-
Towards Weaknesses and Attack Patterns Prediction for IoT Devices
Authors:
Carlos A. Rivera A.,
Arash Shaghaghi,
Gustavo Batista,
Salil S. Kanhere
Abstract:
As the adoption of Internet of Things (IoT) devices continues to rise in enterprise environments, the need for effective and efficient security measures becomes increasingly critical. This paper presents a cost-efficient platform to facilitate the pre-deployment security checks of IoT devices by predicting potential weaknesses and associated attack patterns. The platform employs a Bidirectional Lo…
▽ More
As the adoption of Internet of Things (IoT) devices continues to rise in enterprise environments, the need for effective and efficient security measures becomes increasingly critical. This paper presents a cost-efficient platform to facilitate the pre-deployment security checks of IoT devices by predicting potential weaknesses and associated attack patterns. The platform employs a Bidirectional Long Short-Term Memory (Bi-LSTM) network to analyse device-related textual data and predict weaknesses. At the same time, a Gradient Boosting Machine (GBM) model predicts likely attack patterns that could exploit these weaknesses. When evaluated on a dataset curated from the National Vulnerability Database (NVD) and publicly accessible IoT data sources, the system demonstrates high accuracy and reliability. The dataset created for this solution is publicly accessible.
△ Less
Submitted 23 August, 2024;
originally announced August 2024.
-
On the Credibility of Backdoor Attacks Against Object Detectors in the Physical World
Authors:
Bao Gia Doan,
Dang Quang Nguyen,
Callum Lindquist,
Paul Montague,
Tamas Abraham,
Olivier De Vel,
Seyit Camtepe,
Salil S. Kanhere,
Ehsan Abbasnejad,
Damith C. Ranasinghe
Abstract:
Object detectors are vulnerable to backdoor attacks. In contrast to classifiers, detectors possess unique characteristics, architecturally and in task execution; often operating in challenging conditions, for instance, detecting traffic signs in autonomous cars. But, our knowledge dominates attacks against classifiers and tests in the "digital domain".
To address this critical gap, we conducted…
▽ More
Object detectors are vulnerable to backdoor attacks. In contrast to classifiers, detectors possess unique characteristics, architecturally and in task execution; often operating in challenging conditions, for instance, detecting traffic signs in autonomous cars. But, our knowledge dominates attacks against classifiers and tests in the "digital domain".
To address this critical gap, we conducted an extensive empirical study targeting multiple detector architectures and two challenging detection tasks in real-world settings: traffic signs and vehicles. Using the diverse, methodically collected videos captured from driving cars and flying drones, incorporating physical object trigger deployments in authentic scenes, we investigated the viability of physical object-triggered backdoor attacks in application settings.
Our findings revealed 8 key insights. Importantly, the prevalent "digital" data poisoning method for injecting backdoors into models does not lead to effective attacks against detectors in the real world, although proven effective in classification tasks. We construct a new, cost-efficient attack method, dubbed MORPHING, incorporating the unique nature of detection tasks; ours is remarkably successful in injecting physical object-triggered backdoors, even capable of poisoning triggers with clean label annotations or invisible triggers without diminishing the success of physical object triggered backdoors. We discovered that the defenses curated are ill-equipped to safeguard detectors against such attacks. To underscore the severity of the threat and foster further research, we, for the first time, release an extensive video test set of real-world backdoor attacks. Our study not only establishes the credibility and seriousness of this threat but also serves as a clarion call to the research community to advance backdoor defenses in the context of object detection.
△ Less
Submitted 22 August, 2024;
originally announced August 2024.
-
Synthetic Trajectory Generation Through Convolutional Neural Networks
Authors:
Jesse Merhi,
Erik Buchholz,
Salil S. Kanhere
Abstract:
Location trajectories provide valuable insights for applications from urban planning to pandemic control. However, mobility data can also reveal sensitive information about individuals, such as political opinions, religious beliefs, or sexual orientations. Existing privacy-preserving approaches for publishing this data face a significant utility-privacy trade-off. Releasing synthetic trajectory da…
▽ More
Location trajectories provide valuable insights for applications from urban planning to pandemic control. However, mobility data can also reveal sensitive information about individuals, such as political opinions, religious beliefs, or sexual orientations. Existing privacy-preserving approaches for publishing this data face a significant utility-privacy trade-off. Releasing synthetic trajectory data generated through deep learning offers a promising solution. Due to the trajectories' sequential nature, most existing models are based on recurrent neural networks (RNNs). However, research in generative adversarial networks (GANs) largely employs convolutional neural networks (CNNs) for image generation. This discrepancy raises the question of whether advances in computer vision can be applied to trajectory generation. In this work, we introduce a Reversible Trajectory-to-CNN Transformation (RTCT) that adapts trajectories into a format suitable for CNN-based models. We integrated this transformation with the well-known DCGAN in a proof-of-concept (PoC) and evaluated its performance against an RNN-based trajectory GAN using four metrics across two datasets. The PoC was superior in capturing spatial distributions compared to the RNN model but had difficulty replicating sequential and temporal properties. Although the PoC's utility is not sufficient for practical applications, the results demonstrate the transformation's potential to facilitate the use of CNNs for trajectory generation, opening up avenues for future research. To support continued research, all source code has been made available under an open-source license.
△ Less
Submitted 23 July, 2024;
originally announced July 2024.
-
Multi-MedChain: Multi-Party Multi-Blockchain Medical Supply Chain Management System
Authors:
Akanksha Saini,
Arash Shaghaghi,
Zhibo Huang,
Salil S. Kanhere
Abstract:
The challenges of healthcare supply chain management systems during the COVID-19 pandemic highlighted the need for an innovative and robust medical supply chain. The healthcare supply chain involves various stakeholders who must share information securely and actively. Regulatory and compliance reporting is also another crucial requirement for perishable products (e.g., pharmaceuticals) within a m…
▽ More
The challenges of healthcare supply chain management systems during the COVID-19 pandemic highlighted the need for an innovative and robust medical supply chain. The healthcare supply chain involves various stakeholders who must share information securely and actively. Regulatory and compliance reporting is also another crucial requirement for perishable products (e.g., pharmaceuticals) within a medical supply chain management system. Here, we propose Multi-MedChain as a three-layer multi-party, multi-blockchain (MPMB) framework utilizing smart contracts as a practical solution to address challenges in existing medical supply chain management systems. Multi-MedChain is a scalable supply chain management system for the healthcare domain that addresses end-to-end traceability, transparency, and collaborative access control to restrict access to private data. We have implemented our proposed system and report on our evaluation to highlight the practicality of the solution. The proposed solution is made publicly available.
△ Less
Submitted 1 July, 2024;
originally announced July 2024.
-
Honeyfile Camouflage: Hiding Fake Files in Plain Sight
Authors:
Roelien C. Timmer,
David Liebowitz,
Surya Nepal,
Salil S. Kanhere
Abstract:
Honeyfiles are a particularly useful type of honeypot: fake files deployed to detect and infer information from malicious behaviour. This paper considers the challenge of naming honeyfiles so they are camouflaged when placed amongst real files in a file system. Based on cosine distances in semantic vector spaces, we develop two metrics for filename camouflage: one based on simple averaging and one…
▽ More
Honeyfiles are a particularly useful type of honeypot: fake files deployed to detect and infer information from malicious behaviour. This paper considers the challenge of naming honeyfiles so they are camouflaged when placed amongst real files in a file system. Based on cosine distances in semantic vector spaces, we develop two metrics for filename camouflage: one based on simple averaging and one on clustering with mixture fitting. We evaluate and compare the metrics, showing that both perform well on a publicly available GitHub software repository dataset.
△ Less
Submitted 10 May, 2024; v1 submitted 7 May, 2024;
originally announced May 2024.
-
SoK: Trusting Self-Sovereign Identity
Authors:
Evan Krul,
Hye-young Paik,
Sushmita Ruj,
Salil S. Kanhere
Abstract:
Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in ligh…
▽ More
Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system. As a result, we derive three distinct trust models that capture the threats and mitigations identified across SSI literature and implementations. Our work provides a foundational framework for future SSI research and development, including a comprehensive catalogue of SSI components and design requirements for trust, shortcomings in existing SSI systems and areas for further exploration.
△ Less
Submitted 27 June, 2024; v1 submitted 10 April, 2024;
originally announced April 2024.
-
Contextual Chart Generation for Cyber Deception
Authors:
David D. Nguyen,
David Liebowitz,
Surya Nepal,
Salil S. Kanhere,
Sharif Abuadbba
Abstract:
Honeyfiles are security assets designed to attract and detect intruders on compromised systems. Honeyfiles are a type of honeypot that mimic real, sensitive documents, creating the illusion of the presence of valuable data. Interaction with a honeyfile reveals the presence of an intruder, and can provide insights into their goals and intentions. Their practical use, however, is limited by the time…
▽ More
Honeyfiles are security assets designed to attract and detect intruders on compromised systems. Honeyfiles are a type of honeypot that mimic real, sensitive documents, creating the illusion of the presence of valuable data. Interaction with a honeyfile reveals the presence of an intruder, and can provide insights into their goals and intentions. Their practical use, however, is limited by the time, cost and effort associated with manually creating realistic content. The introduction of large language models has made high-quality text generation accessible, but honeyfiles contain a variety of content including charts, tables and images. This content needs to be plausible and realistic, as well as semantically consistent both within honeyfiles and with the real documents they mimic, to successfully deceive an intruder.
In this paper, we focus on an important component of the honeyfile content generation problem: document charts. Charts are ubiquitous in corporate documents and are commonly used to communicate quantitative and scientific data. Existing image generation models, such as DALL-E, are rather prone to generating charts with incomprehensible text and unconvincing data. We take a multi-modal approach to this problem by combining two purpose-built generative models: a multitask Transformer and a specialized multi-head autoencoder. The Transformer generates realistic captions and plot text, while the autoencoder generates the underlying tabular data for the plot.
To advance the field of automated honeyplot generation, we also release a new document-chart dataset and propose a novel metric Keyword Semantic Matching (KSM). This metric measures the semantic consistency between keywords of a corpus and a smaller bag of words. Extensive experiments demonstrate excellent performance against multiple large language models, including ChatGPT and GPT4.
△ Less
Submitted 7 April, 2024;
originally announced April 2024.
-
Bayesian Learned Models Can Detect Adversarial Malware For Free
Authors:
Bao Gia Doan,
Dang Quang Nguyen,
Paul Montague,
Tamas Abraham,
Olivier De Vel,
Seyit Camtepe,
Salil S. Kanhere,
Ehsan Abbasnejad,
Damith C. Ranasinghe
Abstract:
The vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can…
▽ More
The vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches -- epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters' distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) lead to parameter instances from the posterior to significantly enhance a detectors' ability.
△ Less
Submitted 27 March, 2024;
originally announced March 2024.
-
SoK: Can Trajectory Generation Combine Privacy and Utility?
Authors:
Erik Buchholz,
Alsharif Abuadbba,
Shuo Wang,
Surya Nepal,
Salil S. Kanhere
Abstract:
While location trajectories represent a valuable data source for analyses and location-based services, they can reveal sensitive information, such as political and religious preferences. Differentially private publication mechanisms have been proposed to allow for analyses under rigorous privacy guarantees. However, the traditional protection schemes suffer from a limiting privacy-utility trade-of…
▽ More
While location trajectories represent a valuable data source for analyses and location-based services, they can reveal sensitive information, such as political and religious preferences. Differentially private publication mechanisms have been proposed to allow for analyses under rigorous privacy guarantees. However, the traditional protection schemes suffer from a limiting privacy-utility trade-off and are vulnerable to correlation and reconstruction attacks. Synthetic trajectory data generation and release represent a promising alternative to protection algorithms. While initial proposals achieve remarkable utility, they fail to provide rigorous privacy guarantees. This paper proposes a framework for designing a privacy-preserving trajectory publication approach by defining five design goals, particularly stressing the importance of choosing an appropriate Unit of Privacy. Based on this framework, we briefly discuss the existing trajectory protection approaches, emphasising their shortcomings. This work focuses on the systematisation of the state-of-the-art generative models for trajectories in the context of the proposed framework. We find that no existing solution satisfies all requirements. Thus, we perform an experimental study evaluating the applicability of six sequential generative models to the trajectory domain. Finally, we conclude that a generative trajectory model providing semantic guarantees remains an open research question and propose concrete next steps for future research.
△ Less
Submitted 27 June, 2024; v1 submitted 11 March, 2024;
originally announced March 2024.
-
BotSSCL: Social Bot Detection with Self-Supervised Contrastive Learning
Authors:
Mohammad Majid Akhtar,
Navid Shadman Bhuiyan,
Rahat Masood,
Muhammad Ikram,
Salil S. Kanhere
Abstract:
The detection of automated accounts, also known as "social bots", has been an increasingly important concern for online social networks (OSNs). While several methods have been proposed for detecting social bots, significant research gaps remain. First, current models exhibit limitations in detecting sophisticated bots that aim to mimic genuine OSN users. Second, these methods often rely on simplis…
▽ More
The detection of automated accounts, also known as "social bots", has been an increasingly important concern for online social networks (OSNs). While several methods have been proposed for detecting social bots, significant research gaps remain. First, current models exhibit limitations in detecting sophisticated bots that aim to mimic genuine OSN users. Second, these methods often rely on simplistic profile features, which are susceptible to manipulation. In addition to their vulnerability to adversarial manipulations, these models lack generalizability, resulting in subpar performance when trained on one dataset and tested on another.
To address these challenges, we propose a novel framework for social Bot detection with Self-Supervised Contrastive Learning (BotSSCL). Our framework leverages contrastive learning to distinguish between social bots and humans in the embedding space to improve linear separability. The high-level representations derived by BotSSCL enhance its resilience to variations in data distribution and ensure generalizability. We evaluate BotSSCL's robustness against adversarial attempts to manipulate bot accounts to evade detection. Experiments on two datasets featuring sophisticated bots demonstrate that BotSSCL outperforms other supervised, unsupervised, and self-supervised baseline methods. We achieve approx. 6% and approx. 8% higher (F1) performance than SOTA on both datasets. In addition, BotSSCL also achieves 67% F1 when trained on one dataset and tested with another, demonstrating its generalizability. Lastly, BotSSCL increases adversarial complexity and only allows 4% success to the adversary in evading detection.
△ Less
Submitted 6 February, 2024;
originally announced February 2024.
-
Modern Computing: Vision and Challenges
Authors:
Sukhpal Singh Gill,
Huaming Wu,
Panos Patros,
Carlo Ottaviani,
Priyansh Arora,
Victor Casamayor Pujol,
David Haunschild,
Ajith Kumar Parlikad,
Oktay Cetinkaya,
Hanan Lutfiyya,
Vlado Stankovski,
Ruidong Li,
Yuemin Ding,
Junaid Qadir,
Ajith Abraham,
Soumya K. Ghosh,
Houbing Herbert Song,
Rizos Sakellariou,
Omer Rana,
Joel J. P. C. Rodrigues,
Salil S. Kanhere,
Schahram Dustdar,
Steve Uhlig,
Kotagiri Ramamohanarao,
Rajkumar Buyya
Abstract:
Over the past six decades, the computing systems field has experienced significant transformations, profoundly impacting society with transformational developments, such as the Internet and the commodification of computing. Underpinned by technological advancements, computer systems, far from being static, have been continuously evolving and adapting to cover multifaceted societal niches. This has…
▽ More
Over the past six decades, the computing systems field has experienced significant transformations, profoundly impacting society with transformational developments, such as the Internet and the commodification of computing. Underpinned by technological advancements, computer systems, far from being static, have been continuously evolving and adapting to cover multifaceted societal niches. This has led to new paradigms such as cloud, fog, edge computing, and the Internet of Things (IoT), which offer fresh economic and creative opportunities. Nevertheless, this rapid change poses complex research challenges, especially in maximizing potential and enhancing functionality. As such, to maintain an economical level of performance that meets ever-tighter requirements, one must understand the drivers of new model emergence and expansion, and how contemporary challenges differ from past ones. To that end, this article investigates and assesses the factors influencing the evolution of computing systems, covering established systems and architectures as well as newer developments, such as serverless computing, quantum computing, and on-device AI on edge devices. Trends emerge when one traces technological trajectory, which includes the rapid obsolescence of frameworks due to business and technical constraints, a move towards specialized systems and models, and varying approaches to centralized and decentralized control. This comprehensive review of modern computing systems looks ahead to the future of research in the field, highlighting key challenges and emerging trends, and underscoring their importance in cost-effectively driving technological progress.
△ Less
Submitted 4 January, 2024;
originally announced January 2024.
-
An Interdisciplinary Survey on Information Flows in Supply Chains
Authors:
Jan Pennekamp,
Roman Matzutt,
Christopher Klinkmüller,
Lennart Bader,
Martin Serror,
Eric Wagner,
Sidra Malik,
Maria Spiß,
Jessica Rahn,
Tan Gürpinar,
Eduard Vlad,
Sander J. J. Leemans,
Salil S. Kanhere,
Volker Stich,
Klaus Wehrle
Abstract:
Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010-2021 in an interdisciplinary meta-survey to make this topic holist…
▽ More
Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010-2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points.
△ Less
Submitted 28 September, 2023;
originally announced January 2024.
-
Multiple Hypothesis Dropout: Estimating the Parameters of Multi-Modal Output Distributions
Authors:
David D. Nguyen,
David Liebowitz,
Surya Nepal,
Salil S. Kanhere
Abstract:
In many real-world applications, from robotics to pedestrian trajectory prediction, there is a need to predict multiple real-valued outputs to represent several potential scenarios. Current deep learning techniques to address multiple-output problems are based on two main methodologies: (1) mixture density networks, which suffer from poor stability at high dimensions, or (2) multiple choice learni…
▽ More
In many real-world applications, from robotics to pedestrian trajectory prediction, there is a need to predict multiple real-valued outputs to represent several potential scenarios. Current deep learning techniques to address multiple-output problems are based on two main methodologies: (1) mixture density networks, which suffer from poor stability at high dimensions, or (2) multiple choice learning (MCL), an approach that uses $M$ single-output functions, each only producing a point estimate hypothesis. This paper presents a Mixture of Multiple-Output functions (MoM) approach using a novel variant of dropout, Multiple Hypothesis Dropout. Unlike traditional MCL-based approaches, each multiple-output function not only estimates the mean but also the variance for its hypothesis. This is achieved through a novel stochastic winner-take-all loss which allows each multiple-output function to estimate variance through the spread of its subnetwork predictions. Experiments on supervised learning problems illustrate that our approach outperforms existing solutions for reconstructing multimodal output distributions. Additional studies on unsupervised learning problems show that estimating the parameters of latent posterior distributions within a discrete autoencoder significantly improves codebook efficiency, sample quality, precision and recall.
△ Less
Submitted 18 December, 2023;
originally announced December 2023.
-
Make out like a (Multi-Armed) Bandit: Improving the Odds of Fuzzer Seed Scheduling with T-Scheduler
Authors:
Simon Luo,
Adrian Herrera,
Paul Quirk,
Michael Chase,
Damith C. Ranasinghe,
Salil S. Kanhere
Abstract:
Fuzzing is a highly-scalable software testing technique that uncovers bugs in a target program by executing it with mutated inputs. Over the life of a fuzzing campaign, the fuzzer accumulates inputs inducing new and interesting target behaviors, drawing from these inputs for further mutation. This rapidly results in a large number of inputs to select from, making it challenging to quickly and accu…
▽ More
Fuzzing is a highly-scalable software testing technique that uncovers bugs in a target program by executing it with mutated inputs. Over the life of a fuzzing campaign, the fuzzer accumulates inputs inducing new and interesting target behaviors, drawing from these inputs for further mutation. This rapidly results in a large number of inputs to select from, making it challenging to quickly and accurately select the "most promising" input for mutation. Reinforcement learning (RL) provides a natural solution to this "seed scheduling" problem: the fuzzer dynamically adapts its selection strategy by learning from past results. However, existing RL approaches are (a) computationally expensive (reducing fuzzer throughput) and/or (b) require hyperparameter tuning (reducing generality across targets and input types). To this end, we propose T-Scheduler, a seed scheduler built on multi-armed bandit theory that automatically adapts to the target without any hyperparameter tuning. We evaluate T-Scheduler over 35 CPU-yr of fuzzing, comparing it to 11 state-of-the-art schedulers. Our results show that T-Scheduler improves on these 11 schedulers on both bug-finding and coverage-expansion abilities.
△ Less
Submitted 7 December, 2023;
originally announced December 2023.
-
Local Differential Privacy for Smart Meter Data Sharing
Authors:
Yashothara Shanmugarasa,
M. A. P. Chamikara,
Hye-young Paik,
Salil S. Kanhere,
Liming Zhu
Abstract:
Energy disaggregation techniques, which use smart meter data to infer appliance energy usage, can provide consumers and energy companies valuable insights into energy management. However, these techniques also present privacy risks, such as the potential for behavioral profiling. Local differential privacy (LDP) methods provide strong privacy guarantees with high efficiency in addressing privacy c…
▽ More
Energy disaggregation techniques, which use smart meter data to infer appliance energy usage, can provide consumers and energy companies valuable insights into energy management. However, these techniques also present privacy risks, such as the potential for behavioral profiling. Local differential privacy (LDP) methods provide strong privacy guarantees with high efficiency in addressing privacy concerns. However, existing LDP methods focus on protecting aggregated energy consumption data rather than individual appliances. Furthermore, these methods do not consider the fact that smart meter data are a form of streaming data, and its processing methods should account for time windows. In this paper, we propose a novel LDP approach (named LDP-SmartEnergy) that utilizes randomized response techniques with sliding windows to facilitate the sharing of appliance-level energy consumption data over time while not revealing individual users' appliance usage patterns. Our evaluations show that LDP-SmartEnergy runs efficiently compared to baseline methods. The results also demonstrate that our solution strikes a balance between protecting privacy and maintaining the utility of data for effective analysis.
△ Less
Submitted 8 November, 2023;
originally announced November 2023.
-
Reputation Systems for Supply Chains: The Challenge of Achieving Privacy Preservation
Authors:
Lennart Bader,
Jan Pennekamp,
Emildeon Thevaraj,
Maria Spiß,
Salil S. Kanhere,
Klaus Wehrle
Abstract:
Consumers frequently interact with reputation systems to rate products, services, and deliveries. While past research extensively studied different conceptual approaches to realize such systems securely and privacy-preservingly, these concepts are not yet in use in business-to-business environments. In this paper, (1) we thus outline which specific challenges privacy-cautious stakeholders in volat…
▽ More
Consumers frequently interact with reputation systems to rate products, services, and deliveries. While past research extensively studied different conceptual approaches to realize such systems securely and privacy-preservingly, these concepts are not yet in use in business-to-business environments. In this paper, (1) we thus outline which specific challenges privacy-cautious stakeholders in volatile supply chain networks introduce, (2) give an overview of the diverse landscape of privacy-preserving reputation systems and their properties, and (3) based on well-established concepts from supply chain information systems and cryptography, we further propose an initial concept that accounts for the aforementioned challenges by utilizing fully homomorphic encryption. For future work, we identify the need of evaluating whether novel systems address the supply chain-specific privacy and confidentiality needs.
△ Less
Submitted 2 November, 2023;
originally announced November 2023.
-
Privacy Preserving Large Language Models: ChatGPT Case Study Based Vision and Framework
Authors:
Imdad Ullah,
Najm Hassan,
Sukhpal Singh Gill,
Basem Suleiman,
Tariq Ahamed Ahanger,
Zawar Shah,
Junaid Qadir,
Salil S. Kanhere
Abstract:
The generative Artificial Intelligence (AI) tools based on Large Language Models (LLMs) use billions of parameters to extensively analyse large datasets and extract critical private information such as, context, specific details, identifying information etc. This have raised serious threats to user privacy and reluctance to use such tools. This article proposes the conceptual model called PrivChat…
▽ More
The generative Artificial Intelligence (AI) tools based on Large Language Models (LLMs) use billions of parameters to extensively analyse large datasets and extract critical private information such as, context, specific details, identifying information etc. This have raised serious threats to user privacy and reluctance to use such tools. This article proposes the conceptual model called PrivChatGPT, a privacy-preserving model for LLMs that consists of two main components i.e., preserving user privacy during the data curation/pre-processing together with preserving private context and the private training process for large-scale data. To demonstrate its applicability, we show how a private mechanism could be integrated into the existing model for training LLMs to protect user privacy; specifically, we employed differential privacy and private training using Reinforcement Learning (RL). We measure the privacy loss and evaluate the measure of uncertainty or randomness once differential privacy is applied. It further recursively evaluates the level of privacy guarantees and the measure of uncertainty of public database and resources, during each update when new information is added for training purposes. To critically evaluate the use of differential privacy for private LLMs, we hypothetically compared other mechanisms e..g, Blockchain, private information retrieval, randomisation, for various performance measures such as the model performance and accuracy, computational complexity, privacy vs. utility etc. We conclude that differential privacy, randomisation, and obfuscation can impact utility and performance of trained models, conversely, the use of ToR, Blockchain, and PIR may introduce additional computational complexity and high training latency. We believe that the proposed model could be used as a benchmark for proposing privacy preserving LLMs for generative AI tools.
△ Less
Submitted 19 October, 2023;
originally announced October 2023.
-
False Information, Bots and Malicious Campaigns: Demystifying Elements of Social Media Manipulations
Authors:
Mohammad Majid Akhtar,
Rahat Masood,
Muhammad Ikram,
Salil S. Kanhere
Abstract:
The rapid spread of false information and persistent manipulation attacks on online social networks (OSNs), often for political, ideological, or financial gain, has affected the openness of OSNs. While researchers from various disciplines have investigated different manipulation-triggering elements of OSNs (such as understanding information diffusion on OSNs or detecting automated behavior of acco…
▽ More
The rapid spread of false information and persistent manipulation attacks on online social networks (OSNs), often for political, ideological, or financial gain, has affected the openness of OSNs. While researchers from various disciplines have investigated different manipulation-triggering elements of OSNs (such as understanding information diffusion on OSNs or detecting automated behavior of accounts), these works have not been consolidated to present a comprehensive overview of the interconnections among these elements. Notably, user psychology, the prevalence of bots, and their tactics in relation to false information detection have been overlooked in previous research. To address this research gap, this paper synthesizes insights from various disciplines to provide a comprehensive analysis of the manipulation landscape. By integrating the primary elements of social media manipulation (SMM), including false information, bots, and malicious campaigns, we extensively examine each SMM element. Through a systematic investigation of prior research, we identify commonalities, highlight existing gaps, and extract valuable insights in the field. Our findings underscore the urgent need for interdisciplinary research to effectively combat social media manipulations, and our systematization can guide future research efforts and assist OSN providers in ensuring the safety and integrity of their platforms.
△ Less
Submitted 23 August, 2023;
originally announced August 2023.
-
SplITS: Split Input-to-State Mapping for Effective Firmware Fuzzing
Authors:
Guy Farrelly,
Paul Quirk,
Salil S. Kanhere,
Seyit Camtepe,
Damith C. Ranasinghe
Abstract:
Ability to test firmware on embedded devices is critical to discovering vulnerabilities prior to their adversarial exploitation. State-of-the-art automated testing methods rehost firmware in emulators and attempt to facilitate inputs from a diversity of methods (interrupt driven, status polling) and a plethora of devices (such as modems and GPS units). Despite recent progress to tackle peripheral…
▽ More
Ability to test firmware on embedded devices is critical to discovering vulnerabilities prior to their adversarial exploitation. State-of-the-art automated testing methods rehost firmware in emulators and attempt to facilitate inputs from a diversity of methods (interrupt driven, status polling) and a plethora of devices (such as modems and GPS units). Despite recent progress to tackle peripheral input generation challenges in rehosting, a firmware's expectation of multi-byte magic values supplied from peripheral inputs for string operations still pose a significant roadblock. We solve the impediment posed by multi-byte magic strings in monolithic firmware. We propose feedback mechanisms for input-to-state mapping and retaining seeds for targeted replacement mutations with an efficient method to solve multi-byte comparisons. The feedback allows an efficient search over a combinatorial solution-space. We evaluate our prototype implementation, SplITS, with a diverse set of 21 real-world monolithic firmware binaries used in prior works, and 3 new binaries from popular open source projects. SplITS automatically solves 497% more multi-byte magic strings guarding further execution to uncover new code and bugs compared to state-of-the-art. In 11 of the 12 real-world firmware binaries with string comparisons, including those extensively analyzed by prior works, SplITS outperformed, statistically significantly. We observed up to 161% increase in blocks covered and discovered 6 new bugs that remained guarded by string comparisons. Significantly, deep and difficult to reproduce bugs guarded by comparisons, identified in prior work, were found consistently. To facilitate future research in the field, we release SplITS, the new firmware data sets, and bug analysis at https://github.com/SplITS-Fuzzer
△ Less
Submitted 15 August, 2023;
originally announced August 2023.
-
VCTP: A Verifiable Credential-based Trust Propagation Protocol for Personal Issuers in Self-Sovereign Identity Platforms
Authors:
Rahma Mukta,
Rue C. Teh,
Hye-young Paik,
Qinghua Lu,
Salil S. Kanhere
Abstract:
Self Sovereign Identity (SSI) is an emerging identity system that facilitates secure credential issuance and verification without placing trust in any centralised authority. To bypass central trust, most SSI implementations place blockchain as a trusted mediator by placing credential transactions on-chain. Yet, existing SSI platforms face trust issues as all credential issuers in SSI are not suppo…
▽ More
Self Sovereign Identity (SSI) is an emerging identity system that facilitates secure credential issuance and verification without placing trust in any centralised authority. To bypass central trust, most SSI implementations place blockchain as a trusted mediator by placing credential transactions on-chain. Yet, existing SSI platforms face trust issues as all credential issuers in SSI are not supported with adequate trust. Current SSI solutions provide trust support to the officiated issuers (e.g., government agencies), who must follow a precise process to assess their credentials. However, there is no structured trust support for individuals of SSI who may attempt to issue a credential (e.g., letter of consent) in the context of business processes. Therefore, some risk-averse verifiers in the system may not accept the credentials from individual issuers to avoid carrying the cost of mishaps from potentially inadmissible credentials without reliance on a trusted agency. This paper proposes a trust propagation protocol that supports individual users to be trusted as verifiable issuers in the SSI platform by establishing a trust propagation credential template in the blockchain. Our approach utilises (i) the sanitizable signature scheme to propagate the required trust to an individual issuer, (ii) a voting mechanism to minimises the possibility of collusion. Our implementation demonstrates that the solution is both practical and performs well under varying system loads.
△ Less
Submitted 3 August, 2023;
originally announced August 2023.
-
Discretization-based ensemble model for robust learning in IoT
Authors:
Anahita Namvar,
Chandra Thapa,
Salil S. Kanhere
Abstract:
IoT device identification is the process of recognizing and verifying connected IoT devices to the network. This is an essential process for ensuring that only authorized devices can access the network, and it is necessary for network management and maintenance. In recent years, machine learning models have been used widely for automating the process of identifying devices in the network. However,…
▽ More
IoT device identification is the process of recognizing and verifying connected IoT devices to the network. This is an essential process for ensuring that only authorized devices can access the network, and it is necessary for network management and maintenance. In recent years, machine learning models have been used widely for automating the process of identifying devices in the network. However, these models are vulnerable to adversarial attacks that can compromise their accuracy and effectiveness. To better secure device identification models, discretization techniques enable reduction in the sensitivity of machine learning models to adversarial attacks contributing to the stability and reliability of the model. On the other hand, Ensemble methods combine multiple heterogeneous models to reduce the impact of remaining noise or errors in the model. Therefore, in this paper, we integrate discretization techniques and ensemble methods and examine it on model robustness against adversarial attacks. In other words, we propose a discretization-based ensemble stacking technique to improve the security of our ML models. We evaluate the performance of different ML-based IoT device identification models against white box and black box attacks using a real-world dataset comprised of network traffic from 28 IoT devices. We demonstrate that the proposed method enables robustness to the models for IoT device identification.
△ Less
Submitted 17 July, 2023;
originally announced July 2023.
-
Transformative Effects of ChatGPT on Modern Education: Emerging Era of AI Chatbots
Authors:
Sukhpal Singh Gill,
Minxian Xu,
Panos Patros,
Huaming Wu,
Rupinder Kaur,
Kamalpreet Kaur,
Stephanie Fuller,
Manmeet Singh,
Priyansh Arora,
Ajith Kumar Parlikad,
Vlado Stankovski,
Ajith Abraham,
Soumya K. Ghosh,
Hanan Lutfiyya,
Salil S. Kanhere,
Rami Bahsoon,
Omer Rana,
Schahram Dustdar,
Rizos Sakellariou,
Steve Uhlig,
Rajkumar Buyya
Abstract:
ChatGPT, an AI-based chatbot, was released to provide coherent and useful replies based on analysis of large volumes of data. In this article, leading scientists, researchers and engineers discuss the transformative effects of ChatGPT on modern education. This research seeks to improve our knowledge of ChatGPT capabilities and its use in the education sector, identifying potential concerns and cha…
▽ More
ChatGPT, an AI-based chatbot, was released to provide coherent and useful replies based on analysis of large volumes of data. In this article, leading scientists, researchers and engineers discuss the transformative effects of ChatGPT on modern education. This research seeks to improve our knowledge of ChatGPT capabilities and its use in the education sector, identifying potential concerns and challenges. Our preliminary evaluation concludes that ChatGPT performed differently in each subject area including finance, coding and maths. While ChatGPT has the ability to help educators by creating instructional content, offering suggestions and acting as an online educator to learners by answering questions and promoting group work, there are clear drawbacks in its use, such as the possibility of producing inaccurate or false data and circumventing duplicate content (plagiarism) detectors where originality is essential. The often reported hallucinations within Generative AI in general, and also relevant for ChatGPT, can render its use of limited benefit where accuracy is essential. What ChatGPT lacks is a stochastic measure to help provide sincere and sensitive communication with its users. Academic regulations and evaluation practices used in educational institutions need to be updated, should ChatGPT be used as a tool in education. To address the transformative effects of ChatGPT on the learning environment, educating teachers and students alike about its capabilities and limitations will be crucial.
△ Less
Submitted 25 May, 2023;
originally announced June 2023.
-
DualVAE: Controlling Colours of Generated and Real Images
Authors:
Keerth Rathakumar,
David Liebowitz,
Christian Walder,
Kristen Moore,
Salil S. Kanhere
Abstract:
Colour controlled image generation and manipulation are of interest to artists and graphic designers. Vector Quantised Variational AutoEncoders (VQ-VAEs) with autoregressive (AR) prior are able to produce high quality images, but lack an explicit representation mechanism to control colour attributes. We introduce DualVAE, a hybrid representation model that provides such control by learning disenta…
▽ More
Colour controlled image generation and manipulation are of interest to artists and graphic designers. Vector Quantised Variational AutoEncoders (VQ-VAEs) with autoregressive (AR) prior are able to produce high quality images, but lack an explicit representation mechanism to control colour attributes. We introduce DualVAE, a hybrid representation model that provides such control by learning disentangled representations for colour and geometry. The geometry is represented by an image intensity mapping that identifies structural features. The disentangled representation is obtained by two novel mechanisms:
(i) a dual branch architecture that separates image colour attributes from geometric attributes, and (ii) a new ELBO that trains the combined colour and geometry representations. DualVAE can control the colour of generated images, and recolour existing images by transferring the colour latent representation obtained from an exemplar image. We demonstrate that DualVAE generates images with FID nearly two times better than VQ-GAN on a diverse collection of datasets, including animated faces, logos and artistic landscapes.
△ Less
Submitted 30 May, 2023;
originally announced May 2023.
-
Feature-Space Bayesian Adversarial Learning Improved Malware Detector Robustness
Authors:
Bao Gia Doan,
Shuiqiao Yang,
Paul Montague,
Olivier De Vel,
Tamas Abraham,
Seyit Camtepe,
Salil S. Kanhere,
Ehsan Abbasnejad,
Damith C. Ranasinghe
Abstract:
We present a new algorithm to train a robust malware detector. Modern malware detectors rely on machine learning algorithms. Now, the adversarial objective is to devise alterations to the malware code to decrease the chance of being detected whilst preserving the functionality and realism of the malware. Adversarial learning is effective in improving robustness but generating functional and realis…
▽ More
We present a new algorithm to train a robust malware detector. Modern malware detectors rely on machine learning algorithms. Now, the adversarial objective is to devise alterations to the malware code to decrease the chance of being detected whilst preserving the functionality and realism of the malware. Adversarial learning is effective in improving robustness but generating functional and realistic adversarial malware samples is non-trivial. Because: i) in contrast to tasks capable of using gradient-based feedback, adversarial learning in a domain without a differentiable mapping function from the problem space (malware code inputs) to the feature space is hard; and ii) it is difficult to ensure the adversarial malware is realistic and functional. This presents a challenge for developing scalable adversarial machine learning algorithms for large datasets at a production or commercial scale to realize robust malware detectors. We propose an alternative; perform adversarial learning in the feature space in contrast to the problem space. We prove the projection of perturbed, yet valid malware, in the problem space into feature space will always be a subset of adversarials generated in the feature space. Hence, by generating a robust network against feature-space adversarial examples, we inherently achieve robustness against problem-space adversarial examples. We formulate a Bayesian adversarial learning objective that captures the distribution of models for improved robustness. We prove that our learning method bounds the difference between the adversarial risk and empirical risk explaining the improved robustness. We show that adversarially trained BNNs achieve state-of-the-art robustness. Notably, adversarially trained BNNs are robust against stronger attacks with larger attack budgets by a margin of up to 15% on a recent production-scale malware dataset of more than 20 million samples.
△ Less
Submitted 30 January, 2023;
originally announced January 2023.
-
Diverse Multimedia Layout Generation with Multi Choice Learning
Authors:
David D. Nguyen,
Surya Nepal,
Salil S. Kanhere
Abstract:
Designing visually appealing layouts for multimedia documents containing text, graphs and images requires a form of creative intelligence. Modelling the generation of layouts has recently gained attention due to its importance in aesthetics and communication style. In contrast to standard prediction tasks, there are a range of acceptable layouts which depend on user preferences. For example, a pos…
▽ More
Designing visually appealing layouts for multimedia documents containing text, graphs and images requires a form of creative intelligence. Modelling the generation of layouts has recently gained attention due to its importance in aesthetics and communication style. In contrast to standard prediction tasks, there are a range of acceptable layouts which depend on user preferences. For example, a poster designer may prefer logos on the top-left while another prefers logos on the bottom-right. Both are correct choices yet existing machine learning models treat layouts as a single choice prediction problem. In such situations, these models would simply average over all possible choices given the same input forming a degenerate sample. In the above example, this would form an unacceptable layout with a logo in the centre. In this paper, we present an auto-regressive neural network architecture, called LayoutMCL, that uses multi-choice prediction and winner-takes-all loss to effectively stabilise layout generation. LayoutMCL avoids the averaging problem by using multiple predictors to learn a range of possible options for each layout object. This enables LayoutMCL to generate multiple and diverse layouts from a single input which is in contrast with existing approaches which yield similar layouts with minor variations. Through quantitative benchmarks on real data (magazine, document and mobile app layouts), we demonstrate that LayoutMCL reduces Fréchet Inception Distance (FID) by 83-98% and generates significantly more diversity in comparison to existing approaches.
△ Less
Submitted 16 January, 2023;
originally announced January 2023.
-
Masked Vector Quantization
Authors:
David D. Nguyen,
David Leibowitz,
Surya Nepal,
Salil S. Kanhere
Abstract:
Generative models with discrete latent representations have recently demonstrated an impressive ability to learn complex high-dimensional data distributions. However, their performance relies on a long sequence of tokens per instance and a large number of codebook entries, resulting in long sampling times and considerable computation to fit the categorical posterior. To address these issues, we pr…
▽ More
Generative models with discrete latent representations have recently demonstrated an impressive ability to learn complex high-dimensional data distributions. However, their performance relies on a long sequence of tokens per instance and a large number of codebook entries, resulting in long sampling times and considerable computation to fit the categorical posterior. To address these issues, we propose the Masked Vector Quantization (MVQ) framework which increases the representational capacity of each code vector by learning mask configurations via a stochastic winner-takes-all training regime called Multiple Hypothese Dropout (MH-Dropout). On ImageNet 64$\times$64, MVQ reduces FID in existing vector quantization architectures by up to $68\%$ at 2 tokens per instance and $57\%$ at 5 tokens. These improvements widen as codebook entries is reduced and allows for $7\textit{--}45\times$ speed-up in token sampling during inference. As an additional benefit, we find that smaller latent spaces lead to MVQ identifying transferable visual representations where multiple can be smoothly combined.
△ Less
Submitted 24 March, 2024; v1 submitted 16 January, 2023;
originally announced January 2023.
-
PlexiChain: A Secure Blockchain-based Flexibility Aggregator Framework
Authors:
Samuel Karumba,
Salil S. Kanhere,
Raja Jurdak,
Subbu Sethuvenkatraman
Abstract:
Flexible resources in built environments are seen as a low-cost opportunity for delivering grid management services. Consequently, the centralised aggregator model, where the aggregator is used to bundle demand flexibility from flexible resources and deliver it to flexibility customers such as Distributed/Transmission System Operator (DSO/TSO) in flexibility markets, has been adopted. However, the…
▽ More
Flexible resources in built environments are seen as a low-cost opportunity for delivering grid management services. Consequently, the centralised aggregator model, where the aggregator is used to bundle demand flexibility from flexible resources and deliver it to flexibility customers such as Distributed/Transmission System Operator (DSO/TSO) in flexibility markets, has been adopted. However, the aggregator role introduces various security and trust challenges. In this work, we propose a blockchain-based flexibility trading framework dubbed PlexiChain to address the security and trust challenges the aggregator poses in the centralised aggregator model. The security evaluations performed using a real-world dataset show that PlexiChain is robust against known security attacks, such as MadIoT and False Data Injection attacks. Additionally, the performance evaluations show that PlexiChain has lower computation and communication costs than other blockchain-based applications in resource-constrained environments.
△ Less
Submitted 18 December, 2022;
originally announced December 2022.
-
Trust and Reputation Management for Blockchain-enabled IoT
Authors:
Guntur Dharma Putra,
Sidra Malik,
Volkan Dedeoglu,
Salil S Kanhere,
Raja Jurdak
Abstract:
In recent years, there has been an increasing interest in incorporating blockchain for the Internet of Things (IoT) to address the inherent issues of IoT, such as single point of failure and data silos. However, blockchain alone cannot ascertain the authenticity and veracity of the data coming from IoT devices. The append-only nature of blockchain exacerbates this issue, as it would not be possibl…
▽ More
In recent years, there has been an increasing interest in incorporating blockchain for the Internet of Things (IoT) to address the inherent issues of IoT, such as single point of failure and data silos. However, blockchain alone cannot ascertain the authenticity and veracity of the data coming from IoT devices. The append-only nature of blockchain exacerbates this issue, as it would not be possible to alter the data once recorded on-chain. Trust and Reputation Management (TRM) is an effective approach to overcome the aforementioned trust issues. However, designing TRM frameworks for blockchain-enabled IoT applications is a non-trivial task, as each application has its unique trust challenges with their unique features and requirements. In this paper, we present our experiences in designing TRM framework for various blockchain-enabled IoT applications to provide insights and highlight open research challenges for future opportunities.
△ Less
Submitted 8 December, 2022;
originally announced December 2022.
-
Reconstruction Attack on Differential Private Trajectory Protection Mechanisms
Authors:
Erik Buchholz,
Alsharif Abuadbba,
Shuo Wang,
Surya Nepal,
Salil S. Kanhere
Abstract:
Location trajectories collected by smartphones and other devices represent a valuable data source for applications such as location-based services. Likewise, trajectories have the potential to reveal sensitive information about individuals, e.g., religious beliefs or sexual orientations. Accordingly, trajectory datasets require appropriate sanitization. Due to their strong theoretical privacy guar…
▽ More
Location trajectories collected by smartphones and other devices represent a valuable data source for applications such as location-based services. Likewise, trajectories have the potential to reveal sensitive information about individuals, e.g., religious beliefs or sexual orientations. Accordingly, trajectory datasets require appropriate sanitization. Due to their strong theoretical privacy guarantees, differential private publication mechanisms receive much attention. However, the large amount of noise required to achieve differential privacy yields structural differences, e.g., ship trajectories passing over land. We propose a deep learning-based Reconstruction Attack on Protected Trajectories (RAoPT), that leverages the mentioned differences to partly reconstruct the original trajectory from a differential private release. The evaluation shows that our RAoPT model can reduce the Euclidean and Hausdorff distances between the released and original trajectories by over 68% on two real-world datasets under protection with $\varepsilon \leq 1$. In this setting, the attack increases the average Jaccard index of the trajectories' convex hulls, representing a user's activity space, by over 180%. Trained on the GeoLife dataset, the model still reduces the Euclidean and Hausdorff distances by over 60% for T-Drive trajectories protected with a state-of-the-art mechanism ($\varepsilon = 0.1$). This work highlights shortcomings of current trajectory publication mechanisms, and thus motivates further research on privacy-preserving publication schemes.
△ Less
Submitted 17 October, 2022;
originally announced October 2022.
-
Machine Learning-based Automatic Annotation and Detection of COVID-19 Fake News
Authors:
Mohammad Majid Akhtar,
Bibhas Sharma,
Ishan Karunanayake,
Rahat Masood,
Muhammad Ikram,
Salil S. Kanhere
Abstract:
COVID-19 impacted every part of the world, although the misinformation about the outbreak traveled faster than the virus. Misinformation spread through online social networks (OSN) often misled people from following correct medical practices. In particular, OSN bots have been a primary source of disseminating false information and initiating cyber propaganda. Existing work neglects the presence of…
▽ More
COVID-19 impacted every part of the world, although the misinformation about the outbreak traveled faster than the virus. Misinformation spread through online social networks (OSN) often misled people from following correct medical practices. In particular, OSN bots have been a primary source of disseminating false information and initiating cyber propaganda. Existing work neglects the presence of bots that act as a catalyst in the spread and focuses on fake news detection in 'articles shared in posts' rather than the post (textual) content. Most work on misinformation detection uses manually labeled datasets that are hard to scale for building their predictive models. In this research, we overcome this challenge of data scarcity by proposing an automated approach for labeling data using verified fact-checked statements on a Twitter dataset. In addition, we combine textual features with user-level features (such as followers count and friends count) and tweet-level features (such as number of mentions, hashtags and urls in a tweet) to act as additional indicators to detect misinformation. Moreover, we analyzed the presence of bots in tweets and show that bots change their behavior over time and are most active during the misinformation campaign. We collected 10.22 Million COVID-19 related tweets and used our annotation model to build an extensive and original ground truth dataset for classification purposes. We utilize various machine learning models to accurately detect misinformation and our best classification model achieves precision (82%), recall (96%), and false positive rate (3.58%). Also, our bot analysis indicates that bots generated approximately 10% of misinformation tweets. Our methodology results in substantial exposure of false information, thus improving the trustworthiness of information disseminated through social media platforms.
△ Less
Submitted 7 September, 2022;
originally announced September 2022.
-
Towards Blockchain-based Trust and Reputation Management for Trustworthy 6G Networks
Authors:
Guntur Dharma Putra,
Volkan Dedeoglu,
Salil S Kanhere,
Raja Jurdak
Abstract:
6G is envisioned to enable futuristic technologies, which exhibit more complexities than the previous generations, as it aims to bring connectivity to a large number of devices, many of which may not be trustworthy. Proper authentication can protect the network from unauthorized adversaries. However, it cannot guarantee in situ reliability and trustworthiness of authorized network nodes, as they c…
▽ More
6G is envisioned to enable futuristic technologies, which exhibit more complexities than the previous generations, as it aims to bring connectivity to a large number of devices, many of which may not be trustworthy. Proper authentication can protect the network from unauthorized adversaries. However, it cannot guarantee in situ reliability and trustworthiness of authorized network nodes, as they can be compromised post-authentication and impede the reliability and resilience of the network. Trust and Reputation Management (TRM) is an effective approach to continuously evaluate the trustworthiness of each participant by collecting and processing evidence of their interactions with other nodes and the infrastructure. In this article, we argue that blockchain-based TRM is critical to build trustworthy 6G networks, where blockchain acts as a decentralized platform for collaboratively managing and processing interaction evidence with the end goal of quantifying trust. We present a case study of resource management in 6G networks, where blockchain-based TRM quantifies and maintains reputation scores by evaluating fulfillment of resource owner's obligations and facilitating resource consumers to provide feedback. We also discuss inherent challenges and future directions for the development of blockchain-based TRM for next-generation 6G networks.
△ Less
Submitted 16 August, 2022;
originally announced August 2022.
-
Deception for Cyber Defence: Challenges and Opportunities
Authors:
David Liebowitz,
Surya Nepal,
Kristen Moore,
Cody J. Christopher,
Salil S. Kanhere,
David Nguyen,
Roelien C. Timmer,
Michael Longland,
Keerth Rathakumar
Abstract:
Deception is rapidly growing as an important tool for cyber defence, complementing existing perimeter security measures to rapidly detect breaches and data theft. One of the factors limiting the use of deception has been the cost of generating realistic artefacts by hand. Recent advances in Machine Learning have, however, created opportunities for scalable, automated generation of realistic decept…
▽ More
Deception is rapidly growing as an important tool for cyber defence, complementing existing perimeter security measures to rapidly detect breaches and data theft. One of the factors limiting the use of deception has been the cost of generating realistic artefacts by hand. Recent advances in Machine Learning have, however, created opportunities for scalable, automated generation of realistic deceptions. This vision paper describes the opportunities and challenges involved in developing models to mimic many common elements of the IT stack for deception effects.
△ Less
Submitted 15 August, 2022;
originally announced August 2022.
-
Transferable Graph Backdoor Attack
Authors:
Shuiqiao Yang,
Bao Gia Doan,
Paul Montague,
Olivier De Vel,
Tamas Abraham,
Seyit Camtepe,
Damith C. Ranasinghe,
Salil S. Kanhere
Abstract:
Graph Neural Networks (GNNs) have achieved tremendous success in many graph mining tasks benefitting from the message passing strategy that fuses the local structure and node features for better graph representation learning. Despite the success of GNNs, and similar to other types of deep neural networks, GNNs are found to be vulnerable to unnoticeable perturbations on both graph structure and nod…
▽ More
Graph Neural Networks (GNNs) have achieved tremendous success in many graph mining tasks benefitting from the message passing strategy that fuses the local structure and node features for better graph representation learning. Despite the success of GNNs, and similar to other types of deep neural networks, GNNs are found to be vulnerable to unnoticeable perturbations on both graph structure and node features. Many adversarial attacks have been proposed to disclose the fragility of GNNs under different perturbation strategies to create adversarial examples. However, vulnerability of GNNs to successful backdoor attacks was only shown recently. In this paper, we disclose the TRAP attack, a Transferable GRAPh backdoor attack. The core attack principle is to poison the training dataset with perturbation-based triggers that can lead to an effective and transferable backdoor attack. The perturbation trigger for a graph is generated by performing the perturbation actions on the graph structure via a gradient based score matrix from a surrogate model. Compared with prior works, TRAP attack is different in several ways: i) it exploits a surrogate Graph Convolutional Network (GCN) model to generate perturbation triggers for a blackbox based backdoor attack; ii) it generates sample-specific perturbation triggers which do not have a fixed pattern; and iii) the attack transfers, for the first time in the context of GNNs, to different GNN models when trained with the forged poisoned training dataset. Through extensive evaluations on four real-world datasets, we demonstrate the effectiveness of the TRAP attack to build transferable backdoors in four different popular GNNs using four real-world datasets.
△ Less
Submitted 4 July, 2022; v1 submitted 21 June, 2022;
originally announced July 2022.
-
Can pre-trained Transformers be used in detecting complex sensitive sentences? -- A Monsanto case study
Authors:
Roelien C. Timmer,
David Liebowitz,
Surya Nepal,
Salil S. Kanhere
Abstract:
Each and every organisation releases information in a variety of forms ranging from annual reports to legal proceedings. Such documents may contain sensitive information and releasing them openly may lead to the leakage of confidential information. Detection of sentences that contain sensitive information in documents can help organisations prevent the leakage of valuable confidential information.…
▽ More
Each and every organisation releases information in a variety of forms ranging from annual reports to legal proceedings. Such documents may contain sensitive information and releasing them openly may lead to the leakage of confidential information. Detection of sentences that contain sensitive information in documents can help organisations prevent the leakage of valuable confidential information. This is especially challenging when such sentences contain a substantial amount of information or are paraphrased versions of known sensitive content. Current approaches to sensitive information detection in such complex settings are based on keyword-based approaches or standard machine learning models. In this paper, we wish to explore whether pre-trained transformer models are well suited to detect complex sensitive information. Pre-trained transformers are typically trained on an enormous amount of text and therefore readily learn grammar, structure and other linguistic features, making them particularly attractive for this task. Through our experiments on the Monsanto trial data set, we observe that the fine-tuned Bidirectional Encoder Representations from Transformers (BERT) transformer model performs better than traditional models. We experimented with four different categories of documents in the Monsanto dataset and observed that BERT achieves better F2 scores by 24.13\% to 65.79\% for GHOST, 30.14\% to 54.88\% for TOXIC, 39.22\% for CHEMI, 53.57\% for REGUL compared to existing sensitive information detection models.
△ Less
Submitted 13 March, 2022;
originally announced March 2022.
-
DeTRM: Decentralised Trust and Reputation Management for Blockchain-based Supply Chains
Authors:
Guntur Dharma Putra,
Changhoon Kang,
Salil S. Kanhere,
James Won-Ki Hong
Abstract:
Blockchain has the potential to enhance supply chain management systems by providing stronger assurance in transparency and traceability of traded commodities. However, blockchain does not overcome the inherent issues of data trust in IoT enabled supply chains. Recent proposals attempt to tackle these issues by incorporating generic trust and reputation management, which does not entirely address…
▽ More
Blockchain has the potential to enhance supply chain management systems by providing stronger assurance in transparency and traceability of traded commodities. However, blockchain does not overcome the inherent issues of data trust in IoT enabled supply chains. Recent proposals attempt to tackle these issues by incorporating generic trust and reputation management, which does not entirely address the complex challenges of supply chain operations and suffers from significant drawbacks. In this paper, we propose DeTRM, a decentralised trust and reputation management solution for supply chains, which considers complex supply chain operations, such as splitting or merging of product lots, to provide a coherent trust management solution. We resolve data trust by correlating empirical data from adjacent sensor nodes, using which the authenticity of data can be assessed. We design a consortium blockchain, where smart contracts play a significant role in quantifying trustworthiness as a numerical score from different perspectives. A proof-of-concept implementation in Hyperledger Fabric shows that DeTRM is feasible and only incurs relatively small overheads compared to the baseline.
△ Less
Submitted 11 March, 2022;
originally announced March 2022.
-
AI for Next Generation Computing: Emerging Trends and Future Directions
Authors:
Sukhpal Singh Gill,
Minxian Xu,
Carlo Ottaviani,
Panos Patros,
Rami Bahsoon,
Arash Shaghaghi,
Muhammed Golec,
Vlado Stankovski,
Huaming Wu,
Ajith Abraham,
Manmeet Singh,
Harshit Mehta,
Soumya K. Ghosh,
Thar Baker,
Ajith Kumar Parlikad,
Hanan Lutfiyya,
Salil S. Kanhere,
Rizos Sakellariou,
Schahram Dustdar,
Omer Rana,
Ivona Brandic,
Steve Uhlig
Abstract:
Autonomic computing investigates how systems can achieve (user) specified control outcomes on their own, without the intervention of a human operator. Autonomic computing fundamentals have been substantially influenced by those of control theory for closed and open-loop systems. In practice, complex systems may exhibit a number of concurrent and inter-dependent control loops. Despite research into…
▽ More
Autonomic computing investigates how systems can achieve (user) specified control outcomes on their own, without the intervention of a human operator. Autonomic computing fundamentals have been substantially influenced by those of control theory for closed and open-loop systems. In practice, complex systems may exhibit a number of concurrent and inter-dependent control loops. Despite research into autonomic models for managing computer resources, ranging from individual resources (e.g., web servers) to a resource ensemble (e.g., multiple resources within a data center), research into integrating Artificial Intelligence (AI) and Machine Learning (ML) to improve resource autonomy and performance at scale continues to be a fundamental challenge. The integration of AI/ML to achieve such autonomic and self-management of systems can be achieved at different levels of granularity, from full to human-in-the-loop automation. In this article, leading academics, researchers, practitioners, engineers, and scientists in the fields of cloud computing, AI/ML, and quantum computing join to discuss current research and potential future directions for these fields. Further, we discuss challenges and opportunities for leveraging AI and ML in next generation computing for emerging computing paradigms, including cloud, fog, edge, serverless and quantum computing environments.
△ Less
Submitted 5 March, 2022;
originally announced March 2022.
-
Is this IoT Device Likely to be Secure? Risk Score Prediction for IoT Devices Using Gradient Boosting Machines
Authors:
Carlos A. Rivera Alvarez,
Arash Shaghaghi,
David D. Nguyen,
Salil S. Kanhere
Abstract:
Security risk assessment and prediction are critical for organisations deploying Internet of Things (IoT) devices. An absolute minimum requirement for enterprises is to verify the security risk of IoT devices for the reported vulnerabilities in the National Vulnerability Database (NVD). This paper proposes a novel risk prediction for IoT devices based on publicly available information about them.…
▽ More
Security risk assessment and prediction are critical for organisations deploying Internet of Things (IoT) devices. An absolute minimum requirement for enterprises is to verify the security risk of IoT devices for the reported vulnerabilities in the National Vulnerability Database (NVD). This paper proposes a novel risk prediction for IoT devices based on publicly available information about them. Our solution provides an easy and cost-efficient solution for enterprises of all sizes to predict the security risk of deploying new IoT devices. After an extensive analysis of the NVD records over the past eight years, we have created a unique, systematic, and balanced dataset for vulnerable IoT devices, including key technical features complemented with functional and descriptive features available from public resources. We then use machine learning classification models such as Gradient Boosting Decision Trees (GBDT) over this dataset and achieve 71% prediction accuracy in classifying the severity of device vulnerability score.
△ Less
Submitted 23 November, 2021;
originally announced November 2021.
-
Decentralised Trustworthy Collaborative Intrusion Detection System for IoT
Authors:
Guntur Dharma Putra,
Volkan Dedeoglu,
Abhinav Pathak,
Salil S. Kanhere,
Raja Jurdak
Abstract:
Intrusion Detection Systems (IDS) have been the industry standard for securing IoT networks against known attacks. To increase the capability of an IDS, researchers proposed the concept of blockchain-based Collaborative-IDS (CIDS), wherein blockchain acts as a decentralised platform allowing collaboration between CIDS nodes to share intrusion related information, such as intrusion alarms and detec…
▽ More
Intrusion Detection Systems (IDS) have been the industry standard for securing IoT networks against known attacks. To increase the capability of an IDS, researchers proposed the concept of blockchain-based Collaborative-IDS (CIDS), wherein blockchain acts as a decentralised platform allowing collaboration between CIDS nodes to share intrusion related information, such as intrusion alarms and detection rules. However, proposals in blockchain-based CIDS overlook the importance of continuous evaluation of the trustworthiness of each node and generally work based on the assumption that the nodes are always honest. In this paper, we propose a decentralised CIDS that emphasises the importance of building trust between CIDS nodes. In our proposed solution, each CIDS node exchanges detection rules to help other nodes detect new types of intrusion. Our architecture offloads the trust computation to the blockchain and utilises a decentralised storage to host the shared trustworthy detection rules, ensuring scalability. Our implementation in a lab-scale testbed shows that the our solution is feasible and performs within the expected benchmarks of the Ethereum platform.
△ Less
Submitted 21 October, 2021;
originally announced October 2021.
-
From MANET to people-centric networking: milestones and open research challenges
Authors:
Marco Conti,
Chiara Boldrini,
Salil S. Kanhere,
Enzo Mingozzi,
Elena Pagani,
Pedro M. Ruiz,
Mohamed Younis
Abstract:
In this paper we discuss the state of the art of (mobile) multi-hop ad hoc networking with the aim to present the current status of the research activities and identify the consolidated research areas, with limited research opportunities, and the hot and emerging research areas for which further research is required. We start by briefly discussing the MANET paradigm, and why the research on MANET…
▽ More
In this paper we discuss the state of the art of (mobile) multi-hop ad hoc networking with the aim to present the current status of the research activities and identify the consolidated research areas, with limited research opportunities, and the hot and emerging research areas for which further research is required. We start by briefly discussing the MANET paradigm, and why the research on MANET protocols is now a cold research topic. Then we analyze the active research areas. Specifically, after discussing the wireless-network technologies we analyze four successful ad hoc networking paradigms, mesh, opportunistic, vehicular networks, and sensor networks that emerged from the MANET world. We also present the new research directions in the multi-hop ad hoc networking field: people-centric networking, triggered by the increasing penetration of the smartphones in everyday life, which is generating a people-centric revolution in computing and communications.
△ Less
Submitted 21 September, 2021;
originally announced September 2021.
-
Blockchain for Trust and Reputation Management in Cyber-physical Systems
Authors:
Guntur Dharma Putra,
Volkan Dedeoglu,
Salil S Kanhere,
Raja Jurdak
Abstract:
The salient features of blockchain, such as decentralisation and transparency, have allowed the development of Decentralised Trust and Reputation Management Systems (DTRMS), which mainly aim to quantitatively assess the trustworthiness of the network participants and help to protect the network from adversaries. In the literature, proposals of DTRMS have been applied to various Cyber-physical Syst…
▽ More
The salient features of blockchain, such as decentralisation and transparency, have allowed the development of Decentralised Trust and Reputation Management Systems (DTRMS), which mainly aim to quantitatively assess the trustworthiness of the network participants and help to protect the network from adversaries. In the literature, proposals of DTRMS have been applied to various Cyber-physical Systems (CPS) applications, including supply chains, smart cities and distributed energy trading. In this chapter, we outline the building blocks of a generic DTRMS and discuss how it can benefit from blockchain. To highlight the significance of DTRMS, we present the state-of-the-art of DTRMS in various field of CPS applications. In addition, we also outline challenges and future directions in developing DTRMS for CPS.
△ Less
Submitted 16 September, 2021;
originally announced September 2021.
-
TradeChain: Decoupling Traceability and Identity inBlockchain enabled Supply Chains
Authors:
Sidra Malik,
Naman Gupta,
Volkan Dedeoglu,
Salil S. Kanhere,
Raja Jurdak
Abstract:
In this work, we propose a privacy-preservation framework, TradeChain, which decouples the trade events of participants using decentralised identities. TradeChain adopts the Self-Sovereign Identity (SSI) principles and makes the following novel contributions: a) it incorporates two separate ledgers: a public permissioned blockchain for maintaining identities and the permissioned blockchain for rec…
▽ More
In this work, we propose a privacy-preservation framework, TradeChain, which decouples the trade events of participants using decentralised identities. TradeChain adopts the Self-Sovereign Identity (SSI) principles and makes the following novel contributions: a) it incorporates two separate ledgers: a public permissioned blockchain for maintaining identities and the permissioned blockchain for recording trade flows, b) it uses Zero Knowledge Proofs (ZKPs) on traders' private credentials to prove multiple identities on trade ledger and c) allows data owners to define dynamic access rules for verifying traceability information from the trade ledger using access tokens and Ciphertext Policy Attribute-Based Encryption (CP-ABE). A proof of concept implementation of TradeChain is presented on Hyperledger Indy and Fabric and an extensive evaluation of execution time, latency and throughput reveals minimal overheads.
△ Less
Submitted 24 May, 2021;
originally announced May 2021.
-
Trust-based Blockchain Authorization for IoT
Authors:
Guntur Dharma Putra,
Volkan Dedeoglu,
Salil S Kanhere,
Raja Jurdak,
Aleksandar Ignjatovic
Abstract:
Authorization or access control limits the actions a user may perform on a computer system, based on predetermined access control policies, thus preventing access by illegitimate actors. Access control for the Internet of Things (IoT) should be tailored to take inherent IoT network scale and device resource constraints into consideration. However, common authorization systems in IoT employ convent…
▽ More
Authorization or access control limits the actions a user may perform on a computer system, based on predetermined access control policies, thus preventing access by illegitimate actors. Access control for the Internet of Things (IoT) should be tailored to take inherent IoT network scale and device resource constraints into consideration. However, common authorization systems in IoT employ conventional schemes, which suffer from overheads and centralization. Recent research trends suggest that blockchain has the potential to tackle the issues of access control in IoT. However, proposed solutions overlook the importance of building dynamic and flexible access control mechanisms. In this paper, we design a decentralized attribute-based access control mechanism with an auxiliary Trust and Reputation System (TRS) for IoT authorization. Our system progressively quantifies the trust and reputation scores of each node in the network and incorporates the scores into the access control mechanism to achieve dynamic and flexible access control. We design our system to run on a public blockchain, but we separate the storage of sensitive information, such as user's attributes, to private sidechains for privacy preservation. We implement our solution in a public Rinkeby Ethereum test-network interconnected with a lab-scale testbed. Our evaluations consider various performance metrics to highlight the applicability of our solution for IoT contexts.
△ Less
Submitted 1 April, 2021;
originally announced April 2021.
-
DIMY: Enabling Privacy-preserving Contact Tracing
Authors:
Nadeem Ahmed,
Regio A. Michelin,
Wanli Xue,
Guntur Dharma Putra,
Sushmita Ruj,
Salil S. Kanhere,
Sanjay Jha
Abstract:
The infection rate of COVID-19 and lack of an approved vaccine has forced governments and health authorities to adopt lockdowns, increased testing, and contact tracing to reduce the spread of the virus. Digital contact tracing has become a supplement to the traditional manual contact tracing process. However, although there have been a number of digital contact tracing apps proposed and deployed,…
▽ More
The infection rate of COVID-19 and lack of an approved vaccine has forced governments and health authorities to adopt lockdowns, increased testing, and contact tracing to reduce the spread of the virus. Digital contact tracing has become a supplement to the traditional manual contact tracing process. However, although there have been a number of digital contact tracing apps proposed and deployed, these have not been widely adopted owing to apprehensions surrounding privacy and security. In this paper, we propose a blockchain-based privacy-preserving contact tracing protocol, "Did I Meet You" (DIMY), that provides full-lifecycle data privacy protection on the devices themselves as well as on the back-end servers, to address most of the privacy concerns associated with existing protocols. We have employed Bloom filters to provide efficient privacy-preserving storage, and have used the Diffie-Hellman key exchange for secret sharing among the participants. We show that DIMY provides resilience against many well known attacks while introducing negligible overheads. DIMY's footprint on the storage space of clients' devices and back-end servers is also significantly lower than other similar state of the art apps.
△ Less
Submitted 10 March, 2021;
originally announced March 2021.
-
HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios
Authors:
Hassan Ali,
Surya Nepal,
Salil S. Kanhere,
Sanjay Jha
Abstract:
We have witnessed the continuing arms race between backdoor attacks and the corresponding defense strategies on Deep Neural Networks (DNNs). Most state-of-the-art defenses rely on the statistical sanitization of the "inputs" or "latent DNN representations" to capture trojan behaviour. In this paper, we first challenge the robustness of such recently reported defenses by introducing a novel variant…
▽ More
We have witnessed the continuing arms race between backdoor attacks and the corresponding defense strategies on Deep Neural Networks (DNNs). Most state-of-the-art defenses rely on the statistical sanitization of the "inputs" or "latent DNN representations" to capture trojan behaviour. In this paper, we first challenge the robustness of such recently reported defenses by introducing a novel variant of targeted backdoor attack, called "low-confidence backdoor attack". We also propose a novel defense technique, called "HaS-Nets".
"Low-confidence backdoor attack" exploits the confidence labels assigned to poisoned training samples by giving low values to hide their presence from the defender, both during training and inference. We evaluate the attack against four state-of-the-art defense methods, viz., STRIP, Gradient-Shaping, Februus and ULP-defense, and achieve Attack Success Rate (ASR) of 99%, 63.73%, 91.2% and 80%, respectively.
We next present "HaS-Nets" to resist backdoor insertion in the network during training, using a reasonably small healing dataset, approximately 2% to 15% of full training data, to heal the network at each iteration. We evaluate it for different datasets - Fashion-MNIST, CIFAR-10, Consumer Complaint and Urban Sound - and network architectures - MLPs, 2D-CNNs, 1D-CNNs. Our experiments show that "HaS-Nets" can decrease ASRs from over 90% to less than 15%, independent of the dataset, attack configuration and network architecture.
△ Less
Submitted 14 December, 2020;
originally announced December 2020.
-
Energy and Service-priority aware Trajectory Design for UAV-BSs using Double Q-Learning
Authors:
Sayed Amir Hoseini,
Ayub Bokani,
Jahan Hassan,
Shavbo Salehi,
Salil S. Kanhere
Abstract:
Next-generation mobile networks have proposed the integration of Unmanned Aerial Vehicles (UAVs) as aerial base stations (UAV-BS) to serve ground nodes. Despite having advantages of using UAV-BSs, their dependence on the on-board, limited-capacity battery hinders their service continuity. Shorter trajectories can save flying energy, however, UAV-BSs must also serve nodes based on their service pri…
▽ More
Next-generation mobile networks have proposed the integration of Unmanned Aerial Vehicles (UAVs) as aerial base stations (UAV-BS) to serve ground nodes. Despite having advantages of using UAV-BSs, their dependence on the on-board, limited-capacity battery hinders their service continuity. Shorter trajectories can save flying energy, however, UAV-BSs must also serve nodes based on their service priority since nodes' service requirements are not always the same. In this paper, we present an energy-efficient trajectory optimization for a UAV assisted IoT system in which the UAV-BS considers the IoT nodes' service priorities in making its movement decisions. We solve the trajectory optimization problem using Double Q-Learning algorithm. Simulation results reveal that the Q-Learning based optimized trajectory outperforms a benchmark algorithm, namely Greedily-served algorithm, in terms of reducing the average energy consumption of the UAV-BS as well as the service delay for high priority nodes.
△ Less
Submitted 26 October, 2020;
originally announced October 2020.
-
Towards Decentralized IoT Updates Delivery Leveraging Blockchain and Zero-Knowledge Proofs
Authors:
Edoardo Puggioni,
Arash Shaghaghi,
Robin Doss,
Salil S. Kanhere
Abstract:
We propose CrowdPatching, a blockchain-based decentralized protocol, allowing Internet of Things (IoT) manufacturers to delegate the delivery of software updates to self-interested distributors in exchange for cryptocurrency. Manufacturers announce updates by deploying a smart contract (SC), which in turn will issue cryptocurrency payments to any distributor who provides an unforgeable proof-of-de…
▽ More
We propose CrowdPatching, a blockchain-based decentralized protocol, allowing Internet of Things (IoT) manufacturers to delegate the delivery of software updates to self-interested distributors in exchange for cryptocurrency. Manufacturers announce updates by deploying a smart contract (SC), which in turn will issue cryptocurrency payments to any distributor who provides an unforgeable proof-of-delivery. The latter is provided by IoT devices authorizing the SC to issue payment to a distributor when the required conditions are met. These conditions include the requirement for a distributor to generate a zero-knowledge proof, generated with a novel proving system called zk-SNARKs. Compared with related work, CrowdPatching protocol offers three main advantages. First, the number of distributors can scale indefinitely by enabling the addition of new distributors at any time after the initial distribution by manufacturers (i.e., redistribution among the distributor network). The latter is not possible in existing protocols and is not account for. Secondly, we leverage the recent common integration of gateway or Hub in IoT deployments in our protocol to make CrowdPatching feasible even for the more constraint IoT devices. Thirdly, the trustworthiness of distributors is considered in our protocol, rewarding the honest distributors' engagements. We provide both informal and formal security analysis of CrowdPatching using Tamarin Prover.
△ Less
Submitted 22 October, 2020;
originally announced October 2020.
-
Privacy in Targeted Advertising: A Survey
Authors:
Imdad Ullah,
Roksana Boreli,
Salil S. Kanhere
Abstract:
Targeted advertising has transformed the marketing landscape for a wide variety of businesses, by creating new opportunities for advertisers to reach prospective customers by delivering personalised ads, using an infrastructure of a number of intermediary entities and technologies. The advertising and analytics companies collect, aggregate, process and trade a vast amount of user's personal data,…
▽ More
Targeted advertising has transformed the marketing landscape for a wide variety of businesses, by creating new opportunities for advertisers to reach prospective customers by delivering personalised ads, using an infrastructure of a number of intermediary entities and technologies. The advertising and analytics companies collect, aggregate, process and trade a vast amount of user's personal data, which has prompted serious privacy concerns among both individuals and organisations. This article presents a detailed survey of the associated privacy risks and proposed solutions in a mobile environment. We outline details of the information flow between the advertising platform and ad/analytics networks, the profiling process, advertising sources and criteria, the measurement analysis of targeted advertising based on user's interests and profiling context and the ads delivery process, for both in-app and in-browser targeted ads; we also include an overview of data sharing and tracking technologies. We discuss challenges in preserving user privacy that include threats related to private information extraction and exchange among various advertising entities, privacy threats from third-party tracking, re-identification of private information and associated privacy risks. Subsequently, we present various techniques for preserving user privacy and a comprehensive analysis of the proposals based on such techniques; we compare the proposals based on the underlying architectures, privacy mechanisms and deployment scenarios. Finally, we discuss the potential research challenges and open research issues.
△ Less
Submitted 20 June, 2021; v1 submitted 15 September, 2020;
originally announced September 2020.
-
Privacy-preserving targeted mobile advertising: A Blockchain-based framework for mobile ads
Authors:
Imdad Ullah,
Salil S. Kanhere,
Roksana Boreli
Abstract:
The targeted advertising is based on preference profiles inferred via relationships among individuals, their monitored responses to previous advertising and temporal activity over the Internet, which has raised critical privacy concerns. In this paper, we present a novel proposal for a Blockchain-based advertising platform that provides: a system for privacy preserving user profiling, privately re…
▽ More
The targeted advertising is based on preference profiles inferred via relationships among individuals, their monitored responses to previous advertising and temporal activity over the Internet, which has raised critical privacy concerns. In this paper, we present a novel proposal for a Blockchain-based advertising platform that provides: a system for privacy preserving user profiling, privately requesting ads from the advertising system, the billing mechanisms for presented and clicked ads, the advertising system that uploads ads to the cloud according to profiling interests, various types of transactions to enable advertising operations in Blockchain-based network, and the method that allows a cloud system to privately compute the access policies for various resources (such as ads, mobile user profiles). Our main goal is to design a decentralized framework for targeted ads, which enables private delivery of ads to users whose behavioral profiles accurately match the presented ads, defined by the ad system. We implement a POC of our proposed framework i.e. a Bespoke Miner and experimentally evaluate various components of Blockchain-based in-app advertising system, implementing various critical components; such as, evaluating user profiles, implementing access policies, encryption and decryption of users' profiles. We observe that the processing delay for traversing policies of various tree sizes, the encryption/decryption time of user profiling with various key-sizes and user profiles of various interests evaluates to an acceptable amount of processing time as that of the currently implemented ad systems.
△ Less
Submitted 24 August, 2020;
originally announced August 2020.
-
A Novel Emergency Light Based Smart Building Solution: Design, Implementation and Use Cases
Authors:
Weitao Xu,
Jin Zhang,
Jun Young Kim,
Walter Huang,
Salil S. Kanhere,
Sanjay K. Jha,
Wen Hu,
Prasant Misra
Abstract:
Deployment of Internet of Things (IoT) in smart buildings has received considerable interest from both the academic community and commercial sectors. Unfortunately, widespread adoption of current smart building solutions is inhibited by the high costs associated with installation and maintenance. Moreover, different types of IoT devices from different manufacturers typically form distinct networks…
▽ More
Deployment of Internet of Things (IoT) in smart buildings has received considerable interest from both the academic community and commercial sectors. Unfortunately, widespread adoption of current smart building solutions is inhibited by the high costs associated with installation and maintenance. Moreover, different types of IoT devices from different manufacturers typically form distinct networks and data silos. There is a need to use a common backbone network that facilitates interoperability and seamless data exchange in a uniform way. In this paper, we present EMIoT, a novel solution for smart buildings that breaks these barriers by leveraging existing emergency lighting systems. In EMIoT, we embed a wireless LoRa module in each emergency light to turn them into wireless routers. EMIoT has been deployed in more than 50 buildings of different types in Sydney Australia and has been successfully running over two years. We present the design and implementation of EMIoT in this paper. Moreover, we use the deployment in a residential building as a use case to show the performance of EMIoT in real-world environments and share lessons learned. Finally, we discuss the advantages and disadvantages of EMIoT. This paper provides practical insights for IoT deployment in smart buildings for practitioners and solution providers.
△ Less
Submitted 31 July, 2020;
originally announced July 2020.
-
B-FERL: Blockchain based Framework for Securing Smart Vehicles
Authors:
Chuka Oham,
Regio Michelin,
Salil S. Kanhere,
Raja Jurdak,
Sanjay Jha
Abstract:
The ubiquity of connecting technologies in smart vehicles and the incremental automation of its functionalities promise significant benefits, including a significant decline in congestion and road fatalities. However, increasing automation and connectedness broadens the attack surface and heightens the likelihood of a malicious entity successfully executing an attack. In this paper, we propose a B…
▽ More
The ubiquity of connecting technologies in smart vehicles and the incremental automation of its functionalities promise significant benefits, including a significant decline in congestion and road fatalities. However, increasing automation and connectedness broadens the attack surface and heightens the likelihood of a malicious entity successfully executing an attack. In this paper, we propose a Blockchain based Framework for sEcuring smaRt vehicLes (B-FERL). B-FERL uses permissioned blockchain technology to tailor information access to restricted entities in the connected vehicle ecosystem. It also uses a challenge-response data exchange between the vehicles and roadside units to monitor the internal state of the vehicle to identify cases of in-vehicle network compromise. In order to enable authentic and valid communication in the vehicular network, only vehicles with a verifiable record in the blockchain can exchange messages. Through qualitative arguments, we show that B-FERL is resilient to identified attacks. Also, quantitative evaluations in an emulated scenario show that B-FERL ensures a suitable response time and required storage size compatible with realistic scenarios. Finally, we demonstrate how B-FERL achieves various important functions relevant to the automotive ecosystem such as trust management, vehicular forensics and secure vehicular networks.
△ Less
Submitted 20 July, 2020;
originally announced July 2020.