Information Security Commons^™

What You See Is Not What You Know: Studying Deception In Deepfake Video Manipulation, Cathryn Allen, Bryson R. Payne, Tamirat Abegaz, Chuck Robertson

Journal of Cybersecurity Education, Research and Practice

Research indicates that deceitful videos tend to spread rapidly online and influence people’s opinions and ideas. Because of this, video misinformation via deepfake video manipulation poses a significant online threat. This study aims to discover what factors can influence viewers’ capability to distinguish deepfake videos from genuine video footage. This work focuses on exploring deepfake videos’ potential use for deception and misinformation by exploring people’s ability to determine whether videos are deepfakes in a survey consisting of deepfake videos and original unedited videos. The participants viewed a set of four videos and were asked to judge whether the videos shown …

Like Treating The Symptom Rather Than The Cause - The Omission Of Courses Over Terrorism In Nsa Designated Institutions, Ida L. Oesteraas

Journal of Cybersecurity Education, Research and Practice

The National Security Agency (NSA) awards Center of Academic Excellence (CAE) designations to institutions that commit to producing cybersecurity professionals who will work in careers that reduce vulnerabilities in our national infrastructure. A review of the curricula in the 327 institutions and their degree programs reveal that only two programs offer a required course about terrorism. Given the fluid nature of terrorism and its threat to national infrastructure, the omission is concerning. It is recommended that NSA-certified cybersecurity programs begin implementing educational content that aim to teach about this emerging crime and justice issue. One suggestion is to embrace the …

Integrating Human Expert Knowledge With Openai And Chatgpt: A Secure And Privacy-Enabled Knowledge Acquisition Approach, Ben Phillips

College of Engineering Summer Undergraduate Research Program

Advanced Large Language Models (LLMs) struggle to produce accurate results and preserve user privacy for use cases involving domain-specific knowledge. A privacy-preserving approach for leveraging LLM capabilities on domain-specific knowledge could greatly expand the use cases of LLMs in a variety of disciplines and industries. This project explores a method for acquiring domain-specific knowledge for use with GPT3 while protecting sensitive user information with ML-based text-sanitization.

The Infosys Times, Vol. 9, No. 1, St. Cloud State University

The Infosys TIMES

• Paving the Future
• Cybersecurity Week
• International Student Ambassadors
• Student Highlight
• MISA Internship Procedures
• Faculty Spotlight
• Staff Farewell - Kelley Hennen
• Alumni Diaries
• InfoSys Diaries
• HBS Updates
• Undergrad Certifications
• Congrats / Farewell Graduates

Owner-Free Distributed Symmetric Searchable Encryption Supporting Conjunctive Queries, Qiuyun Tong, Xinghua Li, Yinbin Miao, Yunwei Wang, Ximeng Liu, Robert H. Deng

Research Collection School Of Computing and Information Systems

Symmetric Searchable Encryption (SSE), as an ideal primitive, can ensure data privacy while supporting retrieval over encrypted data. However, existing multi-user SSE schemes require the data owner to share the secret key with all query users or always be online to generate search tokens. While there are some solutions to this problem, they have at least one weakness, such as non-supporting conjunctive query, result decryption assistance of the data owner, and unauthorized access. To solve the above issues, we propose an Owner-free Distributed Symmetric searchable encryption supporting Conjunctive query (ODiSC). Specifically, we first evaluate the Learning-Parity-with-Noise weak Pseudorandom Function (LPN-wPRF) …

Decentralized Multimedia Data Sharing In Iov: A Learning-Based Equilibrium Of Supply And Demand, Jiani Fan, Minrui Xu, Jiale Guo, Lwin Khin Shar, Jiawen Kang, Dusit Niyato, Kwok-Yan Lam

Research Collection School Of Computing and Information Systems

The Internet of Vehicles (IoV) has great potential to transform transportation systems by enhancing road safety, reducing traffic congestion, and improving user experience through onboard infotainment applications. Decentralized data sharing can improve security, privacy, reliability, and facilitate infotainment data sharing in IoVs. However, decentralized data sharing may not achieve the expected efficiency if there are IoV users who only want to consume the shared data but are not willing to contribute their own data to the community, resulting in incomplete information observed by other vehicles and infrastructure, which can introduce additional transmission latency. Therefore, in this paper, by modeling the …

Configuring Timing Parameters To Ensure Execution-Time Opacity In Timed Automata, Étienne André, Engel Lefaucheux, Didier Lime, Dylan Marinho, Jun Sun

Research Collection School Of Computing and Information Systems

Timing information leakage occurs whenever an attacker successfully deduces confidential internal information by observing some timed information such as events with timestamps. Timed automata are an extension of finite-state automata with a set of clocks evolving linearly and that can be tested or reset, making this formalism able to reason on systems involving concurrency and timing constraints. In this paper, we summarize a recent line of works using timed automata as the input formalism, in which we assume that the attacker has access (only) to the system execution time. First, we address the following execution-time opacity problem: given a timed …

Toward Intention Discovery For Early Malice Detection In Cryptocurrency, Ling Cheng, Feida Zhu, Yong Wang, Ruicheng Liang, Huiwen Liu

Research Collection School Of Computing and Information Systems

Cryptocurrency’s pseudo-anonymous nature makes it vulnerable to malicious activities. However, existing deep learning solutions lack interpretability and only support retrospective analysis of specific malice types. To address these challenges, we propose Intention-Monitor for early malice detection in Bitcoin. Our model, utilizing Decision-Tree based feature Selection and Complement (DT-SC), builds different feature sets for different malice types. The Status Proposal Module (SPM) and hierarchical self-attention predictor provide real-time global status and address label predictions. A survival module determines the stopping point and proposes the status sequence (intention). Our model detects various malicious activities with strong interpretability, outperforming state-of-the-art methods in extensive …

Visilience: An Interactive Visualization Framework For Resilience Analysis Using Control-Flow Graph, Hailong Jiang, Shaolun Ruan, Bo Fang, Yong Wang, Qiang Guan

Research Collection School Of Computing and Information Systems

Soft errors have become one of the main concerns for the resilience of HPC applications, as these errors can cause HPC applications to generate serious outcomes such as silent data corruption (SDC). Many approaches have been proposed to analyze the resilience of HPC applications. However, existing studies rarely address the challenges of analysis result perception. Specifically, resilience analysis techniques often produce a massive volume of unstructured data, making it difficult for programmers to perform resilience analysis due to non-intuitive raw data. Furthermore, different analysis models produce diverse results with multiple levels of detail, which can create obstacles to compare and …

Factors Influencing User Adherence Towards Privacy Standards Of Internet Of Things Devices, Philip Bazanye, Walter Uys, Wallace Chigona

African Conference on Information Systems and Technology

The upsurge in the use of Internet of things (IoT) devices increases the likelihood of cyber-attacks on end users. The objective of the study reported here was to investigate the factors that influence IoT device users’ adherence to privacy standards. This interpretivist exploratory research was guided by a three-phased approach using activity theory. The interview questions were derived from the conceptual model and themes analysed using deductive thematic analysis. The findings indicate that a lack of adherence is driven by a lack of trust in IoT devices and service providers, as well as convenience and health factors. In addition, users’ …

Social Media & Privacy: Understanding Privacy In The Age Of Content Creator Culture, Robert Tagoe, Raphael Amponsah, Emmanuel Awuni Kolog, Eric Afful-Dadzie

African Conference on Information Systems and Technology

In today's digital age, content creators are gaining public attention and becoming highly influential. With that increased influence, it is important to acknowledge the privacy concerns within this culture. This interpretive research study seeks to identify and understand the dynamics of privacy within the content creator culture. This research will leverage information from interviews with content creators from various social media platforms such as YouTube, Instagram, Facebook, and TikTok. Using theories to understand the phenomena, theories of privacy calculus, privacy paradox and self-disclosure, will be used to view how content creators define and navigate privacy, strategies employed to control personal …

Identity Management Pki System Using Blockchain, Mohamed Abdel Fattah Abdel Baki Awad

Theses and Dissertations

Identity management is one of the most important topics in the security field. Public Key Infrastructure (PKI) is the most commonly used approach in legally identity management systems. PKI systems have many centralized services that might affect the availability and trustworthiness of the system. Issues related to certificate verification methods such as Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) can be avoided if blockchain is used. Blockchain is a decentralized trusted system where data can only be appended to a public ledger. Edits are not allowed in blockchain. Blockchain consists of several nodes all of them have …

Threshold Attribute-Based Credentials With Redactable Signature, Rui Shi, Huamin Feng, Yang Yang, Feng Yuan, Yingjiu Li, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Threshold attribute-based credentials are suitable for decentralized systems such as blockchains as such systems generally assume that authenticity, confidentiality, and availability can still be guaranteed in the presence of a threshold number of dishonest or faulty nodes. Coconut (NDSS'19) was the first selective disclosure attribute-based credentials scheme supporting threshold issuance. However, it does not support threshold tracing of user identities and threshold revocation of user credentials, which is desired for internal governance such as identity management, data auditing, and accountability. The communication and computation complexities of Coconut for verifying credentials are linear in the number of each user's attributes and …

Autoconf: Automated Configuration Of Unsupervised Learning Systems Using Metamorphic Testing And Bayesian Optimization, Lwin Khin Shar, Goknil Arda, Erik Johannes Husom, Sagar Sen Sen, Naing Tun Yan, Kisub Kim

Research Collection School Of Computing and Information Systems

Unsupervised learning systems using clustering have gained significant attention for numerous applications due to their unique ability to discover patterns and structures in large unlabeled datasets. However, their effectiveness highly depends on their configuration, which requires domain-specific expertise and often involves numerous manual trials. Specifically, selecting appropriate algorithms and hyperparameters adds to the com- plexity of the configuration process. In this paper, we propose, apply, and assess an automated approach (AutoConf) for config- uring unsupervised learning systems using clustering, leveraging metamorphic testing and Bayesian optimization. Metamorphic testing is utilized to verify the configurations of unsupervised learning systems by applying a …

Endwatch: A Practical Method For Detecting Non-Termination In Real-World Software, Yao Zhang, Xiaofei Xie, Yi Li, Sen Chen, Cen Zhang, Xiaohong Li

Research Collection School Of Computing and Information Systems

Detecting non-termination is crucial for ensuring program correctness and security, such as preventing denial-of-service attacks. While termination analysis has been studied for many years, existing methods have limited scalability and are only effective on small programs. To address this issue, we propose a practical termination checking technique, called EndWatch, for detecting non-termination through testing. Specifically, we introduce two methods to generate non-termination oracles based on checking state revisits, i.e., if the program returns to a previously visited state at the same program location, it does not terminate. The non-termination oracles can be incorporated into testing tools (e.g., AFL used in …

Testsgd: Interpretable Testing Of Neural Networks Against Subtle Group Discrimination, Mengdi Zhang, Jun Sun, Jingyi Wang, Bing Sun

Research Collection School Of Computing and Information Systems

Discrimination has been shown in many machine learning applications, which calls for sufficient fairness testing before their deployment in ethic-relevant domains. One widely concerning type of discrimination, testing against group discrimination, mostly hidden, is much less studied, compared with identifying individual discrimination. In this work, we propose TestSGD, an interpretable testing approach which systematically identifies and measures hidden (which we call ‘subtle’) group discrimination of a neural network characterized by conditions over combinations of the sensitive attributes. Specifically, given a neural network, TestSGD first automatically generates an interpretable rule set which categorizes the input space into two groups. Alongside, TestSGD …

Autodebloater: Automated Android App Debloating, Jiakun Liu, Xing Hu, Thung Ferdian, Shahar Maoz, Eran Toch, Debin Gao, David Lo

Research Collection School Of Computing and Information Systems

Android applications are getting bigger with an increasing number of features. However, not all the features are needed by a specific user. The unnecessary features can increase the attack surface and cost additional resources (e.g., storage and memory). Therefore, it is important to remove unnecessary features from Android applications. However, it is difficult for the end users to fully explore the apps to identify the unnecessary features, and there is no off-the-shelf tool available to assist users to debloat the apps by themselves. In this work, we propose AutoDebloater to debloat Android applications automatically for end users. AutoDebloater is a …

Fine-Grained In-Context Permission Classification For Android Apps Using Control-Flow Graph Embedding, Vikas Kumar Malviya, Naing Tun Yan, Chee Wei Leow, Ailys Xynyn Tee, Lwin Khin Shar, Lingxiao Jiang

Research Collection School Of Computing and Information Systems

Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users’ permission, but many of them only ask for it once—when the user uses the app for the first time—and then they keep and abuse the given permissions. Longing to enhance Android permission security and users’ private data protection is the driving factor behind our approach to explore fine-grained contextsensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each …

Hercules: Boosting The Performance Of Privacy-Preserving Federated Learning, Guowen Xu, Xingshuo Han, Shengmin Xu, Tianwei Zhang, Hongwei Li, Xinyi Huang, Robert H. Deng

Research Collection School Of Computing and Information Systems

In this paper, we address the problem of privacy-preserving federated neural network training with N users. We present Hercules, an efficient and high-precision training framework that can tolerate collusion of up to N−1 users. Hercules follows the POSEIDON framework proposed by Sav et al. (NDSS’21), but makes a qualitative leap in performance with the following contributions: (i) we design a novel parallel homomorphic computation method for matrix operations, which enables fast Single Instruction and Multiple Data (SIMD) operations over ciphertexts. For the multiplication of two h×h dimensional matrices, our method reduces the computation complexity from O(h3) to O(h) . This …

Experimental Comparison Of Features, Analyses, And Classifiers For Android Malware Detection, Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Naing Tun Yan, David Lo, Lingxiao Jiang, Christoph Bienert

Research Collection School Of Computing and Information Systems

Android malware detection has been an active area of research. In the past decade, several machine learning-based approaches based on different types of features that may characterize Android malware behaviors have been proposed. The usually-analyzed features include API usages and sequences at various abstraction levels (e.g., class and package), extracted using static or dynamic analysis. Additionally, features that characterize permission uses, native API calls and reflection have also been analyzed. Initial works used conventional classifiers such as Random Forest to learn on those features. In recent years, deep learning-based classifiers such as Recurrent Neural Network have been explored. Considering various …