Sashank Dara

Online defect prediction for imbalanced data

Many defect prediction techniques are proposed to improve software reliability. Change classification predicts defects at the change level, where a change is the modifications to one file in a commit. In this paper, we conduct the first study of applying change classification in practice. We identify two issues in the prediction process, both of which contribute to the low prediction performance. First, the data are imbalanced -- there are much fewer buggy changes than clean changes. Second, the commonly used cross-validation approach is inappropriate for evaluating the performance of change classification. To address these challenges, we apply and adapt online change classification, resampling, and updatable classification techniques to improve the classification performance. We perform the improved change classification techniques on one proprietary and six open source projects. Our results show that these techniques improve the precision of change classification by 12.2-89.5% or 6.4 -- 34.8 percentage points (pp.) on the seven projects. In addition, we integrate change classification in the development process of the proprietary project. We have learned the following lessons: 1) new solutions are needed to convince developers to use and believe prediction results, and prediction results need to be actionable, 2) new and improved classification algorithms are needed to explain the prediction results, and insensible and unactionable explanations need to be filtered or refined, and 3) new techniques are needed to improve the relatively low precision.

FNR: Arbitrary Length Small Domain Block Cipher Proposal

We propose a practical flexible (or arbitrary) length small domain block cipher, FNR encryption scheme. FNR denotes Flexible Naor and Reingold. It can cipher small domain data formats like IPv4, Port numbers, MAC Addresses, Credit card numbers, any random short strings while preserving their input length. In addition to the classic Feistel networks, Naor and Reingold propose usage of Pair-wise independent permutation (PwIP) functions based on Galois Field GF(2 n ). Instead we propose usage of random N ×N Invertible matrices in GF(2).

Network Telemetry Anonymization for Cloud Based Security Analysis - Best Practices

Availability of network telemetry data aides in identifying security compromises, malicious traffic patterns, malware spread etc. There are varieties of Cloud based security services available for consumers to benefit from but on another hand there is a compelling need for ensuring privacy of sensitive fields before data is shared with any cloud provider. Anonymization techniques based on micro-data or macro-data have challenges in terms of attacks possible, scalability and practicality. In this paper we discuss challenges in privacy-preserving cloudification of network telemetry data. We present practical and scalable techniques for network data anonymization. These techniques ensure the privacy of the sensitive fields while retaining the ability to perform security forensics and analytics. We also provide best practices for ensuring successful data anonymization.

Cryptography Challenges for Computational Privacyin Public Clouds

Computational privacy is a property of cryptographic system that ensures the privacy of data (and/or operations) while being processed at an untrusted server. Cryptography has been an indispensable tool for computer security but its readiness for this new generational shift of computing platform i.e. Cloud Computing is still questionable. Theoretical constructions like Fully Homomorphic Encryption, Functional encryption, Server aided Multiparty Computation, Verifiable Computation, Instance Hiding etc. are few directions being pursued. These cryptographic techniques solve Cloud privacy problems at different levels but most of them dont fit well in overall scheme of things. We state the privacy requirements for Cloud offerings in various delivery methods. We discuss the challenges with current cryptographic techniques being pursued by researchers and show that they dont cater to blanket cover these privacy requirements. We urge the need to find generalizations and connections among these isolated techniques. As this might give more insights into the underpinnings of Computational Privacy and lead to better solutions.

Efficient Format Preserving encrypted databases

We propose storage efficient SQL-aware encrypted databases that preserve the format of the fields. We give experimental results of storage improvements in CryptDB using FNR encryption scheme. We explore the feasibility of adopting Format Preserving Encryption for SQL-aware encrypted databases.

Feasibility Study of Port Scan Detection on Encrypted Data

We explore the feasibility of implementing port scan detection on encrypted data to protect confidentiality of sensitive network data. We experiment with four popular Port Scan detection algorithms namely Classic Version (and its Time Variant), Threshold Random Walk (TRW), Bayesian Logistic Regression (BLR). We also provide experimental results on performance and storage of our query based implementation on network flow data. Our key observation is that for complex operations on encrypted data Onion-layered encryption system like Crypt DB does not scale well.

Experiments in Encrypted and Searchable Network Audit Logs

We consider the scenario where a consumer can securely outsource their network telemetry data to a Cloud Service Provider and enable a third party to audit such telemetry for any security forensics. Especially we consider the use case of privacy preserving search in network log audits. In this paper we experiment with advances in Identity Based Encryption and Attribute-Based encryption schemes for auditing network logs.

Towards privacy preserving threat intelligence

Abstract As modern threats become more sophisticated, it is imperative for organizations to defend with the global context. Many cloud based services provide threat intelligence pertaining to modern advanced persistent threats (APTs). Cloud services such as: Google Safe Browsing, PhishTank, and Malwr offer black lists of known malicious URLs, domains, emails etc. Querying such services require users to share their browsing history and files in order to know whether their machines got infected or not. One of the major concerns/hindrances remained to be addressed to benefit from such services is the users’ privacy. In this paper, we concretely identify various privacy concerns in different threat intelligence services. We introduce the general notion of Privacy Preserving Threat Intelligence (PPTI) to address such concerns. As one of the major efforts towards addressing the users’ privacy concerns while querying public databases, Private Information Retrieval (PIR) techniques have been proposed. They enable a User to retrieve an element from a public database privately. Many of the traditional PIR techniques assume that User is aware of the address of the element to be retrieved. In this paper, we identify two major advancements that are needed for PIR in designing the privacy preserving threat intelligence services: (i) private retrieval of the elements using keyword(s), and (ii) private retrieval of matching documents. In doing so, we introduce relevant schemes needed and propose a generic architecture. We also identify a specific use case for privacy preserving spam intelligence and present our experimental results. Although our experimental evidence show some limitations, we believe our work aides in formulating and advancing the technology and we present our future direction towards addressing the limitations presented. All our source code is open sourced and publicly available.

Similarity Based Interactive Private Information Retrieval

Private Information Retrieval (PIR) schemes address users’ privacy concerns while querying public databases. Two major advancements that are needed for designing practical privacy preserving applications are: (i) constant communication complexity and (ii) private retrieval of matching documents. In this paper, we propose a new family of interactive schemes namely SIMPIR, that allow participating servers to interact with each other. Our methods are similarity based (i.e. the results could contain false positives but do not contain any false negatives). Importantly our approach has constant communication complexity agnostic of the size of database which is major improvement from known schemes. We achieve these results by slightly relaxing the traditional requirements of PIR schemes.

Experimental Evaluation of Network Telemetry Anonymization for Cloud Based Security Analysis

Network telemetry data is considered a gold mine for researchers for performing traffic analysis, QoS, security forensics, malware spread etc. Cloud Consumers could benefit from variety of Cloud based security services if such telemetry data is made available. But there is a compelling need for ensuring privacy of sensitive fields before data is shared with any Cloud provider. In this paper we provide thorough experimental evaluation of data anonymization techniques. We explore the viability of onion layered encryption techniques for practical security forensics on anonymized data. We provide results of such experiments and our analysis of the same. Our major observation is that onion layered techniques do not scale for more advanced analytic use cases.