Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection

in IEEE International Conference on Distributed Computing Systems (ICDCS) (2020)

Managed security service providers increasingly rely on machine-learning methods to exceed traditional, signature- based threat detection and classification methods. As machine- learning often improves ... [more ▼]

Managed security service providers increasingly rely on machine-learning methods to exceed traditional, signature- based threat detection and classification methods. As machine- learning often improves with more data available, smaller orga- nizations and clients find themselves at a disadvantage: Without the ability to share their data and others willing to collaborate, their machine-learned threat detection will perform worse than the same model in a larger organization. We show that Feder- ated Learning, i.e. collaborative learning without data sharing, successfully helps to overcome this problem. Our experiments focus on a common task in cyber security, the detection of unwanted URLs in network traffic seen by security-as-a-service providers. Our experiments show that i) Smaller participants benefit from larger participants ii) Participants seeing different types of malicious traffic can generalize better to unseen types of attacks, increasing performance by 8% to 15% on average, and up to 27% in the extreme case. iii) Participating in Federated training never harms the performance of the locally trained model. In our experiment modeling a security-as-a service setting, Federated Learning increased detection up to 30% for some participants in the scheme. This clearly shows that Federated Learning is a viable approach to address issues of data sharing in common cyber security settings. [less ▲]

Intrusion detection on robot cameras using spatio-temporal autoencoders: A self-driving car application

in 91st IEEE Vehicular Technology Conference, VTC Spring 2020, Antwerp, Belgium, May 25-28, 2020 (2020)

Robot Operating System (ROS) is becoming more and more important and is used widely by developers and researchers in various domains. One of the most important fields where it is being used is the self ... [more ▼]

Robot Operating System (ROS) is becoming more and more important and is used widely by developers and researchers in various domains. One of the most important fields where it is being used is the self-driving cars industry. However, this framework is far from being totally secure, and the existing security breaches do not have robust solutions. In this paper we focus on the camera vulnerabilities, as it is often the most important source for the environment discovery and the decision-making process. We propose an unsupervised anomaly detection tool for detecting suspicious frames incoming from camera flows. Our solution is based on spatio-temporal autoencoders used to truthfully reconstruct the camera frames and detect abnormal ones by measuring the difference with the input. We test our approach on a real-word dataset, i.e. flows coming from embedded cameras of self-driving cars. Our solution outperforms the existing works on different scenarios. [less ▲]

ROS-Defender: SDN-based Security Policy Enforcement for Robotic Applications

in IEEE Workshop on the Internet of Safe Things, Co-located with IEEE Security and Privacy 2019 (2019, May)

Abstract—In this paper we propose ROS-Defender, a holistic approach to secure robotics systems, which integrates a Security Event Management System (SIEM), an intrusion prevention system (IPS) and a ... [more ▼]

Abstract—In this paper we propose ROS-Defender, a holistic approach to secure robotics systems, which integrates a Security Event Management System (SIEM), an intrusion prevention system (IPS) and a firewall for a robotic system. ROS-Defender combines anomaly detection systems at application (ROS) level and network level, with dynamic policy enforcement points using software defined networking (SDN) to provide protection against a large class of attacks. Although SIEMs, IPS, and firewall have been previously used to secure computer networks, ROSDefender is applying them for the specific use case of robotic systems, where security is in many cases an afterthought. [less ▲]

Deep mining port scans from darknet

in International Journal of Network Management (2019)

TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing ... [more ▼]

TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with a final goal of better mitigating them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of orts. Our method is fully automated based on graph modeling and data mining techniques, including text mining. It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker by understanding the types of applications or environment he or she targets. We applied our method to data collected through a large Internet telescope (or darknet). [less ▲]

Une nouvelle approche pour la détection d’anomalies dans les flux de graphes hétérogènes

in EGC (2019)

In this work, we propose a new approach to detect anomalous graphs in a stream of di- rected and labeled heterogeneous graphs. Our approach uses a new representation of graphs by vectors. This ... [more ▼]

In this work, we propose a new approach to detect anomalous graphs in a stream of di- rected and labeled heterogeneous graphs. Our approach uses a new representation of graphs by vectors. This representation is flexible and allows to update the graph vectors as soon as a new edge arrives. In addition, it is applicable to any type of graph and optimizes memory space. Moreover, it allows the detection of anomalies in real-time. [less ▲]

An Experimental Analysis of Fraud Detection Methods in Enterprise Telecommunication Data using Unsupervised Outlier Ensembles

in Kaiafas, Georgios; Hammerschmidt, Christian; State, Radu (Eds.) 16th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2019) (2019)

Knowledge Discovery Approach from Blockchain, Crypto-currencies, and Financial Stock Exchanges

Poster (2018, August 20)

Last few years have witnessed a steady growth in interest on crypto-currencies and blockchains. They are receiving considerable interest from industry and the research community, the most popular one ... [more ▼]

Last few years have witnessed a steady growth in interest on crypto-currencies and blockchains. They are receiving considerable interest from industry and the research community, the most popular one being Bitcoin. However, these crypto-currencies are so far relatively poorly analyzed and investigated. Recently, many solutions, mostly based on ad-hoc engineered solutions, are being developed to discover relevant analysis from crypto-currencies, but are not sufficient to understand behind crypto-currencies. In this paper, we provide a deep analysis of crypto-currencies by proposing a new knowledge discovery approach for each crypto-currency, across crypto-currencies, blockchains, and financial stocks. The novel approach is based on a conjoint use of data mining algorithms on imbalanced time series. It automatically reports co-variation dependency patterns of the time series. The experiments on the public crypto-currencies and financial stocks markets data also demonstrate the usefulness of the approach by discovering the different relationships across multiple time series sources and insights correlations behind crypto-currencies. [less ▲]

Profiling Smart Contracts Interactions Tensor Decomposition and Graph Mining.

in Proceedings of the Second Workshop on MIning DAta for financial applicationS (MIDAS 2017) co-located with the 2017 European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML-PKDD 2017), Skopje, Macedonia, September 18, 2017. (2017, September)

Smart contracts, computer protocols designed for autonomous execution on predefined conditions, arise from the evolution of the Bitcoin’s crypto-currency. They provide higher transaction security and ... [more ▼]

Smart contracts, computer protocols designed for autonomous execution on predefined conditions, arise from the evolution of the Bitcoin’s crypto-currency. They provide higher transaction security and allow economy of scale through the automated process. Smart contracts provides inherent benefits for financial institutions such as investment banking, retail banking, and insurance. This technology is widely used within Ethereum, an open source block-chain platform, from which the data has been extracted to conduct the experiments. In this work, we propose an multi-dimensional approach to find and predict smart contracts interactions only based on their crypto-currency exchanges. This approach relies on tensor modeling combined with stochastic processes. It underlines actual exchanges between smart contracts and targets the predictions of future interactions among the community. The tensor analysis is also challenged with the latest graph algorithms to assess its strengths and weaknesses in comparison to a more standard approach. [less ▲]