Lam For Kwok

Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones

Nowadays, touchscreen mobile phones make up a larger and larger share in the mobile market. Users also often use their mobile phones (e.g., Android phones) to store personal and sensitive data. It is therefore important to safeguard mobile phones by authenticating legitimate users and detecting impostors. In this paper, we propose a novel user authentication scheme based on touch dynamics that uses a set of behavioral features related to touch dynamics for accurate user authentication. In particular, we construct and select 21 features that can be used for user authentication. To evaluate the performance of our scheme, we collect and analyze touch gesture data of 20 Android phone users by comparing several known machine learning classifiers. The experimental results show that a neural network classifier is well-suited to authenticate different users with an average error rate of about 7.8% for our selected features. Finally, we optimize the neural network classifier by using Particle Swarm Optimization (PSO) to deal with variations in users’ usage patterns. Experimental results show that the average error rate of our optimized scheme is only about 3%, achieved solely by analyzing the touch behavior of users on an Android phone.

A robust watermarking scheme for 3D triangular mesh models

Copyright protection of digital media has become an important issue in the creation and distribution of digital content. As a solution to this problem, digital watermarking techniques have been developed for embedding specific information identifying the owner in the host data imperceptibly. Most watermarking methods developed to date mainly focused on digital media such as images, video, audio, and text. Relatively few watermarking methods have been presented for 3D graphical models. In this paper we propose a robust 3D graphical model watermarking scheme for triangle meshes. Our approach embeds watermark information by perturbing the distance between the vertices of the model to the center of the model. More importantly, to make our watermarking scheme robust against various forms of attack while preserving the visual quality of the models our approach distributes information corresponds to a bit of the watermark over the entire model, and the strength of the embedded watermark signal is adaptive with respect to the local geometry of the model. We also introduce a weighting scheme in the watermark extraction process that makes watermark detection more robust against attacks. Experiments show that this watermarking scheme is able to withstand common attacks on 3D models such as mesh simplification, addition of noise, model cropping as well as a combination of these attacks.

A cognitive tool for teaching the addition/subtraction of common fractions: a model of affordances

The aim of this research is to devise a cognitive tool for meeting the diverse needs of learners for comprehending new procedural knowledge. A model of affordances on teaching fraction equivalence for developing procedural knowledge for adding/subtracting fractions with unlike denominators was derived from the results of a case study of an initial prototype of a graphical partitioning model. Offering affordances in our model makes available profitable spaces for learners to interact in ways that meet their needs. This model of affordances was evaluated by a pre-test--post-test control group design to study the performance of the experimental group in learning with the model. Results of the study indicated that the model afforded learners, with various abilities for learning, knowledge of fraction equivalence. The key for mediating the generation of procedural knowledge for adding/subtracting fractions with unlike denominators in working with our cognitive tool was the concept of fraction equivalence and the capability of computing this.

Information security management and modelling

Information security management has been placed on a firmer footing with the publication of standards by national bodies. These standards provide an opportunity for security managers to gain senior management recognition of the importance of procedures and mechanisms to enhance information security. They may also place demands on security managers to provide convincing demonstration of conformance to the standards. The risk data repository (RDR) computer model described in this paper was developed to manage organisational information security data and facilitate risk analysis studies. The RDR provides a form of computer documentation that can assist the security officer to maintain a continuous record of the organisational information security scenario and facilitate system security development, business continuity planning and standards conformance audits.

EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism

Abstract Signature-based network intrusion detection systems (NIDSs) have been widely deployed in current network security infrastructure. However, these detection systems suffer from some limitations such as network packet overload, expensive signature matching and massive false alarms in a large-scale network environment. In this paper, we aim to develop an enhanced filter mechanism (named EFM ) to comprehensively mitigate these issues, which consists of three major components: a context-aware blacklist-based packet filter, an exclusive signature matching component and a KNN-based false alarm filter. The experiments, which were conducted with two data sets and in a network environment, demonstrate that our proposed EFM can overall enhance the performance of a signature-based NIDS such as Snort in the aspects of packet filtration, signature matching improvement and false alarm reduction without affecting network security.

IDS false alarm filtering using KNN classifier

Intrusion detection is one of he important aspects in computer security. Many commercial intrusion detection systems (IDSs) are available and are widely used by organizations. However, most of them suffer from the problem of high false alarm rate, which added heavy workload to security officers who are responsible for handling the alarms. In this paper, we propose a new method to reduce the number of false alarms. We model the normal alarm patterns of IDSs and detect anomaly from incoming alarm streams using k-nearest-neighbor classifier. Preliminary experiments show that our approach successfully reduces up to 93% of false alarms generated by a famous IDS.

Adaptive False Alarm Filter Using Machine Learning in Intrusion Detection

Intrusion detection systems (IDSs) have been widely deployed in organizations nowadays as the last defense for the network security. However, one of the big problems of these systems is that a large amount of alarms especially false alarms will be produced during the detection process, which greatly aggravates the analysis workload and reduces the effectiveness of detection. To mitigate this problem, we advocate that the construction of a false alarm filter by utilizing machine learning schemes is an effective solution. In this paper, we propose an adaptive false alarm filter aiming to filter out false alarms with the best machine learning algorithm based on distinct network contexts. In particular, we first compare with six specific machine learning schemes to illustrate their unstable performance. Then, we demonstrate the architecture of our adaptive false alarm filter. The evaluation results show that our approach is effective and encouraging in real scenarios.

A survey on OpenFlow-based Software Defined Networks

Software-Defined Networking (SDN) has been proposed as an emerging network architecture, which consists of decoupling the control planes and data planes of a network. Due to its openness and standardization, SDN enables researchers to design and implement new innovative network functions and protocols in a much easier and flexible way. In particular, OpenFlow is currently the most deployed SDN concept, which provides communication between the controller and the switches. However, the dynamism of programmable networks also brings potential new security challenges relating to various attacks such as scanning, spoofing attacks, denial-of-service (DoS) attacks and so on. In this survey, we aim to give particular attention to OpenFlow-based SDN and present an up-to-date view to existing security challenges and countermeasures in the literature. This effort attempts to simulate more research attention to these issues in future OpenFlow and& SDN development.

Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection

Network intrusion detection systems (NIDS) are widely deployed in various network environments. Compared to an anomaly based NIDS, a signature-based NIDS is more popular in real-world applications, because of its relatively lower false alarm rate. However, the process of signature matching is a key limiting factor to impede the performance of a signature-based NIDS, in which the cost is at least linear to the size of an input string and the CPU occupancy rate can reach more than 80% in the worst case. In this paper, we develop an adaptive blacklist-based packet filter using a statistic-based approach aiming to improve the performance of a signature-based NIDS. The filter employs a blacklist technique to help filter out network packets based on IP confidence and the statistic-based approach allows the blacklist generation in an adaptive way, that is, the blacklist can be updated periodically. In the evaluation, we give a detailed analysis of how to select weight values in the statistic-based approach, and investigate the performance of the packet filter with a DARPA dataset, a real dataset and in a real network environment. Our evaluation results under various scenarios show that our proposed packet filter is encouraging and effective to reduce the burden of a signature-based NIDS without affecting network security.

Integrating security design into the software development process for e‐commerce systems

Development of Web‐based e‐commerce systems has posed challenges in different dimensions of the software development process including design, maintenance and performance. Non‐functional requirements such as performance added to the system as an after thought would lead to extremely high cost and undesirable effects. Security, rarely regarded in the past as one of the non‐functional requirements, has to be integrated into the software development process due to its impact on e‐commerce systems. In this paper, a design methodology based on systems security engineering capability maturity model (SSE‐CMM) is proposed to specify design details for the three defined processes: risk, engineering and assurance. By means of an object‐oriented security design pattern, security design covering impact, threats, risks and countermeasures for different parts of an e‐commerce system can be examined systematically in the risk process. The proposed software development process for secured systems (SDPSS), representing the engineering process, consists of four steps: object and collaboration modeling, tier identification, component identification and deployment specification. Selected unified modeling language notations and diagrams are used to support the SDPSS. Using a simplified supply‐chain e‐commerce system as an example, integration of security design into the software development process is shown with discussions of possible security assurance activities that can be performed on a design.