear Magnetic Resonance (NMR) spectroscopy. Since spin-half nuclei have steady-state polarization biases that increase inversely with temperature, spins exhibiting high polarization biases are considered cool, even when their environment is warm. Existing spin-cooling techniques are highly limited in their efficiency and usefulness. Algorithmic cooling is a promising new spin-cooling approach that employs data compression methods in open systems. It reduces the entropy of spins on long molecules to a point far beyond Shannons bound on reversible entropy manipulations, thus increasing their polarization. Here we present an efficient and experimentally feasible algorithmic cooling technique that cools spins to very low temperatures even on short molecules. This practicable algorithmic cooling could lead to breakthroughs in high-sensitivity NMR spectroscopy in the near future, ...

Experimental Demonstration of a Hybrid Privacy-Preserving Recommender System

Recommender systems enable merchants to assist customers in finding products that best satisfy their needs. Unfortunately, current recommender systems suffer from various privacy-protection vulnerabilities. We report on the first experimental realization of a theoretical framework called ALAMBIC, which we had previously put forth to protect the privacy of customers and the commercial interests of merchants. Our system is a hybrid recommender that combines content-based, demographic and collaborative filtering techniques. The originality of our approach is to split customer data between the merchant and a semi- trusted third party, so that neither can derive sensitive information from their share alone. Therefore, the system can only be subverted by a coalition between these two parties. Experimental results confirm that the performance and user-friendliness of the application need not suffer from the adoption of such privacy-protection solutions. Furthermore, user testing of our prototype show that users react positively to the privacy model proposed.

Privacy-preserving demographic filtering

The use of recommender systems in e-commerce to guide customer choices presents a privacy protection problem that is twofold. We seek to protect the privacy interests of customers by trying to keep private their identity and demographic characteristics, and possibly also their buying preferences and behaviour. This can be desirable even if anonymity is used. Furthermore, we want to protect the commercial interests of the e-commerce service providers by allowing them to make recommendations as accurate as possible, without unnecessarily revealing valuable information they have legitimately accumulated, such as market trends, to third parties.In this paper, we concentrate on recommender systems based on demographic filtering, which make recommendations based on feedback of previous users of similar demographic characteristics (such as age, sex, level of education, wealth, geographical location, etc.). We propose a system called ALAMBIC, which adequately achieves the above privacy-protection objectives in this kind of recommender systems. Our system is based on a semi-trusted third party in which the users need only have limited confidence. A main originality of our approach is to split user data between that party and the service provider in such a way that neither can derive sensitive information from their share alone.

PCFinder: an intelligent product recommendation agent for e-commerce

There are many e-commerce applications on the Web. A common shortcoming is the lack of customer service and marketing analysis tools in most e-commerce web sites. In order to overcome this problem, we have constructed an intelligent agent based on Case-Based Reasoning (CBR) and collaborative filtering, which we have included in our product recommendation system, called PCFinder. This system was four main characteristics. The first is applying novel methodologies based on CBR to an e-commerce application. We propose a heuristic to represent an Order-Based Similarity Measure, together with the method of weight modification and adaptation. The second is applying CBR and collaborative filtering techniques to make our intelligent agent more efficient and effective. We also apply clustering analysis techniques to assist our intelligent agent for grouping the customers according to their long-term profiles in order to analyze the user profiles (external attributes) and provide some suggestions of the items (internal attributes) of the product. The third is introducing a method for constructing product recommendation systems: from architecture to methodologies and from applied technologies to implementations. The last is providing a graphic-building wizard based on clustering analysis of the past purchasing history to the management staff for analyzing the marketing tendencies.

ONTIDS: A Highly Flexible Context-Aware and Ontology-Based Alert Correlation Framework

Several alert correlation approaches have been proposed to date to reduce the number of non-relevant alerts and false positives typically generated by Intrusion Detection Systems (IDS). Inspired by the mental process of the contextualisation used by security analysts to weed out less relevant alerts, some of these approaches have tried to incorporate contextual information such as: type of systems, applications, users, and networks into the correlation process. However, these approaches are not flexible as they only perform correlation based on the narrowly defined contexts. information resources available to the security analysts while preserving the maximum flexibility and the power of abstraction in both the definition and the usage of such concepts, we propose ONTIDS, a context-aware and ontology-based alert correlation framework that uses ontologies to represent and store the alerts information, alerts context, vulnerability information, and the attack scenarios. ONTIDS employs simple ontology logic rules written in Semantic Query-enhance Web Rule Language (SQWRL) to correlate and filter out non-relevant alerts. We illustrate the potential usefulness and the flexibility of ONTIDS by employing its reference implementation on two separate case studies, inspired from the DARPA 2000 and UNB ISCX IDS evaluation datasets.