2023/7/20

CAN-LOC: spoofing detection and physical intrusion localization on an in-vehicle CAN bus based on deep features of voltage signals

Efrat Levy, Asaf Shabtai, Bogdan Groza, Pal-Stefan Murvay, Yuval Elovici

IEEE Transactions on Information Forensics and Security, 2023

2023/7/20

CAN-LOC: spoofing detection and physical intrusion localization on an in-vehicle CAN bus based on deep features of voltage signals

Efrat Levy, Asaf Shabtai, Bogdan Groza, Pal-Stefan Murvay, Yuval Elovici

IEEE Transactions on Information Forensics and Security, 2023

The Controller Area Network (CAN), which is used for communication between in-vehicle devices, has been shown to be vulnerable to spoofing attacks. Voltage-based spoofing detection (VBS-D) mechanisms are considered state-of-the-art solutions, complementing cryptography-based authentication whose security is limited due to the CAN protocol’s limited message size. Unfortunately, VBS-D mechanisms are vulnerable to poisoning performed by a malicious device connected to the CAN bus, specifically designed to poison the deployed VBS-D mechanism as it adapts to environmental changes that take place when the vehicle is moving. In this paper, we harden VBS-D mechanisms using a deep learning-based mechanism which runs immediately, when the vehicle starts; this mechanism utilizes physical side-channels to detect and locate physical intrusions, even when the malicious devices connected to the …

Link
2023/6/14

X-Detect: Explainable Adversarial Patch Detection for Object Detectors in Retail

Omer Hofman, Amit Giloni, Yarin Hayun, Ikuya Morikawa, Toshiya Shimizu, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2306.08422, 2023

2023/6/14

X-Detect: Explainable Adversarial Patch Detection for Object Detectors in Retail

Omer Hofman, Amit Giloni, Yarin Hayun, Ikuya Morikawa, Toshiya Shimizu, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2306.08422, 2023

Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: i) detect adversarial samples in real time, allowing the defender to take preventive action; ii) provide explanations for the alerts raised to support the defender’s decision-making process, and iii) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1,700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available.

Link
2023/6/4

Discussion Paper: The Threat of Real Time Deepfakes

Guy Frankovits, Yisroel Mirsky

arXiv preprint arXiv:2306.02487, 2023

2023/6/4

Discussion Paper: The Threat of Real Time Deepfakes

Guy Frankovits, Yisroel Mirsky

arXiv preprint arXiv:2306.02487, 2023

Generative deep learning models are able to create realistic audio and video. This technology has been used to impersonate the faces and voices of individuals. These “deepfakes” are being used to spread misinformation, enable scams, perform fraud, and blackmail the innocent. The technology continues to advance and today attackers have the ability to generate deepfakes in real-time. This new capability poses a significant threat to society as attackers begin to exploit the technology in advances social engineering attacks. In this paper, we discuss the implications of this emerging threat, identify the challenges with preventing these attacks and suggest a better direction for researching stronger defences.

Link
2023/5/3

IPatch: a remote adversarial patch

Yisroel Mirsky

Cybersecurity 6 (1), 18, 2023

2023/5/3

IPatch: a remote adversarial patch

Yisroel Mirsky

Cybersecurity 6 (1), 18, 2023

Applications such as autonomous vehicles and medical screening use deep learning models to localize and identify hundreds of objects in a single frame. In the past, it has been shown how an attacker can fool these models by placing an adversarial patch within a scene. However, these patches must be placed in the target location and do not explicitly alter the semantics elsewhere in the image. In this paper, we introduce a new type of adversarial patch which alters a model’s perception of an image’s semantics. These patches can be placed anywhere within an image to change the classification or semantics of locations far from the patch. We call this new class of adversarial examples ‘remote adversarial patches’ (RAP). We implement our own RAP called IPatch and perform an in-depth analysis on without pixel clipping on image segmentation RAP attacks using five state-of-the-art architectures with eight …

Link
2023/4/1

Enabling object detectors to better distinguish between real and fake objects in semi-autonomous and fully autonomous vehicles. Protecting Autonomous Cars from Phantom Attacks

Ben Nassi, Yisroel Mirsky, Jacob Shams, Raz Ben-Netanel, Dudi Nassi, Yuval Elovici

COMMUNICATIONS OF THE ACM 66 (4), 56-67, 2023

2023/4/1

Enabling object detectors to better distinguish between real and fake objects in semi-autonomous and fully autonomous vehicles. Protecting Autonomous Cars from Phantom Attacks

Ben Nassi, Yisroel Mirsky, Jacob Shams, Raz Ben-Netanel, Dudi Nassi, Yuval Elovici

COMMUNICATIONS OF THE ACM 66 (4), 56-67, 2023

Link
2023/3/23

Protecting Autonomous Cars from Phantom Attacks

Ben Nassi, Yisroel Mirsky, Jacob Shams, Raz Ben-Netanel, Dudi Nassi, Yuval Elovici

Communications of the ACM 66 (4), 56-69, 2023

2023/3/23

Protecting Autonomous Cars from Phantom Attacks

Ben Nassi, Yisroel Mirsky, Jacob Shams, Raz Ben-Netanel, Dudi Nassi, Yuval Elovici

Communications of the ACM 66 (4), 56-69, 2023

Enabling object detectors to better distinguish between real and fake objects in semi-autonomous and fully autonomous vehicles.

Link
2023/3/15

A survey of MulVAL extensions and their attack scenarios coverage

David Tayouri, Nick Baum, Asaf Shabtai, Rami Puzis

IEEE Access, 2023

2023/3/15

A survey of MulVAL extensions and their attack scenarios coverage

David Tayouri, Nick Baum, Asaf Shabtai, Rami Puzis

IEEE Access, 2023

Organizations employ various adversary models to assess the risk and potential impact of attacks on their networks. A popular method of visually representing cyber risks is the attack graph. Attack graphs represent vulnerabilities and actions an attacker can take to identify and compromise an organization’s assets. Attack graphs facilitate the visual presentation and algorithmic analysis of attack scenarios in the form of attack paths. MulVAL is a generic open-source framework for constructing logical attack graphs, which has been widely used by researchers and practitioners and extended by them with additional attack scenarios. This paper surveys all of the existing MulVAL extensions and maps all MulVAL interaction rules to MITRE ATT&CK Techniques to estimate their attack scenarios coverage. This survey aligns current MulVAL extensions along unified ontological concepts and highlights the existing gaps. It …

Link
2023/3/1

D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks

Yair Meidan, Daniel Benatar, Ron Bitton, Dan Avraham, Asaf Shabtai

Computers & Security 126, 103073, 2023

2023/3/1

D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks

Yair Meidan, Daniel Benatar, Ron Bitton, Dan Avraham, Asaf Shabtai

Computers & Security 126, 103073, 2023

IoT devices are known to be vulnerable to various cyber-attacks, such as data exfiltration and the execution of flooding attacks as part of a DDoS attack. When it comes to detecting such attacks using network traffic analysis, it has been shown that some attack scenarios are not always equally easy to detect if they involve different IoT models. That is, when targeted at some IoT models, a given attack can be detected rather accurately, while when targeted at others the same attack may result in too many false alarms. In this research, we attempt to explain this variability of IoT attack detectability and devise a risk assessment method capable of addressing a key question: how easy is it for an anomaly-based network intrusion detection system to detect a given cyber-attack involving a specific IoT model? In the process of addressing this question we (a) investigate the predictability of IoT network traffic, (b) present a novel …

Link
2023/1/13

Evaluating the Cybersecurity Risk of Real-world, Machine Learning Production Systems

Ron Bitton, Nadav Maman, Inderjeet Singh, Satoru Momiyama, Yuval Elovici, Asaf Shabtai

ACM Computing Surveys 55 (9), 1-36, 2023

2023/1/13

Evaluating the Cybersecurity Risk of Real-world, Machine Learning Production Systems

Ron Bitton, Nadav Maman, Inderjeet Singh, Satoru Momiyama, Yuval Elovici, Asaf Shabtai

ACM Computing Surveys 55 (9), 1-36, 2023

Although cyberattacks on machine learning (ML) production systems can be harmful, today, security practitioners are ill-equipped, lacking methodologies and tactical tools that would allow them to analyze the security risks of their ML-based systems. In this article, we perform a comprehensive threat analysis of ML production systems. In this analysis, we follow the ontology presented by NIST for evaluating enterprise network security risk and apply it to ML-based production systems. Specifically, we (1) enumerate the assets of a typical ML production system, (2) describe the threat model (i.e., potential adversaries, their capabilities, and their main goal), (3) identify the various threats to ML systems, and (4) review a large number of attacks, demonstrated in previous studies, which can realize these threats. To quantify the risk posed by adversarial machine learning (AML) threat, we introduce a novel scoring system that …

Link
2023/1/8

Deepfake CAPTCHA: A Method for Preventing Fake Calls

Lior Yasur, Guy Frankovits, Fred M Grabovski, Yisroel Mirsky

arXiv preprint arXiv:2301.03064, 2023

2023/1/8

Deepfake CAPTCHA: A Method for Preventing Fake Calls

Lior Yasur, Guy Frankovits, Fred M Grabovski, Yisroel Mirsky

arXiv preprint arXiv:2301.03064, 2023

Deep learning technology has made it possible to generate realistic content of specific individuals. These `deepfakes’ can now be generated in real-time which enables attackers to impersonate people over audio and video calls. Moreover, some methods only need a few images or seconds of audio to steal an identity. Existing defenses perform passive analysis to detect fake content. However, with the rapid progress of deepfake quality, this may be a losing game. In this paper, we propose D-CAPTCHA: an active defense against real-time deepfakes. The approach is to force the adversary into the spotlight by challenging the deepfake model to generate content which exceeds its capabilities. By doing so, passive detection becomes easier since the content will be distorted. In contrast to existing CAPTCHAs, we challenge the AI’s ability to create content as opposed to its ability to classify content. In this work we focus on real-time audio deepfakes and present preliminary results on video. In our evaluation we found that D-CAPTCHA outperforms state-of-the-art audio deepfake detectors with an accuracy of 91-100% depending on the challenge (compared to 71% without challenges). We also performed a study on 41 volunteers to understand how threatening current real-time deepfake attacks are. We found that the majority of the volunteers could not tell the difference between real and fake audio.

Link
2023

Phantom Sponges: Exploiting Non-Maximum Suppression to Attack Deep Object Detectors

Avishag Shapira, Alon Zolfi, Luca Demetrio, Battista Biggio, Asaf Shabtai

Proceedings of the IEEE/CVF Winter Conference on Applications of Computer …, 2023

2023

Phantom Sponges: Exploiting Non-Maximum Suppression to Attack Deep Object Detectors

Avishag Shapira, Alon Zolfi, Luca Demetrio, Battista Biggio, Asaf Shabtai

Proceedings of the IEEE/CVF Winter Conference on Applications of Computer …, 2023

Adversarial attacks against deep learning-based object detectors have been studied extensively in the past few years. Most of the attacks proposed have targeted the model’s integrity (ie, caused the model to make incorrect predictions), while adversarial attacks targeting the model’s availability, a critical aspect in safety-critical domains such as autonomous driving, have not yet been explored by the machine learning research community. In this paper, we propose a novel attack that negatively affects the decision latency of an end-to-end object detection pipeline. We craft a universal adversarial perturbation (UAP) that targets a widely used technique integrated in many object detector pipelines-non-maximum suppression (NMS). Our experiments demonstrate the proposed UAP’s ability to increase the processing time of individual frames by adding” phantom” objects that overload the NMS algorithm while preserving the detection of the original objects which allows the attack to go undetected for a longer period of time.

Link
2023

VulChecker: Graph-based Vulnerability Localization in Source Code

Yisroel Mirsky, George Macon, Michael Brown, Carter Yagemann, Matthew Pruett, Evan Downing, Sukarno Mertoguno, Wenke Lee

USENIX Security '23, 2023

2023

VulChecker: Graph-based Vulnerability Localization in Source Code

Yisroel Mirsky, George Macon, Michael Brown, Carter Yagemann, Matthew Pruett, Evan Downing, Sukarno Mertoguno, Wenke Lee

USENIX Security '23, 2023

In software development, it is critical to detect vulnerabilities in a project as early as possible. Although, deep learning has shown promise in this task, current state-of-the-art methods cannot classify and identify the line on which the vulnerability occurs. Instead, the developer is tasked with searching for an arbitrary bug in an entire function or even larger region of code. In this paper, we propose VulChecker: a tool that can precisely locate vulnerabilities in source code (down to the exact instruction) as well as classify their type (CWE). To accomplish this, we propose a new program representation, program slicing strategy, and the use of a message-passing graph neural network to utilize all of code’s semantics and improve the reach between a vulnerability’s root cause and manifestation points. We also propose a novel data augmentation strategy for cheaply creating strong datasets for vulnerability detection in the wild, using free synthetic samples available online. With this training strategy, VulChecker was able to identify 24 CVEs (10 from 2019 & 2020) in 19 projects taken from the wild, with nearly zero false positives compared to a commercial tool that could only detect 4. VulChecker also discovered an exploitable zero-day vulnerability, which has been reported to developers for responsible disclosure.

Link
2022/12/5

YolOOD: Utilizing Object Detection Concepts for Out-of-Distribution Detection

Alon Zolfi, Guy Amit, Amit Baras, Satoru Koda, Ikuya Morikawa, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2212.02081, 2022

2022/12/5

YolOOD: Utilizing Object Detection Concepts for Out-of-Distribution Detection

Alon Zolfi, Guy Amit, Amit Baras, Satoru Koda, Ikuya Morikawa, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2212.02081, 2022

Out-of-distribution (OOD) detection has attracted a large amount of attention from the machine learning research community in recent years due to its importance in deployed systems. Most of the previous studies focused on the detection of OOD samples in the multi-class classification task. However, OOD detection in the multi-label classification task remains an underexplored domain. In this research, we propose YolOOD – a method that utilizes concepts from the object detection domain to perform OOD detection in the multi-label classification task. Object detection models have an inherent ability to distinguish between objects of interest (in-distribution) and irrelevant objects (e.g., OOD objects) on images that contain multiple objects from different categories. These abilities allow us to convert a regular object detection model into an image classifier with inherent OOD detection capabilities with just minor changes. We compare our approach to state-of-the-art OOD detection methods and demonstrate YolOOD’s ability to outperform these methods on a comprehensive suite of in-distribution and OOD benchmark datasets.

Link
2022/11/27

Latent SHAP: Toward Practical Human-Interpretable Explanations

Ron Bitton, Alon Malach, Amiel Meiseles, Satoru Momiyama, Toshinori Araki, Jun Furukawa, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2211.14797, 2022

2022/11/27

Latent SHAP: Toward Practical Human-Interpretable Explanations

Ron Bitton, Alon Malach, Amiel Meiseles, Satoru Momiyama, Toshinori Araki, Jun Furukawa, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2211.14797, 2022

Model agnostic feature attribution algorithms (such as SHAP and LIME) are ubiquitous techniques for explaining the decisions of complex classification models, such as deep neural networks. However, since complex classification models produce superior performance when trained on low-level (or encoded) features, in many cases, the explanations generated by these algorithms are neither interpretable nor usable by humans. Methods proposed in recent studies that support the generation of human-interpretable explanations are impractical, because they require a fully invertible transformation function that maps the model’s input features to the human-interpretable features. In this work, we introduce Latent SHAP, a black-box feature attribution framework that provides human-interpretable explanations, without the requirement for a fully invertible transformation function. We demonstrate Latent SHAP’s effectiveness using (1) a controlled experiment where invertible transformation functions are available, which enables robust quantitative evaluation of our method, and (2) celebrity attractiveness classification (using the CelebA dataset) where invertible transformation functions are not available, which enables thorough qualitative evaluation of our method.

Link
2022/11/18

Fingerprinting smartphones based on microphone characteristics from environment affected recordings

Adriana Berdich, Bogdan Groza, Efrat Levy, Asaf Shabtai, Yuval Elovici, Rene Mayrhofer

IEEE Access 10, 122399-122413, 2022

2022/11/18

Fingerprinting smartphones based on microphone characteristics from environment affected recordings

Adriana Berdich, Bogdan Groza, Efrat Levy, Asaf Shabtai, Yuval Elovici, Rene Mayrhofer

IEEE Access 10, 122399-122413, 2022

Fingerprinting devices based on unique characteristics of their sensors is an important research direction nowadays due to its immediate impact on non-interactive authentications and no less due to privacy implications. In this work, we investigate smartphone fingerprints obtained from microphone data based on recordings containing human speech, environmental sounds and several live recordings performed outdoors. We record a total of 19,200 samples using distinct devices as well as identical microphones placed on the same device in order to check the limits of the approach. To comply with real-world circumstances, we also consider the presence of several types of noise that is specific to the scenarios which we address, e.g., traffic and market noise at distinct volumes, and may reduce the reliability of the data. We analyze several classification techniques based on traditional machine learning algorithms …

Link
2022/11/16

Improving Interpretability via Regularization of Neural Activation Sensitivity

Ofir Moshe, Gil Fidel, Ron Bitton, Asaf Shabtai

arXiv preprint arXiv:2211.08686, 2022

2022/11/16

Improving Interpretability via Regularization of Neural Activation Sensitivity

Ofir Moshe, Gil Fidel, Ron Bitton, Asaf Shabtai

arXiv preprint arXiv:2211.08686, 2022

State-of-the-art deep neural networks (DNNs) are highly effective at tackling many real-world tasks. However, their wide adoption in mission-critical contexts is hampered by two major weaknesses – their susceptibility to adversarial attacks and their opaqueness. The former raises concerns about the security and generalization of DNNs in real-world conditions, whereas the latter impedes users’ trust in their output. In this research, we (1) examine the effect of adversarial robustness on interpretability and (2) present a novel approach for improving the interpretability of DNNs that is based on regularization of neural activation sensitivity. We evaluate the interpretability of models trained using our method to that of standard models and models trained using state-of-the-art adversarial robustness techniques. Our results show that adversarially robust models are superior to standard models and that models trained using our proposed method are even better than adversarially robust models in terms of interpretability.

Link
2022/11/16

Attacking object detector using a universal targeted label-switch patch

Avishag Shapira, Ron Bitton, Dan Avraham, Alon Zolfi, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2211.08859, 2022

2022/11/16

Attacking object detector using a universal targeted label-switch patch

Avishag Shapira, Ron Bitton, Dan Avraham, Alon Zolfi, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2211.08859, 2022

Adversarial attacks against deep learning-based object detectors (ODs) have been studied extensively in the past few years. These attacks cause the model to make incorrect predictions by placing a patch containing an adversarial pattern on the target object or anywhere within the frame. However, none of prior research proposed a misclassification attack on ODs, in which the patch is applied on the target object. In this study, we propose a novel, universal, targeted, label-switch attack against the state-of-the-art object detector, YOLO. In our attack, we use (i) a tailored projection function to enable the placement of the adversarial patch on multiple target objects in the image (e.g., cars), each of which may be located a different distance away from the camera or have a different view angle relative to the camera, and (ii) a unique loss function capable of changing the label of the attacked objects. The proposed universal patch, which is trained in the digital domain, is transferable to the physical domain. We performed an extensive evaluation using different types of object detectors, different video streams captured by different cameras, and various target classes, and evaluated different configurations of the adversarial patch in the physical domain.

Link
2022/11/6

The threat of offensive ai to organizations

Yisroel Mirsky, Ambra Demontis, Jaidip Kotak, Ram Shankar, Deng Gelei, Liu Yang, Xiangyu Zhang, Maura Pintor, Wenke Lee, Yuval Elovici, Battista Biggio

Computers & Security, 103006, 2022

2022/11/6

The threat of offensive ai to organizations

Yisroel Mirsky, Ambra Demontis, Jaidip Kotak, Ram Shankar, Deng Gelei, Liu Yang, Xiangyu Zhang, Maura Pintor, Wenke Lee, Yuval Elovici, Battista Biggio

Computers & Security, 103006, 2022

AI has provided us with the ability to automate tasks, extract information from vast amounts of data, and synthesize media that is nearly indistinguishable from the real thing. However, positive tools can also be used for negative purposes. In particular, cyber adversaries can use AI to enhance their attacks and expand their campaigns.Although offensive AI has been discussed in the past, there is a need to analyze and understand the threat in the context of organizations. For example, how does an AI-capable adversary impact the cyber kill chain? Does AI benefit the attacker more than the defender? What are the most significant AI threats facing organizations today and what will be their impact on the future?In this study, we explore the threat of offensive AI on organizations. First, we present the background and discuss how AI changes the adversary’s methods, strategies, goals, and overall attack model. Then …

Link
2022/11/1

Practical evaluation of poisoning attacks on online anomaly detectors in industrial control systems

Moshe Kravchik, Luca Demetrio, Battista Biggio, Asaf Shabtai

Computers & Security 122, 102901, 2022

2022/11/1

Practical evaluation of poisoning attacks on online anomaly detectors in industrial control systems

Moshe Kravchik, Luca Demetrio, Battista Biggio, Asaf Shabtai

Computers & Security 122, 102901, 2022

Recently, neural networks (NNs) have been proposed for the detection of cyber attacks targeting industrial control systems (ICSs). Such detectors are often retrained, using data collected during system operation, to cope with the evolution of the monitored signals over time. However, by exploiting this mechanism, an attacker can fake the signals provided by corrupted sensors at training time and poison the learning process of the detector to allow cyber attacks to stay undetected at test time. Previous work explored the ability to generate adversarial samples that fool anomaly detection models in ICSs but without compromising their training process. With this research, we are the first to demonstrate such poisoning attacks on ICS cyber attack online detectors based on neural networks. We propose two distinct attack algorithms, namely, interpolation- and back-gradient-based poisoning, and demonstrate their …

Link
2022/11/1

Security of open radio access networks

Dudu Mimran, Ron Bitton, Yehonatan Kfir, Eitan Klevansky, Oleg Brodt, Heiko Lehmann, Yuval Elovici, Asaf Shabtai

Computers & Security 122, 102890, 2022

2022/11/1

Security of open radio access networks

Dudu Mimran, Ron Bitton, Yehonatan Kfir, Eitan Klevansky, Oleg Brodt, Heiko Lehmann, Yuval Elovici, Asaf Shabtai

Computers & Security 122, 102890, 2022

The Open Radio Access Network (O-RAN) is a promising radio access network (RAN) architecture aimed at reshaping the RAN industry toward an open, adaptive, and intelligent RAN. In this paper, we perform a comprehensive security analysis of O-RANs. Specifically, we review the architectural blueprint designed by the O-RAN Alliance, leader in the cellular ecosystem. As part of the security analysis, we provide a detailed overview of the O-RAN architecture; present an ontology for evaluating the security of a system that is currently at an early development stage; identify O-RAN’s high-risk areas; enumerate O-RAN’s threat actors; and model potential threats to O-RAN. The significance of this work is in providing an updated attack surface to cellular network operators. Based on the attack surface, cellular network operators can carefully deploy the appropriate countermeasures to improve O-RAN’s security.

Link
2022/9/28

Workshop on Security and Privacy in Social Networks (SPSN 2012)

Yaniv Altshuler, Armin Cremers, Yehudith Naftalovich, VS Subrahmanian, Rami Puzis, MIT Yves-Alex, re de Montjoye, Arie Matsliah, Manuel Cebrian, UCSD Wei Pan, MIT Jean-Pierre Seifert, Bernhard Loehlein, Deutsche Telekom

2022/9/28

Workshop on Security and Privacy in Social Networks (SPSN 2012)

Yaniv Altshuler, Armin Cremers, Yehudith Naftalovich, VS Subrahmanian, Rami Puzis, MIT Yves-Alex, re de Montjoye, Arie Matsliah, Manuel Cebrian, UCSD Wei Pan, MIT Jean-Pierre Seifert, Bernhard Loehlein, Deutsche Telekom

Workshop on Security and Privacy in Social Networks (SPSN 2012) Committees Toggle
navigation IEEE Computer Society Digital Library Jobs Tech News Resource Center Press
Room Advertising About Us IEEE IEEE Computer Society IEEE Computer Society Digital
Library My Subscriptions Magazines Journals Conference Proceedings Institutional
Subscriptions IEEE IEEE Computer Society More Jobs Tech News Resource Center Press
Room Advertising About Us Cart All Advanced Search Conference Cover Image Download
1.Home 2.Proceedings 3.passat-socialcom 2012 Workshop on Security and Privacy in
Social Networks (SPSN 2012) Committees 2012, pp. xxv-xxv, DOI Bookmark: 10.1109/SocialCom-PASSAT.2012.142
Keywords Authors Abstract Provides a listing of current committee members. Workshop on
Security and Privacy in Social Networks(SPSN 2012) Organizing Committee Yuval Elovici, …

Link
2022/9/28

PASSAT/SocialCom 2011 Workshop Committees

Armin Cremers, Alfred Bruckstein, VS Subrahmanian, Rami Puzis, Sagi Ben Moshe, Ronen Vaisenberg, Arie Matsliah, Orna Agmon Ben-Yehuda, Shlomi Dolev, Alvin Chin, Martin Atzmueller, Denis Helic, Ed Chi, Markus Strohmaier, Daniel Gayo-Avello, France Wai-Tat Fu

2022/9/28

PASSAT/SocialCom 2011 Workshop Committees

Armin Cremers, Alfred Bruckstein, VS Subrahmanian, Rami Puzis, Sagi Ben Moshe, Ronen Vaisenberg, Arie Matsliah, Orna Agmon Ben-Yehuda, Shlomi Dolev, Alvin Chin, Martin Atzmueller, Denis Helic, Ed Chi, Markus Strohmaier, Daniel Gayo-Avello, France Wai-Tat Fu

Provides a listing of current committee members.

Link
2022/9/28

ASONAM 2011 External Reviewers

Hijbul Alam, Sofia Angeletou, Sam Blasiak, Haiquan Chen, Shumo Chu, Kamalika Das, Pasquale De Meo, Bolin Ding, Huiji Gao, Toader David Gherasim, Robert Görke, Zhouzhou He, Xia Hu, Ioana Hulpus, Andrey Kan, Daisuke Kitayama, Shamanth Kumar, Yi-Horng Lai, Ofrit Lesser, Alex Leung, Yingming Li, Shoude Lin, Lin Liu, Claudia Marinica, Pierre-Nicolas Mougel, Kenta Oku, Yu Peng, Giovanni Ponti, Harald Psaier, Rami Puzis, Kun Qian, Pir Abdul Rasool Queshi, Pir Abdul Rasool Qureshi, Zeehasham Rasheed, Jia Rong Rouff, Ning Ruan, Tanwistha Saha, Marian Scuturici, Anna Stavrianou, Xiaoyuan Su, Jiliang Tang, Mohammad A Tayebi, Ze Tian, Martin Treiber, Shiro Uesugi, Jinlong Wang, Chao-Lin Wu, Yang Xiang, Zhiqiang Xu, Ming Yang, Liangliang Ye, Xiao Yu, Yang Yu, Jianwei Zhang

2022/9/28

ASONAM 2011 External Reviewers

Hijbul Alam, Sofia Angeletou, Sam Blasiak, Haiquan Chen, Shumo Chu, Kamalika Das, Pasquale De Meo, Bolin Ding, Huiji Gao, Toader David Gherasim, Robert Görke, Zhouzhou He, Xia Hu, Ioana Hulpus, Andrey Kan, Daisuke Kitayama, Shamanth Kumar, Yi-Horng Lai, Ofrit Lesser, Alex Leung, Yingming Li, Shoude Lin, Lin Liu, Claudia Marinica, Pierre-Nicolas Mougel, Kenta Oku, Yu Peng, Giovanni Ponti, Harald Psaier, Rami Puzis, Kun Qian, Pir Abdul Rasool Queshi, Pir Abdul Rasool Qureshi, Zeehasham Rasheed, Jia Rong Rouff, Ning Ruan, Tanwistha Saha, Marian Scuturici, Anna Stavrianou, Xiaoyuan Su, Jiliang Tang, Mohammad A Tayebi, Ze Tian, Martin Treiber, Shiro Uesugi, Jinlong Wang, Chao-Lin Wu, Yang Xiang, Zhiqiang Xu, Ming Yang, Liangliang Ye, Xiao Yu, Yang Yu, Jianwei Zhang

External Reviewers Toggle navigation IEEE Computer Society Digital Library Jobs Tech News
Resource Center Press Room Advertising About Us IEEE IEEE Computer Society IEEE
Computer Society Digital Library My Subscriptions Magazines Journals Conference Proceedings
Institutional Subscriptions IEEE IEEE Computer Society More Jobs Tech News Resource
Center Press Room Advertising About Us Cart All Advanced Search Conference Cover Image
Download 1.Home 2.Proceedings 3.asonam 2011 External Reviewers 2011, pp. xxviii, DOI
Bookmark: 10.1109/ASONAM.2011.9 Keywords Authors Abstract The conference offers a note
of thanks and lists its reviewers. ASONAM 2011 External Reviewers Hijbul Alam Sofia
Angeletou Sam Blasiak Haiquan Chen Shumo Chu Kamalika Das Pasquale De Meo Bolin Ding
Huiji Gao Toader David Gherasim Robert Görke Zhouzhou He Xia Hu Ioana Hulpus Andrey …

Link
2022/9/28

SwSTE 2016 Reviewers

Yehuda Afek, Paolo Alencar, Amir Averbuch, Mira Balaban, IBM Avishay Bartik, Israel Dan Berry, Anat Bremler-Barr, Ronit Bustin, Itai Dinur, Danny Dolev, YDC Yael Dubinsky, Israel Amit Dvir, Michael Elhadad, Yuval Elovici, Dror Feitelson, Yishai A Feldman, Ariel Frank, Carlo Ghezzi, Yossi Gil, Ehud Gudes, Orit Hazzan, Danny Hendler, Shmuel Katz, Daniel Khankin, Vladimir Kolesnikov, Jeff Kramer, Sarit Kraus, Tsvi Kuflik, Tami Lapidot, Julio Cesar Leite, Luisa Mich, Leon Osterweil, Rami Puzis, Iris Reinhartz-Berger

2022/9/28

SwSTE 2016 Reviewers

Yehuda Afek, Paolo Alencar, Amir Averbuch, Mira Balaban, IBM Avishay Bartik, Israel Dan Berry, Anat Bremler-Barr, Ronit Bustin, Itai Dinur, Danny Dolev, YDC Yael Dubinsky, Israel Amit Dvir, Michael Elhadad, Yuval Elovici, Dror Feitelson, Yishai A Feldman, Ariel Frank, Carlo Ghezzi, Yossi Gil, Ehud Gudes, Orit Hazzan, Danny Hendler, Shmuel Katz, Daniel Khankin, Vladimir Kolesnikov, Jeff Kramer, Sarit Kraus, Tsvi Kuflik, Tami Lapidot, Julio Cesar Leite, Luisa Mich, Leon Osterweil, Rami Puzis, Iris Reinhartz-Berger

The conference offers a note of thanks and lists its reviewers.

Link
2022/9/28

Is the News Deceptive? Fake News Detection using Topic Authenticity

Aviad Elyashar, Jorge Bendahan, Rami Puzis

2022/9/28

Is the News Deceptive? Fake News Detection using Topic Authenticity

Aviad Elyashar, Jorge Bendahan, Rami Puzis

In this paper, we propose an approach for the detection of fake news in online social media (OSM). The approach is based on the authenticity of online discussions published by fake news promoters and legitimate accounts. Authenticity is quantified using a machine learning (ML) classifier that distinguishes between fake news promoters and legitimate accounts. In addition, we introduce novel link prediction features that were shown to be useful for classification. A description of the processes used to divide the dataset into categories representing topics or online discussions and measuring the authenticity of online discussions is provided. We also discuss new data collection methods for OSM, describe the process used to retrieve accounts and their posts in order to train traditional ML classifiers, and present guidelines for manually labeling accounts. The proposed approach is demonstrated using a Twitter pro-ISIS fanboy dataset provided by Kaggle. Our results show that the method can determine a topic’s authenticity from fake news promoters, and legitimate accounts. Thus, the suggested approach is effective for discriminating between topics that were strongly promoted by fake news promoters and those that attracted authentic public interest.

Link
2022/9/28

Potential Search: a greedy anytime heuristic search

Roni Stern, Rami Puzis, Ariel Felner

2022/9/28

Potential Search: a greedy anytime heuristic search

Roni Stern, Rami Puzis, Ariel Felner

In this paper we explore a novel approach for anytime heuristic search, in which the node that is most probable to improve the incumbent solution is expanded first. This is especially suited for the anytime aspect of anytime algorithms-the possibility that the algorithm will be be halted anytime throughout the search. The potential of a node to improve the incumbent solution is estimated by a custom cost function, resulting in Potential Search, an anytime best-first search. Experimental results on the 15-puzzle and the key player problem in communication networks (KPP-COM) show that this approach is competitive with state-of-the-art anytime heuristic search algorithms, and is more robust.

Link
2022/9/28

Iterative Keyword Optimization

Aviad Elyashar, Maor Reuben, Rami Puzis

2022/9/28

Iterative Keyword Optimization

Aviad Elyashar, Maor Reuben, Rami Puzis

Short keyword queries are one of the main tool of any user or bot seeking information through the ubiquitous search engines. Automated keyword optimization relies primarily on the analysis of data repositories in order to find a small set of keywords that identify the topic discussed and relevant documents. However, most search engines, available today on the Web are opaque, providing little to no information about their methods and the searched repository.In this paper, we propose an automated iterative optimization of short keyword queries in order to improve information retrieval from opaque (black box) search engines. The use case considered involves the retrieval of relevant posts from online social media for a given a news article (claim) discussed online. The proposed algorithm iteratively selects keywords while querying the search engine and comparing a small set of retrieved posts to the given news article using a mean relevance error based on word embedding. We demonstrate the proposed algorithm while building a Fake News dataset from claims (collected from fact-checking websites) and their associated tweets. The proposed mean relevance error was found to be accurate for differentiating between relevant and irrelevant posts (0.9 AUC). The optimized queries produce similar results to manually extracted keywords and outperform TF-IDF based methods and POS tagging.

Link
2022/9/28

PriSecCSN2012 Organizing and Program Committees

S Yu Philip, Bhavani Thuraisingham, Vijay Varadharajan, Chang Liu, Jinjun Chen, Rose-Mharie Åhlfeldt, Cristina Alcaraz, Basel Alomair, Aless, ro Arm, o, Reza Azarderakhsh, Shlomi Dolev, Rino Falcone, Debasis Giri, Dieter Gollmann, Kartik Gopalan, Victor Govindaswamy, Shuguo Han, Ching-Hsien Hsu, Meiko Jensen, Henrik Johnsson, Changhoon Lee, Sjouke Mauw, Charles Morisset, Stefano Paraboschi, Gerard Parr, Siani Pearson, Guenther Pernul, Radha Poovendran, Rami Puzis, Peter Ryan, Jean-Marc Seigneur, Abhinav Srivastava, Guilin Wang, Ke Wang, Yang Xiang

2022/9/28

PriSecCSN2012 Organizing and Program Committees

S Yu Philip, Bhavani Thuraisingham, Vijay Varadharajan, Chang Liu, Jinjun Chen, Rose-Mharie Åhlfeldt, Cristina Alcaraz, Basel Alomair, Aless, ro Arm, o, Reza Azarderakhsh, Shlomi Dolev, Rino Falcone, Debasis Giri, Dieter Gollmann, Kartik Gopalan, Victor Govindaswamy, Shuguo Han, Ching-Hsien Hsu, Meiko Jensen, Henrik Johnsson, Changhoon Lee, Sjouke Mauw, Charles Morisset, Stefano Paraboschi, Gerard Parr, Siani Pearson, Guenther Pernul, Radha Poovendran, Rami Puzis, Peter Ryan, Jean-Marc Seigneur, Abhinav Srivastava, Guilin Wang, Ke Wang, Yang Xiang

PriSecCSN2012 Organizing and Program Committees Toggle navigation IEEE Computer Society
Digital Library Jobs Tech News Resource Center Press Room Advertising About Us IEEE IEEE
Computer Society IEEE Computer Society Digital Library My Subscriptions Magazines Journals
Conference Proceedings Institutional Subscriptions IEEE IEEE Computer Society More Jobs Tech
News Resource Center Press Room Advertising About Us Cart All Advanced Search Conference
Cover Image Download 1.Home 2.Proceedings 3.cgc 2012 PriSecCSN2012 Organizing and
Program Committees 2012, pp. xxviii-xxviii, DOI Bookmark: 10.1109/CGC.2012.135
Keywords Authors Abstract Provides a listing of current committee members. PriSecCSN2012
Organizing and Program Committees General Chairs Philip S. Yu, University of Illinois
at Chicago, USA Bhavani Thuraisingham, The University of Texas at Dallas, USA …

Link
2022/9/28

AGrO-Fake: optimal Attack Graph Obfuscation using Fake vulnerabilities

Hadar Polad, Rami Puzis, Bracha Shapira

2022/9/28

AGrO-Fake: optimal Attack Graph Obfuscation using Fake vulnerabilities

Hadar Polad, Rami Puzis, Bracha Shapira

Following initial penetration into the victim’s network, adversaries usually explore environment in an attempt to discover the network topology and vulnerabilities in the victim’s hosts. Attack graphs are used to model the paths of an attacker within the victim’s network making his/her way towards the goal. Falsifying the information collected by the adversary may significantly slow down lateral movement and increase the amount of noise generated by the attacker within the victim’s network. This in turn will ease on his/her detection. Fake vulnerabilities deployed within the enterprise network can obfuscate the attack graph observed by the adversary. Heuristic search algorithms are used to optimize the assignments of fake vulnerabilities in terms of the maximal negative impact of the attack cost. According to computational experiments conducted on a real large-scale network the proposed deception-based defense can increase the number of attack actions required to reach a goal by more that 100% with only 2-5 fake vulnerabilities.

Link
2022/9/28

Group Betweenness Centrality: Efficient Computations and Applications

Rami Puzis

2022/9/28

Group Betweenness Centrality: Efficient Computations and Applications

Rami Puzis

Complex networks are used to study the structure and dynamics of complex systems in various disciplines. For example in social networks, vertices are usually individuals and edges characterize the relations between them; in computer networks, vertices might be routers connected to each other through communication lines.In many applications we are required to locate the most prominent group of vertices in a complex network. For example, Ballester et al. state in [1] the importance of finding the key group in a criminal network. Borgatti elaborates in [2] on a Key Player Problem (KPP) that is strongly related to the cohesion of a network. Groups or routers or links that has maximal potential to control over traffic in communication networks can be used to increase the effectiveness of network measurements or intrusion detection in computer communication networks.

Link
2022/9/28

Optimizing the Deployment Strategy of Distributed Network Intrusion Detection Systems (DNIDS) in Large-scale Communication Networks

Rami Puzis

Ben Gurion University, 2009

2022/9/28

Optimizing the Deployment Strategy of Distributed Network Intrusion Detection Systems (DNIDS) in Large-scale Communication Networks

Rami Puzis

Ben Gurion University, 2009

Link
2022/9/28

On-Line detection and prediction of temporal patterns

Shlomi Dolev, Jonathan Goldfeld, Rami Puzis

Haifa Verification Conference, 254-256, 2011

2022/9/28

On-Line detection and prediction of temporal patterns

Shlomi Dolev, Jonathan Goldfeld, Rami Puzis

Haifa Verification Conference, 254-256, 2011

Identifying a temporal pattern of events is a fundamental task of on-line (real-time) verification. In this work we present efficient schemes for on-line monitoring of events for identifying predefined patterns of events. The schemes use preprocessing to ensure that the number of comparisons during run-time is minimized. In particular, obsoloete sub-sequences are discarded to avoid unnecessary comparisons.We use our monitoring scheme for estimating the probability that a random suffix of a given execution will contain the pattern.

Link
2022/9/28

Lookie-A Case Study of a Location Based Collaborative Application

Elina Yaakobovich, Rami Puzis

COLLA 2014, 42, 2014

2022/9/28

Lookie-A Case Study of a Location Based Collaborative Application

Elina Yaakobovich, Rami Puzis

COLLA 2014, 42, 2014

In the age of smartphones, increased online social connectivity, and advanced technological capabilities, collaborative applications often take advantage of crowd resources in an effort to enhance the welfare of the community. Lookie is a collaborative application where users can ask other users to share up to date footage regarding their whereabouts. This paper presents the results of a field trial performed with Lookie, focusing on aspects of user experience, privacy, and participation. Analysis of system logs and questionnaires answered by the field trial participants produced the following key results:(1) users’ perceived participation is biased toward their own active deeds,(2) appropriate timing of requests and personalized meaningful request messages improve user experience,(3) most users do not mind helping strangers by taking pictures or answering requests but many refrain from disclosing their location, and finally,(4) users that indicate privacy concerns and feel reluctant to reply to requests, have the same average response ratio as the rest of the community, although, they initiate less interactions.

Link
2022/9/28

Brain inspired automatic directory

Itay Azaria, Shlomi Dolev, Ariel Hanemann, Rami Puzis

2016 Second International Symposium on Stochastic Models in Reliability …, 2016

2022/9/28

Brain inspired automatic directory

Itay Azaria, Shlomi Dolev, Ariel Hanemann, Rami Puzis

2016 Second International Symposium on Stochastic Models in Reliability …, 2016

The fascinating question of the relation of information and coding theory to the memories stored in the brain is our research scope. We speculate there is a similar code used to represent different memories, rather than unique code for different memories. The uniform cortex structure supports our speculation. Recently we suggested holographic coding that can fit Pribram’s holographic memory theory. Using the holographic coding metaphor, the memory should be retrieved by a reference beam as in a hologram. We explore the possibility that the brain learns its directory (possibly in the temporal lobe), during memory consolidation. This directory is a neural network that is used for sending signals to the cortex to recall memories. The network learns to distinguish between objects during saving, in order to signal the correct recall. Haar features (HF) are 0/1 matrices used for face recognition. We use HF to learn to …

Link
2022/9/28

Efficient online detection of temporal patterns

Shlomi Dolev, Jonathan Goldfeld, Rami Puzis

PeerJ Computer Science 2, e53, 2016

2022/9/28

Efficient online detection of temporal patterns

Shlomi Dolev, Jonathan Goldfeld, Rami Puzis

PeerJ Computer Science 2, e53, 2016

Identifying a temporal pattern of events is a fundamental task of online (real-time) verification. We present efficient schemes for online monitoring of events for identifying desired/undesired patterns of events. The schemes use preprocessing to ensure that the number of comparisons during run-time is minimized. In particular, the first comparison following the time point when an execution sub-sequence cannot be further extended to satisfy the temporal requirements halts the process that monitors the sub-sequence.

Link
2022/9/28

Pinpoint Influential Posts and Authors

Luiza Nacshon, Rami Puzis, Amparo Sanmateho

arXiv preprint arXiv:1609.02945, 2016

2022/9/28

Pinpoint Influential Posts and Authors

Luiza Nacshon, Rami Puzis, Amparo Sanmateho

arXiv preprint arXiv:1609.02945, 2016

This research presents an analytical model that aims to pin-point influential posts across a social web comprised of a corpus of posts. The model employs the Latent Dirichlet Al-location algorithm to associate posts with topics, and the TF-IDF metric to identify the key posts associated with each top-ic. The model was demonstrated in the domain of customer relationship by enabling careful monitoring of evolving “storms” created by individuals which tend to impact large audiences (either positively or negatively). Future research should be engaged in order to extend the scope of the corpus by including additional relevant publicly available sources.

Link
2022/9/28

DiscOF: Balanced flow discovery in OpenFlow

Luiza Nacshon, Rami Puzis, Polina Zilberman

2017 IEEE Conference on Network Function Virtualization and Software Defined …, 2017

2022/9/28

DiscOF: Balanced flow discovery in OpenFlow

Luiza Nacshon, Rami Puzis, Polina Zilberman

2017 IEEE Conference on Network Function Virtualization and Software Defined …, 2017

Flexibility and extendibility of Software Defined Networks allows development of diverse network management and flow monitoring techniques. Yet, there are inherent tradeoffs between the quality of flow monitoring and the required network resources. In particular, collecting flow statistics, at the level of specific source-destination addresses (and, moreover, specific protocols and ports), requires too many flow table entries. This problem is emphasized by the difficulty of anticipating the individual flows that need to be monitored. In this paper we propose a method for dynamic flow discovery at any required spatial resolution. In addition, we propose a method for balancing the monitoring effort among the switches. These methods allow increasing the spatial resolution of traffic monitoring with minimal effects of the network performance.

Link
2022/9/28

Target oriented network intelligence collection: effective exploration of social networks

Rami Puzis, Liron Kachko, Barak Hagbi, Roni Stern, Ariel Felner

World Wide Web 22, 1447-1480, 2019

2022/9/28

Target oriented network intelligence collection: effective exploration of social networks

Rami Puzis, Liron Kachko, Barak Hagbi, Roni Stern, Ariel Felner

World Wide Web 22, 1447-1480, 2019

Target Oriented Network Intelligence Collection (TONIC) is a crawling process whose goal is to find social network profiles that contain information about a given target. Such profiles are called leads and the TONIC problem is how to minimize crawling costs incurred while finding them. We model this problem as a search problem in an unknown graph and present a best-first search approach for solving it. Three key challenges are (1) which profiles to consider crawling to, (2) how to prioritize the crawling order, and (3) when additional crawling is not worthwhile. For the first challenge, we propose two frameworks: the Restricted TONIC Framework (RTF), that restricts the search to immediate neighbors of previously found leads, and the Extended TONIC Framework (ETF), that extends the scope of the search to a wider neighborhood. Guidelines for when to choose which framework are provided. For the …

Link
2022/9/28

Attack Hypothesis Generation

Polina Zilberman Aviad Elitzur, Rami Puzis

Conference: European Intelligence and Security Informatics Conference (EISIC …, 2019

2022/9/28

Attack Hypothesis Generation

Polina Zilberman Aviad Elitzur, Rami Puzis

Conference: European Intelligence and Security Informatics Conference (EISIC …, 2019

2022/9/28

It Runs in the Family: Searching for Synonyms Using Digitized Family Trees

Aviad Elyashar, Rami Puzis, Michael Fire

arXiv preprint arXiv:1912.04003, 2019

2022/9/28

It Runs in the Family: Searching for Synonyms Using Digitized Family Trees

Aviad Elyashar, Rami Puzis, Michael Fire

arXiv preprint arXiv:1912.04003, 2019

Searching for a person’s name is a common online activity. However, Web search engines provide few accurate results to queries containing names. In contrast to a general word which has only one correct spelling, there are several legitimate spellings of a given name. Today, most techniques used to suggest synonyms in online search are based on pattern matching and phonetic encoding, however they often perform poorly. As a result, there is a need for an effective tool for improved synonym suggestion. In this paper, we propose a revolutionary approach for tackling the problem of synonym suggestion. Our novel algorithm, GRAFT, utilizes historical data collected from genealogy websites, along with network algorithms. GRAFT is a general algorithm that suggests synonyms using a graph based on names derived from digitized ancestral family trees. Synonyms are extracted from this graph, which is constructed using generic ordering functions that outperform other algorithms that suggest synonyms based on a single dimension, a factor that limits their performance. We evaluated GRAFT’s performance on three ground truth datasets of forenames and surnames, including a large-scale online genealogy dataset with over 16 million profiles and more than 700,000 unique forenames and 500,000 surnames. We compared GRAFT’s performance at suggesting synonyms to 10 other algorithms, including phonetic encoding, string similarity algorithms, and machine and deep learning algorithms. The results show GRAFT’s superiority with respect to both forenames and surnames and demonstrate its use as a tool to improve synonym suggestion.

Link
2022/9/28

How Does That Sound? Multi-Language SpokenName2Vec Algorithm Using Speech Generation and Deep Learning

Aviad Elyashar, Rami Puzis, Michael Fire

arXiv preprint arXiv:2005.11838, 2020

2022/9/28

How Does That Sound? Multi-Language SpokenName2Vec Algorithm Using Speech Generation and Deep Learning

Aviad Elyashar, Rami Puzis, Michael Fire

arXiv preprint arXiv:2005.11838, 2020

Searching for information about a specific person is an online activity frequently performed by many users. In most cases, users are aided by queries containing a name and sending back to the web search engines for finding their will. Typically, Web search engines provide just a few accurate results associated with a name-containing query. Currently, most solutions for suggesting synonyms in online search are based on pattern matching and phonetic encoding, however very often, the performance of such solutions is less than optimal. In this paper, we propose SpokenName2Vec, a novel and generic approach which addresses the similar name suggestion problem by utilizing automated speech generation, and deep learning to produce spoken name embeddings. This sophisticated and innovative embeddings captures the way people pronounce names in any language and accent. Utilizing the name pronunciation can be helpful for both differentiating and detecting names that sound alike, but are written differently. The proposed approach was demonstrated on a large-scale dataset consisting of 250,000 forenames and evaluated using a machine learning classifier and 7,399 names with their verified synonyms. The performance of the proposed approach was found to be superior to 10 other algorithms evaluated in this study, including well used phonetic and string similarity algorithms, and two recently proposed algorithms. The results obtained suggest that the proposed approach could serve as a useful and valuable tool for solving the similar name suggestion problem.

Link
2022/9/28

Fake News Data Collection and Classification: Iterative Query Selection for Opaque Search Engines with Pseudo Relevance Feedback

Aviad Elyashar, Maor Reuben, Rami Puzis

arXiv preprint arXiv:2012.12498, 2020

2022/9/28

Fake News Data Collection and Classification: Iterative Query Selection for Opaque Search Engines with Pseudo Relevance Feedback

Aviad Elyashar, Maor Reuben, Rami Puzis

arXiv preprint arXiv:2012.12498, 2020

Retrieving information from an online search engine, is the first and most important step in many data mining tasks. Most of the search engines currently available on the web, including all social media platforms, are black-boxes (a.k.a opaque) supporting short keyword queries. In these settings, retrieving all posts and comments discussing a particular news item automatically and at large scales is a challenging task. In this paper, we propose a method for generating short keyword queries given a prototype document. The proposed iterative query selection algorithm (IQS) interacts with the opaque search engine to iteratively improve the query. It is evaluated on the Twitter TREC Microblog 2012 and TREC-COVID 2019 datasets showing superior performance compared to state-of-the-art. IQS is applied to automatically collect a large-scale fake news dataset of about 70K true and fake news items. The dataset, publicly available for research, includes more than 22M accounts and 61M tweets in Twitter approved format. We demonstrate the usefulness of the dataset for fake news detection task achieving state-of-the-art performance.

Link
2022/9/28

It Runs in the Family: Unsupervised Algorithm for Alternative Name Suggestion Using Digitized Family Trees

Aviad Elyashar, Rami Puzis, Michael Fire

IEEE Transactions on Knowledge & Data Engineering, 1-1, 2021

2022/9/28

It Runs in the Family: Unsupervised Algorithm for Alternative Name Suggestion Using Digitized Family Trees

Aviad Elyashar, Rami Puzis, Michael Fire

IEEE Transactions on Knowledge & Data Engineering, 1-1, 2021

Searching for a person’s name is a common online activity. However, Web search engines provide few accurate results to queries containing names. In contrast to a general word that has only one correct spelling, there are several possible legitimate spellings when a name provided as a query. Today, most techniques used to suggest diminutives and alternative spellings in online search are based on pattern matching and phonetic encoding; however, they often perform poorly. As a result, there is a need for an effective tool for improved alternative name suggestion for a name provided as a query. In this paper, we propose a revolutionary approach for tackling the problem of alternative name suggestion. Our novel algorithm, GRAFT, utilizes historical data collected from genealogy websites, along with network algorithms. GRAFT is a general algorithm that suggests alternatives for input names using a graph based …

Link
2022/9/28

How does that name sound? Name representation learning using accent-specific speech generation

Aviad Elyashar, Rami Puzis, Michael Fire

Knowledge-Based Systems 227, 107229, 2021

2022/9/28

How does that name sound? Name representation learning using accent-specific speech generation

Aviad Elyashar, Rami Puzis, Michael Fire

Knowledge-Based Systems 227, 107229, 2021

Searching for information about a specific person is a frequent online activity. In most cases, users are aided in the search process by queries containing a name in Web search engines. Typically, Web search engines provide just a few accurate results associated with a name-containing query. Most existing solutions for suggesting synonyms in online search are based on pattern matching and phonetic encoding, however very often, the performance of such solutions is less than optimal. In this paper, we propose SpokenName2Vec, a novel and generic algorithm which addresses the synonym suggestion problem by utilizing automated speech generation, and deep learning to produce novel spoken name embeddings. These embeddings capture the way people pronounce names in a particular language and accent. Utilizing a name’s pronunciation can help detect names that sound alike, but are written differently …

Link
2022/9/28

MCTransformer: Combining Transformers And Monte-Carlo Tree Search For Offline Reinforcement Learning

Gur Yaari, Lior Rokach, Rami Puzis, Gilad Katz

2022/9/28

MCTransformer: Combining Transformers And Monte-Carlo Tree Search For Offline Reinforcement Learning

Gur Yaari, Lior Rokach, Rami Puzis, Gilad Katz

Recent studies explored the framing of reinforcement learning as a sequence modeling problem, and then using Transformers to generate effective solutions. In this study, we introduce MCTransformer, a framework that combines Monte-Carlo Tree Search (MCTS) with Transformers. Our approach uses an actor-critic setup, where the MCTS component is responsible for navigating previously-explored states, aided by input from the Transformer. The Transformer controls the exploration and evaluation of new states, enabling an effective and efficient evaluation of various strategies. In addition to the development of highly effective strategies, our setup enables the use of more efficient sampling compared to existing MCTS-based solutions. MCTransformer is therefore able to perform a small number of evaluations for each newly-explored node, and to do so without degrading its performance. Our evaluation, conducted on the challenging and well-known problem of SameGame, shows that our approach outperforms both Transformer-based and MCTS-based solutions.

Link
2022/9/28

MABAT: A Multi-Armed Bandit Approach for Threat-Hunting

Liad Dekel, Ilia Leybovich, Polina Zilberman, Rami Puzis

IEEE Transactions on Information Forensics and Security 18, 477-490, 2022

2022/9/28

MABAT: A Multi-Armed Bandit Approach for Threat-Hunting

Liad Dekel, Ilia Leybovich, Polina Zilberman, Rami Puzis

IEEE Transactions on Information Forensics and Security 18, 477-490, 2022

Threat hunting relies on cyber threat intelligence to perform active hunting of prospective attacks instead of waiting for an attack to trigger some pre-configured alerts. One of the most important aspects of threat hunting is automation, especially when it concerns targeted data collection. Multi-armed bandits (MAB) is a family of problems that can be used to optimize the targeted data collection and balance between exploration and exploitation of the collected data. Unfortunately, state-of-the-art policies for solving MAB with dependent arms do not utilize the detailed interrelationships between attacks such as telemetry or artifacts shared by multiple attacks. We propose new policies, one of which is theoretically proven, to prioritize the investigated attacks during targeted data collection. Experiments with real data extracted from VirusTotal behavior reports show the superiority of the proposed techniques and their …

Link
2022/9/28

Cross Version Defect Prediction with Class Dependency Embeddings

Moti Cohen, Lior Rokach, Rami Puzis

arXiv preprint arXiv:2212.14404, 2022

2022/9/28

Cross Version Defect Prediction with Class Dependency Embeddings

Moti Cohen, Lior Rokach, Rami Puzis

arXiv preprint arXiv:2212.14404, 2022

Software Defect Prediction aims at predicting which software modules are the most probable to contain defects. The idea behind this approach is to save time during the development process by helping find bugs early. Defect Prediction models are based on historical data. Specifically, one can use data collected from past software distributions, or Versions, of the same target application under analysis. Defect Prediction based on past versions is called Cross Version Defect Prediction (CVDP). Traditionally, Static Code Metrics are used to predict defects. In this work, we use the Class Dependency Network (CDN) as another predictor for defects, combined with static code metrics. CDN data contains structural information about the target application being analyzed. Usually, CDN data is analyzed using different handcrafted network measures, like Social Network metrics. Our approach uses network embedding techniques to leverage CDN information without having to build the metrics manually. In order to use the embeddings between versions, we incorporate different embedding alignment techniques. To evaluate our approach, we performed experiments on 24 software release pairs and compared it against several benchmark methods. In these experiments, we analyzed the performance of two different graph embedding techniques, three anchor selection approaches, and two alignment techniques. We also built a meta-model based on two different embeddings and achieved a statistically significant improvement in AUC of 4.7% (p < 0.002) over the baseline method.

Link
2022/9/28

Applying CVSS to Vulnerability Scoring in Cyber-Biological Systems

Rami Puzis, Isana Veksler-Lublinsky

Cyberbiosecurity, 115-134, 2023

2022/9/28

Applying CVSS to Vulnerability Scoring in Cyber-Biological Systems

Rami Puzis, Isana Veksler-Lublinsky

Cyberbiosecurity, 115-134, 2023

With the advent of synthetic biology, security concerns are rapidly emerging spanning both the biological and the digital realms. These concerns materialize into concrete weaknesses and vulnerabilities in biological and biomedical systems and in their supply chains. Cybersecurity risks and their biological impact on biosafety and health must be considered when developing new protocols, biological systems, and supporting machinery. It is very important to assess the risk and impact of exploiting cyberbiosecurity vulnerabilities in a systematic and methodological way. The common vulnerability scoring system (CVSS) quantifies the risk and impact of vulnerabilities in digital (software and hardware) systems. Although vulnerabilities in the machinery supporting synthetic biology can be reported in a standard way, their severity scoring does not encompass the biosafety and health impacts. Furthermore, no current …

Link
2022/9/28

DISCONA: distributed sample compression for nearest neighbor algorithm

Jedrzej Rybicki, Tatiana Frenklach, Rami Puzis

Applied Intelligence, 1-14, 2023

2022/9/28

DISCONA: distributed sample compression for nearest neighbor algorithm

Jedrzej Rybicki, Tatiana Frenklach, Rami Puzis

Applied Intelligence, 1-14, 2023

Sample compression using 𝜖-net effectively reduces the number of labeled instances required for accurate classification with nearest neighbor algorithms. However, one-shot construction of an 𝜖-net can be extremely challenging in large-scale distributed data sets. We explore two approaches for distributed sample compression: one where local 𝜖-net is constructed for each data partition and then merged during an aggregation phase, and one where a single backbone of an 𝜖-net is constructed from one partition and aggregates target label distributions from other partitions. Both approaches are applied to the problem of malware detection in a complex, real-world data set of Android apps using the nearest neighbor algorithm. Examination of the compression rate, computational efficiency, and predictive power shows that a single backbone of an 𝜖-net attains favorable performance while achieving a compression …

Link
2022/9/28

Link2speed: VANET speed assessment via link-state analysis

Alon Freund, Rami Puzis, Michael Segal

2023 IEEE Wireless Communications and Networking Conference (WCNC), 1-6, 2023

2022/9/28

Link2speed: VANET speed assessment via link-state analysis

Alon Freund, Rami Puzis, Michael Segal

2023 IEEE Wireless Communications and Networking Conference (WCNC), 1-6, 2023

Vehicular ad hoc network (VANET) is an emerging technology with a promising future and great challenges. It aims to promote safe driving, improve traffic flow and also enables a variety of entertainment applications. A fundamental need in such a network is the ability to assess vehicular speed. This enables the collection of statistics for the purpose of traffic engineering and long-term planning, and is also critical information for law enforcement groups. Many existing speed assessment technologies suffer from high physical visibility, and relatively expensive hardware. Even those that avoid detection, are inflexible due to being location specific. Therefore, reducing the ability to track and enforce traffic speed and limiting the collection of statistics for traffic engineering. In this paper, we propose a method for vehicle speed assessment, by extracting an induced Communication Connectivity Graph (CCG) from VANET …

Link
2022/9/28

Centrality Learning: Auralization and Route Fitting

Xin Li, Liav Bachar, Rami Puzis

Entropy 25 (8), 1115, 2023

2022/9/28

Centrality Learning: Auralization and Route Fitting

Xin Li, Liav Bachar, Rami Puzis

Entropy 25 (8), 1115, 2023

Developing a tailor-made centrality measure for a given task requires domain- and network-analysis expertise, as well as time and effort. Thus, automatically learning arbitrary centrality measures for providing ground-truth node scores is an important research direction. We propose a generic deep-learning architecture for centrality learning which relies on two insights: 1. Arbitrary centrality measures can be computed using Routing Betweenness Centrality (RBC); 2. As suggested by spectral graph theory, the sound emitted by nodes within the resonating chamber formed by a graph represents both the structure of the graph and the location of the nodes. Based on these insights and our new differentiable implementation of Routing Betweenness Centrality (RBC), we learn routing policies that approximate arbitrary centrality measures on various network topologies. Results show that the proposed architecture can learn multiple types of centrality indices more accurately than the state of the art.

Link
2022/9/28

NetFlow for openflow (NFO): Balanced flow monitoring in software defined networks

Rami Puzis, Luiza Nacshon, Polina Zilberman

IEEE Trans. J. Name, 1-14, 2016

2022/9/28

NetFlow for openflow (NFO): Balanced flow monitoring in software defined networks

Rami Puzis, Luiza Nacshon, Polina Zilberman

IEEE Trans. J. Name, 1-14, 2016

OpenFlow is a protocol-implementing Software Defined Networking, a new networking paradigm, which segregates packet forwarding and accounting from the routing decisions and advanced protocols. This segregation increases agility and flexibility and reduces operational expenses of the networking infrastructure. Despite the apparent benefits, many companies are unable to upgrade their networks to OpenFlow unless they renew their supplementary management and security infrastructures as well. The proposed solution, called NetFlow for OpenFlow (NFO) bridges the gap between trusted state-ofthe-art network monitoring infrastructures and standard OpenFlow networks. The proposed Flow Discovery technique enables the highest granularity per-flow monitoring while the Flow Assignment algorithm balances the monitoring resources to avoid overloading of routers. Overall, NFO makes the collection of flow-statistics in OpenFlow environment easier, cheaper, and more accurate.

Link
2022/9/28

Embedding-centrality: Generic centrality computation using neural networks

Rami Puzis, Zion Sofer, Dvir Cohen, Matan Hugi

Complex Networks IX: Proceedings of the 9th Conference on Complex Networks …, 2018

2022/9/28

Embedding-centrality: Generic centrality computation using neural networks

Rami Puzis, Zion Sofer, Dvir Cohen, Matan Hugi

Complex Networks IX: Proceedings of the 9th Conference on Complex Networks …, 2018

DerivingPuzis, RamivectorSofer, ZionrepresentationsCohen, Dvir of verticesHugi, Matan in graphs, a.k.a. vertex embedding, is an active field of research. Vertex embedding enables the application of relational data mining techniques to network data. Unintended use of vertex embedding unveils a novel generic method for centrality computation using neural networks. The new centrality measure, termed Embedding Centrality, proposed in this paper is defined as the dot product of a vertex and the center of mass of the graph. Simulation results confirm the validity of Embedding Centrality which correlates well with other commonly used centrality measures. Embedding Centrality can be tailored to specific applications by devising the appropriate context for vertex embedding and can facilitate further understanding of supervised and unsupervised learning methods on graph data.

Link
2022/9/28

Sequence preserving network traffic generation

Sigal Shaked, Amos Zamir, Roman Vainshtein, Moshe Unger, Lior Rokach, Rami Puzis, Bracha Shapira

arXiv preprint arXiv:2002.09832, 2020

2022/9/28

Sequence preserving network traffic generation

Sigal Shaked, Amos Zamir, Roman Vainshtein, Moshe Unger, Lior Rokach, Rami Puzis, Bracha Shapira

arXiv preprint arXiv:2002.09832, 2020

We present the Network Traffic Generator (NTG), a framework for perturbing recorded network traffic with the purpose of generating diverse but realistic background traffic for network simulation and what-if analysis in enterprise environments. The framework preserves many characteristics of the original traffic recorded in an enterprise, as well as sequences of network activities. Using the proposed framework, the original traffic flows are profiled using 200 cross-protocol features. The traffic is aggregated into flows of packets between IP pairs and clustered into groups of similar network activities. Sequences of network activities are then extracted. We examined two methods for extracting sequences of activities: a Markov model and a neural language model. Finally, new traffic is generated using the extracted model. We developed a prototype of the framework and conducted extensive experiments based on two real network traffic collections. Hypothesis testing was used to examine the difference between the distribution of original and generated features, showing that 30-100% of the extracted features were preserved. Small differences between n-gram perplexities in sequences of network activities in the original and generated traffic, indicate that sequences of network activities were well preserved.

Link
2022/9/28

Lawful Interception in WebRTC Peer-To-Peer Communication

Assaf Wagner, Rami Puzis

Cyber Security Cryptography and Machine Learning: 5th International …, 2021

2022/9/28

Lawful Interception in WebRTC Peer-To-Peer Communication

Assaf Wagner, Rami Puzis

Cyber Security Cryptography and Machine Learning: 5th International …, 2021

Lawful interception is the act of giving law enforcement officials access to communication between private individuals or organizations. According to the European Telecommunications Standards Institute (ETSI), service providers are expected to ensure that the entire contents of communication associated with the target identity being intercepted can be intercepted during the entire period of the lawful authorization, and that the delivery of the interception related information is reliable.In traditional telephone networks, authorized surveillance takes place by duplicating the conversation data at the service provider premises and forwarding it to law enforcement agencies (LEA). The same approach is suitable for VoIP communication, as long as the data is transferred via a mediator located on the service provider’s premises. Today, direct VoIP communication between clients is the preferred approach …

Link
2022/9/28

Tissue resilience: lessons from social resilience: Social sciences research on community resilience could inspire biology to understand homeostasis

Tomer Cooks, Rami Puzis, Odeya Cohen

EMBO reports 22 (8), e52926, 2021

2022/9/28

Tissue resilience: lessons from social resilience: Social sciences research on community resilience could inspire biology to understand homeostasis

Tomer Cooks, Rami Puzis, Odeya Cohen

EMBO reports 22 (8), e52926, 2021

In 2021, at the time of writing this article, societies around the world face the complex challenges and uncertainties of the COVID-19 pandemic. While the scientific community has worked hard to develop treatments and vaccines against the viral disease, countries are still struggling to cope with the medical, economic, and social impacts of a global health crisis. An important factor in their struggle is the concept of “resilience”, the ability of individuals, organizations, communities, and even whole nations to handle with a major crisis. Obviously, some countries have fared better during the pandemic so far, which owes, in good part, to public and health structures that provide them with said resilience so as to minimize the disturbance caused by COVID-19. Yet, the concept of resilience could be extended further down from nations or ecosystems to individual organisms and their organs or tissues.

Link
2022/9/28

Spillover Today? Predicting Traffic Overflows on Private Peering of Major Content Providers

Elad Rapaport, Ingmar Poese, Polina Zilberman, Oliver Holschke, Rami Puzis

IEEE Transactions on Network and Service Management 18 (4), 4169-4182, 2021

2022/9/28

Spillover Today? Predicting Traffic Overflows on Private Peering of Major Content Providers

Elad Rapaport, Ingmar Poese, Polina Zilberman, Oliver Holschke, Rami Puzis

IEEE Transactions on Network and Service Management 18 (4), 4169-4182, 2021

Large content providers and content distribution network operators usually connect with large Internet service providers (eyeball networks) through dedicated private peering. The capacity of these private network interconnects is provisioned to match the volume of the real content demand by the users. Unfortunately, in cases in which there is a surge in traffic demand, (e.g., due to trending content or massive software updates) the capacity of the private interconnect may deplete, requiring the content provider/distributor to reroute the excess traffic through transit providers. Although such overflow events are rare, they negatively impact content providers, Internet service providers, and end-users. Such impact includes unexpected delays and disruptions that reduce the quality of the user experience, as well as direct costs paid by the Internet service provider to the transit providers. In this article, we examine the problem …

Link
2022/9/28

Can one hear the position of nodes?

Rami Puzis

International Conference on Complex Networks and Their Applications, 649-660, 2022

2022/9/28

Can one hear the position of nodes?

Rami Puzis

International Conference on Complex Networks and Their Applications, 649-660, 2022

Wave propagation through nodes and links of a network forms the basis of spectral graph theory. Nevertheless, the sound emitted by nodes within the resonating chamber formed by a network are not well studied. The sound emitted by vibrations of individual nodes reflects the structure of the overall network topology but also the location of the node within the network. In this article a sound recognition neural network is trained to infer centrality measures from the nodes’ wave-forms. In addition to advancing network representation learning, sounds emitted by nodes are plausible in most cases. Auralization of the network topology may open new directions in arts, competing with network visualization.

Link
2022/9/28

Nanotechnology based optical solution for NP-hard problems

Eyal Cohen, Shlomi Dolev, Sergey Frenkel, Rami Puzis, Michael Rosenblit

Optical Supercomputing: Third International Workshop, OSC 2010, Bertinoro …, 2011

2022/9/28

Nanotechnology based optical solution for NP-hard problems

Eyal Cohen, Shlomi Dolev, Sergey Frenkel, Rami Puzis, Michael Rosenblit

Optical Supercomputing: Third International Workshop, OSC 2010, Bertinoro …, 2011

We present a design for a micro optical architecture for solving instances of NP-hard problems, using nano-technology. The architecture is using pre-processed masks to block some of the light propagating through them. We demonstrate how such a device could be used to solve instances of Hamiltonian-cycle and the Permanent problems.

Link
2022/9/28

3rd International Winter School and Conference on Network Science: NetSci-X 2017

Erez Shmueli, Baruch Barzel, Rami Puzis

Springer, 2017

2022/9/28

3rd International Winter School and Conference on Network Science: NetSci-X 2017

Erez Shmueli, Baruch Barzel, Rami Puzis

Springer, 2017

Springer Complexity is an interdisciplinary program publishing the best research and academic-level teaching on both fundamental and applied aspects of complex systems—cutting across all traditional disciplines of the natural and life sciences, engineering, economics, medicine, neuroscience, social, and computer science. Complex Systems are systems that comprise many interacting parts with the ability to generate a new quality of macroscopic collective behavior the manifestations of which are the spontaneous formation of distinctive temporal, spatial, or functional structures. Models of such systems can be successfully mapped onto quite diverse “real-life” situations like the climate, the coherent emission of light from lasers, chemical reaction—diffusion systems, biological cellular networks, the dynamics of stock markets and of the Internet, earthquake statistics and prediction, freeway traffic, the human brain, or …

Link
2022/9/28

Has the online discussion been manipulated? quantifying online discussion authenticity within online social media

Aviad Elyashar, Jorge Bendahan, Rami Puzis

arXiv preprint arXiv:1708.02763, 2017

2022/9/28

Has the online discussion been manipulated? quantifying online discussion authenticity within online social media

Aviad Elyashar, Jorge Bendahan, Rami Puzis

arXiv preprint arXiv:1708.02763, 2017

Online social media (OSM) has a enormous influence in today’s world. Some individuals view OSM as fertile ground for abuse and use it to disseminate misinformation and political propaganda, slander competitors, and spread spam. The crowdturfing industry employs large numbers of bots and human workers to manipulate OSM and misrepresent public opinion. The detection of online discussion topics manipulated by OSM emph{abusers} is an emerging issue attracting significant attention. In this paper, we propose an approach for quantifying the authenticity of online discussions based on the similarity of OSM accounts participating in the discussion to known abusers and legitimate accounts. Our method uses several similarity functions for the analysis and classification of OSM accounts. The proposed methods are demonstrated using Twitter data collected for this study and previously published emph{Arabic honeypot dataset}. The former includes manually labeled accounts and abusers who participated in crowdturfing platforms. Evaluation of the topic’s authenticity, derived from account similarity functions, shows that the suggested approach is effective for discriminating between topics that were strongly promoted by abusers and topics that attracted authentic public interest.

Link
2022/9/28

Shortest path tree sampling for landmark selection in large networks

Shlomi Maliah, Rami Puzis, Guy Shani

Journal of Complex Networks 5 (5), 795-815, 2017

2022/9/28

Shortest path tree sampling for landmark selection in large networks

Shlomi Maliah, Rami Puzis, Guy Shani

Journal of Complex Networks 5 (5), 795-815, 2017

Computing the distance between vertices in a large dynamic network is an important task in many real-time applications. An exact real-time computation is often infeasible, due to the network size, dynamic changes and the requirement for rapid response. We hence revert to estimates. One popular method for distance estimation uses a set of vertices, called landmarks, whose distance from all other vertices is computed offline. Then, the online query estimates the distance between two arbitrary vertices by summing the computed distances from the source to a landmark and from the landmark to the target. In this paper we suggest a new method for computing the set of landmarks, based on a sampled set of shortest path trees (SPTs). The SPTs provide a good estimation of the number of shortest paths that a vertex covers, which is strongly correlated with distance estimation error. We provide an extensive set of …

Link
2022/9/28

Focused sana: Speeding up network alignment

Ilia Leybovich, Rami Puzis, Roni Stern, Maor Reuben

Proceedings of the International Symposium on Combinatorial Search 9 (1 …, 2018

2022/9/28

Focused sana: Speeding up network alignment

Ilia Leybovich, Rami Puzis, Roni Stern, Maor Reuben

Proceedings of the International Symposium on Combinatorial Search 9 (1 …, 2018

Network Alignment (NA) is a generalization of the graph isomorphism problem for non-isomorphic graphs, where the goal is to find a node mapping as close as possible to isomorphism. Recent successful NA algorithms follow a search-based approach, such as simulated annealing. We propose to speed up search-based NA algorithms by pruning the search-space based on heuristic rules derived from the topological features of the aligned nodes. We define several desirable properties of such pruning rules, analyze them theoretically, and propose a pruning rule based on nodes’ degrees. Experimental results show that using the proposed rule yields significant speedup and higher alignment quality compared to the state of the art. In addition, we redefine common NA objective functions in terms of established statistical analysis metrics, opening a wide range of possible objective functions.

Link
2022/9/28

It runs in the family: Searching for similar names using digitized family trees

Aviad Elyashar, Rami Puzis, Michael Fire

arXiv preprint arXiv:1912.04003, 2019

2022/9/28

It runs in the family: Searching for similar names using digitized family trees

Aviad Elyashar, Rami Puzis, Michael Fire

arXiv preprint arXiv:1912.04003, 2019

Link
2022/9/28

Predicting traffic overflows on private peering

Elad Rapaport, Ingmar Poese, Polina Zilberman, Oliver Holschke, Rami Puzis

arXiv preprint arXiv:2010.01380, 2020

2022/9/28

Predicting traffic overflows on private peering

Elad Rapaport, Ingmar Poese, Polina Zilberman, Oliver Holschke, Rami Puzis

arXiv preprint arXiv:2010.01380, 2020

Large content providers and content distribution network operators usually connect with large Internet service providers (eyeball networks) through dedicated private peering. The capacity of these private network interconnects is provisioned to match the volume of the real content demand by the users. Unfortunately, in case of a surge in traffic demand, for example due to a content trending in a certain country, the capacity of the private interconnect may deplete and the content provider/distributor would have to reroute the excess traffic through transit providers. Although, such overflow events are rare, they have significant negative impacts on content providers, Internet service providers, and end-users. These include unexpected delays and disruptions reducing the user experience quality, as well as direct costs paid by the Internet service provider to the transit providers. If the traffic overflow events could be predicted, the Internet service providers would be able to influence the routes chosen for the excess traffic to reduce the costs and increase user experience quality. In this article we propose a method based on an ensemble of deep learning models to predict overflow events over a short term horizon of 2-6 hours and predict the specific interconnections that will ingress the overflow traffic. The method was evaluated with 2.5 years’ traffic measurement data from a large European Internet service provider resulting in a true-positive rate of 0.8 while maintaining a 0.05 false-positive rate. The lockdown imposed by the COVID-19 pandemic reduced the overflow prediction accuracy. Nevertheless, starting from the end of April 2020 with the gradual …

Link
2022/9/28

Learning centrality by learning to route

Liav Bachar, Aviad Elyashar, Rami Puzis

Complex Networks & Their Applications X: Volume 1, Proceedings of the Tenth …, 2022

2022/9/28

Learning centrality by learning to route

Liav Bachar, Aviad Elyashar, Rami Puzis

Complex Networks & Their Applications X: Volume 1, Proceedings of the Tenth …, 2022

Developing a tailor-made centrality measure for a given task requires domain and network analysis expertise, as well as time and effort. Automatically learning arbitrary centrality measures provided ground truth node scores is an important research direction. In this article, we propose a generic deep learning architecture for centrality learning that relies on the insight that arbitrary centrality measures can be computed using Routing Betweenness Centrality (RBC) and our new differentiable implementation of RBC. The proposed Learned Routing Centrality (LRC) architecture optimizes the routing function of RBC to fit the ground truth scores. Results show that LRC can learn multiple types of centrality indices more accurately than state-of-the-art.

Link
2022/9/28

Iterative query selection for opaque search engines with pseudo relevance feedback

Maor Reuben, Aviad Elyashar, Rami Puzis

Expert Systems with Applications 201, 117027, 2022

2022/9/28

Iterative query selection for opaque search engines with pseudo relevance feedback

Maor Reuben, Aviad Elyashar, Rami Puzis

Expert Systems with Applications 201, 117027, 2022

Retrieving information from an online search engine is the first and most important step in many data mining tasks, such as fake news detection. Most of the search engines currently available on the web, including all social media platforms, are black-boxes (i.e., opaque) supporting short keyword queries. In these settings, it is challenging to retrieve all posts and comments discussing a particular news item automatically and on a large scale.In this paper, we propose a method for generating short keyword queries given a prototype document. The proposed iterative query selection (IQS) algorithm interacts with the opaque search engine to iteratively improve the query, by maximizing the number of relevant results retrieved. Our evaluation of IQS was performed on the Twitter TREC Microblog 2012 and TREC-COVID 2019 datasets and demonstrated the algorithm’s superior performance compared to state-of-the-art. In …

Link
2022/9/28

Comparative network analysis using KronFit

Gupta Sukrit, Puzis Rami, Kilimnik Konstantin

Complex Networks VII: Proceedings of the 7th Workshop on Complex Networks …, 2016

2022/9/28

Comparative network analysis using KronFit

Gupta Sukrit, Puzis Rami, Kilimnik Konstantin

Complex Networks VII: Proceedings of the 7th Workshop on Complex Networks …, 2016

ComparativeSukrit, Gupta network analysis is an emergingRami, Puzis line of research that providesKonstantin, Kilimnik insights into the structure and dynamics of networks by finding similarities and discrepancies in their topologies. Unfortunately, comparing networks directly is not feasible on large scales. Existing works resort to representing networks with vectors of features extracted from their topologies and employ various distance metrics to compare between these feature vectors. In this paper, instead of relying on feature vectors to represent the studied networks, we suggest fitting a network model (such as Kronecker Graph) to encode the network structure. We present the directed fitting-distance measure, where the distance from a network to another network is captured by the quality of ’s fit to the model derived from . Evaluation on five classes of real networks shows that KronFit based distances …

Link
2022/9/28

Controllable privacy preserving blockchain: Fiatchain: Distributed privacy preserving cryptocurrency with law enforcement capabilities

Rami Puzis, Guy Barshap, Polina Zilberman, Oded Leiba

Cyber Security Cryptography and Machine Learning: Third International …, 2019

2022/9/28

Controllable privacy preserving blockchain: Fiatchain: Distributed privacy preserving cryptocurrency with law enforcement capabilities

Rami Puzis, Guy Barshap, Polina Zilberman, Oded Leiba

Cyber Security Cryptography and Machine Learning: Third International …, 2019

Central banks are reluctant to accept cryptocurrency, because current implementations of decentralized privacy preserving transactions make it impossible to apply know your customer (KYC) and anti-money laundering (AML) procedures. In this paper, we augment a distributed privacy preserving cyptocurrency known as Monero with KYC and AML procedures. The proposed solution relies on secretly sharing of the clients’ private view keys and private transaction keys among a large number of permissioned signers (PSs). The resulting cryptocurrency maintains the notion of distributed trust while allowing a group of PSs to cooperate, collectively applying KYC and AML procedures.

Link
2022/9/28

Extended framework for target oriented network intelligence collection

Liron Samama-Kachko, Rami Puzis, Roni Stern, Ariel Felner

Proceedings of the International Symposium on Combinatorial Search 5 (1 …, 2014

2022/9/28

Extended framework for target oriented network intelligence collection

Liron Samama-Kachko, Rami Puzis, Roni Stern, Ariel Felner

Proceedings of the International Symposium on Combinatorial Search 5 (1 …, 2014

The Target Oriented Network Intelligence Collection (TONIC) problem is the problem of finding profiles in a social network that contain publicly available information about a given target profile via automated crawling. Such profiles are called leads. Leads can be found by crawling the network using the profiles’ friend lists (immediate neighborhood) in order to decide which profile will be crawled next. Assuming that leads tend to cluster together, prior work limited the search for new leads only to immediate neighbors of the leads previously found. In this paper we relax this limitation, and extend the scope of the search to a wider neighborhood, including the possibility of crawling to non-leads, ie, profiles that have no publicly available information about the target. We propose a set of heuristics that guide this search. Experimental results show that with the new setting more leads can be found and leads are found faster. In addition, we perform a cost benefit analysis of the search, weighing the reward of finding leads with the costs of the search.

Link
2022/9/28

Confidence backup updates for aggregating mdp state values in monte-carlo tree search

Zahy Bnaya, Alon Palombo, Rami Puzis, Ariel Felner

Proceedings of the International Symposium on Combinatorial Search 6 (1 …, 2015

2022/9/28

Confidence backup updates for aggregating mdp state values in monte-carlo tree search

Zahy Bnaya, Alon Palombo, Rami Puzis, Ariel Felner

Proceedings of the International Symposium on Combinatorial Search 6 (1 …, 2015

Monte-Carlo Tree Search (MCTS) algorithms estimate the value of MDP states based on rewards received by performing multiple random simulations. MCTS algorithms can use different strategies to aggregate these rewards and provide an estimation for the states’ values. The most common aggregation method is to store the mean reward of all simulations. Another common approach stores the best observed reward from each state. Both of these methods have complementary benefits and drawbacks. In this paper, we show that both of these methods are biased estimators for the real expected value of MDP states. We propose an hybrid approach that uses the best reward for states with low noise, and otherwise uses the mean. Experimental results on the Sailing MDP domain show that our method has a considerable advantage when the rewards are drawn from a noisy distribution.

Link
2022/9/28

Modeling and reconstruction of multi-stage attacks

Sergey Rubinshtein, Rami Puzis

2016 IEEE International Conference on Software Science, Technology and …, 2016

2022/9/28

Modeling and reconstruction of multi-stage attacks

Sergey Rubinshtein, Rami Puzis

2016 IEEE International Conference on Software Science, Technology and …, 2016

This paper present a lightweight modeling technique that is suitable for attack description and reconstruction. It allows reconstruction of steps taken by the attacker during each stage using predefined attack ontology and traces left by the attacker. Simplicity and comprehensiveness of the proposed models makes them readable and appropriate for inclusion in incidence reports and investigation. At the same time given a predefined ontology the proposed modeling technique can be used to enhance reconstruction of attacks from forensic data.

Link
2022/9/28

Measurement of online discussion authenticity within online social media

Aviad Elyashar, Jorge Bendahan, Rami Puzis, Maria-Amparo Sanmateu

Proceedings of the 2017 IEEE/ACM International Conference on Advances in …, 2017

2022/9/28

Measurement of online discussion authenticity within online social media

Aviad Elyashar, Jorge Bendahan, Rami Puzis, Maria-Amparo Sanmateu

Proceedings of the 2017 IEEE/ACM International Conference on Advances in …, 2017

In this paper, we propose an approach for estimating the authenticity of online discussions based on the similarity of online social media (OSM) accounts participating in the online discussion to known abusers and legitimate accounts. Our method uses similarity functions for the analysis and classification of OSM accounts. The proposed methods are demonstrated using Twitter data collected for this study and a previously published Arabic Honeypot dataset. The data collected during this study includes manually labeled accounts and a ground truth collection of abusers from crowdturfing platforms. Demonstration of the discussion topic’s authenticity, derived from account similarity functions, shows that the suggested approach is effective for discriminating between topics that were strongly promoted by abusers and topics that attracted authentic public interest.

Link
2022/9/28

Prioritizing vulnerability patches in large networks

Amir Olswang, Tom Gonda, Rami Puzis, Guy Shani, Bracha Shapira, Noam Tractinsky

Expert Systems with Applications 193, 116467, 2022

2022/9/28

Prioritizing vulnerability patches in large networks

Amir Olswang, Tom Gonda, Rami Puzis, Guy Shani, Bracha Shapira, Noam Tractinsky

Expert Systems with Applications 193, 116467, 2022

We consider here the question of prioritizing the patching of security vulnerabilities to prevent network attacks. Patching all vulnerable machines at once in large modern organizations is not feasible due to the large scale of their networks and the inability to halt operation during maintenance. This article explores two aspects of security maintenance: a method for prioritizing vulnerability patches, and visualization of the priorities to aid in decision making. State-of-the-art methods rank vulnerabilities by analyzing the connectivity graph or the logical attack graph and present the results in a table form, a view of the organizational network with highlighted failure points, or even the complete attack graph, in either case flooding the human operator with a lot of hardly comprehensible information. We suggest a Network Topology Vulnerability Score (NTVS) which shows preferable results by ranking vulnerabilities in a …

Link
2022/9/28

Potential search: a new greedy anytime heuristic search

Roni Stern, Rami Puzis, Ariel Felner

Proceedings of the International Symposium on Combinatorial Search 1 (1 …, 2010

2022/9/28

Potential search: a new greedy anytime heuristic search

Roni Stern, Rami Puzis, Ariel Felner

Proceedings of the International Symposium on Combinatorial Search 1 (1 …, 2010

In this paper we explore a novel approach for anytime heuristic search, in which the node that is most probable to improve the incumbent solution is expanded first. This is especially suited for the” anytime aspect” of anytime algorithms-the possibility that the algorithm will be be halted anytime throughout the search. The potential of a node to improve the incumbent solution is estimated by a custom cost function, resulting in Potential Search, an anytime best-first search. Experimental results on the 15-puzzle and on the key player problem in communication networks (KPP-COM) show that this approach is competitive with state-of-the-art anytime heuristic search algorithms, and is more robust.

Link
2022/9/28

Scalable attack path finding for increased security

Tom Gonda, Rami Puzis, Bracha Shapira

Cyber Security Cryptography and Machine Learning: First International …, 2017

2022/9/28

Scalable attack path finding for increased security

Tom Gonda, Rami Puzis, Bracha Shapira

Cyber Security Cryptography and Machine Learning: First International …, 2017

Software vulnerabilities can be leveraged by attackers to gain control of a host. Attackers can then use the controlled hosts as stepping stones for compromising other hosts until they create a path to the critical assets. Consequently, network administrators must examine the protected network as a whole rather than each vulnerable host independently. To this end, various methods were suggested in order to analyze the multitude of attack paths in a given organizational network, for example, to identify the optimal attack paths. The down side of many of those methods is that they do not scale well to medium-large networks with hundreds or thousands of hosts. We suggest using graph reduction techniques in order to simplify the task of searching and eliminating optimal attacker paths. Results on an attack graph extracted from a network of a real organization with more than 300 hosts and 2400 vulnerabilities …

Link
2022/9/28

User Feedback Analysis for Mobile Malware Detection

Tal Hadad, Bronislav Sidik, Nir Ofek, Rami Puzis, Lior Rokach

ICISSP, 83-94, 2017

2022/9/28

User Feedback Analysis for Mobile Malware Detection

Tal Hadad, Bronislav Sidik, Nir Ofek, Rami Puzis, Lior Rokach

ICISSP, 83-94, 2017

With the increasing number of smartphone users, mobile malware has become a serious threat. Similar to the best practice on personal computers, the users are encouraged to install anti-virus and intrusion detection software on their mobile devices. Nevertheless, their devises are far from being fully protected. Major mobile application distributors, designated stores and marketplaces, inspect the uploaded application with state of the art malware detection tools and remove applications that turned to be malicious. Unfortunately, many malicious applications have a large window of opportunity until they are removed from the marketplace. Meanwhile users install the applications, use them, and leave comments in the respective marketplaces. Occasionally such comments trigger the interest of malware laboratories in inspecting a particular application and thus, speedup its removal from the marketplaces. In this paper, we present a new approach for mining user comments in mobile application marketplaces with a purpose of detecting malicious apps. Two computationally efficient features are suggested and evaluated using data collected from the” Amazon Appstore”. Using these two features, we show that feedback generated by the crowd is effective for detecting malicious applications without the need for downloading them.

Link
2022/9/28

Ranking vulnerability fixes using planning graph analysis

Tom Gonda, Guy Shani, Rami Puzis, Bracha Shapira

IWAISe: First International Workshop on Artificial Intelligence in Security 41, 2017

2022/9/28

Ranking vulnerability fixes using planning graph analysis

Tom Gonda, Guy Shani, Rami Puzis, Bracha Shapira

IWAISe: First International Workshop on Artificial Intelligence in Security 41, 2017

During the past years logical attack graphs were used to find the most critical vulnerabilities and devise efficient hardening strategies for organizational networks. Most techniques for ranking vulnerabilities either do not scale well, eg brute-force attack plan enumeration, or are not well suited for the analysis of logical attack graphs, eg centrality measures.In this paper we suggest an analysis of the planning graph (from classical planning) derived from the logical attack graph to improve the accuracy of centrality-based vulnerability ranking metrics. The planning graph also allows efficient enumeration of the set of possible attack plans that use a given vulnerability on a specific machine. We suggest a set of centrality based heuristics for reducing the number of attack plans and compare with previously suggested vulnerability ranking metrics. Results show that metrics computed over the planning graph are superior to metrics computed over the logical attack graph or the network connectivity graph.

Link
2022/9/28

Cyberbiosecurity: DNA injection attack in synthetic biology

Dor Farbiash, Rami Puzis

arXiv preprint arXiv:2011.14224, 2020

2022/9/28

Cyberbiosecurity: DNA injection attack in synthetic biology

Dor Farbiash, Rami Puzis

arXiv preprint arXiv:2011.14224, 2020

Today arbitrary synthetic DNA can be ordered online and delivered within several days. In order to regulate both intentional and unintentional generation of dangerous substances, most synthetic gene providers screen DNA orders. A weakness in the Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA allows screening protocols based on this guidance to be circumvented using a generic obfuscation procedure inspired by early malware obfuscation techniques. Furthermore, accessibility and automation of the synthetic gene engineering workflow, combined with insufficient cybersecurity controls, allow malware to interfere with biological processes within the victim’s lab, closing the loop with the possibility of an exploit written into a DNA molecule presented by Ney et al. in USENIX Security’17. Here we present an end-to-end cyberbiological attack, in which unwitting biologists may be tricked into generating dangerous substances within their labs. Consequently, despite common biosecurity assumptions, the attacker does not need to have physical contact with the generated substance. The most challenging part of the attack, decoding of the obfuscated DNA, is executed within living cells while using primitive biological operations commonly employed by biologists during in-vivo gene editing. This attack scenario underlines the need to harden the synthetic DNA supply chain with protections against cyberbiological threats. To address these threats we propose an improved screening protocol that takes into account in-vivo gene editing.

Link
2022/9/28

Leadership hijacking in Docker swarm and its consequences

Adi Farshteindiker, Rami Puzis

Entropy 23 (7), 914, 2021

2022/9/28

Leadership hijacking in Docker swarm and its consequences

Adi Farshteindiker, Rami Puzis

Entropy 23 (7), 914, 2021

With the advent of microservice-based software architectures, an increasing number of modern cloud environments and enterprises use operating system level virtualization, which is often referred to as container infrastructures. Docker Swarm is one of the most popular container orchestration infrastructures, providing high availability and fault tolerance. Occasionally, discovered container escape vulnerabilities allow adversaries to execute code on the host operating system and operate within the cloud infrastructure. We show that Docker Swarm is currently not secured against misbehaving manager nodes. This allows a high impact, high probability privilege escalation attack, which we refer to as leadership hijacking, the possibility of which is neglected by the current cloud security literature. Cloud lateral movement and defense evasion payloads allow an adversary to leverage the Docker Swarm functionality to control each and every host in the underlying cluster. We demonstrate an end-to-end attack, in which an adversary with access to an application running on the cluster achieves full control of the cluster. To reduce the probability of a successful high impact attack, container orchestration infrastructures must reduce the trust level of participating nodes and, in particular, incorporate adversary immune leader election algorithms.

Link
2022/9/28

Application marketplace malware detection by user feedback analysis

Tal Hadad, Rami Puzis, Bronislav Sidik, Nir Ofek, Lior Rokach

Information Systems Security and Privacy: Third International Conference …, 2018

2022/9/28

Application marketplace malware detection by user feedback analysis

Tal Hadad, Rami Puzis, Bronislav Sidik, Nir Ofek, Lior Rokach

Information Systems Security and Privacy: Third International Conference …, 2018

Smartphones are becoming increasingly ubiquitous. Like recommended best practices for personal computers, users are encouraged to install antivirus and intrusion detection software on their mobile devices. However, even with such software these devises are far from being fully protected. Given that application stores are the source of most applications, malware detection on these platforms is an important issue. Based on our intuition, which suggests that an application’s suspicious behavior will be noticed by some users and influence their feedback, we present an approach for analyzing user reviews in mobile application stores for the purpose of detecting malicious apps. The proposed method transfers an application’s text reviews to numerical features in two main steps: (1) extract domain-phrases based on external domain-specific textual corpus on computer and network security, and (2) compute …

Link
2022/9/28

New goal recognition algorithms using attack graphs

Reuth Mirsky, Ya’ar Shalom, Ahmad Majadly, Kobi Gal, Rami Puzis, Ariel Felner

Cyber Security Cryptography and Machine Learning: Third International …, 2019

2022/9/28

New goal recognition algorithms using attack graphs

Reuth Mirsky, Ya’ar Shalom, Ahmad Majadly, Kobi Gal, Rami Puzis, Ariel Felner

Cyber Security Cryptography and Machine Learning: Third International …, 2019

Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal …

Link
2022/9/28

Global and local trends affecting the experience of US and UK healthcare professionals during COVID-19: Twitter text analysis

Ortal Slobodin, Ilia Plochotnikov, Idan-Chaim Cohen, Aviad Elyashar, Odeya Cohen, Rami Puzis

International Journal of Environmental Research and Public Health 19 (11), 6895, 2022

2022/9/28

Global and local trends affecting the experience of US and UK healthcare professionals during COVID-19: Twitter text analysis

Ortal Slobodin, Ilia Plochotnikov, Idan-Chaim Cohen, Aviad Elyashar, Odeya Cohen, Rami Puzis

International Journal of Environmental Research and Public Health 19 (11), 6895, 2022

Background Healthcare professionals (HCPs) are on the frontline of fighting the COVID-19 pandemic. Recent reports have indicated that, in addition to facing an increased risk of being infected by the virus, HCPs face an increased risk of suffering from emotional difficulties associated with the pandemic. Therefore, understanding HCPs’ experiences and emotional displays during emergencies is a critical aspect of increasing the surge capacity of communities and nations. Methods In this study, we analyzed posts published by HCPs on Twitter to infer the content of discourse and emotions of the HCPs in the United States (US) and United Kingdom (UK), before and during the COVID-19 pandemic. The tweets of 25,207 users were analyzed using natural language processing (NLP). Results Our results indicate that HCPs in the two countries experienced common health, social, and political issues related to the pandemic, reflected in their discussion topics, sentiments, and emotional display. However, the experiences of HCPs in the two countries are also subject to local socio-political trends, as well as cultural norms regarding emotional display. Conclusions Our results support the potential of utilizing Twitter discourse to monitor and predict public health responses in emergencies.

Link
2022/9/28

The chameleon attack: manipulating content display in online social media

Aviad Elyashar, Sagi Uziel, Abigail Paradise, Rami Puzis

Proceedings of The Web Conference 2020, 848-859, 2020

2022/9/28

The chameleon attack: manipulating content display in online social media

Aviad Elyashar, Sagi Uziel, Abigail Paradise, Rami Puzis

Proceedings of The Web Conference 2020, 848-859, 2020

Online social networks (OSNs) are ubiquitous attracting millions of users all over the world. Being a popular communication media OSNs are exploited in a variety of cyber-attacks. In this article, we discuss the chameleon attack technique, a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Using this technique, adversaries can, for example, avoid censorship by concealing true content when it is about to be inspected; acquire social capital to promote new content while piggybacking a trending one; cause embarrassment and serious reputation damage by tricking a victim to like, retweet, or comment a message that he wouldn’t normally do without any indication for the trickery within the OSN. An experiment performed with closed Facebook groups of sports fans shows that (1) chameleon …

Link
2022/9/28

Floware: Balanced flow monitoring in software defined networks

Luiza Nacshon, Rami Puzis, Polina Zilberman

arXiv preprint arXiv:1608.03307, 2016

2022/9/28

Floware: Balanced flow monitoring in software defined networks

Luiza Nacshon, Rami Puzis, Polina Zilberman

arXiv preprint arXiv:1608.03307, 2016

OpenFlow is a protocol implementing Software Defined Networking, a new networking paradigm, which segregates packet forwarding and accounting (performed on switches) from the routing decisions and advanced protocols (executed on a central controller). This segregation increases agility and flexibility of a networking infrastructure and reduces its operational expenses. OpenFlow controllers expose standard interfaces to facilitate variety of networking applications. In particular, a monitoring application can use these interfaces to push into the OpenFlow switches rules that collect traffic flow statistics at different aggregation levels. The aggregation level determines the monitoring accuracy and the induced network overhead. In this paper, we propose Floware an OpenFlow application that allows discovery and monitoring of active flows at any required aggregation level. Floware balances the monitoring overhead among many switches in order to reduce its negative effect on network performance. In addition, Floware integrates with monitoring systems based on legacy protocols such as NetFlow. We demonstrate the application with soft switches emulated in Mininet, the Floodlight controller, and the NetFlow Analyzer as a legacy network analysis and intrusion detection system. Evaluation results demonstrate the positive impact of balanced monitoring.

Link
2022/9/28

Deep learning for threat actor attribution from threat reports

S Naveen, Rami Puzis, Kumaresan Angappan

2020 4th International Conference on Computer, Communication and Signal …, 2020

2022/9/28

Deep learning for threat actor attribution from threat reports

S Naveen, Rami Puzis, Kumaresan Angappan

2020 4th International Conference on Computer, Communication and Signal …, 2020

Threat Actor Attribution is the task of identifying an attacker responsible for an attack. This often requires expert analysis and involves a lot of time. There had been attempts to detect a threat actor using machine learning techniques that use information obtained from the analysis of malware samples. These techniques will only be able to identify the attack, and it is trivial to guess the attacker because various attackers may adopt an attack method. A state-of-the-art method performs attribution of threat actors from text reports using Machine Learning and NLP techniques using Threat Intelligence reports. We use the same set of Threat Reports of Advanced Persistent Threats (APT). In this paper, we propose a Deep Learning architecture to attribute Threat actors based on threat reports obtained from various Threat Intelligence sources. Our work uses Neural Networks to perform the task of attribution and show that our …

Link
2022/9/28

Attack graph obfuscation

Hadar Polad, Rami Puzis, Bracha Shapira

Cyber Security Cryptography and Machine Learning: First International …, 2017

2022/9/28

Attack graph obfuscation

Hadar Polad, Rami Puzis, Bracha Shapira

Cyber Security Cryptography and Machine Learning: First International …, 2017

Before executing an attack, adversaries usually explore the victim’s network in an attempt to infer the network topology and identify vulnerabilities in the victim’s servers and personal computers. In this research, we examine the effects of adding fake vulnerabilities to a real enterprise network to verify the hypothesis that the addition of such vulnerabilities will serve to divert the attacker and cause the adversary to perform additional activities while attempting to achieve its objectives. We use the attack graph to model the problem of an attacker making its way towards the target in a given network. Our results show that adding fake vulnerabilities forces the adversary to invest a significant amount of effort, in terms of time, exploitability cost, and the number of attack footprints within the network during the attack.

Link
2022/9/28

Is the online discussion manipulated? Quantifying the online discussion authenticity within online social media

Aviad Elyashar, Jorge Bendahan, Rami Puzis

arXiv preprint arXiv:1708.02763, 2017

2022/9/28

Is the online discussion manipulated? Quantifying the online discussion authenticity within online social media

Aviad Elyashar, Jorge Bendahan, Rami Puzis

arXiv preprint arXiv:1708.02763, 2017

Online social media (OSM) has a great influence in todays’ world. Some individuals view OSM as fertile ground for abuse and use it to disseminate misinformation, political propaganda, slander competitors, and spread spam. The crowdturfing industry employs large numbers of bots and human workers to manipulate OSM and misrepresent public opinion. The detection of online discussion topics manipulated by OSM abusers is an emerging problem attracting significant attention. In this paper we propose an approach for quantifying the authenticity of online discussions based on the similarity of OSM accounts participating in the discussion to known abusers and legitimate accounts. Our method uses multiple similarity functions for the analysis and classification of OSM accounts. The proposed methods are demonstrated using Twitter data collected for this study and previously published Arabic Honeypots data. The former includes manually labeled accounts and abusers who participated in crowdturfing platforms. Demonstration of the topic’s authenticity, derived from account similarity functions, shows that the suggested approach is effective for discriminating between topics that were strongly promoted by abusers and topics that attracted authentic public interest. I. INTRODUCTIONOnline social media (OSM) allows people to share opinions and content, and in some cases, influence large segments of society [1],[2],[3]. Significant attention has been payed to trends emerging from OSM [4]. Machiavellian individuals and organizations often attempt to harness the power of OSM in order to gain influence, damage competitor’s reputation, or spread …

Link
2022/9/28

The state of mind of health care professionals in light of the COVID-19 pandemic: text analysis study of Twitter discourses

Aviad Elyashar, Ilia Plochotnikov, Idan-Chaim Cohen, Rami Puzis, Odeya Cohen

Journal of Medical Internet Research 23 (10), e30217, 2021

2022/9/28

The state of mind of health care professionals in light of the COVID-19 pandemic: text analysis study of Twitter discourses

Aviad Elyashar, Ilia Plochotnikov, Idan-Chaim Cohen, Rami Puzis, Odeya Cohen

Journal of Medical Internet Research 23 (10), e30217, 2021

The COVID-19 pandemic has affected populations worldwide, with extreme health, economic, social, and political implications. Health care professionals (HCPs) are at the core of pandemic response and are among the most crucial factors in maintaining coping capacities. Yet, they are also vulnerable to mental health effects caused by managing a long-lasting emergency with a lack of resources and under complicated personal concerns. However, there are a lack of longitudinal studies that investigate the HCP population.The aim of this study was to analyze the state of mind of HCPs as expressed in online discussions published on Twitter in light of the COVID-19 pandemic, from the onset of the pandemic until the end of 2020.The population for this study was selected from followers of a few hundred Twitter accounts of health care organizations and common HCP points of interest. We used active learning, a process that iteratively uses machine learning and manual data labeling, to select the large-scale population of Twitter accounts maintained by English-speaking HCPs, focusing on individuals rather than official organizations. We analyzed the topics and emotions in their discourses during 2020. The topic distributions were obtained using the latent Dirichlet allocation algorithm. We defined a measure of topic cohesion and described the most cohesive topics. The emotions expressed in tweets during 2020 were compared to those in 2019. Finally, the emotion intensities were cross-correlated with the pandemic waves to explore possible associations …

Link
2022/9/28

Betweenness computation in the single graph representation of hypergraphs

Rami Puzis, Manish Purohit, VS Subrahmanian

Social networks 35 (4), 561-572, 2013

2022/9/28

Betweenness computation in the single graph representation of hypergraphs

Rami Puzis, Manish Purohit, VS Subrahmanian

Social networks 35 (4), 561-572, 2013

Many real-world social networks are hypergraphs because they either explicitly support membership in groups or implicitly include communities. We present the HyperBC algorithm that exactly computes betweenness centrality (or BC) in hypergraphs. The forward phase of HyperBC and the backpropagation phase are specifically tailored for BC computation on hypergraphs. In addition, we present an efficient method for pruning networks through the notion of “non-bridging” vertices. We experimentally evaluate our algorithm on a variety of real and artificial networks and show that it significantly speeds up the computation of BC on both real and artificial hypergraphs, while at the same time, being very memory efficient.

Link
2022/9/28

Solving the snake in the box problem with heuristic search: First results

Alon Palombo, Roni Stern, Rami Puzis, Ariel Felner, Scott Kiesel, Wheeler Ruml

Proceedings of the International Symposium on Combinatorial Search 6 (1), 96-104, 2015

2022/9/28

Solving the snake in the box problem with heuristic search: First results

Alon Palombo, Roni Stern, Rami Puzis, Ariel Felner, Scott Kiesel, Wheeler Ruml

Proceedings of the International Symposium on Combinatorial Search 6 (1), 96-104, 2015

Snake in the Box (SIB) is the problem of finding the longest simple path along the edges of an n-dimensional cube, subject to certain constraints. SIB has important applications in coding theory and communications. State of the art algorithms for solving SIB apply uninformed search with symmetry breaking techniques. We formalize this problem as a search problem and propose several admissible heuristics to solve it. Using the proposed heuristics is shown to have a huge impact on the number of nodes expanded and, in some configurations, on runtime. These results encourage further research in using heuristic search to solve SIB, and to solve maximization problems more generally.

Link
2022/9/28

Analysis of attack graph representations for ranking vulnerability fixes.

Tom Gonda, Tal Pascal, Rami Puzis, Guy Shani, Bracha Shapira

GCAI, 215-228, 2018

2022/9/28

Analysis of attack graph representations for ranking vulnerability fixes.

Tom Gonda, Tal Pascal, Rami Puzis, Guy Shani, Bracha Shapira

GCAI, 215-228, 2018

Software vulnerabilities in organizational computer networks can be leveraged by an attacker to gain access to sensitive information. As fixing all vulnerabilities requires much effort, it is critical to rank the possible fixes by their importance. Centrality measures over logical attack graphs, or over the network connectivity graph, often provide a scalable method for finding the most critical vulnerabilities.In this paper we suggest an analysis of the planning graph, originating in classical planning, as an alternative for the logical attack graph, to improve the ranking produced by centrality measures. The planning graph also allows us to enumerate the set of possible attack plans, and hence, directly count the number of attacks that use a given vulnerability. We evaluate a set of centrality-based ranking measures over the logical attack graph and the planning graph, showing that metrics computed over the planning graph reduce more rapidly the set of shortest attack plans.

Link
2022/9/28

The interplay between vaccination and social distancing strategies affects COVID19 population-level outcomes

Sharon Guerstein, Victoria Romeo-Aznar, Ma’ayan Dekel, Oren Miron, Nadav Davidovitch, Rami Puzis, Shai Pilosof

PLoS computational biology 17 (8), e1009319, 2021

2022/9/28

The interplay between vaccination and social distancing strategies affects COVID19 population-level outcomes

Sharon Guerstein, Victoria Romeo-Aznar, Ma’ayan Dekel, Oren Miron, Nadav Davidovitch, Rami Puzis, Shai Pilosof

PLoS computational biology 17 (8), e1009319, 2021

Social distancing is an effective population-level mitigation strategy to prevent COVID19 propagation but it does not reduce the number of susceptible individuals and bears severe social consequences—a dire situation that can be overcome with the recently developed vaccines. Although a combination of these interventions should provide greater benefits than their isolated deployment, a mechanistic understanding of the interplay between them is missing. To tackle this challenge we developed an age-structured deterministic model in which vaccines are deployed during the pandemic to individuals who do not show symptoms. The model allows for flexible and dynamic prioritization strategies with shifts between target groups. We find a strong interaction between social distancing and vaccination in their effect on the proportion of hospitalizations. In particular, prioritizing vaccines to elderly (60+) before adults (20-59) is more effective when social distancing is applied to adults or uniformly. In addition, the temporal reproductive number Rt is only affected by vaccines when deployed at sufficiently high rates and in tandem with social distancing. Finally, the same reduction in hospitalization can be achieved via different combination of strategies, giving decision makers flexibility in choosing public health policies. Our study provides insights into the factors that affect vaccination success and provides methodology to test different intervention strategies in a way that will align with ethical guidelines.

Link
2022/9/28

A genetic algorithm to optimize weighted gene co-expression network analysis

David Toubiana, Rami Puzis, Avi Sadka, Eduardo Blumwald

Journal of Computational Biology 26 (12), 1349-1366, 2019

2022/9/28

A genetic algorithm to optimize weighted gene co-expression network analysis

David Toubiana, Rami Puzis, Avi Sadka, Eduardo Blumwald

Journal of Computational Biology 26 (12), 1349-1366, 2019

Weighted gene co-expression network analysis (WGCNA) is a widely used software tool that is used to establish relationships between phenotypic traits and gene expression data. It generates gene modules and then correlates their first principal component to phenotypic traits, proposing a functional relationship expressed by the correlation coefficient. However, gene modules often contain thousands of genes of different functional backgrounds. Here, we developed a stochastic optimization algorithm, known as genetic algorithm (GA), optimizing the trait to gene module relationship by gradually increasing the correlation between the trait and a subset of genes of the gene module. We exemplified the GA on a Japanese plum hormone profile and an RNA-seq dataset. The correlation between the subset of module genes and the trait increased, whereas the number of correlated genes became sufficiently small …

Link
2022/9/28

No-doubt: Attack attribution based on threat intelligence reports

Lior Perry, Bracha Shapira, Rami Puzis

2019 IEEE International Conference on Intelligence and Security Informatics …, 2019

2022/9/28

No-doubt: Attack attribution based on threat intelligence reports

Lior Perry, Bracha Shapira, Rami Puzis

2019 IEEE International Conference on Intelligence and Security Informatics …, 2019

The task of attack attribution, i.e., identifying the entity responsible for an attack, is complicated and usually requires the involvement of an experienced security expert. Prior attempts to automate attack attribution apply various machine learning techniques on features extracted from the malware’s code and behavior in order to identify other similar malware whose authors are known. However, the same malware can be reused by multiple actors, and the actor who performed an attack using a malware might differ from the malware’s author. Moreover, information collected during an incident may contain many clues about the identity of the attacker in addition to the malware used. In this paper, we propose a method of attack attribution based on textual analysis of threat intelligence reports, using state of the art algorithms and models from the fields of machine learning and natural language processing (NLP). We have …

Link
2022/9/28

Detecting clickbait in online social media: You won’t believe how we did it

Aviad Elyashar, Jorge Bendahan, Rami Puzis

International Symposium on Cyber Security, Cryptology, and Machine Learning …, 2022

2022/9/28

Detecting clickbait in online social media: You won’t believe how we did it

Aviad Elyashar, Jorge Bendahan, Rami Puzis

International Symposium on Cyber Security, Cryptology, and Machine Learning …, 2022

This paper proposes a machine learning approach to detect clickbait posts published in social media. Clickbait posts are short, catchy phrases pointing into a longer online article. Users are encouraged to click on these posts to read the full article in many cases. The suggested approach differentiates between clickbait and legitimate posts based on training mainstream machine learning (ML) classifiers. The suggested classifiers are trained in various features extracted from images, linguistic, and behavioral analysis. For evaluation, we used two datasets provided by Clickbait Challenge 2017. The XGBoost classifier obtained the best performance with an AUC of 0.8, an accuracy of 0.812, a precision of 0.819, and a recall of 0.966. Finally, we found that counting the number of formal English words in the given content is helpful for clickbait detection.

Link
2022/9/28

Tonic: Target oriented network intelligence collection for the social web

Roni Stern, Liron Samama, Rami Puzis, Tal Beja, Zahy Bnaya, Ariel Felner

Proceedings of the AAAI Conference on Artificial Intelligence 27 (1), 1184-1190, 2013

2022/9/28

Tonic: Target oriented network intelligence collection for the social web

Roni Stern, Liron Samama, Rami Puzis, Tal Beja, Zahy Bnaya, Ariel Felner

Proceedings of the AAAI Conference on Artificial Intelligence 27 (1), 1184-1190, 2013

In this paper we introduce the Target Oriented Network Intelligence Collection (TONIC) problem, which is the problem of finding profiles in a social network that contain information about a given target via automated crawling. We formalize TONIC as a search problem and a best-first approach is proposed for solving it. Several heuristics are presented to guide this search. These heuristics are based on the topology of the currently known part of the social network. The efficiency of the proposed heuristics and the effect of the graph topology on their performance is experimentally evaluated on the Google+ social network.

Link
2022/9/28

Attack hypothesis generation

Aviad Elitzur, Rami Puzis, Polina Zilberman

2019 European Intelligence and Security Informatics Conference (EISIC), 40-47, 2019

2022/9/28

Attack hypothesis generation

Aviad Elitzur, Rami Puzis, Polina Zilberman

2019 European Intelligence and Security Informatics Conference (EISIC), 40-47, 2019

In recent years, the perpetrators of cyber-attacks have been playing a dynamic cat and mouse game with cybersecurity analysts who try to trace the attack and reconstruct the attack steps. While analysts rely on alert correlations, machine learning, and advanced visualizations in order to come up with sound attack hypotheses, they primarily rely on their knowledge and experience. Cyber Threat Intelligence (CTI) on past similar attacks may help with attack reconstruction by providing a deeper understanding of the tools and attack patterns used by attackers. In this paper, we present the Attack Hypothesis Generator (AHG) which takes advantage of a knowledge graph derived from threat intelligence in order to generate hypotheses regarding attacks that may be present in an organizational network. Based on five recommendation algorithms we have developed and preliminary analysis provided by a security analyst …

Link
2022/9/28

EEGNAS: Neural architecture search for electroencephalography data analysis and decoding

Elad Rapaport, Oren Shriki, Rami Puzis

Human Brain and Artificial Intelligence: First International Workshop, HBAI …, 2019

2022/9/28

EEGNAS: Neural architecture search for electroencephalography data analysis and decoding

Elad Rapaport, Oren Shriki, Rami Puzis

Human Brain and Artificial Intelligence: First International Workshop, HBAI …, 2019

EEG, Electroencephalography, is the acquisition and decoding of electric brain signals. The data acquired from EEG scans can be put to use in many fields, including seizure prediction, treatment of mental illness, brain-computer interfaces (BCIs) and more. Recent advances in deep learning (DL) in fields of image classification and natural language processing have motivated researchers to apply DL for classification of EEG signals as well. One major caveat in DL is the amount of human effort and expertise required for the development of efficient and effective neural network architectures. Neural architecture search algorithms are used to automatically find good enough neural network architectures for a problem and dataset at hand. In this research, we employ genetic algorithms for optimizing neural network architectures for multiple tasks related to EEG processing while addressing two unique challenges …

Link
2022/9/28

Bandit algorithms for social network queries

Zahy Bnaya, Rami Puzis, Roni Stern, Ariel Felner

2013 international conference on social computing, 148-153, 2013

2022/9/28

Bandit algorithms for social network queries

Zahy Bnaya, Rami Puzis, Roni Stern, Ariel Felner

2013 international conference on social computing, 148-153, 2013

In many cases the best way to find a profile or a set of profiles matching some criteria in a social network is via targeted crawling. An important challenge in targeted crawling is to choose the next profile to explore. Existing heuristics for targeted crawling are usually tailored for specific search criterion and could lead to short-sighted crawling decisions. In this paper we propose and evaluate a generic approach for guiding a social network crawler that aims to provide a proper balance between exploration and exploitation based on the recently introduced variant of the Multi-Armed Bandit problem with volatile arms (VMAB). Our approach is general-purpose. In addition, it provides provable performance guarantees. Experimental results indicate that our approach compares favorably with the best existing heuristics on two different domains.

Link
2022/9/28

Volatile Multi-Armed Bandits for Guaranteed Targeted Social Crawling.

Zahy Bnaya, Rami Puzis, Roni Stern, Ariel Felner

AAAI (Late-Breaking Developments) 2 (2.3), 16-21, 2013

2022/9/28

Volatile Multi-Armed Bandits for Guaranteed Targeted Social Crawling.

Zahy Bnaya, Rami Puzis, Roni Stern, Ariel Felner

AAAI (Late-Breaking Developments) 2 (2.3), 16-21, 2013

We introduce a new variant of the multi-armed bandit problem, called Volatile Multi-Arm Bandit (VMAB). A general policy for VMAB is given with proven regret bounds. The problem of collecting intelligence on profiles in social networks is then modeled as a VMAB and experimental results show the superiority of our proposed policy.

Link
2022/9/28

Mind your mind: EEG-based brain-computer interfaces and their security in cyber space

Ofir L, au, Rami Puzis, Nir Nissim

ACM Computing Surveys (CSUR) 53 (1), 1-38, 2020

2022/9/28

Mind your mind: EEG-based brain-computer interfaces and their security in cyber space

Ofir L, au, Rami Puzis, Nir Nissim

ACM Computing Surveys (CSUR) 53 (1), 1-38, 2020

A brain-computer interface (BCI) system is a system that leverages brainwave information acquired by a designated brain monitoring device to interact with a computerized system. Over the past 40 years, many BCI applications have been developed in a variety of domains, from entertainment to medical field and even to computer security mechanisms. Until now, the development of BCI systems has focused on improving their accuracy, functionality, and ease of use, and not enough effort and attention has been invested in securing these systems and the sensitive data they acquire. In this article, we present the principles of brain activity data acquisition, with a special focus on EEG, and we present a taxonomy of BCI applications and domains. We also provide a comprehensive survey that covers eight possible attacks aimed at BCI systems. For each BCI application, we created an ecosystem and data and attack …

Link
2022/9/28

Max is more than min: Solving maximization problems with heuristic search

Roni Stern, Scott Kiesel, Rami Puzis, Ariel Felner, Wheeler Ruml

Proceedings of the International Symposium on Combinatorial Search 5 (1 …, 2014

2022/9/28

Max is more than min: Solving maximization problems with heuristic search

Roni Stern, Scott Kiesel, Rami Puzis, Ariel Felner, Wheeler Ruml

Proceedings of the International Symposium on Combinatorial Search 5 (1 …, 2014

Most work in heuristic search considers problems where a low cost solution is preferred (MIN problems). In this paper, we investigate the complementary setting where a solution of high reward is preferred (MAX problems). Example MAX problems include finding the longest simple path in a graph, maximal coverage, and various constraint optimization problems. We examine several popular search algorithms for MIN problems—optimal, suboptimal, and bounded suboptimal-and discover the curious ways in which they misbehave on MAX problems. We propose modifications that preserve the original intentions behind the algorithms but allow them to solve MAX problems, and compare them theoretically and empirically. Interesting results include the failure of bidirectional search and a discovered close relationships between Dijkstra’s algorithm, weighted A*, and depth-first search. This work demonstrates that MAX problems demand their own heuristic search algorithms, which are worthy objects of study in their own right.

Link
2022/9/28

Social network search as a volatile multi-armed bandit problem

Zahy Bnaya, Rami Puzis, Roni Stern, Ariel Felner

Human 2 (2), 84, 2013

2022/9/28

Social network search as a volatile multi-armed bandit problem

Zahy Bnaya, Rami Puzis, Roni Stern, Ariel Felner

Human 2 (2), 84, 2013

In many cases the best way to find a profile or a set of profiles matching some criteria in a social network is via targeted crawling. An important challenge in targeted crawling is choosing the next profile to explore. Existing heuristics for targeted crawling are usually tailored for specific search criterion and could lead to short-sighted crawling decisions. In this paper we propose and evaluate a generic approach for guiding targeted crawling which is based on recent developments in Artificial Intelligence. Our approach, based on the recently introduced variant of the Multi-Armed Bandit problem with volatile arms (VMAB), aims to provide a proper balance between exploration and exploitation during the crawling process. Unlike other heuristics which are hand tailored for specific type of search queries, our approach is general-purpose. In addition, it provides provable performance guarantees. Experimental results indicate that our approach compares favorably with the best existing heuristics on two different domains.

Link
2022/9/28

Predictive web automation assistant for people with vision impairments

Yury Puzis, Yevgen Borodin, Rami Puzis, IV Ramakrishnan

Proceedings of the 22nd international conference on World Wide Web, 1031-1040, 2013

2022/9/28

Predictive web automation assistant for people with vision impairments

Yury Puzis, Yevgen Borodin, Rami Puzis, IV Ramakrishnan

Proceedings of the 22nd international conference on World Wide Web, 1031-1040, 2013

The Web is far less usable and accessible for people with vision impairments than it is for sighted people. Web automation, a process of automating browsing actions on behalf of the user, has the potential to bridge the divide between the ways sighted and people with vision impairment access the Web; specifically, it can enable the latter to breeze through web browsing tasks that beforehand were slow, hard, or even impossible to accomplish. Typical web automation requires that the user record a macro, a sequence of browsing steps, so that these steps can be automated in the future by replaying the macro. However, for people with vision impairment, automation with macros is not usable.In this paper, we propose a novel model-based approach that facilitates web automation without having to either record or replay macros. Using the past browsing history and the current web page as the browsing context, the …

Link
2022/9/28

Potential-based bounded-cost search and Anytime Non-Parametric A⁎

Roni Stern, Ariel Felner, Jur Van Den Berg, Rami Puzis, Rajat Shah, Ken Goldberg

Artificial Intelligence 214, 1-25, 2014

2022/9/28

Potential-based bounded-cost search and Anytime Non-Parametric A⁎

Roni Stern, Ariel Felner, Jur Van Den Berg, Rami Puzis, Rajat Shah, Ken Goldberg

Artificial Intelligence 214, 1-25, 2014

This paper presents two new search algorithms: Potential Search (PTS) and Anytime Potential Search/Anytime Non-Parametric A⁎(APTS/ANA⁎). Both algorithms are based on a new evaluation function that is easy to implement and does not require user-tuned parameters. PTS is designed to solve bounded-cost search problems, which are problems where the task is to find as fast as possible a solution under a given cost bound. APTS/ANA⁎ is a non-parametric anytime search algorithm discovered independently by two research groups via two very different derivations. In this paper, co-authored by researchers from both groups, we present these derivations: as a sequence of calls to PTS and as a non-parametric greedy variant of Anytime Repairing A⁎. We describe experiments that evaluate the new algorithms in the 15-puzzle, KPP-COM, robot motion planning, gridworld navigation, and multiple sequence …

Link
2022/9/28

Potential search: A bounded-cost search algorithm

Roni Stern, Rami Puzis, Ariel Felner

Proceedings of the International Conference on Automated Planning and …, 2011

2022/9/28

Potential search: A bounded-cost search algorithm

Roni Stern, Rami Puzis, Ariel Felner

Proceedings of the International Conference on Automated Planning and …, 2011

In this paper we address the following search task: find a goal with cost smaller than or equal to a given fixed constant. This task is relevant in scenarios where a fixed budget is available to execute a plan and we would like to find such a plan with minimum search effort. We introduce an algorithm called Potential search (PTS) which is specifically designed to solve this problem. PTS is a best-first search that expands nodes according to the probability that they will be part of a plan whose cost is less than or equal to the given budget. We show that it is possible to implement PTS even without explicitly calculating these probabilities, when a heuristic function and knowledge about the error of this heuristic function are given. In addition, we also show that PTS can be modified to an anytime search algorithm. Experimental results show that PTS outperforms other relevant algorithms in most cases, and is more robust.

Link
2022/9/28

Organization mining using online social networks

Michael Fire, Rami Puzis

Networks and Spatial Economics 16, 545-578, 2016

2022/9/28

Organization mining using online social networks

Michael Fire, Rami Puzis

Networks and Spatial Economics 16, 545-578, 2016

Complementing the formal organizational structure of a business are the informal connections among employees. These relationships help identify knowledge hubs, working groups, and shortcuts through the organizational structure. They carry valuable information on how a company functions de facto. In the past, eliciting the informal social networks within an organization was challenging; today they are reflected by friendship relationships in online social networks. In this paper we analyze several commercial organizations by mining data which their employees have exposed on Facebook, LinkedIn, and other publicly available sources. Using a web crawler designed for this purpose, we extract a network of informal social relationships among employees of targeted organizations. Our results show that it is possible to identify leadership roles within the organization solely by using centrality analysis and …

Link
2022/9/28

Implementing Public-Key Cryptography on Passive RFID Tags is Practical

Avishai Wool

2022/9/28

Implementing Public-Key Cryptography on Passive RFID Tags is Practical

Avishai Wool

Passive RFID tags have long been thought to be too weak to implement public-key cryptography: it is commonly assumed that the power consumption, gate count and computation time of full-strength encryption exceed the capabilities of RFID tags. In this paper we demonstrate that these assumptions are incorrect. We present two low-resource implementations of a 1024-bit Rabin encryption variant called WIPR–in embedded software and in hardware. Our experiments with the software implementation show that the main performance bottleneck of the system is not the encryption time but rather the air interface, and that the reader’s implementation of the EPC Class-1 Generation-2 RFID (C1G2) standard has a crucial effect on the system’s overall performance. Next, using a highly-optimized hardware implementation, we investigate the tradeoffs between speed, area and power consumption to derive a practical working point for a hardware implementation of WIPR. Our recommended implementation has a data path area of 4184 gate equivalents (GEs), an encryption time of 180ms and an average power consumption of 11µW, well within the established operating envelope for passive RFID tags.

Link
2022/9/28

Browser Based Side-Channel Defenses Datasets.

Anatoly Shusterman, Ayush Agrawal, Giorgio Maone, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom

2022/9/28

Browser Based Side-Channel Defenses Datasets.

Anatoly Shusterman, Ayush Agrawal, Giorgio Maone, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom

The” eternal war in cache” has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. We develop a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser-based side-channel attack which is constructed entirely from Cascading Style Sheets (CSS) and HTML, and works even when script execution is completely blocked. We then show that avoiding JavaScript features makes our techniques architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms including Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 architectures. As a final contribution, we evaluate our techniques in hardened browser environments including the Tor browser, DeterFox (Cao et al., CCS 2017), and Chrome Zero (Schwartz et al., NDSS 2018). We confirm that none of these approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken.

Link
2022/9/28

Time, Memory and Accuracy Tradeoffs in Side-Channel Trace Profiling

Hen Hayoon, Yossi Oren

International Symposium on Cyber Security, Cryptology, and Machine Learning …, 2022

2022/9/28

Time, Memory and Accuracy Tradeoffs in Side-Channel Trace Profiling

Hen Hayoon, Yossi Oren

International Symposium on Cyber Security, Cryptology, and Machine Learning …, 2022

Template attacks are one of the most powerful classes of side-channel attacks. Template attacks begin with an offline step, in which the side-channel traces are profiled, and decoders are created for each side-channel leak. In this paper, we analyze the compression step of the trace profiling process. This compression step, which is a central part of the decoder’s training process, is used to reduce the amount of time, memory consumption, and data required to successfully perform the attack; various practical methods have been proposed for this step, including one which uses an efficient means both for selecting the points of interest (POI) in the power trace and for preprocessing noisy data.We investigate ways to improve the efficiency of the attack by implementing several compression methods which select the most informative power consumption samples from power traces. We develop a unique dedicated …

Link
2022/9/28

The Attack Surface of Wet Lab Automation

Naor Dalal, Yossi Oren, Yuval Dorfan, Jonathan Giron, Rami Puzis

Cyberbiosecurity, 279-304, 2023

2022/9/28

The Attack Surface of Wet Lab Automation

Naor Dalal, Yossi Oren, Yuval Dorfan, Jonathan Giron, Rami Puzis

Cyberbiosecurity, 279-304, 2023

Robotic liquid handlers save human effort and are, in many cases, faster and more precise than a human operator. They can be operated and controlled remotely and do not require technical programming skills from their operators. Unfortunately, like many other high-tech products, robotic wet lab automation may have exploitable vulnerabilities and design weaknesses that allow subversion by an adversary. The distributed nature and remote control capabilities of wet lab automation expand its attack surface increasing the opportunities for an attack to interfere with the executed biological protocols, affect medical products, and alter test results. Perimeter defenses are known to be insufficient for proper protection of systems. Security needs to be considered throughout the entire pipeline of wet lab operations, including machinery, local-and cloud-based software, and even biological protocols. In this chapter, we …

Link
2022/9/28

JULIET-PUF: Enhancing the Security of IoT-Based SRAM-PUFs Using the Remanence Decay Effect

Amit Kama, Michael Amar, Snir Gaaton, Kang Wang, Yifan Tu, Yossi Oren

IEEE Internet of Things Journal, 2023

2022/9/28

JULIET-PUF: Enhancing the Security of IoT-Based SRAM-PUFs Using the Remanence Decay Effect

Amit Kama, Michael Amar, Snir Gaaton, Kang Wang, Yifan Tu, Yossi Oren

IEEE Internet of Things Journal, 2023

The cloud-based Internet of Things (IoT) enables the creation of innovative computer applications based on sensing, analyzing, and controlling the physical world. IoT deployments, however, are at a particular risk of counterfeiting, through which an adversary can corrupt the entire ecosystem. Therefore, entity authentication of edge devices is considered an essential part of the security of IoT systems. This research addresses the challenge of generating a unique ID in IoT devices. Unique IDs allow the IoT system maker to identify each edge device, and to ensure that only genuine devices can upload data to the cloud. Traditional ID mechanisms are not feasible in IoT, due to the edge device’s constrained runtime environment, or the additional costs and the deployment difficulties that they introduce. In this work, we present JULIET-PUF, a novel PUF-based method for IoT identification, which relies on SRAM content …

Link
2022/9/28

Characterization and Detection of Cross-Router Covert Channels

Oren Shvartzman, Adar Ovadya, Kfir Zvi, Omer Shwartz, Rom Ogen, Yakov Mallah, Niv Gilboa, Yossi Oren

Computers & Security 127, 103125, 2023

2022/9/28

Characterization and Detection of Cross-Router Covert Channels

Oren Shvartzman, Adar Ovadya, Kfir Zvi, Omer Shwartz, Rom Ogen, Yakov Mallah, Niv Gilboa, Yossi Oren

Computers & Security 127, 103125, 2023

In covert channel attacks, an adversary seeks various means to influence a tangible characteristic of a system, and then makes the systems leak information by measuring this characteristic. Covert channels are, by nature, very elusive. This makes it very difficult to identify them and defend against attacks that use these channels to leak sensitive information. Thus, they are a serious threat to the security of many systems.In this paper, we present two network timing covert channel attacks, and a defense mechanism against them. The purpose of the proposed attacks is to leak sensitive information between two logically separated (or isolated) networks that are hosted by a single router – one that is connected to the Internet, and another that is isolated and contains sensitive information. The attacks build on the fact that the response time of the router for a specific type of packet sent from a device that is connected to it is …

Link
2022/9/28

The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption

Marina Botvinnik, Tomer Laor, Thomas Rokicki, Clémentine Maurice, Yossi Oren

International Conference on Detection of Intrusions and Malware, and …, 2023

2022/9/28

The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption

Marina Botvinnik, Tomer Laor, Thomas Rokicki, Clémentine Maurice, Yossi Oren

International Conference on Detection of Intrusions and Malware, and …, 2023

Power analysis has long been used to tell apart different instructions running on the same machine. In this work, we show that it is also possible to use power consumption to tell apart different machines running the same instructions, even if these machines have entirely identical hardware and software configurations, and even if the power consumption measurements are carried out using low-rate software-based methods. We collected an extended dataset of power consumption traces from 291 desktop and server systems, spanning multiple processor generations and vendors (Intel and AMD). After analyzing them, we discovered that profiling the power consumption of individual assembly instructions makes it possible to create a fingerprinting agent that can identify individual machines with high accuracy. Our classifier approaches its peak accuracy after less than 10 instructions, meaning that the fingerprint can …

Link
2022/9/28

Brief announcement: deriving context for touch events

Moran Azran, Niv Ben Shabat, Tal Shkolnik, Yossi Oren

Cyber Security Cryptography and Machine Learning: Second International …, 2018

2022/9/28

Brief announcement: deriving context for touch events

Moran Azran, Niv Ben Shabat, Tal Shkolnik, Yossi Oren

Cyber Security Cryptography and Machine Learning: Second International …, 2018

To quantify the amount of high-level context information which can be derived by observing only a user’s touchscreen interactions, we performed a user study, in which we recorded 160 touch interaction sessions from users running different applications, and then applied both classical machine learning methods and deep learning methods to the results. Our results show that it is possible to derive higher-level user context information based on touch events alone, validating the efficacy of touch injection attacks.

Link
2022/9/28

Website Fingerprinting-Last Level Cache Contention Traces.

Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltzer, Prateek Mittal, Yossi Oren, Yuval Yarom

2022/9/28

Website Fingerprinting-Last Level Cache Contention Traces.

Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltzer, Prateek Mittal, Yossi Oren, Yuval Yarom

Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user’s computer and the secure network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of sending a small amount of malicious JavaScript code to the target user’s computer. The malicious code mounts a cache side-channel attack, which exploits the effects of contention on the CPU’s cache, to identify other websites being browsed. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. We show that cache website fingerprinting attacks in JavaScript are highly feasible. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last-level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed-world models. We further show that our attack is more resistant than network-based fingerprinting to the effects of response caching, and that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack …

Link
2022/9/28

Can the operator of a drone be located by following the drone’s path?

Eliyahu Mashhadi, Yossi Oren, Gera Weiss

Cyber Security Cryptography and Machine Learning: Fourth International …, 2020

2022/9/28

Can the operator of a drone be located by following the drone’s path?

Eliyahu Mashhadi, Yossi Oren, Gera Weiss

Cyber Security Cryptography and Machine Learning: Fourth International …, 2020

Small commercial Unmanned Aerial Systems (UASs), called drones in common language, pose significant security risks due to their agility, high availability and low price. There is, therefor, a growing need to develop methods for detection, localization and mitigation of malicious and other harmful operation of these drones. This paper presents our work towards autonomously localizing drone operators based only on following their path in the sky. We use a realistic simulation environment and collect the path of the drone when flown from different points of view. A deep neural network was trained to be able to predict the location of drone operators, given the path of the drones. The model is able to achieve prediction of the location of the location of the operator with 73% accuracy.

Link
2022/9/28

Datasets for Cache-based and Network-based Traffic and Application Characterization.

Anatoly Shusterman, Chen Finkelstein, Ofir Gruner, Yarin Shani, Yossi Oren

2022/9/28

Datasets for Cache-based and Network-based Traffic and Application Characterization.

Anatoly Shusterman, Chen Finkelstein, Ofir Gruner, Yarin Shani, Yossi Oren

It is important for network operators to carry out traffic and application characterization to gain insights into the activity of their networks. Several studies proposed methods that extract features from network traffic to characterize it, or to classify the application that produced it, based on a? man in the middle? network interception point that can analyze the entire network traffic of an organization. This network topology, however, is increasingly becoming irrelevant, due to mobile and remote traffic joining the corporate network by passing through VPN channels or relay networks. In this work we propose an edge-oriented lightweight traffic characterization method, based on measuring contention on the last-level CPU cache. In contrast to previous traffic characterization methods, which track network traffic from a central location, our method performs measurements directly on user machines, using an unprivileged JavaScript-based webpage. Our evaluation shows that the accuracy of our cache-based method is equivalent to that of network-based methods, both over VPN and over non-VPN networks.

Link
2022/9/28

Comment on“SRAM-PUF Based Entities Authentication Scheme for Resource-constrained IoT Devices”

Michael Amar, Amit Kama, Kang Wang, Yossi Oren

Cryptology ePrint Archive, 2022

2022/9/28

Comment on“SRAM-PUF Based Entities Authentication Scheme for Resource-constrained IoT Devices”

Michael Amar, Amit Kama, Kang Wang, Yossi Oren

Cryptology ePrint Archive, 2022

The cloud-based Internet of Things (IoT) creates opportunities for more direct integration of the physical world and computer-based systems, allowing advanced applications based on sensing, analyzing and controlling the physical world. IoT deployments, however, are at a particular risk of counterfeiting, through which an adversary can corrupt the entire ecosystem. Therefore, entity authentication of edge devices is considered an essential part of the security of IoT systems. A recent paper of Farha et al. suggested an entity authentication scheme suitable for low-resource IoT edge devices, which relies on SRAM-based physically unclonable functions (PUFs). In this paper we analyze this scheme. We show that, while it claims to offer strong PUF functionality, the scheme creates only a weak PUF: an active attacker can completely read out the secret PUF response of the edge device after a very small amount of queries, converting the scheme into a weak PUF scheme which can then be counterfeited easily. After analyzing the scheme, we propose an alternative construction for an authentication method based on SRAM-PUF which better protects the secret SRAM startup state.

Link
2022/9/28

Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

Mojtaba Zaheri, Yossi Oren, Reza Curtmola

31st USENIX Security Symposium (USENIX Security 22), 1505-1523, 2022

2022/9/28

Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses

Mojtaba Zaheri, Yossi Oren, Reza Curtmola

31st USENIX Security Symposium (USENIX Security 22), 1505-1523, 2022

Targeted deanonymization attacks let a malicious website discover whether a website visitor bears a certain public identifier, such as an email address or a Twitter handle. These attacks were previously considered to rely on several assumptions, limiting their practical impact. In this work, we challenge these assumptions and show the attack surface for deanonymization attacks is drastically larger than previously considered. We achieve this by using the cache side channel for our attack, instead of relying on cross-site leaks. This makes our attack oblivious to recently proposed software-based isolation mechanisms, including cross-origin resource policies (CORP), cross-origin opener policies (COOP) and SameSite cookie attribute. We evaluate our attacks on multiple hardware microarchitectures, multiple operating systems and multiple browser versions, including the highly-secure Tor Browser, and demonstrate practical targeted deanonymization attacks on major sites, including Google, Twitter, LinkedIn, TikTok, Facebook, Instagram and Reddit. Our attack runs in less than 3 seconds in most cases, and can be scaled to target an exponentially large amount of users.

Link
2022/9/28

Toward Usable and Accessible Two-Factor Authentication Based on the Piezo-Gyro Channel

Yossi Oren, Dan Arad

IEEE Access 10, 19551-19557, 2022

2022/9/28

Toward Usable and Accessible Two-Factor Authentication Based on the Piezo-Gyro Channel

Yossi Oren, Dan Arad

IEEE Access 10, 19551-19557, 2022

Two-factor authentication (2FA) is crucial for protecting the security of users authenticating to online servers. Despite its importance, users hesitate to use 2FA, due to usability issues. In this report we present a prototype implementation of PiGy, a novel system which improves the usability of existing methods, without compromising on security and compatibility. In PiGy, a one time password is automatically passed from the external token to a smartphone by selectively applying an acoustic stimulus to the phone’s microelectromechanical (MEMS) gyroscope, using a piezoelectric transducer. This scheme is much easier to use, requires no additional hardware support on modern phones, and is fully compliant with the time-based one time password (TOTP) standard. We implement a proof of concept of PiGy, and perform both a functional test and a user study to evaluate it. Through our evaluation we show that this …

Link
2022/9/28

Israeli e-voting RFID card zapper. Online, April 11 2010

Yossef Oren, Avishai Wool

2022/9/28

Israeli e-voting RFID card zapper. Online, April 11 2010

Yossef Oren, Avishai Wool

Link
2022/9/28

Template TASCA pseudo-boolean instances. Online, 2012

Yossef Oren, Avishai Wool

2022/9/28

Template TASCA pseudo-boolean instances. Online, 2012

Yossef Oren, Avishai Wool

Link
2022/9/28

TASCA-on-keeloq pseudo-boolean instances. Online, 2010

Yossef Oren, Avishai Wool

2022/9/28

TASCA-on-keeloq pseudo-boolean instances. Online, 2010

Yossef Oren, Avishai Wool

Link
2022/9/28

a. A.(2010). RFID-Based Electronic Voting: What Could Possibly Go Wrong

Yossef Oren

RFID, 2010 IEEE International Conference, 118-125, 0

2022/9/28

a. A.(2010). RFID-Based Electronic Voting: What Could Possibly Go Wrong

Yossef Oren

RFID, 2010 IEEE International Conference, 118-125, 0

Link
2022/9/28

Secure hardware-physical attacks and countermeasures

Yossef Oren

University of Tel-Aviv, 2013

2022/9/28

Secure hardware-physical attacks and countermeasures

Yossef Oren

University of Tel-Aviv, 2013

Cryptographic theory is a mature and advanced field which offers theoretical solutions to many practical problems such as encrypting secure data, signing messages to ensure their authenticity and even allowing reliable and anonymous voting. Theory in itself, however, is not enough–any cryptographic functionality must be implemented in the real world before it can be put to practical use. This implementation typically takes the form of either a software implementation for a general-purpose device such as a personal computer, or as a dedicated secure hardware device, whose main purpose is to embody the cryptographic functionality. Examples of such secure hardware devices include smart cards, car alarm key fobs and computerized ballots. One special class of secure hardware device which has recently gained interest are secure RFID tags–a family of low-cost and low-power ubiquitous computers used for security applications such as access control, anti-counterfeiting and even voting.To evaluate the security of a cryptographic system, researchers look for flaws which allow an attacker to break the security assumptions of the system (for example, allowing an unauthorized party to view or modify a message intended for someone else). Cryptanalytic attacks focus on the theoretical and algorithmic aspects of the system, while physical attacks (also called implementation attacks) compromise the system by taking advantage of the physical aspects of the algorithm’s implementation. Some physical attacks (such as, for example, power analysis) recover the secret key used by the secure device by analyzing physical effects produced during its use …

Link
2022/9/28

Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization

Anatoly Shusterman, Chen Finkelstein, Ofir Gruner, Yarin Shani, Yossi Oren

Computer Networks 200, 108550, 2021

2022/9/28

Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization

Anatoly Shusterman, Chen Finkelstein, Ofir Gruner, Yarin Shani, Yossi Oren

Computer Networks 200, 108550, 2021

It is important for network operators to carry out traffic and application characterization to gain insights into the activity of their networks. Several studies proposed methods that extract features from network traffic to characterize it, or to classify the application that produced it, based on a “man in the middle” network interception point that can analyze the entire network traffic of an organization. This network topology, however, is increasingly becoming irrelevant, due to mobile and remote traffic joining the corporate network by passing through VPN channels or relay networks.In this work we propose an edge-oriented lightweight traffic characterization method, based on measuring contention on the last-level CPU cache. In contrast to previous traffic characterization methods, which track network traffic from a central location, our method performs measurements directly on user machines, using an unprivileged …

Link
2022/9/28

Power analysis of RFID tags. Invited talk, RSA Conference, Cryptographer’s Track (RSA-CT 2006)

Yossef Oren, Adi Shamir

2022/9/28

Power analysis of RFID tags. Invited talk, RSA Conference, Cryptographer’s Track (RSA-CT 2006)

Yossef Oren, Adi Shamir

Link
2022/9/28

Perfect privacy for webmail with secret sharing

Yossef Oren, Avishai Wool

Technical report, Feb. 2009. http://www. eng. tau. ac. il/yash/OrenWool …, 2009

2022/9/28

Perfect privacy for webmail with secret sharing

Yossef Oren, Avishai Wool

Technical report, Feb. 2009. http://www. eng. tau. ac. il/yash/OrenWool …, 2009

With the many advantages of web-based mail comes a very serious privacy flaw–all messages are stored in a single central location on the webmail operator’s data center. This fact makes these data centers a natural interception point for various undesirable parties, severely risking the privacy of individual webmail users. We propose a novel and unique way to solve this problem and protect the privacy of messages exchanged by webmail users, based on the cryptographic principle of secret sharing. Briefly put, each message is split into two shares and these shares are sent through two different webmail providers, preferably hosted in two mutually distrustful countries. While the legitimate recipient can retrieve and combine all shares of the message, a malicious party with access to only a single data center will not be able to extract any meaningful information about the message. Our scheme has a major usability advantage when compared to conventional public-key cryptography on webmail–secret sharing requires no key generation, certification or storage, and its underlying principles can be easily explained to the layman. This lets our scheme require very little in the way of user configuration or education. In addition, since our scheme does not rely on secret cryptographic keys or locally installed software, it can be used simply and easily from anywhere, a usage model consonant with the character of webmail systems. We present our scheme both in theory and as a working downloadable tool. We also discuss how to stay compatible with law enforcement and how to cope with potentially hostile webmail operators, presenting an efficient …

Link
2022/9/28

HammerScope: Observing DRAM Power Consumption Using Rowhammer

Yaakov Cohen, Kevin Sam Tharayil, Arie Haenel, Daniel Genkin, Angelos D Keromytis, Yossi Oren, Yuval Yarom

2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022), 2022

2022/9/28

HammerScope: Observing DRAM Power Consumption Using Rowhammer

Yaakov Cohen, Kevin Sam Tharayil, Arie Haenel, Daniel Genkin, Angelos D Keromytis, Yossi Oren, Yuval Yarom

2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022), 2022

The constant reduction in memory cell sizes has increased memory density and reduced power consumption, but has also affected its reliability. The Rowhammer attack exploits this reduced reliability to induce bit flips in memory, without directly accessing these bits. Most Rowhammer attacks target software integrity, but some recent attacks demonstrated its use for compromising confidentiality. Continuing this trend, in this paper we observe that the rh attack strongly correlates with the memory instantaneous power consumption. We exploit this observation to design HammerScope, a Rowhammer-based attack technique for measuring the power consumption of the memory unit. Because the power consumption correlates with the level of activity of the memory, hs allows an attacker to infer memory activity. To demonstrate the offensive capabilities of HammerScope, we use it to mount three information leakage …

Link
2022/9/28

Port contention goes portable: Port contention side channels in web browsers

Thomas Rokicki, Clémentine Maurice, Marina Botvinnik, Yossi Oren

Proceedings of the 2022 ACM on Asia Conference on Computer and …, 2022

2022/9/28

Port contention goes portable: Port contention side channels in web browsers

Thomas Rokicki, Clémentine Maurice, Marina Botvinnik, Yossi Oren

Proceedings of the 2022 ACM on Asia Conference on Computer and …, 2022

Microarchitectural side-channel attacks can derive secrets from the execution of vulnerable programs. Their implementation in web browsers represents a considerable extension of their attack surface, as a user simply browsing a malicious website, or even a malicious third-party advertisement in a benign cross-origin isolated website, can be a victim.In this paper, we present the first port contention side channel running entirely in a web browser, despite a highly challenging environment. Our attack can be used to build a cross-browser covert channel with a bit rate of 200bps, one order of magnitude above the state of the art, and has a spatial resolution of 1024 native instructions in a side-channel attack, a performance on-par with Prime+Probe attacks. We provide a framework to evaluate the port contention caused by WebAssembly instructions on Intel processors, allowing to increase the portability of port …

Link
2022/9/28

Sensorless, Permissionless Information Exfiltration with {Wi-Fi}{Micro-Jamming}

Rom Ogen, Kfir Zvi, Omer Shwartz, Yossi Oren

12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018

2022/9/28

Sensorless, Permissionless Information Exfiltration with {Wi-Fi}{Micro-Jamming}

Rom Ogen, Kfir Zvi, Omer Shwartz, Yossi Oren

12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018

Listening devices, tracking devices, and other covert implants have to send any data they collect to a central command and control (C&C) server. This task can be difficult, since implants typically have a restricted power budget and cannot connect directly to the Internet. Several works have attempted to exfiltrate data in this setting by taking advantage of a nearby networked device, such as a computer or a mobile phone. To achieve this, the implant uses a covert channel to send the data to the networked device, that performs the exfiltration. Several constructions have been proposed for this covert channel between implant and target device, using sensors such as the microphone, magnetometer and gyroscope. In this work, we implement this covert channel using Wi-Fi micro-jamming, a new approach to jamming the 802.11 Wi-Fi protocol in a low-power, minimally intrusive manner. Our construction, which extends the work of Shah and Blaze from WOOT’09, does not attempt to overwhelm the Wi-Fi channel with a high-power transmission, but instead takes advantage of the high sensitivity of the 802.11 protocol’s Clear Channel Assessment (CCA) mechanism to introduce very brief delays to the channel. A JavaScript program, which can be embedded in an attacker-controlled website or online advertisement, is then used to measure these delays and upload them to the C&C server. Our channel works at a distance of over 15 meters between implant and target device, achieves a bit rate of 40 bits per second with minimal errors, and has a very low power requirement. We even show how the implant can be made completely passive by replacing the …

Link
2022/9/28

Attacking the internet using broadcast digital television

Yossef Oren, Angelos D Keromytis

ACM Transactions on Information and System Security (TISSEC) 17 (4), 1-27, 2015

2022/9/28

Attacking the internet using broadcast digital television

Yossef Oren, Angelos D Keromytis

ACM Transactions on Information and System Security (TISSEC) 17 (4), 1-27, 2015

In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content that is rendered by the television. This system is already in very wide deployment in Europe and has recently been adopted as part of the American digital television standard. Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely. This enables a large-scale exploitation technique with a localized geographical footprint based on Radio Frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect. In this article, we present the attack methodology and a number of follow-on …

Link
2022/9/28

From Smashed Screens to Smashed Stacks: Attacking Mobile Phones Using Malicious Aftermarket Parts

Omer Shwartz, Guy Shitrit, Asaf Shabtai, Yossi Oren

Workshop on Security for Embedded and Mobile Systems (SEMS), 2017

2022/9/28

From Smashed Screens to Smashed Stacks: Attacking Mobile Phones Using Malicious Aftermarket Parts

Omer Shwartz, Guy Shitrit, Asaf Shabtai, Yossi Oren

Workshop on Security for Embedded and Mobile Systems (SEMS), 2017

In this preliminary study we present the first practical attack on a modern smartphone which is mounted through a malicious after market replacement part (specifically, a replacement touchscreen). Our attack exploits the lax security checks on the packets traveling between the touch screen’s embedded controller and the phone’s main CPU, and isable to achieve kernel-level code execution privileges on modern Android phones protected by SELinux. This attack is memory independent and survives data wipes and factory resets. We evaluate two phones from major vendors and present a proof-of-concept attack in actual hardware on one phone and an emulation level attack on the other. Through a semi-automated source code review of 26 recent Android phones from 8 different vendors, we believe that ourattack vector can be applied to many other phones, and that it is very difficult to protect against. Similar attacks …

Link
2022/9/28

Practical, low-cost fault injection attacks on personal smart devices

Shaked Delarea, Yossi Oren

Applied Sciences 12 (1), 417, 2022

2022/9/28

Practical, low-cost fault injection attacks on personal smart devices

Shaked Delarea, Yossi Oren

Applied Sciences 12 (1), 417, 2022

Fault attacks are traditionally considered under a threat model that assumes the device under test is in the possession of the attacker. We propose a variation on this model. In our model, the attacker integrates a fault injection circuit into a malicious field-replaceable unit, or FRU, which is later placed by the victim in close proximity to their own device. Examples of devices which incorporate FRUs include interface cards in routers, touch screens and sensor assemblies in mobile phones, ink cartridges in printers, batteries in health sensors, and so on. FRUs are often installed by after-market repair technicians without properly verifying their authenticity, and previous works have shown they can be used as vectors for various attacks on the privacy and integrity of smart devices. We design and implement a low-cost fault injection circuit suitable for placement inside a malicious FRU, and show how it can be used to practically extract secrets from a privileged system process through a combined hardware-software approach, even if the attacker software application only has user-level permissions. Our prototype produces highly effective and repeatable attacks, despite its cost being several orders of magnitude less than that of commonly used fault injection analysis lab setups. This threat model allows fault attacks to be carried out remotely, even if the device under test is in the hands of the victim. Considered together with recent advances in software-only fault attacks, we argue that resistance to fault attacks should be built into additional classes of devices.

Link
2022/9/28

{Cross-Router} Covert Channels

Adar Ovadia, Rom Ogen, Yakov Mallah, Niv Gilboa, Yossi Oren

13th USENIX Workshop on Offensive Technologies (WOOT 19), 2019

2022/9/28

{Cross-Router} Covert Channels

Adar Ovadia, Rom Ogen, Yakov Mallah, Niv Gilboa, Yossi Oren

13th USENIX Workshop on Offensive Technologies (WOOT 19), 2019

Many organizations protect secure networked devices from non-secure networked devices by assigning each class of devices to a different logical network. These two logical networks, commonly called the host network and the guest network, use the same router hardware, which is designed to isolate the two networks in software.

Link
2022/9/28

Side-channel cryptographic attacks using pseudo-boolean optimization

Yossef Oren, Avishai Wool

Constraints 21 (4), 616-645, 2016

2022/9/28

Side-channel cryptographic attacks using pseudo-boolean optimization

Yossef Oren, Avishai Wool

Constraints 21 (4), 616-645, 2016

Symmetric block ciphers, such as the Advanced Encryption Standard (AES), are deterministic algorithms which transform plaintexts to ciphertexts using a secret key. These ciphers are designed such that it is computationally very difficult to recover the secret key if only pairs of plaintexts and ciphertexts are provided to the attacker. Constraint solvers have recently been suggested as a way of recovering the secret keys of symmetric block ciphers. To carry out such an attack, the attacker provides the solver with a set of equations describing the mathematical relationship between a known plaintext and a known ciphertext, and then attempts to solve for the unknown secret key. This approach is known to be intractable against AES unless side-channel data – information leaked from the cryptographic device due to its internal physical structure – is introduced into the equation set. A significant challenge in writing …

Link
2022/9/28

How not to protect PCs from power analysis, 2006

Yossi Oren, Adi Shamir

CRYPTO rump session. URL: http://iss. oy. ne. ro …, 2006

2022/9/28

How not to protect PCs from power analysis, 2006

Yossi Oren, Adi Shamir

CRYPTO rump session. URL: http://iss. oy. ne. ro …, 2006

Link
2022/9/28

RFID jamming and attacks on Israeli e-voting

Yossef Oren, Dvir Schirman, Avishai Wool

Smart SysTech 2012; European Conference on Smart Objects, Systems and …, 2012

2022/9/28

RFID jamming and attacks on Israeli e-voting

Yossef Oren, Dvir Schirman, Avishai Wool

Smart SysTech 2012; European Conference on Smart Objects, Systems and …, 2012

The next generation of Israeli elections is proposed to run on an e-voting system which uses near-field RFID tags instead of plain paper ballots. In 2010 we investigated the system and identified several potential attacks which can be launched against the proposed system. In this work we report on the actual implementation of two of these attacks-zapping and jamming. These attacks have a critical effect on the security of the proposed system.

Link
2022/9/28

Range extension attacks on contactless smart cards

Yossef Oren, Dvir Schirman, Avishai Wool

Computer Security–ESORICS 2013: 18th European Symposium on Research in …, 2013

2022/9/28

Range extension attacks on contactless smart cards

Yossef Oren, Dvir Schirman, Avishai Wool

Computer Security–ESORICS 2013: 18th European Symposium on Research in …, 2013

The security of many near-field RFID systems such as credit cards, access control, e-passports, and e-voting, relies on the assumption that the tag holder is in close proximity to the reader. This assumption should be reasonable due to the fact that the nominal operation range of the RFID tag is only few centimeters. In this work we demonstrate a range extension setup which breaks this proximity assumption. Our system allows full communications with a near-field RFID reader from a range of 115cm – two orders of magnitude greater than nominal range – and uses power that can be supplied by a car battery. The added flexibility offered to an attacker by this range extension significantly improves the effectiveness and practicality of relay attacks on real-world systems.

Link
2022/9/28

Cyber security threats in the microbial genomics era: implications for public health

Iliya Fayans, Yair Motro, Lior Rokach, Yossi Oren, Jacob Moran-Gilad

Eurosurveillance 25 (6), 1900574, 2020

2022/9/28

Cyber security threats in the microbial genomics era: implications for public health

Iliya Fayans, Yair Motro, Lior Rokach, Yossi Oren, Jacob Moran-Gilad

Eurosurveillance 25 (6), 1900574, 2020

Next generation sequencing (NGS) is becoming the new gold standard in public health microbiology. Like any disruptive technology, its growing popularity inevitably attracts cyber security actors, for whom the health sector is attractive because it combines mission-critical infrastructure and high-value data with cybersecurity vulnerabilities. In this Perspective, we explore cyber security aspects of microbial NGS. We discuss the motivations and objectives for such attack, its feasibility and implications, and highlight policy considerations aimed at threat mitigation. Particular focus is placed on the attack vectors, where the entire process of NGS, from sample to result, could be vulnerable, and a risk assessment based on probability and impact for representative attack vectors is presented. Cyber attacks on microbial NGS could result in loss of confidentiality (leakage of personal or institutional data), integrity (misdetection of …

Link
2022/9/28

Practical template-algebraic side channel attacks with extremely low data complexity

Yossef Oren, Ofir Weisse, Avishai Wool

Proceedings of the 2nd International Workshop on Hardware and Architectural …, 2013

2022/9/28

Practical template-algebraic side channel attacks with extremely low data complexity

Yossef Oren, Ofir Weisse, Avishai Wool

Proceedings of the 2nd International Workshop on Hardware and Architectural …, 2013

Template-based Tolerant Algebraic Side Channel Attacks (Template-TASCA) were suggested in [20] as a way of reducing the high data complexity of template attacks by coupling them with algebraic side-channel attacks. In contrast to the maximum-likelihood method used in a standard template attack, the template-algebraic attack method uses a constraint solver to find the optimal state correlated to the measured side-channel leakage. In this work we present the first application of the template-algebraic key recovery attack to a publicly available data set (IAIK WS2). We show how our attack can successfully recover the encryption key even when the attacker has extremely limited access to the device under test — only 200 traces in the offline phase and as little as a single trace in the online phase.

Link
2022/9/28

Sensor defense in-software (SDI): Practical software based detection of spoofing attacks on position sensors

Kevin Sam Tharayil, Benyamin Farshteindiker, Shaked Eyal, Nir Hasidim, Roy Hershkovitz, Shani Houri, Ilia Yoffe, Michal Oren, Yossi Oren

Engineering Applications of Artificial Intelligence 95, 103904, 2020

2022/9/28

Sensor defense in-software (SDI): Practical software based detection of spoofing attacks on position sensors

Kevin Sam Tharayil, Benyamin Farshteindiker, Shaked Eyal, Nir Hasidim, Roy Hershkovitz, Shani Houri, Ilia Yoffe, Michal Oren, Yossi Oren

Engineering Applications of Artificial Intelligence 95, 103904, 2020

Position sensors, such as the gyroscope, the magnetometer and the accelerometer, are found in a staggering variety of devices, from smartphones and UAVs to autonomous robots. Several works have shown how adversaries can mount spoofing attacks to remotely corrupt or even completely control the outputs of these sensors. With more and more critical applications relying on sensor readings to make important decisions, defending sensors from these attacks is of prime importance.In this work we present practical software based defenses against attacks on two common types of position sensors, specifically the gyroscope and the magnetometer. We first characterize the sensitivity of these sensors to acoustic and magnetic adversaries. Next, we present two software-only defenses: a machine learning-based single sensor defense, and a sensor fusion defense which makes use of the mathematical relationship …

Link
2022/9/28

A new framework for constraint-based probabilistic template side channel attacks

Yossef Oren, Ofir Weisse, Avishai Wool

Cryptographic Hardware and Embedded Systems–CHES 2014: 16th International …, 2014

2022/9/28

A new framework for constraint-based probabilistic template side channel attacks

Yossef Oren, Ofir Weisse, Avishai Wool

Cryptographic Hardware and Embedded Systems–CHES 2014: 16th International …, 2014

The use of constraint solvers, such as SAT- or Pseudo-Boolean-solvers, allows the extraction of the secret key from one or two side-channel traces. However, to use such a solver the cipher must be represented at bit-level. For byte-oriented ciphers this produces very large and unwieldy instances, leading to unpredictable, and often very long, run times. In this paper we describe a specialized byte-oriented constraint solver for side channel cryptanalysis. The user only needs to supply code snippets for the native operations of the cipher, arranged in a flow graph that models the dependence between the side channel leaks. Our framework uses a soft decision mechanism which overcomes realistic measurement noise and decoder classification errors, through a novel method for reconciling multiple probability distributions. On the DPA v4 contest dataset our framework is able to extract the correct key from one …

Link
2022/9/28

RFID-based electronic voting: What could possibly go wrong?

Yossef Oren, Avishai Wool

2010 IEEE International Conference on RFID (IEEE RFID 2010), 118-125, 2010

2022/9/28

RFID-based electronic voting: What could possibly go wrong?

Yossef Oren, Avishai Wool

2010 IEEE International Conference on RFID (IEEE RFID 2010), 118-125, 2010

When Israel’s Ministry of Internal Affairs decided to move to electronic voting, it chose to replace the traditional paper ballot with secure contactless smartcards. The system was designed around HF RFID technology to make voting stations easier to use and less prone to mechanical faults. However, in doing so the system was exposed to a powerful class of hardware-based attacks called relay attacks, which can extend the interrogation range of HF RFID tags far beyond the nominal range of 5 centimetres. We show how a low-budget adversary armed with a relay device can read out all votes already cast into the ballot box, suppress the votes of one or several voters, rewrite votes at will and even completely disqualify all votes in a single voting station. Our attacks are easy to mount, very difficult to detect, and compromise both the confidentiality and the integrity of the election system.

Link
2022/9/28

A secure supply-chain RFID system that respects your privacy

Alex Arbit, Yossef Oren, Avishai Wool

Pervasive Computing, IEEE 13 (2), 52-60, 2014

2022/9/28

A secure supply-chain RFID system that respects your privacy

Alex Arbit, Yossef Oren, Avishai Wool

Pervasive Computing, IEEE 13 (2), 52-60, 2014

Supply-chain RFID systems introduce significant privacy issues to consumers, making it necessary to encrypt communications. Because the resources available on tags are very small, it is generally assumed that only symmetric-key cryptography can be used in such systems. Unfortunately, symmetric-key cryptography imposes negative trust issues between the various stake-holders, and risks compromising the security of the whole system if even a single tag is reverse engineered. This work presents a working prototype implementation of a secure RFID system which uses public-key cryptography to simplify deployment, reduce trust issues between the supply-chain owner and tag manufacturer, and protect user privacy. The authors’ prototype system consists of a UHF tag running custom firmware, a standard off-the-shelf reader and custom point-of-sale terminal software. No modifications were made to the reader or …

Link
2022/9/28

DRAWNAPART: A Device Identification Technique based on Remote GPU Fingerprinting

Tomer Laor, Naif Mehanna, Antonin Durey, Vitaly Dyadyuk, Pierre Laperdrix, Clémentine Maurice, Yossi Oren, Romain Rouvoy, Walter Rudametkin, Yuval Yarom

29th Annual Network and Distributed System Security Symposium (NDSS 2022), 2022

2022/9/28

DRAWNAPART: A Device Identification Technique based on Remote GPU Fingerprinting

Tomer Laor, Naif Mehanna, Antonin Durey, Vitaly Dyadyuk, Pierre Laperdrix, Clémentine Maurice, Yossi Oren, Romain Rouvoy, Walter Rudametkin, Yuval Yarom

29th Annual Network and Distributed System Security Symposium (NDSS 2022), 2022

Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users’ browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods. Our technique, which we call DrawnApart, is a new GPU fingerprinting technique that identifies a device based on the unique properties of its GPU stack. Specifically, we show that variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript. We investigate the accuracy of DrawnApart under two scenarios. In the first scenario, our controlled experiments confirm that the technique is effective in distinguishing devices with similar hardware and software configurations, even when they are considered identical by current state-of-the-art fingerprinting algorithms. In the second scenario, we integrate a one-shot learning version of our technique into a state-of-the-art browser fingerprint tracking algorithm. We verify our technique through a large-scale experiment involving data collected from over 2,500 crowd-sourced devices over a period of several months and show it provides a boost of up to 67% to the median tracking duration, compared to the state-of-the-art method. DrawnApart makes two contributions to the state of the art in browser fingerprinting. On the conceptual front, it is the first work that explores the manufacturing differences between …

Link
2022/9/28

Tolerant Algebraic Side-Channel Analysis of AES

Yossef Oren, Avishai Wool

IACR Cryptology ePrint Archive 2012 (92), 2012

2022/9/28

Tolerant Algebraic Side-Channel Analysis of AES

Yossef Oren, Avishai Wool

IACR Cryptology ePrint Archive 2012 (92), 2012

We report on a Tolerant Algebraic Side-Channel Analysis (TASCA) attack on an AES implementation, using an optimizing pseudo-Boolean solver to recover the secret key from a vector of Hamming weights corresponding to a single encryption. We first develop a boundary on the maximum error rate that can be tolerated as a function of the set size output by the decoder and the number of measurements. Then, we show that the TASCA approach is capable of recovering the secret key from errored traces in a reasonable time for error rates approaching this theoretical boundary–specifically, the key was recovered in 10 hours on average from 100 measurements with error rates of up to 20%. We discovered that, perhaps counter-intuitively, there are strong incentives for the attacker to use as few leaks as possible to recover the key. We describe the equation setup, the experiment setup and discuss the results.

Link
2022/9/28

Website fingerprinting through the cache occupancy channel and its real world practicality

Anatoly Shusterman, Zohar Avraham, Eliezer Croitoru, Yarden Haskal, Lachlan Kang, Dvir Levi, Yosef Meltser, Prateek Mittal, Yossi Oren, Yuval Yarom

IEEE Transactions on Dependable and Secure Computing 18 (5), 2042-2060, 2020

2022/9/28

Website fingerprinting through the cache occupancy channel and its real world practicality

Anatoly Shusterman, Zohar Avraham, Eliezer Croitoru, Yarden Haskal, Lachlan Kang, Dvir Levi, Yosef Meltser, Prateek Mittal, Yossi Oren, Yuval Yarom

IEEE Transactions on Dependable and Secure Computing 18 (5), 2042-2060, 2020

Website fingerprinting attacks use statistical analysis on network traffic to compromise user privacy. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who observes traffic traveling between the user’s computer and the network. In this article we investigate a different attack model, in which the adversary sends JavaScript code to the target user’s computer. This code mounts a cache side-channel attack to identify other websites being browsed. Using machine learning techniques to classify traces of cache activity, we achieve high classification accuracy in both the open-world and the closed-world models. Our attack is more resistant than network-based fingerprinting to the effects of response caching, and resilient both to network-based defenses and to side-channel countermeasures. We carry out a real-world evaluation of several aspects of our attack …

Link
2022/9/28

Toward practical public key anti-counterfeiting for low-cost EPC tags

Alex Arbit, Yossef Oren, Avishai Wool

2011 IEEE International Conference on RFID, 184-191, 2011

2022/9/28

Toward practical public key anti-counterfeiting for low-cost EPC tags

Alex Arbit, Yossef Oren, Avishai Wool

2011 IEEE International Conference on RFID, 184-191, 2011

In this work we report on a practical design, and a working prototype implementation, of a public-key anti-counterfeiting system based on the Electronic Product Code (EPC) standard for supply chain RFID tags. The use of public-key cryptography simplifies deployment, reduces trust issues between the tag integrator and tag manufacturer, eliminates the need for on-line checks by a central authority, and protects user privacy. Contrary to earlier claims of impracticality, we demonstrate that EPC tags are capable of performing full-strength public-key encryption. The crucial element in our system is WIPR, a recently-proposed variant of the well known Rabin encryption scheme, that enjoys a remarkably low resource footprint (less than 4700 gate equivalents for a complete ASIC implementation) – for a full-strength 1024-bit encryption. Our prototype system consists of an ultra-high frequency (UHF) tag running custom …

Link
2022/9/28

WIPR — a public key implementation on two grains of sand

Yossef Oren, Martin Feldhofer

Conference on RFID Security, Budapest, Hungary, 2008

2022/9/28

WIPR — a public key implementation on two grains of sand

Yossef Oren, Martin Feldhofer

Conference on RFID Security, Budapest, Hungary, 2008

2022/9/28

How to Phone Home with Someone Else’s Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors

Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz, Yossi Oren

10th USENIX Workshop on Offensive Technologies (WOOT 16), 2016

2022/9/28

How to Phone Home with Someone Else’s Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors

Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz, Yossi Oren

10th USENIX Workshop on Offensive Technologies (WOOT 16), 2016

We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.

Link
2022/9/28

Attacks on RFID-Based Electronic Voting Systems.

Yossef Oren, Avishai Wool

IACR Cryptology ePrint Archive 2009 (422), 2009

2022/9/28

Attacks on RFID-Based Electronic Voting Systems.

Yossef Oren, Avishai Wool

IACR Cryptology ePrint Archive 2009 (422), 2009

Many secure systems, such as contactless credit cards and secure entrance systems, are built with contactless smart-card RFID technologies. In many cases these systems are claimed to be secure based on the assumption that readers and tags need to be in close proximity (about 5cm) in order to communicate. However, it is known that this proximity assumption is false: Relay attacks are a class of hardware-based attacks which compromise the safety of such systems by dramatically extending the interrogation range of the contactless system. Interestingly, the proposed Israeli e-voting scheme is based on contactless smartcards. In this work we show how the proposed system can be completely compromised using low-cost relay attacks. Our attacks allow an adversary to read out all votes already cast into the ballot box, supress the votes of one or several voters, rewrite votes at will and even completely disqualify all votes in a single voting station. Our attacks are easy to mount, very difficult to detect, and compromise both the confidentiality and the integrity of the election system.

Link
2022/9/28

{Prime+ Probe} 1,{JavaScript} 0: Overcoming Browser-based {Side-Channel} Defenses

Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom

30th USENIX Security Symposium (USENIX Security 21), 2863-2880, 2021

2022/9/28

{Prime+ Probe} 1,{JavaScript} 0: Overcoming Browser-based {Side-Channel} Defenses

Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom

30th USENIX Security Symposium (USENIX Security 21), 2863-2880, 2021

The” eternal war in cache” has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks.

Link
2022/9/28

The Spy in the Sandbox–Practical Cache Attacks in Javascript

Yossef Oren, Vasileios P Kemerlis, Simha Sethumadhavan, Angelos D Keromytis

arXiv preprint arXiv:1502.07373, 2015

2022/9/28

The Spy in the Sandbox–Practical Cache Attacks in Javascript

Yossef Oren, Vasileios P Kemerlis, Simha Sethumadhavan, Angelos D Keromytis

arXiv preprint arXiv:1502.07373, 2015

We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim’s machine — to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today’s web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al., allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on other benign uses of the web browser and of the computer.

Link
2022/9/28

Algebraic side-channel attacks beyond the hamming weight leakage model

Yossef Oren, Mathieu Renauld, François-Xavier St, aert, Avishai Wool

Cryptographic Hardware and Embedded Systems–CHES 2012: 14th International …, 2012

2022/9/28

Algebraic side-channel attacks beyond the hamming weight leakage model

Yossef Oren, Mathieu Renauld, François-Xavier St, aert, Avishai Wool

Cryptographic Hardware and Embedded Systems–CHES 2012: 14th International …, 2012

Algebraic side-channel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity. In an ASCA, the side-channel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key which satisfies these equations. A primary limitation of the ASCA method is the way it tolerates errors. If the correct key is excluded from the system of equations due to noise in the measurements, the attack will fail. On the other hand, if the DUT is described in a more robust manner to better tolerate errors, the loss of information may make computation time intractable. In this paper, we first show how this robustness-information tradeoff can be simplified by using an optimizer, which exploits the probability data output by a side-channel decoder, instead of a standard SAT solver. For this purpose, we describe a way of …

Link
2022/9/28

Implementing public-key cryptography on passive RFID tags is practical

Alex Arbit, Yoel Livne, Yossef Oren, Avishai Wool

International Journal of Information Security 14 (1), 85-99, 2015

2022/9/28

Implementing public-key cryptography on passive RFID tags is practical

Alex Arbit, Yoel Livne, Yossef Oren, Avishai Wool

International Journal of Information Security 14 (1), 85-99, 2015

Passive radio-frequency identification (RFID) tags have long been thought to be too weak to implement public-key cryptography: It is commonly assumed that the power consumption, gate count and computation time of full-strength encryption exceed the capabilities of RFID tags. In this paper, we demonstrate that these assumptions are incorrect. We present two low-resource implementations of a 1,024-bit Rabin encryption variant called WIPR—in embedded software and in hardware. Our experiments with the software implementation show that the main performance bottleneck of the system is not the encryption time but rather the air interface and that the reader’s implementation of the electronic product code Class-1 Generation-2 RFID standard has a crucial effect on the system’s overall performance. Next, using a highly optimized hardware implementation, we investigate the trade-offs between speed, area …

Link
2022/9/28

From the Aether to the {Ethernet—Attacking} the Internet using Broadcast Digital Television

Yossef Oren, Angelos D Keromytis

23rd USENIX Security Symposium (USENIX Security 14), 353-368, 2014

2022/9/28

From the Aether to the {Ethernet—Attacking} the Internet using Broadcast Digital Television

Yossef Oren, Angelos D Keromytis

23rd USENIX Security Symposium (USENIX Security 14), 353-368, 2014

In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard.

Link
2022/9/28

On the effectiveness of the remanence decay side-channel to clone memory-based PUFs

Yossef Oren, Ahmad-Reza Sadeghi, Christian Wachsmann

Cryptographic Hardware and Embedded Systems-CHES 2013: 15th International …, 2013

2022/9/28

On the effectiveness of the remanence decay side-channel to clone memory-based PUFs

Yossef Oren, Ahmad-Reza Sadeghi, Christian Wachsmann

Cryptographic Hardware and Embedded Systems-CHES 2013: 15th International …, 2013

We present a side-channel attack based on remanence decay in volatile memory and show how it can be exploited effectively to launch a non-invasive cloning attack against SRAM PUFs — an important class of PUFs typically proposed as lightweight security primitive with low overhead by using the existing memory of the underlying device. We validate our approach against two SRAM PUF implementations in 65 nm CMOS ASICs. We discuss countermeasures against our attack and propose the constructive use of remanence decay to improve the cloning-resistance of SRAM PUFs.Moreover, as a further contribution of independent interest, we show how to use our evaluation results to significantly improve the performance of the recently proposed TARDIS scheme, which is based on remanence decay in SRAM and used as a time-keeping mechanism for low-power clock-less devices.

Link
2022/9/28

Remanence decay side-channel: The PUF case

Shaza Zeitouni, Yossef Oren, Christian Wachsmann, Patrick Koeberl, Ahmad-Reza Sadeghi

IEEE Transactions on Information Forensics and Security 11 (6), 1106-1116, 2015

2022/9/28

Remanence decay side-channel: The PUF case

Shaza Zeitouni, Yossef Oren, Christian Wachsmann, Patrick Koeberl, Ahmad-Reza Sadeghi

IEEE Transactions on Information Forensics and Security 11 (6), 1106-1116, 2015

We present a side-channel attack based on remanence decay in volatile memory and show how it can be exploited effectively to launch a noninvasive cloning attack against SRAM physically unclonable functions (PUFs) – an important class of PUFs typically proposed as lightweight security primitives, which use existing memory on the underlying device. We validate our approach using SRAM PUFs instantiated on two 65-nm CMOS devices. We discuss countermeasures against our attack and propose the constructive use of remanence decay to improve the cloning resistance of SRAM PUFs. Moreover, as a further contribution of independent interest, we show how to use our evaluation results to significantly improve the performance of the recently proposed TARDIS scheme, which is based on remanence decay in SRAM memory and used as a time-keeping mechanism for low-power clockless devices.

Link
2022/9/28

Algebraic side-channel analysis in the presence of errors

Yossef Oren, Mario Kirschbaum, Thomas Popp, Avishai Wool

Cryptographic Hardware and Embedded Systems, CHES 2010: 12th International …, 2010

2022/9/28

Algebraic side-channel analysis in the presence of errors

Yossef Oren, Mario Kirschbaum, Thomas Popp, Avishai Wool

Cryptographic Hardware and Embedded Systems, CHES 2010: 12th International …, 2010

Measurement errors make power analysis attacks difficult to mount when only a single power trace is available: the statistical methods that make DPA attacks so successful are not applicable since they require many (typically thousands) of traces. Recently it was suggested by [18] to use algebraic methods for the single-trace scenario, converting the key recovery problem into a Boolean satisfiability (SAT) problem, then using a SAT solver. However, this approach is extremely sensitive to noise (allowing an error rate of well under 1% at most), and the question of its practicality remained open. In this work we show how a single-trace side-channel analysis problem can be transformed into a pseudo-Boolean optimization (PBOPT) problem, which takes errors into consideration. The PBOPT instance can then be solved using a suitable optimization problem solver. The PBOPT syntax provides for a more …

Link
2022/9/28

Remote power analysis of RFID tags

Yossef Oren

IACR Cryptology ePrint Archive 2009 (330), 2007

2022/9/28

Remote power analysis of RFID tags

Yossef Oren

IACR Cryptology ePrint Archive 2009 (330), 2007

We describe the first power analysis attack on passive RFID tags. Compared to standard power analysis attacks, this attack is unique in that it requires no physical contact with the device under attack. The power analysis can be carried out even if both the tag and the attacker are passive and transmit no data, making the attack very hard to detect. As a proof of concept, we use power analysis to extract the kill passwords from Class 1 EPC tags operating in the UHF frequency range. Tags from several major vendors were successfully attacked. Our attack can be extended to HF tags and to remote fault analysis. The main significance of our attack is not in the discovery of kill passwords but in its implications on future tag design–any cryptographic functionality built into tags needs to be designed to be resistant to power analysis, and achieving this resistance is an undertaking which has an effect both on the price and on the performance of tags.(this is my Master’s thesis, carried out under the supervision of Prof. Adi Shamir. It may be considered as the extended version of the article” Remote Password Extraction from RFID Tags”, recently published in IEEE Transactions on Computers and indexed as http://dx. doi. org/10.1109/TC. 2007.1050 or as http://ieeexplore. ieee. org/iel5/12/4288079/04288095. pdf)

Link
2022/9/28

A low-resource public-key identification scheme for RFID tags and sensor nodes

Yossef Oren, Martin Feldhofer

Proceedings of the second ACM conference on Wireless network security, 59-68, 2009

2022/9/28

A low-resource public-key identification scheme for RFID tags and sensor nodes

Yossef Oren, Martin Feldhofer

Proceedings of the second ACM conference on Wireless network security, 59-68, 2009

We revisit a public key scheme presented by Shamir in [19] (and simultaneously by Naccache in [15]) and examine its applicability for general-purpose RFID tags in the supply chain. Using a combination of new and established space-saving methods, we present a full-fledged public key identification scheme, which is secure yet highly efficient. The 1024-bit scheme fits completely (including RAM) into 4682 gate equivalents and has a mean current consumption of 14.2μA. The main novelty in our implementation is the replacement of the long pseudo-random sequence, originally stored on 260 bytes of EEPROM in [19], by a reversible stream cipher using less than 300 bits of RAM. We show how our scheme offers tag-to-reader and reader-to-tag authentication and how it can be fit into the existing RFID supply chain infrastructure.

Link
2022/9/28

Remote password extraction from RFID tags

Yossef Oren, Adi Shamir

IEEE Transactions on Computers 56 (9), 1292-1296, 2007

2022/9/28

Remote password extraction from RFID tags

Yossef Oren, Adi Shamir

IEEE Transactions on Computers 56 (9), 1292-1296, 2007

Side-channel attacks are used by cryptanalysts to compromise the implementation of secure systems. One very powerful class of side-channel attacks is power analysis, which tries to extract cryptographic keys and passwords by examining the power consumption of a device. We examine the applicability of this threat to electromagnetically coupled RFID tags. Compared to standard power analysis attacks, our attack is unique in that it requires no physical contact with the device under attack. Power analysis can be carried out even if both the tag and the attacker are passive and transmit no data, making the attack very hard to detect. As a proof of concept, we describe a password extraction attack on Class 1 Generation 1 EPC tags. We also show how the privacy of Class 1 Generation 2 tags can be compromised by this attack. Finally, we examine possible modifications to the tag and its RF front end which help protect …

Link
2022/9/28

Robust website fingerprinting through the cache occupancy channel

Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, Yuval Yarom

28th USENIX Security Symposium (USENIX Security 19), 639-656, 2019

2022/9/28

Robust website fingerprinting through the cache occupancy channel

Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, Yuval Yarom

28th USENIX Security Symposium (USENIX Security 19), 639-656, 2019

Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user’s computer and the secure network.

Link
2022/9/28

ANVIL: Software-based protection against next-generation rowhammer attacks

Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, Todd Austin

ACM SIGPLAN Notices 51 (4), 743-755, 2016

2022/9/28

ANVIL: Software-based protection against next-generation rowhammer attacks

Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, Todd Austin

ACM SIGPLAN Notices 51 (4), 743-755, 2016

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to “rowhammer” attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google’s Project Zero has shown how to leverage rowhammer-induced bit-flips as the basis for security exploits that include malicious code injection and memory privilege escalation. Being an important security concern, industry has attempted to defend against rowhammer attacks. Deployed defenses employ two strategies: (1) doubling the system DRAM refresh rate and (2) restricting access to the CLFLUSH instruction that attackers use to bypass the cache to increase memory access frequency (i.e., the rate of rowhammering). We demonstrate that such defenses are inadequte: we implement rowhammer attacks that both avoid using the CLFLUSH instruction and cause …

Link
2022/9/28

The spy in the sandbox: Practical cache attacks in javascript and their implications

Yossef Oren, Vasileios P Kemerlis, Simha Sethumadhavan, Angelos D Keromytis

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications …, 2015

2022/9/28

The spy in the sandbox: Practical cache attacks in javascript and their implications

Yossef Oren, Vasileios P Kemerlis, Simha Sethumadhavan, Angelos D Keromytis

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications …, 2015

We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast to previous work in this genre, our attack does not require the attacker to install software on the victim’s machine; to facilitate the attack, the victim needs only to browse to an untrusted webpage that contains attacker-controlled content. This makes our attack model highly scalable, and extremely relevant and practical to today’s Web, as most desktop browsers currently used to access the Internet are affected by such side channel threats. Our attack, which is an extension to the last-level cache attacks of Liu et al., allows a remote adversary to recover information belonging to other processes, users, and even virtual machines running on the same physical host with the victim web browser. We describe the fundamentals behind our attack, and evaluate its performance characteristics. In addition, we show how it can be used …

Link
2022/9/28

Technical program

Amal Alahmadi, Ahmed Lawey, Jaafar Elmirghani, Patrick Maillé, Bruno Tuffin, Alfonso Iacovazzi, Daniel Frassinelli, Yuval Elovici, Naoyuki Morimoto

2022/9/28

Technical program

Amal Alahmadi, Ahmed Lawey, Jaafar Elmirghani, Patrick Maillé, Bruno Tuffin, Alfonso Iacovazzi, Daniel Frassinelli, Yuval Elovici, Naoyuki Morimoto

Technical Program Page 1 2017 8th International Conference on the Network of the Future (NOF
2017) Technical Program Cloud and Media Streams 4Improving QoE Prediction in Mobile
Video through Machine Learning5 Pedro Casas (AIT Austrian Institute of Technology,
Austria); Sarah Wassermann (Université de Liège, Belgium) ………………….………………….………………….………………….………………….………………….………………….…page
1 4Design of A Layer-based Video Streaming System over Software-Defined Networks5
Reza Shokri Kalan (Ege University- Turkey, Turkey); Cihat Cetinkaya and Muge Sayit (Ege
University, Turkey) ………………….………………….………………….………………….………………….………………….………………….…page
8 4Media Streams Allocation and Load Patterns for a WebRTC Cloud Architecture5 Vamis
Xhagjika (TokBox Inc. a Telefonica Company, Spain and …

Link
2022/9/28

Drones

Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici

Drones, 0, 0

2022/9/28

Drones

Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici

Drones, 0, 0

In an” open skies” era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (eg, delivering pizza) or an illegitimate purpose (eg, taking a peek at a person showering in his/her own house)? Over the years, many methods have been suggested to detect the presence of a drone in a specific location, however since populated areas are no longer off limits for drone flights, the previously suggested methods for detecting a privacy invasion attack are irrelevant. In this paper, we present a new method that can detect whether a specific POI (point of interest) is being video streamed by a drone. We show that applying a periodic physical stimulus on a target/victim being video streamed by a drone causes a watermark to be added to the encrypted video traffic that is sent from the drone to its operator and how this watermark can be …

Link
2022/9/28

Evaluation of Security Solutions for Android Systems

Y Elovici, A Shabtai, D Mimran

2022/9/28

Evaluation of Security Solutions for Android Systems

Y Elovici, A Shabtai, D Mimran

2022/9/28

Augmented Betweenness Centrality

Rami Puzis, Yaniv Altshuler, Yuval Elovici, Shlomo Bekhor, Yoram Shiftan, Alex S, y Pentl,

2022/9/28

Augmented Betweenness Centrality

Rami Puzis, Yaniv Altshuler, Yuval Elovici, Shlomo Bekhor, Yoram Shiftan, Alex S, y Pentl,

Network planning and traffic flow optimization requires the acquirement and analysis of large quantities of data such as the network topology, its traffic flow data, vehicle fleet composition, emission measurements etc. Data acquirement is an expensive process that involves household surveys and automatic as well as semi-automatic measurements performed all over the network. For example, in order to accurately estimate the effect of a certain network change on the total emissions produced by vehicles in the network, assessment of the vehicle fleet composition for each origin-destination pair is required. As a result, problems that optimize non-local merit functions becomes highly difficult to solve. One such problem is finding the optimal deployment of traffic monitoring units. In this paper we suggest a new traffic assignment model that is based on the concept of Shortest Path Betweenness Centrality measure borrowed from the domain of complex network analysis. We show how Betweenness can be augmented in order to solve the traffic assignment problem given an arbitrary travel cost definition. The proposed traffic assignment model is evaluated using a high resolution Israeli transportation dataset derived from the analysis of cellular phones data. The group variant of the augmented Betweenness Centrality is then used to optimize the locations of traffic monitoring units, hence reducing the cost and increasing the effectiveness of traffic monitoring.

Link
2022/9/28

N. Aharony, M. Fire, Y. Elovici, A. Pentland (2011).”

Y Altshuler

Incremental Learning with Accuracy Prediction of Social and Individual …, 0

2022/9/28

N. Aharony, M. Fire, Y. Elovici, A. Pentland (2011).”

Y Altshuler

Incremental Learning with Accuracy Prediction of Social and Individual …, 0

2022/9/28

Time-Division is Optimal for Covert Communication Over Some Broadcast Channels…. VYF Tan and S.-H. Lee 1377

S Belikovetsky, YA Solewicz, M Yampolskiy, J Toh, Y Elovici, A Shah, R Ganesan, S Jajodia, H Cam, J Shey, JA Blanco, O Walker, TW Tedesso, HT Ngo, R Rakvic, KD Fairbanks

2022/9/28

Time-Division is Optimal for Covert Communication Over Some Broadcast Channels…. VYF Tan and S.-H. Lee 1377

S Belikovetsky, YA Solewicz, M Yampolskiy, J Toh, Y Elovici, A Shah, R Ganesan, S Jajodia, H Cam, J Shey, JA Blanco, O Walker, TW Tedesso, HT Ngo, R Rakvic, KD Fairbanks

Table of contents Page 1 MAY 2019 VOLUME 14 NUMBER 5 ITIFA6 (ISSN 1556-6013)
REGULAR PAPERS Anonymization and Data Privacy Encryption-Free Framework of
Privacy-Preserving Image Recognition for Photo-Based Information Services ……… ………………………………………………………………………….
K. Nakamura, N. Nitta, and N. Babaguchi 1264 Attacker Location Evaluation-Based Fake
Source Scheduling for Source Location Privacy in Cyber-Physical Systems ……………………………………………………………………
Z. Hong, R. Wang, S. Ji, and R. Beyah 1337 Biometrics Finger Vein Code: From Indexing to
Matching ………………. L. Yang, G. Yang, X. Xi, K. Su, Q. Chen, and Y. Yin 1210 Face-Based
Multiple User Active Authentication on Mobile Devices ……………………. P. Perera and VM
Patel 1240 Cancelable Biometric Recognition With ECGs: Subspace-Based Approaches ………………………………………..
…………………………………………..…

Link
2022/9/28

Patchwork-Based Audio Watermarking Robust Against De-Synchronization and Recapturing Attacks………………

S Belikovetsky, YA Solewicz, M Yampolskiy, J Toh, Y Elovici, A Shah, R Ganesan, S Jajodia, H Cam

2022/9/28

Patchwork-Based Audio Watermarking Robust Against De-Synchronization and Recapturing Attacks………………

S Belikovetsky, YA Solewicz, M Yampolskiy, J Toh, Y Elovici, A Shah, R Ganesan, S Jajodia, H Cam

Presents the table of contents for this issue of the publication.

Link
2022/9/28

Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features…………………… J. Lopez, Jr., NC Liefer, CR Busho, and MA Temple 1215

Z Zhuo, Y Zhang, Z-l Zhang, X Zhang, J Zhang, S Wang, Q Yan, Z Chen, B Yang, C Zhao, M Conti, HS Lallie, K Debattista, J Bal, A Iacovazzi, S Sarda, D Frassinelli, Y Elovici

2022/9/28

Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features…………………… J. Lopez, Jr., NC Liefer, CR Busho, and MA Temple 1215

Z Zhuo, Y Zhang, Z-l Zhang, X Zhang, J Zhang, S Wang, Q Yan, Z Chen, B Yang, C Zhao, M Conti, HS Lallie, K Debattista, J Bal, A Iacovazzi, S Sarda, D Frassinelli, Y Elovici

Presents the table of contents for this issue of this publication.

Link
2022/9/28

Reverse Engineering IoT Devices: Effective Techniques and Methods

Yuval Elovici

2022/9/28

Reverse Engineering IoT Devices: Effective Techniques and Methods

Yuval Elovici

Recent IoT botnet attacks have called the attention to the fact that there are many vulnerable IoT devices connected to the Internet today. Some of these Web-connected devices lack even basic security practices such as strong password authentication. As a consequence, many IoT devices are already infected with malware and many more are vulnerable to exploitation. In this paper we analyze the security level of 16 popular IoT devices. We evaluate several low-cost black-box techniques for reverse engineering these devices, including software and fault injection based techniques used to bypass password protection. We use these techniques to recover device firmware and passwords. We also discover several common design flaws which lead to previously unknown vulnerabilities. We demonstrate the effectiveness of our approach by modifying a laboratory version of the Mirai botnet to automatically add these devices to a botnet. We also discuss how to improve the security of IoT devices without significantly increasing their cost or affecting their usability.

Link
2022/9/28

dr0wned

Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Jacob Gatlin, Yuval Elovici

2022/9/28

dr0wned

Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Jacob Gatlin, Yuval Elovici

Cyber-Physical Attack with Additive Manufacturing Page 1 1 dr0wned – Cyber-Physical Attack
with Additive Manufacturing Sofia Belikovetsky Ben-Gurion University of the Negev Mark
Yampolskiy University of South Alabama Jinghui Toh Singapore University of Technology and
Design Jacob Gatlin University of South Alabama Yuval Elovici Ben-Gurion University of the
Negev, Singapore University of Technology and Design Page 2 Agenda oIntroduction
oManufacturing process oThe attack ▪ Goal of attack ▪ Methodology ▪ Results oScale up 2 Page
3 Introduction 3 Page 4 What is Additive Manufacturing? 4 © Office if the assistant secretary of
Research and Technology (US Department of Transportation) Page 5 It’s already everywhere 5
Entrepreneur Magazine 3D Printer Times metalocus.es http://3d-print.today/ Page 6 Motivation
“The FAA Cleared The First 3D Printed Part To Fly In A Commercial Jet Engine From GE…

Link
2022/9/28

Detecting Illicit Drone Video Filming Using Cryptanalysis

Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici

2022/9/28

Detecting Illicit Drone Video Filming Using Cryptanalysis

Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici

In this demo, we demonstrate that cryptanalysis can be used to determine whether a passing drone is used for spying, by analyzing the drone’s encrypted video channel. We also show that a spying drone can be detected when the victim is located in a house or traveling in a car, with the use of a flickering light.

Link
2022/9/28

Journal Pre-proof 墨 3.2.

Ibrahim Sadek, Penny Chong, Shafiq Ul Rehman, Yuval Elovici, Alex, er Binder

Journal Pre-proof 墨 3, 1, 0

2022/9/28

Journal Pre-proof 墨 3.2.

Ibrahim Sadek, Penny Chong, Shafiq Ul Rehman, Yuval Elovici, Alex, er Binder

Journal Pre-proof 墨 3, 1, 0

This article presents a dataset for studying the detection of obfuscated malware in volatile computer memory. Several obfuscated reverse remote shells were generated using Metasploit-Framework, Hyperion, and PEScrambler tools. After compromising the host, Memory snapshots of a Windows 10 virtual machine were acquired using the open-source Rekall’s WinPmem acquisition tool. The dataset is complemented by memory snapshots of uncompromised virtual machines. The data includes a reference for all running processes as well as a mapping for the designated malware running inside the memory. The datasets are available in the article, for advancing research towards the detection of obfuscated malware from volatile computer memory during a forensic analysis.

Link
2022/9/28

User-guided Graph Exploration: A Framework for Algorithmic Complexity Reduction in Large Data Sets

Tim Grube, Florian Volk, Max Mühlhäuser, Suhas Bhairav, Vinay Sachidan, a, Yuval Elovici

2022/9/28

User-guided Graph Exploration: A Framework for Algorithmic Complexity Reduction in Large Data Sets

Tim Grube, Florian Volk, Max Mühlhäuser, Suhas Bhairav, Vinay Sachidan, a, Yuval Elovici

Human exploration of large data sets becomes increasingly difficult with growing amounts of data. For this purpose, such data sets are often visualized as large graphs, depicting information and interrelations as interconnected vertices. A visual representation of such large graphs (for example, social networks, collaboration analyses or biological data sets) has to find a trade-off between showing details in a magnified—or zoomedin—view and the overall graph structure. Showing these two aspects at the same time results in a visual overload that is largely inaccessible to human users. In this article, we augment previous work and present a new approach to address this overload by combining and extending graph-theoretic properties with community detection algorithms. Our non-destructive approach to reducing visual complexity while retaining core properties of the given graph is user-guided and semi-automated. The results yielded by applying our approach to large real-world network data sets reveal a massive reduction of displayed vertices and connections while keeping essential graph structures intact.

Link
2022/9/28

Incremental Learning with Accuracy Prediction of Social and Individual Properties from Mobile-Phone Data

Michael Fire, Yuval Elovici

2022/9/28

Incremental Learning with Accuracy Prediction of Social and Individual Properties from Mobile-Phone Data

Michael Fire, Yuval Elovici

As truly ubiquitous wearable computers, mobile phones are quickly becoming the primary source for social, behavioral, and environmental sensing and data collection. Today‟ s smartphones are equipped with increasingly more sensors and accessible data types that enable the collection of literally dozens of signals related to the phone, its user, and its environment. A great deal of research effort in academia and industry is put into mining this raw data for higher level sense-making, such as understanding user context, inferring social networks, learning individual features, predicting outcomes, and so on. In many cases, this analysis work is the result of exploratory forays and trial-anderror. Adding to the challenge, the devices themselves are a limited platform, and any data collection campaign must be carefully designed in order to collect the right signals, in the appropriate frequency, and at the same time not exhausting the device‟ s limited battery and processing power. There is need for a more structured methodology and tools to help with designing mobile data collection and analysis initiative.In this work we investigate the properties of learning and inference of real world data collected via mobile phones over time. In particular, we look at the dynamic learning process over time, and how the ability to predict individual parameters and social links is incrementally enhanced with the accumulation of additional data. To do this, we use the Friends and Family dataset, which contains rich data signals gathered from the smartphones of 140 adult members of a young-family residential community for over a year, and is one of the most …

Link
2022/9/28

Special Session: Web Security-Content-Based Methodology for Anomaly Detection on the Web

Mark Last, Bracha Shapira, Yuval Elovici, Omer Zaafrany, Abraham K, el

Lecture Notes in Computer Science 2663, 113-123, 2003

2022/9/28

Special Session: Web Security-Content-Based Methodology for Anomaly Detection on the Web

Mark Last, Bracha Shapira, Yuval Elovici, Omer Zaafrany, Abraham K, el

Lecture Notes in Computer Science 2663, 113-123, 2003

Link
2022/9/28

A bounded local adaptive packet pricing(BLAPP) scheme for IP networks.

Chanan Glezer, Yuval Elovici, Yehuda Ben-Shimol

WSEAS Transactions on Communications 2 (2), 282-288, 2003

2022/9/28

A bounded local adaptive packet pricing(BLAPP) scheme for IP networks.

Chanan Glezer, Yuval Elovici, Yehuda Ben-Shimol

WSEAS Transactions on Communications 2 (2), 282-288, 2003

This article presents a novel congestion-based pricing scheme for IP networks, termed Bounded Local Adaptive Packet Pricing (BLAPP). The BLAPP scheme enables IP users to limit their expenses on routing packets by enforcing a price limit in the packet’s header. BLAPP extends the LAPP scheme in which payment is collected on a per-packet basis in each router on the packet’s path. In both protocols, each router changes its price for each service level in response to its congestion at a specific output port. Finally, the BLAPP scheme is analyzed using network simulations of traffic congestions. The analysis suggests that BLAPP exhibits a correlation between user expenses and QoS properties such as RTT, especially when the network is congested. Thus, a user may control his or her QoS using payments without having to allocate network resources on a per-session basis (eg, RSVP protocol).

Link
2022/9/28

INTELLIGENT TECHNOLOGY FOR CONTENT MONITORING ON THE WEB

B Shapira, Y Elovici, O Zaafrany, A K, el

SERIES IN MACHINE PERCEPTION AND ARTIFICIAL INTELLIGENCE 58, 539-559, 2004

2022/9/28

INTELLIGENT TECHNOLOGY FOR CONTENT MONITORING ON THE WEB

B Shapira, Y Elovici, O Zaafrany, A K, el

SERIES IN MACHINE PERCEPTION AND ARTIFICIAL INTELLIGENCE 58, 539-559, 2004

Link
2022/9/28

Intelligent technology for content monitoring on the Web

Mark Last, Bracha Shapira, Yuval Elovici, Omer Zaafrany, Abraham K, el

Computational Web Intelligence: Intelligent Technology for Web Applications …, 2004

2022/9/28

Intelligent technology for content monitoring on the Web

Mark Last, Bracha Shapira, Yuval Elovici, Omer Zaafrany, Abraham K, el

Computational Web Intelligence: Intelligent Technology for Web Applications …, 2004

International terrorists are increasingly using the Internet for covert communications, collecting information on their topics of interest, and spreading the word about their activities around the world. One way to detect terrorist activities on the Internet is by monitoring the content accessed by web users. This study presents an innovative, DM-based methodology. for web content monitoring. The normal behavior of a group of similar users is learned by applying unsupervised clustering algorithms to the textual content of publicly available web pages they usually view. The induced model of normal behavior is used in realtime to reveal anomalous content accessed at a specific computer. To speed-up the detection process, dimensionality reduction is applied to the content data. We evaluate the proposed methodology by ROC analysis.

Link
2022/9/28

15, 4 Enhancmg customer prlvacy

Yuval Elovici, Chanan Glezer, Bracha Shapira

Internet Research 15, 4, 2005

2022/9/28

15, 4 Enhancmg customer prlvacy

Yuval Elovici, Chanan Glezer, Bracha Shapira

Internet Research 15, 4, 2005

Purpose e To propose a model of a privacy-enhanced catalogue search system (PECSS) in an attempt to address privacy threats to consumers, who search for products and services on the world wide web. Design/methodology/approach—The model extends an agent-based architecture for electronic catalogue mediation by supplementing it with a privacy enhancement mechanism. This mechanism introduces fake queries into the original stream of user queries, in an attempt to reduce the similarity between the actual interests of users (“internal user profile”) and the interests as observed by potential eavesdroppers on the web (“external user profile”). A prototype was constructed to demonstrate the feasibility and effectiveness of the model.Findings—The evaluation of the model indicates that, by generating five fake queries per each original user query, the user’s profile is hidden most effectively from any potential …

Link
2022/9/28

A framework for malware detection using combination technique and signature generation.

Mohammad M. Rasheed, Osman Ghazali, Norita Md Norwawi, M Costa, J Crowcroft, M Castro, A Rowstron, L Zhou, L Zhang, P Barham, D Zhang, Y Wang, X Jiang, X Zhu, SL Liu, YH Liu, YF Tang, RH Jiang, F Min, R Gupta, MMZE Mohammed, HA Chan, N Ventura, M Hashim, I Amin, E Bashier, R Moskovitch, C Feher, Y Elovici, Z Muda, W Yassin, MN Sulaiman, NI Udzir, MHNM Nasir, NH Hassan, SSM Fauzi, P Li, M Salour, X Su, MM Rasheed, O Ghazali, NM Norwawi, MM Rasheed, O Ghazali, NM Norwawi, MM Kadhum, B Rozenberg, E Gudes, Y Elovici, S Schaust, M Drozda, SE Schechter, J Jung, AW Berger, S Chen, Y Tang, Y Tang, S Chen, X Yang, J Lu, Y Zhu, P Wang, SG Yoo, S Lee, Y Lee, YK Yang, J Kim, H Yu, MX He, HC Sun, MF Zolkipli, A Jantan

Information Technology Journal 11 (7), pp: 133-147, 2005

2022/9/28

A framework for malware detection using combination technique and signature generation.

Mohammad M. Rasheed, Osman Ghazali, Norita Md Norwawi, M Costa, J Crowcroft, M Castro, A Rowstron, L Zhou, L Zhang, P Barham, D Zhang, Y Wang, X Jiang, X Zhu, SL Liu, YH Liu, YF Tang, RH Jiang, F Min, R Gupta, MMZE Mohammed, HA Chan, N Ventura, M Hashim, I Amin, E Bashier, R Moskovitch, C Feher, Y Elovici, Z Muda, W Yassin, MN Sulaiman, NI Udzir, MHNM Nasir, NH Hassan, SSM Fauzi, P Li, M Salour, X Su, MM Rasheed, O Ghazali, NM Norwawi, MM Rasheed, O Ghazali, NM Norwawi, MM Kadhum, B Rozenberg, E Gudes, Y Elovici, S Schaust, M Drozda, SE Schechter, J Jung, AW Berger, S Chen, Y Tang, Y Tang, S Chen, X Yang, J Lu, Y Zhu, P Wang, SG Yoo, S Lee, Y Lee, YK Yang, J Kim, H Yu, MX He, HC Sun, MF Zolkipli, A Jantan

Information Technology Journal 11 (7), pp: 133-147, 2005

2022/9/28

Hidden-web privacy preservation surfing (Hi-WePPS) model

Yuval Elovici, Bracha Shapira, Yael Spanglet

Privacy and Technologies of Identity: A Cross-Disciplinary Conversation, 335-348, 2006

2022/9/28

Hidden-web privacy preservation surfing (Hi-WePPS) model

Yuval Elovici, Bracha Shapira, Yael Spanglet

Privacy and Technologies of Identity: A Cross-Disciplinary Conversation, 335-348, 2006

A new model for privacy preservation named Hidden-web Privacy Preservation Surfing (Hi-WePPS) is proposed. A hidden-web site often requires a subscription in order to access information stored in the site’s database. The basic assumption motivating this proposal was that such websites cannot be trusted to preserve their surfers’ privacy since site owners know the identities of their users and can monitor their activities. The new privacy preservation model includes an agent installed in the user computer and generates “intelligent” noise when a user accesses a hidden-web site in order to conceal the user’s interests (profile). The noise is generated by submitting fake requests providing wrong data to the automatic programs collecting data about the users. A prototype of Hi-WePPS is being developed for preserving a surfer’s privacy while accessing the U.S. patent office site (www.uspto.gov). This prototype …

Link
2022/9/28

Computer systems & information SSR: A unified approach for decision making

Dov Shirtz, Zigmund Bluvb, , Yuval Elovici, Peretz Shoval

2007 Annual Reliability and Maintainability Symposium, 427-433, 2007

2022/9/28

Computer systems & information SSR: A unified approach for decision making

Dov Shirtz, Zigmund Bluvb, , Yuval Elovici, Peretz Shoval

2007 Annual Reliability and Maintainability Symposium, 427-433, 2007

Safety, security and reliability (SSR) of complex systems are the three interacting and most important risk related factors. In many cases of failure events, the security function assumes charge, and manages the failure event and its resolution. But does the security function consistently apply the optimal failure resolution methods? This paper proposes that several organizational functions, including information security (IS), should analyze, manage, and resolve each failure case in a coordinated effort, based on the failure classification and prioritization, and then apply appropriate corrective actions (CA). Such coordination may result in applying a CA that is sub-optimal by Security standards, yet optimal from the organization’s perspective. An innovative composite methodology for identifying, prioritizing and selecting failures and incidents for appropriate treatment is suggested. The methodology is based on …

Link
2022/9/28

The 11th International Conference on Information Fusion

R Moskovitch, N Nissim, R Englert, Y Elovici

Cologne, Germany, 2008

2022/9/28

The 11th International Conference on Information Fusion

R Moskovitch, N Nissim, R Englert, Y Elovici

Cologne, Germany, 2008

2022/9/28

How to Protect Critical Infrastructure from Cyber-Terrorist Attacks

Yuval Elovici, Chanan Glezer, Roman Englert

NATO SECURITY THROUGH SCIENCE SERIES D-INFORMATION AND COMMUNICATION …, 2008

2022/9/28

How to Protect Critical Infrastructure from Cyber-Terrorist Attacks

Yuval Elovici, Chanan Glezer, Roman Englert

NATO SECURITY THROUGH SCIENCE SERIES D-INFORMATION AND COMMUNICATION …, 2008

This article deals with protection of home and enterprise users and in particular Critical Infrastructures (CIs) against attacks unleashed by terrorists or criminals. Threats and challenges in large-scale network protection are discussed and their congruent defense mechanisms are classified into defensive and offensive. One defensive and one offensive mechanism is described. The Early

Link
2022/9/28

An overview of IDS using anomaly detection

Lior Rokach, Yuval Elovici

Database Technologies: Concepts, Methodologies, Tools, and Applications, 384-394, 2009

2022/9/28

An overview of IDS using anomaly detection

Lior Rokach, Yuval Elovici

Database Technologies: Concepts, Methodologies, Tools, and Applications, 384-394, 2009

Intrusion detection is the process of monitoring and analyzing the events occurring in a computer system in order to detect signs of security problems. The problem of intrusion detection can be solved using anomaly detection techniques. For instance, one is given a set of connection data belonging to different classes (normal activity, different attacks) and the aim is to construct a classifier that accurately classifies new unlabeled connections data. Clustering methods can be used to detect anomaly in data which might implies intrusion of a new type. This chapter gives a critical summary of anomaly detection research for intrusion detection. This chapter surveys a list of research projects that apply anomaly detection techniques to intrusion detection. Finally some directions for research are given.

Link
2022/9/28

An Attentive Digital Signage System

Erez Shmueli, Alex, er Kruglov, Rami Puzis, Yuval Elovici, Roman Englert, Chanan Glezer

Workshop-Proceedings der Tagung Mensch & Computer 2009, 2009

2022/9/28

An Attentive Digital Signage System

Erez Shmueli, Alex, er Kruglov, Rami Puzis, Yuval Elovici, Roman Englert, Chanan Glezer

Workshop-Proceedings der Tagung Mensch & Computer 2009, 2009

The conceptual architecture and prototype presented in this article aims to transform standard digital signage networks to more flexible, customer-attentive advertising systems by rapidly adjusting the content displayed on each signage to online contextual data such as environment (i.e., store location, date, and time) or customer characteristics (i.e., gender, behavior). The proposed architecture encompasses a knowledge discoverer in order to reveal hidden patterns in customers’ reaction to advertisements. This mechanism enhances the fit between the content presented on each signage and the interests of individual customers.

Link
2022/9/28

Improving malware detection by applying multi-inducer ensemble Fe: 160

Eitan Menahem, Asaf Shabtai, Lior Rokach, Yuval Elovici

Operations Research Management Science 49 (5), 545, 2009

2022/9/28

Improving malware detection by applying multi-inducer ensemble Fe: 160

Eitan Menahem, Asaf Shabtai, Lior Rokach, Yuval Elovici

Operations Research Management Science 49 (5), 545, 2009

Link
2022/9/28

Database Encryption-An Overview of Contemporary Challenges and Design Considerations SIGMOD Record vol38

Erez Shmueli, Ronen Vaisenberg, Yuval Elovici, Chanan Glezer

2022/9/28

Database Encryption-An Overview of Contemporary Challenges and Design Considerations SIGMOD Record vol38

Erez Shmueli, Ronen Vaisenberg, Yuval Elovici, Chanan Glezer

2022/9/28

Trawling Traffic under Attack

Shlomi Dolev, Yuval Elovici, Alex Kesselman, Polina Zilberman

2022/9/28

Trawling Traffic under Attack

Shlomi Dolev, Yuval Elovici, Alex Kesselman, Polina Zilberman

As more and more services are provided by servers via the Internet, Denial-of-Service (DoS) attacks pose an increasing threat to the Internet community. A DoS attack overloads the target server with a large volume of adverse requests, thereby rendering the server unavailable to “well-behaved” users. Recently, the novel paradigm of traffic ownership that enables the clients of Internet service providers (ISP) to configure their own traffic processing policies has gained popularity. In this paper, we propose two algorithms belonging to this paradigm that allow attack targets to dynamically filter their incoming traffic based on a distributed policy. The proposed algorithms defend the target against DoS and distributed DoS (DDoS) attacks and simultaneously ensure that it continues to receive valuable users’ traffic.In a nutshell, a target can define a filtering policy which consists of a set of traffic classification rules and the corresponding amounts of traffic, measured in bandwidth units, which match each rule. The filtering algorithm is enforced by the ISP’s or the Network Service Provider’s (NSP) routers when a target is being overloaded with traffic. The goal is to maximize the amount of filtered traffic forwarded to the target, according to the filtering policy, from the ISP’s or the NSP’s network.

Link
2022/9/28

Proceedings-12th IEEE International Conference on Computational Science and Engineering, CSE 2009: Message from the SP4SPNA 2009 workshop chairs

Nadav Aharony, Kwan Hong Lee, David P Reed, Yaniv Altshuler, Yuval Elovici

Proceedings-12th IEEE International Conference on Computational Science and …, 2009

2022/9/28

Proceedings-12th IEEE International Conference on Computational Science and Engineering, CSE 2009: Message from the SP4SPNA 2009 workshop chairs

Nadav Aharony, Kwan Hong Lee, David P Reed, Yaniv Altshuler, Yuval Elovici

Proceedings-12th IEEE International Conference on Computational Science and …, 2009

Proceedings – 12th IEEE International Conference on Computational Science and Engineering,
CSE 2009: Message from the SP4SPNA 2009 workshop chairs — Ben-Gurion University
Research Portal Skip to main navigation Skip to search Skip to main content Ben-Gurion
University Research Portal Home Ben-Gurion University Research Portal Logo Help & FAQ
Home Profiles Research output Research Units Prizes Datasets Activities Press / Media Student
theses Research Labs / Equipment Search by expertise, name or affiliation Proceedings –
12th IEEE International Conference on Computational Science and Engineering, CSE 2009:
Message from the SP4SPNA 2009 workshop chairs Nadav Aharony, Kwan Hong Lee, David
P. Reed, Yaniv Altshuler, Yuval Elovici Department of Software and Information Systems
Engineering Research output: Contribution to journal › Editorial Overview Original language …

Link
2022/9/28

Optimizing Targeting of Intrusion Detection Systems in Social Networks

Rami Puzis, Meytal Tubi, Yuval Elovici

Handbook of Social Network Technologies and Applications, 549-568, 2010

2022/9/28

Optimizing Targeting of Intrusion Detection Systems in Social Networks

Rami Puzis, Meytal Tubi, Yuval Elovici

Handbook of Social Network Technologies and Applications, 549-568, 2010

Internet users communicate with each other in various ways: by Emails, instant messaging, social networking, accessing Web sites, etc. In the course of communicating, users may unintentionally copy files contaminated with computer viruses and worms [1, 2] to their computers and spread them to other users [3]. (Hereafter we will use the term “threats”, rather than computer viruses and computer worms). The Internet is the chief source of these threats [4].

Link
2022/9/28

NewApproach for Detecting Unknown Malicious Executables. J Forensic Res 1: 112. doi: 10.4172/2157-7145.10001 12

B Rozenberg, E Gudes, Y Elovici, Y Fledel

OMICS Publishing Group J Forensic Res ISSN, 2010

2022/9/28

NewApproach for Detecting Unknown Malicious Executables. J Forensic Res 1: 112. doi: 10.4172/2157-7145.10001 12

B Rozenberg, E Gudes, Y Elovici, Y Fledel

OMICS Publishing Group J Forensic Res ISSN, 2010

We present a method for detecting new malicious executables, which comprise the following steps:(a) in an offline training phase, finding a set of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database;(b) in a real time detection phase, for each running executable, continuously monitoring its issued system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious. We have evaluated our method and the preliminary results are promising and justify the use of system calls sequences for the purpose of detection of new malicious executables.In this paper we try to provide a general, real time detection method that is more reliable than existing methods. Our method comprises of the following steps:(a) in an offline training phase, finding a collection of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database;(b) in runtime, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious. A major …

Link
2022/9/28

S. Dolev, Y. Elovici, and R. Puzis, J. ACM 57, 1 (2010).

S Dolev

J. ACM 57, 1, 2010

2022/9/28

S. Dolev, Y. Elovici, and R. Puzis, J. ACM 57, 1 (2010).

S Dolev

J. ACM 57, 1, 2010

2022/9/28

NewApproach for Detecting Unknown Malicious Executables. J Forensic Res 1: 112. doi: 10.4172/2157-7145.10001 12 J Forensic Res ISSN: 2157-7145 JFR, an open access journal Volume 1• Issue 2• 1000112 Page 2 of 6 well as two methods for discovering “behavior signatures”. Then

B Rozenberg, E Gudes, Y Elovici, Y Fledel

Section, 2010

2022/9/28

NewApproach for Detecting Unknown Malicious Executables. J Forensic Res 1: 112. doi: 10.4172/2157-7145.10001 12 J Forensic Res ISSN: 2157-7145 JFR, an open access journal Volume 1• Issue 2• 1000112 Page 2 of 6 well as two methods for discovering “behavior signatures”. Then

B Rozenberg, E Gudes, Y Elovici, Y Fledel

Section, 2010

We present a method for detecting new malicious executables, which comprise the following steps:(a) in an offline training phase, finding a set of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database;(b) in a real time detection phase, for each running executable, continuously monitoring its issued system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious. We have evaluated our method and the preliminary results are promising and justify the use of system calls sequences for the purpose of detection of new malicious executables.In this paper we try to provide a general, real time detection method that is more reliable than existing methods. Our method comprises of the following steps:(a) in an offline training phase, finding a collection of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database;(b) in runtime, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious. A major …

Link
2022/9/28

Efficient Collaborative Application Monitoring Scheme for Mobile Networks

Yaniv Altshuler, Shlomi Dolev, Yuval Elovici

arXiv preprint arXiv:1009.1132, 2010

2022/9/28

Efficient Collaborative Application Monitoring Scheme for Mobile Networks

Yaniv Altshuler, Shlomi Dolev, Yuval Elovici

arXiv preprint arXiv:1009.1132, 2010

New operating systems for mobile devices allow their users to download millions of applications created by various individual programmers, some of which may be malicious or flawed. In order to detect that an application is malicious, monitoring its operation in a real environment for a significant period of time is often required. Mobile devices have limited computation and power resources and thus are limited in their monitoring capabilities. In this paper we propose an efficient collaborative monitoring scheme that harnesses the collective resources of many mobile devices, “vaccinating” them against potentially unsafe applications. We suggest a new local information flooding algorithm called “TTL Probabilistic Propagation” (TPP). The algorithm periodically monitors one or more application and reports its conclusions to a small number of other mobile devices, who then propagate this information onwards. The algorithm is analyzed, and is shown to outperform existing state of the art information propagation algorithms, in terms of convergence time as well as network overhead. The maximal “load” of the algorithm (the fastest arrival rate of new suspicious applications, that can still guarantee complete monitoring), is analytically calculated and shown to be significantly superior compared to any non-collaborative approach. Finally, we show both analytically and experimentally using real world network data that implementing the proposed algorithm significantly reduces the number of infected mobile devices. In addition, we analytically prove that the algorithm is tolerant to several types of Byzantine attacks where some adversarial agents may …

Link
2022/9/28

LoOkie-It Feels Like Being There, proposing a social mobile application

Talya Porat, Inbal Rief, Rami Puzis, Yuval Elovici

CHI'2011: ACM, 2011

2022/9/28

LoOkie-It Feels Like Being There, proposing a social mobile application

Talya Porat, Inbal Rief, Rami Puzis, Yuval Elovici

CHI'2011: ACM, 2011

In this paper, we describe an interaction design process and the challenges encountered during the development of LoOkie, a social mobile application, which enables members to request and receive live videos or pictures of desired locations from people who are present at the scene. The paper describes, from a human-computer interaction perspective, the development of the application from the birth of the idea through the design process encountered up to the point of the launch of the application for Beta at the beginning of 2011.

Link
2022/9/28

Combining One-Class Classifiers via Meta-Learning

Eitan Menahem Lior Rokach, Yuval Elovici

arXiv preprint arXiv:1112.5246, 2011

2022/9/28

Combining One-Class Classifiers via Meta-Learning

Eitan Menahem Lior Rokach, Yuval Elovici

arXiv preprint arXiv:1112.5246, 2011

We examine various methods for combining the output of one-class models. In particular, we show that simple meta-learning based ensemble achieves better result than weighting methods. Furthermore we propose a new one-class ensemble scheme, called TUPSO that uses metalearning for combining multiple one-class classifiers. We also present a new one-class classification performance measures to weigh the base-classifiers, a process that proved helpful for increasing the classification performance of the induced ensemble. Our experimental study shows that the proposed method significantly outperforms exiting methods.

Link
2022/9/28

Future Trends in Data Leakage

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 83-85, 2012

2022/9/28

Future Trends in Data Leakage

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 83-85, 2012

This book provides a systematic study of the data leakage prevention domain. This study is based on a taxonomy that characterizes various aspects of the data leakage problem. An analysis of current industrial solutions and the research state of the art is presented.

Link
2022/9/28

Data Leakage/Misuse Scenarios

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 39-46, 2012

2022/9/28

Data Leakage/Misuse Scenarios

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 39-46, 2012

Data leakage incidents can be characterized based on the following attributes: where the leakage occurred, who caused the leakage, what was leaked (data state), how was access to the data gained, and how did the data leak. These parameters affect decision making for data-leakage defense measures.

Link
2022/9/28

andromaly: A behavioral malware detection framework for android devices J. Intell

A Shabtai, U Kanonov, Y Elovici, C Glezer, Y Weiss

Inf. Syst 38 (1), 161190, 2012

2022/9/28

andromaly: A behavioral malware detection framework for android devices J. Intell

A Shabtai, U Kanonov, Y Elovici, C Glezer, Y Weiss

Inf. Syst 38 (1), 161190, 2012

2022/9/28

Homing Socialbots: Intrusion on a Specific Organization’s Employee Using Socialbots, In proceeding of: International

Aviad Elishar, Michael Fire, Dima Kagan, Yuval Elovici

Workshop on Social Network Analysis in Applications (SNAA), At Niagara Falls …, 2013

2022/9/28

Homing Socialbots: Intrusion on a Specific Organization’s Employee Using Socialbots, In proceeding of: International

Aviad Elishar, Michael Fire, Dima Kagan, Yuval Elovici

Workshop on Social Network Analysis in Applications (SNAA), At Niagara Falls …, 2013

2022/9/28

Method for finding the most prominent group of vertices in complex data communication networks

Shlomi Dolev, Yuval Elovici, Rami Puzis

2022/9/28

Method for finding the most prominent group of vertices in complex data communication networks

Shlomi Dolev, Yuval Elovici, Rami Puzis

. A searching method for finding the most influential group of vertices in a graph representing a data communication network, wherein vertices are routers connected to each other through communication lines, wherein the most influential group is a group of vertices that can inspect or modify most of the information flow in the data communication network; and wherein a Distributed Network Intrusion Detection System is deployed and monitors the traffic of the most influential group, the method being locating the group of vertices in the graph having the maximal Group Betweenness Centrality, GBC, the method comprising searching iteratively a decision tree for said group, wherein: a. each node C in said decision tree maintains one group of vertices, and an ordered list of candidate vertices, CL (C), each of which may be added to during said searching method; and b. said most influential group comprises k vertices, wherein k is a predetermined value; wherein at every node C the next best candidate vertex v∈ CL (C), determined according to the contribution of said vertex to the GBC of GM (C), is added to GM (C) until GM (C) contains k vertices. 2. The searching method of claim 1, wherein the decision tree is searched by a Depth First Branch and Bound (DFBnB) process by using: a. a first heuristic function, for determining the optimal order of the candidate vertices in wherein, once determined, the most influential vertex is first in and b. a second heuristic function, for estimating the maximal gain in GBC that can be acquired during the exploration of the sub-tree rooted at node C, wherein said decision tree is pruned according to said second heuristic …

Link
2022/9/28

Guest editorial: Special issue on data mining for information security

Yuval Elovici, Lior Rokach, Sahin Albayrak

Information Sciences 231, 1-3, 2013

2022/9/28

Guest editorial: Special issue on data mining for information security

Yuval Elovici, Lior Rokach, Sahin Albayrak

Information Sciences 231, 1-3, 2013

Computer and communication systems are subject to repeated security attacks. Given the variety of new vulnerabilities discovered every day, the introduction of new attack schemes, and the ever-expanding use of the Internet, it is not surprising that the field of computer and network security has grown and evolved significantly in recent years. Attacks are so pervasive nowadays that many firms, especially large financial institutions, spend over 10% of their total information and communication technology budget directly on computer and network security. Changes in the type of attacks, such as the use of botnets and the identification of new vulnerabilities, have resulted in a highly dynamic threat landscape that is unamenable to traditional security approaches.Data mining techniques which incorporate induction algorithms that explore data in order to discover hidden patterns and develop predictive models, have …

Link
2022/9/28

Ethical Considerations when Employing Fake Identities in OSN for Research

Yuval Elovici, Michael Fire, Amir Herzberg, Haya Shulman

arXiv preprint arXiv:1310.1651, 2013

2022/9/28

Ethical Considerations when Employing Fake Identities in OSN for Research

Yuval Elovici, Michael Fire, Amir Herzberg, Haya Shulman

arXiv preprint arXiv:1310.1651, 2013

Online Social Networks (OSNs) have rapidly become a prominent and widely used service, offering a wealth of personal and sensitive information with significant security and privacy implications. Hence, OSNs are also an important – and popular – subject for research. To perform research based on real-life evidence, however, researchers may need to access OSN data, such as texts and files uploaded by users and connections among users. This raises significant ethical problems. Currently, there are no clear ethical guidelines, and researchers may end up (unintentionally) performing ethically questionable research, sometimes even when more ethical research alternatives exist. For example, several studies have employed `fake identities` to collect data from OSNs, but fake identities may be used for attacks and are considered a security issue. Is it legitimate to use fake identities for studying OSNs or for collecting OSN data for research? We present a taxonomy of the ethical challenges facing researchers of OSNs and compare different approaches. We demonstrate how ethical considerations have been taken into account in previous studies that used fake identities. In addition, several possible approaches are offered to reduce or avoid ethical misconducts. We hope this work will stimulate the development and use of ethical practices and methods in the research of online social networks.

Link
2022/9/28

Peers-based location of mobile devices

Mordechai Guri, Anatoly Krasner, Yuval Elovici

Frontier and Innovation in Future Computing and Communications, 439-445, 2014

2022/9/28

Peers-based location of mobile devices

Mordechai Guri, Anatoly Krasner, Yuval Elovici

Frontier and Innovation in Future Computing and Communications, 439-445, 2014

As the smart mobile device popularity is rapidly growing, numerous location-based services try to aid us in daily tasks, offering new patterns of consumerism and personal productivity. The wide range of location oriented services also increase the risk of services being abused by receiving fabricated location of the mobile device. Particularly, modern threats such as mobile viruses, botnets and malicious applications can spoof subscriber location for fun and profit. In this paper we suggest a technique which allows a service to verify a client’s location based on confirmation from devices located nearby. Using this scheme makes it significantly harder to trick the service into accepting a spoofed location. Practically, this technique may introduce a new set of services which can rely on the reported location in high confidence. We show that with the continuous trends of prevalent Wi-Fi capable devices in modern …

Link
2022/9/28

Active discovery of hidden profiles in social networks using malware

Rami Puzis, Yuval Elovici

Cyber Warfare: Building the Scientific Foundation, 221-235, 2015

2022/9/28

Active discovery of hidden profiles in social networks using malware

Rami Puzis, Yuval Elovici

Cyber Warfare: Building the Scientific Foundation, 221-235, 2015

In this study we investigate the problem of diffusion in social networks, an issue which is relevant in areas such as cyber intelligence. Contrary to related work that focuses on the identification of invisible areas of a social network, our work focuses on finding the most effective nodes for placing seeds in order to effectively reveal hidden nodes in a focused manner. The seeds may consist of malware that propagates in social networks and is capable of revealing hidden invisible nodes. The malware has only limited time to function and operate in stealth mode so as not to alert the hidden node, thus there is a need to identify and utilize the visible nodes that are most effective at spreading the malware across the hidden nodes with minimal effect on the visible nodes. We empirically evaluate the ability of the Weighted Closeness metric (WC) among visible nodes to improve diffusion focus and reach invisible nodes …

Link
2022/9/28

Authentix: Detecting anonymized attacks via automated authenticity profiling

Mordechai Guri, Matan Monitz, Yuval Elovici

Future Network Systems and Security: Second International Conference, FNSS …, 2016

2022/9/28

Authentix: Detecting anonymized attacks via automated authenticity profiling

Mordechai Guri, Matan Monitz, Yuval Elovici

Future Network Systems and Security: Second International Conference, FNSS …, 2016

In the modern era of cyber-security attackers are persistent in their attempts to hide and mask the origin of their attacks. In many cases, attacks are launched from spoofed or unknown Internet addresses, which makes investigation a challenging task. While protection from anonymized attacks is an important goal, detection of anonymized traffic is also important in its own right, because it allows defenders to take necessary preventative and defensive steps at an early stage, even before the attack itself has begun. In this paper we present AuthentIx, a system which measures the authenticity of the sources of Internet traffic. In order to measure the authenticity of traffic sources, our system uses passive and active profiling techniques, which are employed in both the network and the application protocols. We also show that performing certain cross-views between different communications layers can uncover …

Link
2022/9/28

HVACKer: Bridging the Air-Gap by Manipulating the

Y Mirsky, M Guri, Y Elovici

2022/9/28

HVACKer: Bridging the Air-Gap by Manipulating the

Y Mirsky, M Guri, Y Elovici

In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather unexplored domain, we propose a novel lineencoding and protocol suitable for this type of channel. Moreover, we provide experimental results to demonstrate the covert channel’s feasibility, and to calculate the channel’s bandwidth. Lastly, we offer a forensic analysis and propose various ways this channel can be detected and prevented. We believe that this study details a previously unseen vector of attack that security experts should be aware of.

Link
2022/9/28

Security and Privacy in Social Networks, by Yaniv Altshuler, Yuval Elovici, Armin B. Cremers, Nadav Aharony, Alex Pentland: New York: Springer, 253 pp

Faruk Arslan

Journal of Information Privacy and Security 13 (2), 99-102, 2017

2022/9/28

Security and Privacy in Social Networks, by Yaniv Altshuler, Yuval Elovici, Armin B. Cremers, Nadav Aharony, Alex Pentland: New York: Springer, 253 pp

Faruk Arslan

Journal of Information Privacy and Security 13 (2), 99-102, 2017

Security and Privacy in Social Networks is an edited collection of an introduction and 10 scholarly articles, which are partially based on the research work presented at the Workshop on Security and Privacy in Social Networks, in connection with the 2012 IEEE Social Computing Conference. Given the growing prominence of online social networks (OSN) and their corresponding security and privacy problems, this book aims to propose solutions as well as develop a common language for use between researchers and practitioners. The authors organized the book into 11 chapters, dedicating the first chapter to introduction and the remaining 10 to research articles. In the upcoming paragraphs, I will provide a review of the key ideas discussed in each chapter and then conclude my review.

Link
2022/9/28

Incentives in Collaborative Applications.

Elina Yaakobovich, Rami Puzis, Yuval Elovici

Encyclopedia of Social Network Analysis and Mining. 2nd Ed., 2018

2022/9/28

Incentives in Collaborative Applications.

Elina Yaakobovich, Rami Puzis, Yuval Elovici

Encyclopedia of Social Network Analysis and Mining. 2nd Ed., 2018

Link
2022/9/28

Motion detection side-channel attacks on encrypted real-time video

Nimrod Harris, Yuval Elovici, Niv Gilboa

Ben-Gurion University of the Negev, 2018

2022/9/28

Motion detection side-channel attacks on encrypted real-time video

Nimrod Harris, Yuval Elovici, Niv Gilboa

Ben-Gurion University of the Negev, 2018

We study information leakage from the encrypted video stream of surveillance cameras. The leakage is due to the correlation between the magnitude of motion that the camera captures and both its video compression and real-time transmission. We train classifiers on the encrypted video stream of surveillance cameras to achieve two tasks: estimating the fraction of the video frame in which motion occurs and estimating the number of people walking in a room that the camera monitors. For the first task we divide the frame into n equal parts and require the classifiers to identify how many of these parts include motion. The classifiers are accurate 99 percent of the time when n= 4 and 85 percent of the time when n= 16, as long as the camera does not reach its relatively low limit on bandwidth which reduces both video quality and information leakage. For the second task the classifiers are accurate 80− 90 percent of the …

Link
2022/9/28

Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection

Kevin Hemsley, Ronald Fisher, Lynne Graves, Mark Yampolskiy, Wayne King, Sofia Belikovetsky, Yuval Elovici, Sasha Romanosky, Lillian Ablon, Andreas Kuehn, Therese Jones, Joo-Yeop Song, Woomyo Lee, Jeong-Han Yun, Hyunjae Park, Sin-Kyu Kim, Young-June Choi, Eniye Tebekaemi, Duminda Wijesekera, Paulo Costa

2022/9/28

Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection

Kevin Hemsley, Ronald Fisher, Lynne Graves, Mark Yampolskiy, Wayne King, Sofia Belikovetsky, Yuval Elovici, Sasha Romanosky, Lillian Ablon, Andreas Kuehn, Therese Jones, Joo-Yeop Song, Woomyo Lee, Jeong-Han Yun, Hyunjae Park, Sin-Kyu Kim, Young-June Choi, Eniye Tebekaemi, Duminda Wijesekera, Paulo Costa

Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection Page
1 Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection
SRI International 1100 Wilson Boulevard, Suite 2800 (28th Floor) Arlington, Virginia 22209
March 12-14, 2018 March 12, 2018 (Monday) 8:15am – 8:50am: Breakfast 9:00am – 9:10am:
Welcoming Remarks David Balenson, Conference General Chair, SRI International, Arlington,
Virginia, USA 9:10am – 10:40am: Session 1: Themes and Issues Chair: David Balenson, SRI
International, Arlington, Virginia, USA History of Cyber Threats and Incidents Related to
Industrial Control Systems Kevin Hemsley and Ronald Fisher Idaho National Laboratory, Idaho
Falls, Idaho, USA Liability Exposure when 3D-Printed Parts Fall from the Sky Lynne Graves,
Mark Yampolskiy, Wayne King, Sofia Belikovetsky and Yuval Elovici University of South …

Link
2022/9/28

Anti-forensic= Suspicious: Detection of Stealthy Malware that Hides Its Network Traffic

Polina Zilberman, Yuval Elovici

ICT Systems Security and Privacy Protection: 33rd IFIP TC 11 International …, 2018

2022/9/28

Anti-forensic= Suspicious: Detection of Stealthy Malware that Hides Its Network Traffic

Polina Zilberman, Yuval Elovici

ICT Systems Security and Privacy Protection: 33rd IFIP TC 11 International …, 2018

Stealthy malware hides its presence from the users of a system by hooking the relevant libraries, drivers, system calls or manipulating the services commonly used to monitor system behaviour. Tampering the network sensors of host-based intrusion detection systems (HIDS) may impair their ability to detect malware and significantly hinders subsequent forensic investigations. Nevertheless, the mere attempt to hide the traffic indicates malicious intentions. In this paper we show how comparison of the data collected by multiple sensors at different levels of resilience may reveal these intentions. At the lowest level of resilience, information from untrusted sensors such as netstat and process lists are used. At the highest resilience level, we analyse mirrored traffic using a secured hardware device. This technique can be considered as fully trusted. The detection of a discrepancy between what is reported by these common tools and what is observed on a trusted system operating at a different level is a good way to force a dilemma on malware writers: either apply hiding techniques, with the risk that the discrepancy is detected, or keep the status of network connections untouched, with a greater ability for the administrator to recognize the presence and to understand the behaviour of malware. The proposed method was implemented on an evaluation testbed and is able to detect stealthy malware that hides its communication from the HIDS. The false positive rate is 0.01% of the total traffic analysed, and barring a few exceptions that can easily be white-listed, there are no legitimate processes which raise false alerts.

Link
2022/9/28

The Age of Testifying Wearable Devices: The Case of Intoxication Detection

Ben Nassi, Lior Rokach, Yuval Elovici

Cryptology ePrint Archive, 2020

2022/9/28

The Age of Testifying Wearable Devices: The Case of Intoxication Detection

Ben Nassi, Lior Rokach, Yuval Elovici

Cryptology ePrint Archive, 2020

Seven years ago, a famous case in which data from a Fitbit tracker was used in the courtroom in a personal injury case heralded a new age: the age of testifying wearable devices. Prior to that, data from wearable devices was used in various areas, including medicine, advertising, and scientific research, but the use of such data in the Fitbit case attracted the interest of a new sector: the legal sector. Since then, lawyers, investigators, detectives, and police officers have used data from pacemakers and smartwatches in order to prove/disprove allegations regarding wearable device owners in several well-known cases (sexual assault, arson, personal injury, etc.). In this paper, we discuss testifying wearable devices. We explain the advantages of wearable devices over traditional IoT devices in the legal setting, the parties involved in cases in which a wearable device was used to testify against/for the device owner, and the information flow. We then focus on an interesting area of research: intoxication detection. We explain the motivation to detect whether a subject was intoxicated and explain the primary scientific gap in this area. In order to overcome this gap, we suggest a new method for detecting whether a subject was intoxicated based on free gait data obtained from a wearable device. We evaluate the performance of the proposed method in a user study involving 30 subjects and show that motion sensor data obtained from a smartphone and fitness tracker from eight seconds of free gait can indicate whether a subject is/was intoxicated (obtaining an AUC of 0.97) and thus be used as testimony. Finally, we analyze the current state and the near …

Link
2022/9/28

Detection of Adversarial Supports in Few-shot Classifiers Using Feature Preserving Autoencoders and Self-Similarity.

Yi Xiang Marcus Tan, Penny Chong, Jiamei Sun, Yuval Elovici, Alex, er Binder

CoRR, 2020

2022/9/28

Detection of Adversarial Supports in Few-shot Classifiers Using Feature Preserving Autoencoders and Self-Similarity.

Yi Xiang Marcus Tan, Penny Chong, Jiamei Sun, Yuval Elovici, Alex, er Binder

CoRR, 2020

Link
2022/9/28

Enhancing Real-World Adversarial Patches with 3D Modeling Techniques.

Yael Mathov, Lior Rokach, Yuval Elovici

2022/9/28

Enhancing Real-World Adversarial Patches with 3D Modeling Techniques.

Yael Mathov, Lior Rokach, Yuval Elovici

Link
2022/9/28

Analysing the Adversarial Landscape of Binary Stochastic Networks

Yi Xiang Marcus Tan, Yuval Elovici, Alex, er Binder

Information Science and Applications: Proceedings of ICISA 2020, 143-155, 2021

2022/9/28

Analysing the Adversarial Landscape of Binary Stochastic Networks

Yi Xiang Marcus Tan, Yuval Elovici, Alex, er Binder

Information Science and Applications: Proceedings of ICISA 2020, 143-155, 2021

We investigate the robustness of stochastic ANNs to adversarial attacks. We perform experiments on three known datasets. Our experiments reveal similar susceptibility of stochastic ANNs compared to conventional ANNs when confronted with simple iterative gradient-based attacks in the white-box settings. We observe, however, that in black-box settings, SANNs are more robust than conventional ANNs against boundary and surrogate attacks. Consequently, we propose improved attacks against stochastic ANNs. In the first step, we show that using stochastic networks as surrogates outperforms deterministic ones, when performing surrogate-based black-box attacks. In order to further boost adversarial success rates, we propose in a second step the novel Variance Mimicking (VM) surrogate training, and validate its improved performance.

Link
2022/9/28

Recovering Songs from a Hanging Light Bulb

Ben Nassi, Yaron Pirutin, Raz Swissa, Adi Shamir, Yuval Elovici, Boris Zadov

2022/9/28

Recovering Songs from a Hanging Light Bulb

Ben Nassi, Yaron Pirutin, Raz Swissa, Adi Shamir, Yuval Elovici, Boris Zadov

In this paper, we introduce a novel side-channel attack for eavesdropping sound using an electro-optical sensor. We show how small vibrations of a hanging bulb (in response to sound hitting its surface), can be exploited by eavesdroppers to recover sound. We evaluate our method’s performance in a realistic setup and show that our method can be used by eavesdroppers to recover songs from a target room containing the hanging light bulb.

Link
2022/9/28

Towards A Conceptually Simple Defensive Approach for Few-shot classifiers Against Adversarial Support Samples

Yi Xiang Marcus Tan, Penny Chong, Jiamei Sun, Ngai-Man Cheung, Yuval Elovici, Alex, er Binder

arXiv preprint arXiv:2110.12357, 2021

2022/9/28

Towards A Conceptually Simple Defensive Approach for Few-shot classifiers Against Adversarial Support Samples

Yi Xiang Marcus Tan, Penny Chong, Jiamei Sun, Ngai-Man Cheung, Yuval Elovici, Alex, er Binder

arXiv preprint arXiv:2110.12357, 2021

Few-shot classifiers have been shown to exhibit promising results in use cases where user-provided labels are scarce. These models are able to learn to predict novel classes simply by training on a non-overlapping set of classes. This can be largely attributed to the differences in their mechanisms as compared to conventional deep networks. However, this also offers new opportunities for novel attackers to induce integrity attacks against such models, which are not present in other machine learning setups. In this work, we aim to close this gap by studying a conceptually simple approach to defend few-shot classifiers against adversarial attacks. More specifically, we propose a simple attack-agnostic detection method, using the concept of self-similarity and filtering, to flag out adversarial support sets which destroy the understanding of a victim classifier for a certain class. Our extended evaluation on the miniImagenet (MI) and CUB datasets exhibit good attack detection performance, across three different few-shot classifiers and across different attack strengths, beating baselines. Our observed results allow our approach to establishing itself as a strong detection method for support set poisoning attacks. We also show that our approach constitutes a generalizable concept, as it can be paired with other filtering functions. Finally, we provide an analysis of our results when we vary two components found in our detection approach.

Link
2022/9/28

POSTER: Recovering Songs from a Hanging Light Bulb

Ben Nassi, Yaron Pirutin, Raz Swissa, Adi Shamir, Yuval Elovici, Boris Zadov

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications …, 2021

2022/9/28

POSTER: Recovering Songs from a Hanging Light Bulb

Ben Nassi, Yaron Pirutin, Raz Swissa, Adi Shamir, Yuval Elovici, Boris Zadov

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications …, 2021

In this paper, we introduce a novel side-channel attack for eavesdropping sound using an electro-optical sensor. We show how small vibrations of a hanging bulb (in response to sound hitting its surface), can be exploited by eavesdroppers to recover sound. We evaluate our method’s performance in a realistic setup and show that our method can be used by eavesdroppers to recover songs from a target room containing the hanging light bulb.

Link
2022/9/28

AMSec’21 Chairs’ Welcome Remarks

Mark Yampolskiy, Yuval Elovici, Moti Yung

AMSec 2021-Proceedings of the 2021 Workshop on Additive Manufacturing (3D …, 2021

2022/9/28

AMSec’21 Chairs’ Welcome Remarks

Mark Yampolskiy, Yuval Elovici, Moti Yung

AMSec 2021-Proceedings of the 2021 Workshop on Additive Manufacturing (3D …, 2021

AMSec’21 Chairs’ Welcome Remarks — Ben-Gurion University Research Portal Skip to main
navigation Skip to search Skip to main content Ben-Gurion University Research Portal Home
Ben-Gurion University Research Portal Logo Help & FAQ Home Profiles Research output
Research Units Prizes Press / Media Activities Student theses Research Labs / Equipment
Datasets Projects Search by expertise, name or affiliation AMSec’21 Chairs’ Welcome
Remarks Mark Yampolskiy, Yuval Elovici, Moti Yung Department of Software and Information
Systems Engineering Research output: Contribution to journal › Editorial Overview Original
language English Pages (from-to) III Journal AMSec 2021 – Proceedings of the 2021 Workshop
on Additive Manufacturing (3D Printing) Security, co-located with CCS 2021 State Published –
19 Nov 2021 Event 1st ACM International Workshop on Additive Manufacturing (3D Printing) …

Link
2022/9/28

EyeDAS: Securing Perception of Autonomous Cars Against the Stereoblindness Syndrome

Efrat Levy, Ben Nassi, Raz Swissa, Yuval Elovici

arXiv preprint arXiv:2205.06765, 2022

2022/9/28

EyeDAS: Securing Perception of Autonomous Cars Against the Stereoblindness Syndrome

Efrat Levy, Ben Nassi, Raz Swissa, Yuval Elovici

arXiv preprint arXiv:2205.06765, 2022

The ability to detect whether an object is a 2D or 3D object is extremely important in autonomous driving, since a detection error can have life-threatening consequences, endangering the safety of the driver, passengers, pedestrians, and others on the road. Methods proposed to distinguish between 2 and 3D objects (e.g., liveness detection methods) are not suitable for autonomous driving, because they are object dependent or do not consider the constraints associated with autonomous driving (e.g., the need for real-time decision-making while the vehicle is moving). In this paper, we present EyeDAS, a novel few-shot learning-based method aimed at securing an object detector (OD) against the threat posed by the stereoblindness syndrome (i.e., the inability to distinguish between 2D and 3D objects). We evaluate EyeDAS’s real-time performance using 2,000 objects extracted from seven YouTube video recordings of street views taken by a dash cam from the driver’s seat perspective. When applying EyeDAS to seven state-of-the-art ODs as a countermeasure, EyeDAS was able to reduce the 2D misclassification rate from 71.42-100% to 2.4% with a 3D misclassification rate of 0% (TPR of 1.0). We also show that EyeDAS outperforms the baseline method and achieves an AUC of over 0.999 and a TPR of 1.0 with an FPR of 0.024.

Link
2022/9/28

Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED

Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, Yuval Elovici

Cryptology ePrint Archive, 2023

2022/9/28

Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED

Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, Yuval Elovici

Cryptology ePrint Archive, 2023

In this paper, we present video-based cryptanalysis, a new method used to recover secret keys from a device by analyzing video footage of a device’s power LED. We show that cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device’s power LED. Based on this observation, we show how attackers can exploit commercial video cameras (eg, an iPhone 13’s camera or Internet-connected security camera) to recover secret keys from devices. This is done by obtaining video footage of a device’s power LED (in which the frame is filled with the power LED) and exploiting the video camera’s rolling shutter to increase the sampling rate by three orders of magnitude from the FPS rate (60 measurements per second) to the rolling shutter speed (60K measurements per second in the iPhone 13 Pro Max). The frames of the video footage of the …

Link
2022/9/28

Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations

Ben Nassi, Ofek Vayner, Etay Iluz, Dudi Nassi, Or Hai Cohen, Jan Jancar, Daniel Genkin, Eran Tromer, Boris Zadov, Yuval Elovici

Cryptology ePrint Archive, 2023

2022/9/28

Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations

Ben Nassi, Ofek Vayner, Etay Iluz, Dudi Nassi, Or Hai Cohen, Jan Jancar, Daniel Genkin, Eran Tromer, Boris Zadov, Yuval Elovici

Cryptology ePrint Archive, 2023

Although power LEDs have been integrated in various devices that perform cryptographic operations for decades, the cryptanalysis risk they pose has not yet been investigated. In this paper, we present optical cryptanalysis, a new form of cryptanalytic side-channel attack, in which secret keys are extracted by using a photodiode to measure the light emitted by a device’s power LED and analyzing subtle fluctuations in the light intensity during cryptographic operations. We analyze the optical leakage of power LEDs of various consumer devices and the factors that affect the optical SNR. We then demonstrate end-to-end optical cryptanalytic attacks against a range of consumer devices (smartphone, smartcard, and Raspberry Pi, along with their USB peripherals) and recover secret keys (RSA, ECDSA, SIKE) from prior and recent versions of popular cryptographic libraries (GnuPG, Libgcrypt, PQCrypto-SIDH) from a …

Link
2022/9/28

Adversarial Machine Learning

Ziv Katzir, Yuval Elovici

Machine Learning for Data Science Handbook: Data Mining and Knowledge …, 2023

2022/9/28

Adversarial Machine Learning

Ziv Katzir, Yuval Elovici

Machine Learning for Data Science Handbook: Data Mining and Knowledge …, 2023

This chapter follows the evolution of adversarial machine learning research in recent years, through the lens of the literature. We start by reviewing early work on attack and defense methods and move on to studies that show how adversarial attacks can be applied in the real world. We then list the major outstanding research questions and conclude with research that addresses the domain’s key open question: What is it that makes adversarial examples so difficult to defend against? Our goal is to provide readers with the foundation needed to advance research in this fascinating domain.

Link
2022/9/28

How Polynomial Regression Improves DeNATing

Ari Adler, Lior Bass, Yuval Elovici, Rami Puzis

IEEE Transactions on Network and Service Management, 2023

2022/9/28

How Polynomial Regression Improves DeNATing

Ari Adler, Lior Bass, Yuval Elovici, Rami Puzis

IEEE Transactions on Network and Service Management, 2023

The ubiquity of Network Address Translation (NAT) and mobile hotspots that aggregate source IP addresses of connected devices to a single IP address makes it difficult for an observer in the Internet to learn anything about the internal network. The IP Identification header field of Domain Name System requests and the TCP Timestamp (TCP TS) header field of TCP SYN packets are the main features for counting devices in the internal network and association of packets to these devices, also known as DeNATing. This paper introduces a new method that relies on polynomial least-squares curve fitting for DeNATing. Evaluation of our model is performed on multiple real-world datasets containing Windows and Unix devices behind a router using NAT and a mobile hotspot. The proposed method outperforms other state-of-the-art methods for all of the used datasets on all types of devices. Successful DeNATing may …

Link
2022/9/28

The Adversarial Implications of Variable-Time Inference

Dudi Biton, Aditi Misra, Efrat Levy, Jaidip Kotak, Ron Bitton, Roei Schuster, Nicolas Papernot, Yuval Elovici, Ben Nassi

arXiv preprint arXiv:2309.02159, 2023

2022/9/28

The Adversarial Implications of Variable-Time Inference

Dudi Biton, Aditi Misra, Efrat Levy, Jaidip Kotak, Ron Bitton, Roei Schuster, Nicolas Papernot, Yuval Elovici, Ben Nassi

arXiv preprint arXiv:2309.02159, 2023

Machine learning (ML) models are known to be vulnerable to a number of attacks that target the integrity of their predictions or the privacy of their training data. To carry out these attacks, a black-box adversary must typically possess the ability to query the model and observe its outputs (e.g., labels). In this work, we demonstrate, for the first time, the ability to enhance such decision-based attacks. To accomplish this, we present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack. The leakage of inference-state elements into algorithmic timing side channels has never been studied before, and we have found that it can contain rich information that facilitates superior timing attacks that significantly outperform attacks based solely on label outputs. In a case study, we investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors. In our examination of the timing side-channel vulnerabilities associated with this algorithm, we identified the potential to enhance decision-based attacks. We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference. Our experiments show that our adversarial examples exhibit superior perturbation quality compared to a decision-based attack. In addition, we present a new threat model in which dataset inference based solely on timing leakage is performed. To address the timing leakage …

Link
2022/9/28

Detection System

Yuval Elovici

Fighting Terror in Cyberspace 65, 75, 2005

2022/9/28

Detection System

Yuval Elovici

Fighting Terror in Cyberspace 65, 75, 2005

The Terrorist Detection System (TDS) is aimed at tracking down suspected terrorists by analyzing the content of information they access. TDS operates in two modes: a training mode and a detection mode. During the training mode TDS is provided with Web pages accessed by a normal group of users and computes their typical interests. During the detection mode TDS performs real-time monitoring of the traffic emanating from the monitored group of users, analyzes the content of the Web pages accessed, and generates an alarm if the users access information is not within the typical interests of the group. TDS was implemented and evaluated in a network environment of 38 users where three users imitated suspected terrorists by accessing to terror related sites. TDS detection performance was com-pared to the performance of the Intrusion Detection System (IDS) based on anomaly detection and was found to be superior.

Link
2022/9/28

Simulating threats propagation within the NSP infrastructure

Rami Puzis, Meytal Tubi, Gil Tahan, Yuval Elovici

2007 IEEE Intelligence and Security Informatics, 380-380, 2007

2022/9/28

Simulating threats propagation within the NSP infrastructure

Rami Puzis, Meytal Tubi, Gil Tahan, Yuval Elovici

2007 IEEE Intelligence and Security Informatics, 380-380, 2007

Threats such as computer worms, Spyware and Trojans account for more than 10% of the total traffic of a network service providers (NSP). The NSP traffic can be monitored and cleaned by distributed network intrusion detection system (DNIDS) that may be deployed on the NSP routers/links. In this study we choose which routers/links to protect based on group betweenness centrality index that is used as a measure of their collaborative influence on the communication in the NSP infrastructure. During the current study we developed a framework aimed at slowing down or even preventing the propagation of known threats. In the first part of the framework the influential group of routers/links has to be located. In the second part we analyze parallel propagation of multiple types of threats in the NSP infrastructure using the susceptible infective removed model of epidemic propagation.

Link
2022/9/28

Cost benefit deployment of dnips

Emily Rozenshine-Kemelmakher, Rami Puzis, Ariel Felner, Yuval Elovici

2010 IEEE International Conference on Communications, 1-5, 2010

2022/9/28

Cost benefit deployment of dnips

Emily Rozenshine-Kemelmakher, Rami Puzis, Ariel Felner, Yuval Elovici

2010 IEEE International Conference on Communications, 1-5, 2010

Effective deployment of Real Time Distributed Network Intrusion Detection Systems (DNIDS) on High- speed and large-scale networks within limited budget constraints is a challenging task. In this paper we investigate algorithms aiming at optimizing the deployment of DNIDS systems. We use Group Betweenness Centrality (GBC) as an approximation of the DNIDS deployment utility. In this work we use two cost models. The first cost model assumes that all network intrusion detection devices have the same cost. The second model assumes that the cost of the device is relative to the traffic load on the network node on which it is installed. We evaluate two algorithms for finding the most prominent group in these cost models. The first algorithm is based on greedy choice of vertices and the second is based on heuristic search and finds the optimal deployment locations. We investigate combinations of heuristic functions …

Link
2022/9/28

Poster: OpenAPT–Open-Source Advanced Persistent Threat for Academic Research

Mordehai Guri, Tom Sela, Yuval Elovici

2022/9/28

Poster: OpenAPT–Open-Source Advanced Persistent Threat for Academic Research

Mordehai Guri, Tom Sela, Yuval Elovici

Modern advanced malware developers are always adapting new techniques in order to evade security systems. Typical Advanced Persistent Threat (APT) might utilize sophisticated stealth mechanisms, polymorphism engines, antiforensic capabilities, unique covert channels, and new infection vectors. Security companies such as AV vendors are constantly updated with the state-of-the art threats, which allows them to develop new defense mechanisms. However, academic security research suffers from the lack of access to the latest APTs information. Malware source-code, implementation details and even binaries are commonly not available publicly, preventing innovative research in the scientific community. In this paper we present the work-in-progress of OpenAPT, a community supported, open-source advanced malware development and documentation framework. Providing researchers code-samples and documentation of malware and set of APT mechanisms to compile and test against their new security mechanisms. The framework’s contents are all available under the GPL license, inviting the community to freely use and contribute to the collaborative knowledge.

Link
2022/9/28

Homing socialbots

Aviad Elishar, Michael Fire, Dima Kagan, Yuval Elovici

2022/9/28

Homing socialbots

Aviad Elishar, Michael Fire, Dima Kagan, Yuval Elovici

One dimension on the Internet, which has gained great popularity in recent years are the online social networks (OSNs). Users all over the globe write, share, and publish personal information about themselves, their friends, and their workplace. In this study we present a method for infiltrating specific users in targeted organizations by using organizational social networks topologies and Socialbots. The targeted organizations, which have been chosen by us, were technologyoriented organizations. Employees from this kind of organization should be more aware of the dangers of exposing private information. An infiltration is defined as accepting a Socialbot’s friend request. Upon accepting a Socialbot’s friend request, users unknowingly expose information about themselves and their workplace. To infiltrate this we had to use our Socialbots in a sophisticated manner. First, we had to gather information and recognize Facebook users who work in targeted organizations. Afterwards, we chose ten Facebook users from every targeted organization randomly. These ten users were chosen to be the specific users from targeted organizations of which we would like to infiltrate. The Socialbots sent friend requests to all specific users’ mutual friends who worked or work in the same targeted organization. The rationale behind this idea was to gain as many mutual friends as possible and through this act increase the probability that our friend requests will be accepted by the targeted users. We tested the proposed method on targeted users from two different organizations. Our method was able to gain a successful percentage of 50% and 70% respectively. The …

Link
2022/9/28

Method and system for detecting malicious behavioral patterns in a computer, using machine learning

Robert Moskovitch, Dima Stopel, Zvi Boger, Yuval Shahar, Yuval Elovici

2022/9/28

Method and system for detecting malicious behavioral patterns in a computer, using machine learning

Robert Moskovitch, Dima Stopel, Zvi Boger, Yuval Shahar, Yuval Elovici

Link
2022/9/28

Facebook Applications’ Installation and Removal: A Temporal Analysis

Dima Kagan, Michael Fire, Aviad Elyashar, Yuval Elovici

arXiv preprint arXiv:1309.4067, 2013

2022/9/28

Facebook Applications’ Installation and Removal: A Temporal Analysis

Dima Kagan, Michael Fire, Aviad Elyashar, Yuval Elovici

arXiv preprint arXiv:1309.4067, 2013

Facebook applications are one of the reasons for Facebook attractiveness. Unfortunately, numerous users are not aware of the fact that many malicious Facebook applications exist. To educate users, to raise users’ awareness and to improve Facebook users’ security and privacy, we developed a Firefox add-on that alerts users to the number of installed applications on their Facebook profiles. In this study, we present the temporal analysis of the Facebook applications’ installation and removal dataset collected by our add-on. This dataset consists of information from 2,945 users, collected during a period of over a year. We used linear regression to analyze our dataset and discovered the linear connection between the average percentage change of newly installed Facebook applications and the number of days passed since the user initially installed our add-on. Additionally, we found out that users who used our Firefox add-on become more aware of their security and privacy installing on average fewer new applications. Finally, we discovered that on average 86.4% of Facebook users install an additional application every 4.2 days.

Link
2022/9/28

Exploiting simultaneous usage of different wireless interfaces for security and mobility

Shlomi Dolev, Idan Heimlich Shtacher, Bracha Shapira, Yuval Elovici, Guy Messalem, Dudu Mimran, Marina Kopeetsky

Second International Conference on Future Generation Communication …, 2013

2022/9/28

Exploiting simultaneous usage of different wireless interfaces for security and mobility

Shlomi Dolev, Idan Heimlich Shtacher, Bracha Shapira, Yuval Elovici, Guy Messalem, Dudu Mimran, Marina Kopeetsky

Second International Conference on Future Generation Communication …, 2013

Today, most wireless devices are equipped with at least two interfaces-3G and Wi-Fi, yet only one of the interfaces can be operational at a time. We propose a new network communication scheme we call the Multi Channel Communication (MCC) which uses these two interfaces simultaneously and exploits new powerful network capabilities of such a configuration. We present a full android phone implementation and network architecture that demonstrates the new capabilities. The implementation includes two components; one located on the client side, providing full control over the routing of each packet from the device and the second located on the server side and responsible for combining the received data via the different interfaces. The new network configuration, proposed and analyzed in this paper, provides users with advanced services, such as: (a) a flexible connection service for providing physical …

Link
2022/9/28

Quantitative Analysis of Genealogy Using Digitised Family Trees

Michael Fire, Thomas Chesney, Yuval Elovici

arXiv preprint arXiv:1408.5571, 2014

2022/9/28

Quantitative Analysis of Genealogy Using Digitised Family Trees

Michael Fire, Thomas Chesney, Yuval Elovici

arXiv preprint arXiv:1408.5571, 2014

Driven by the popularity of television shows such as Who Do You Think You Are? many millions of users have uploaded their family tree to web projects such as WikiTree. Analysis of this corpus enables us to investigate genealogy computationally. The study of heritage in the social sciences has led to an increased understanding of ancestry and descent but such efforts are hampered by difficult to access data. Genealogical research is typically a tedious process involving trawling through sources such as birth and death certificates, wills, letters and land deeds. Decades of research have developed and examined hypotheses on population sex ratios, marriage trends, fertility, lifespan, and the frequency of twins and triplets. These can now be tested on vast datasets containing many billions of entries using machine learning tools. Here we survey the use of genealogy data mining using family trees dating back centuries and featuring profiles on nearly 7 million individuals based in over 160 countries. These data are not typically created by trained genealogists and so we verify them with reference to third party censuses. We present results on a range of aspects of population dynamics. Our approach extends the boundaries of genealogy inquiry to precise measurement of underlying human phenomena.

Link
2022/9/28

Resilience of anti-malware programs to naive modifications of malicious binaries

Mordechai Guri, Gabi Kedma, Assaf Kachlon, Yuval Elovici

2014 IEEE Joint Intelligence and Security Informatics Conference, 152-159, 2014

2022/9/28

Resilience of anti-malware programs to naive modifications of malicious binaries

Mordechai Guri, Gabi Kedma, Assaf Kachlon, Yuval Elovici

2014 IEEE Joint Intelligence and Security Informatics Conference, 152-159, 2014

The massive amounts of malware variants which are released each day demand fast in-lab analysis, along with fast in-field detection. Traditional malware detection methodology depends on either static or dynamic in-lab analysis to identify a suspicious file as malicious. When a file is identified as malware, the analyst extracts a structural signature, which is dispatched to subscriber machines. The signature should enable fast scanning, and should also be flexible enough to detect simple variants. In this paper we discuss ‘naïve’ variants which can be produced by a modestly skilled individual with publically accessible tools and knowhow which, if needed, can be found on the Internet. Furthermore, those variants can be derived directly from the malicious binary file, allowing anyone who has access to the binary file to modify it at his or her will. Modification can be automated, to produce large amounts of variants in …

Link
2022/9/28

Detecting android kernel rootkits via JTAG memory introspection

Mordechai Guri, Yuri Poliak, Bracha Shapira, Yuval Elovici

Intrusion Detection and Prevention for Mobile Ecosystems, 165-186, 2017

2022/9/28

Detecting android kernel rootkits via JTAG memory introspection

Mordechai Guri, Yuri Poliak, Bracha Shapira, Yuval Elovici

Intrusion Detection and Prevention for Mobile Ecosystems, 165-186, 2017

Over the past few years, mobile devices have emerged as a preferred target for cyber criminals. This trend is fueled by the valuable personal and organizational information stored on those devices. Android is by far the most popular mobile operating system (OS); its numerous vulnerabilities, coupled with the ease of distributing malicious code through its popular app market, have made this OS a favorite target of attackers [1]. For example, the DroidDream attack [2] was distributed through legitimate applications on the Android market and infected about 50,000 mobile devices in the course of a few days. More recently, an Android “bootkit,” that is, a rootkit that modifies the device’s boot partition and boot script (codenamed “Oldboot”) infected over 500,000 mobile devices within a period of 6 months in China alone [3]. In 2015, researchers have uncovered a rootkit that resides deep inside Android devices, while receiving commands from its operator across the internet [4]. In 2016, a rootkit-level backdoor was found preinstalled on 3 million Android phones, many of them used by people in the United States [5].

Link
2022/9/28

Out of kilter: Holistic exploitation of denial of service in internet of things

Suhas Setikere, Vinay Sachidan, a, Yuval Elovici

Security and Privacy in Communication Networks: 14th International …, 2018

2022/9/28

Out of kilter: Holistic exploitation of denial of service in internet of things

Suhas Setikere, Vinay Sachidan, a, Yuval Elovici

Security and Privacy in Communication Networks: 14th International …, 2018

Internet of Things (IoT) expose various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this paper, we showcase our preliminary efforts towards study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose our initial attack and defense framework for IoT and that can perform various forms of DoS on IP and Bluetooth. We show the initial results of DoS vulnerabilities such as Resource Exhaustion and Bluetooth Low Energy (BLE) Packet Injection. In order to understand how resilient is IoT for DoS, we propose a new metric to measure the Resilience against DoS in IoT. We have conducted a real time experimentation with IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various …

Link
2022/9/28

DOPING: Generative Data Augmentation for Unsupervised Anomaly Detection with GAN

Swee Kiat Lim, Yi Loo, Ngoc-Trung Tran, Ngai-Man Cheung, Gemma Roig, Yuval Elovici

arXiv e-prints, arXiv: 1808.07632, 2018

2022/9/28

DOPING: Generative Data Augmentation for Unsupervised Anomaly Detection with GAN

Swee Kiat Lim, Yi Loo, Ngoc-Trung Tran, Ngai-Man Cheung, Gemma Roig, Yuval Elovici

arXiv e-prints, arXiv: 1808.07632, 2018

Recently, the introduction of the generative adversarial network (GAN) and its variants has enabled the generation of realistic synthetic samples, which has been used for enlarging training sets. Previous work primarily focused on data augmentation for semi-supervised and supervised tasks. In this paper, we instead focus on unsupervised anomaly detection and propose a novel generative data augmentation framework optimized for this task. In particular, we propose to oversample infrequent normal samples-normal samples that occur with small probability, eg, rare normal events. We show that these samples are responsible for false positives in anomaly detection. However, oversampling of infrequent normal samples is challenging for real-world high-dimensional data with multimodal distributions. To address this challenge, we propose to use a GAN variant known as the adversarial autoencoder (AAE) to …

Link
2022/9/28

SMuF: State machine based mutational fuzzing framework for internet of things

Neeraj Karamch, ani, Vinay Sachidan, a, Suhas Setikere, Jianying Zhou, Yuval Elovici

Critical Information Infrastructures Security: 13th International Conference …, 2019

2022/9/28

SMuF: State machine based mutational fuzzing framework for internet of things

Neeraj Karamch, ani, Vinay Sachidan, a, Suhas Setikere, Jianying Zhou, Yuval Elovici

Critical Information Infrastructures Security: 13th International Conference …, 2019

The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.

Link
2022/9/28

Detection of Adversarial Supports in Few-shot Classifiers Using Self-Similarity and Filtering

Yi Xiang Marcus Tan, Penny Chong, Jiamei Sun, Ngai-Man Cheung, Yuval Elovici, Alex, er Binder

arXiv preprint arXiv:2012.06330, 2020

2022/9/28

Detection of Adversarial Supports in Few-shot Classifiers Using Self-Similarity and Filtering

Yi Xiang Marcus Tan, Penny Chong, Jiamei Sun, Ngai-Man Cheung, Yuval Elovici, Alex, er Binder

arXiv preprint arXiv:2012.06330, 2020

Few-shot classifiers excel under limited training samples, making them useful in applications with sparsely user-provided labels. Their unique relative prediction setup offers opportunities for novel attacks, such as targeting support sets required to categorise unseen test samples, which are not available in other machine learning setups. In this work, we propose a detection strategy to identify adversarial support sets, aimed at destroying the understanding of a few-shot classifier for a certain class. We achieve this by introducing the concept of self-similarity of a support set and by employing filtering of supports. Our method is attack-agnostic, and we are the first to explore adversarial detection for support sets of few-shot classifiers to the best of our knowledge. Our evaluation of the miniImagenet (MI) and CUB datasets exhibits good attack detection performance despite conceptual simplicity, showing high AUROC scores. We show that self-similarity and filtering for adversarial detection can be paired with other filtering functions, constituting a generalisable concept.

Link
2022/9/28

Adaptive noise injection for training stochastic student networks from deterministic teachers

Yi Xianz Marcus Tan, Yuval Elovici, Alex, er Binder

2020 25th International Conference on Pattern Recognition (ICPR), 7587-7594, 2021

2022/9/28

Adaptive noise injection for training stochastic student networks from deterministic teachers

Yi Xianz Marcus Tan, Yuval Elovici, Alex, er Binder

2020 25th International Conference on Pattern Recognition (ICPR), 7587-7594, 2021

Adversarial attacks have been a prevalent problem causing misclassification in machine learning models, with stochasticity being a promising direction towards greater robustness. However, stochastic networks frequently underperform compared to deterministic deep networks. In this work, we present a conceptually clear adaptive noise injection mechanism in combination with teacher-initialisation, which adjusts its degree of randomness dynamically through the computation of mini-batch statistics. This mechanism is embedded within a simple framework to obtain stochastic networks from existing deterministic networks. Our experiments show that our method is able to outperform prior baselines under white-box settings, exemplified through CIFAR-10 and CIFAR-100. Following which, we perform in-depth analysis on varying different components of training with our approach on the effects of robustness and …

Link
2022/9/28

Virtual breathalyzer: towards the detection of intoxication using motion sensors of commercial wearable devices

Ben Nassi, Jacob Shams, Lior Rokach, Yuval Elovici

Sensors 22 (9), 3580, 2022

2022/9/28

Virtual breathalyzer: towards the detection of intoxication using motion sensors of commercial wearable devices

Ben Nassi, Jacob Shams, Lior Rokach, Yuval Elovici

Sensors 22 (9), 3580, 2022

Driving under the influence of alcohol is a widespread phenomenon in the US where it is considered a major cause of fatal accidents. In this research, we present Virtual Breathalyzer, a novel approach for detecting intoxication from the measurements obtained by the sensors of smartphones and wrist-worn devices. We formalize the problem of intoxication detection as the supervised machine learning task of binary classification (drunk or sober). In order to evaluate our approach, we conducted a field experiment and collected 60 free gait samples from 30 patrons of three bars using a Microsoft Band and Samsung Galaxy S4. We validated our results against an admissible breathalyzer used by the police. A system based on this concept successfully detected intoxication and achieved the following results: 0.97 AUC and 0.04 FPR, given a fixed TPR of 1.0. Our approach can be used to analyze the free gait of drinkers when they walk from the car to the bar and vice versa, using wearable devices which are ubiquitous and more widespread than admissible breathalyzers. This approach can be utilized to alert people, or even a connected car, and prevent people from driving under the influence of alcohol.

Link
2022/9/28

bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements

Ben Nassi, Jacob Shams, Raz Ben Netanel, Yuval Elovici

2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW …, 2022

2022/9/28

bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements

Ben Nassi, Jacob Shams, Raz Ben Netanel, Yuval Elovici

2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW …, 2022

In this paper, we present bAdvertisement, a novel attack method against advanced driver-assistance systems (ADASs). bAdvertisement is performed as a supply chain attack via a compromised computer in a printing house, by embedding a “phantom” object in a print advertisement. When the compromised print advertisement is observed by an ADAS in a passing car, an undesired reaction is triggered from the ADAS. We analyze state-of-the-art object detectors and show that they do not take color or context into account in object detection. Our validation of these findings on Mobileye 630 PRO shows that this ADAS also fails to take color or context into account. Then, we show how an attacker can take advantage of these findings to execute an attack on a commercial ADAS, by embedding a phantom road sign in a print advertisement, which causes a car equipped with Mobileye 630 PRO to trigger a false notification …

Link
2022/9/28

Enhancing real-world adversarial patches through 3D modeling of complex target scenes

Yael Mathov, Lior Rokach, Yuval Elovici

Neurocomputing 499, 11-22, 2022

2022/9/28

Enhancing real-world adversarial patches through 3D modeling of complex target scenes

Yael Mathov, Lior Rokach, Yuval Elovici

Neurocomputing 499, 11-22, 2022

Adversarial examples have proven to be a concerning threat to deep learning models, particularly in the image domain. While many studies have examined adversarial examples in the real world, most of them relied on 2D photos of the attack scene. As a result, the attacks proposed may have limited effectiveness when implemented in realistic environments with 3D objects or varied conditions. Some studies on adversarial learning have used 3D objects, however in many cases, other researchers are unable to replicate the real-world evaluation process. In this study, we present a framework that uses 3D modeling to craft adversarial patches for an existing real-world scene. Our approach uses a 3D digital approximation of the scene to simulate the real world. With the ability to add and manipulate any element in the digital scene, our framework enables the attacker to improve the adversarial patch’s impact in real …

Link
2022/9/28

Optical Speech Recovery From Desktop Speakers

Ben Nassi, Yaron Pirutin, Jacob Shams, Raz Swissa, Yuval Elovici, Boris Zadov

Computer 55 (11), 40-51, 2022

2022/9/28

Optical Speech Recovery From Desktop Speakers

Ben Nassi, Yaron Pirutin, Jacob Shams, Raz Swissa, Yuval Elovici, Boris Zadov

Computer 55 (11), 40-51, 2022

In this article, we show that desktop speakers’ internal (electrical circuitry) and external (reflective diaphragm) design may expose users to confidential information leakage. We demonstrate that these flaws are present in billions of devices produced by global manufacturers and discuss countermeasures.

Link
2022/9/28

The little seal bug: Optical sound recovery from lightweight reflective objects

Ben Nassi, Raz Swissa, Jacob Shams, Boris Zadov, Yuval Elovici

2023 IEEE Security and Privacy Workshops (SPW), 298-310, 2023

2022/9/28

The little seal bug: Optical sound recovery from lightweight reflective objects

Ben Nassi, Raz Swissa, Jacob Shams, Boris Zadov, Yuval Elovici

2023 IEEE Security and Privacy Workshops (SPW), 298-310, 2023

In recent years, various studies have demonstrated methods to recover sound/speech with an optical sensor. Fortunately, each of these methods possess drawbacks limiting their utility (e.g., limited to recovering sounds at high volumes, utilize a sensor indicating their use, rely on objects not commonly found in offices, require preliminary data collection, etc.). One unaddressed method of recovering speech optically is via observing lightweight reflective objects (e.g., iced coffee can, smartphone stand, desk ornament) with a photodiode, an optical sensor used to convert photons to electricity. In this paper, we present the ‘little seal bug’ attack, an optical side-channel attack which exploits fluctuations in air pressure on the surface of a shiny object occurring in response to sound, to recover speech optically and passively using a photodiode. These air pressure fluctuations cause the shiny object to vibrate and reflect light …

Link
2022/9/28

Degrading the Network’s Quality of Service via Traffic Diversion Attacks

Eitan Menahem, Gabi Nakibly, Yuval Elovici

Tech. rep., 12 2012, 0

2022/9/28

Degrading the Network’s Quality of Service via Traffic Diversion Attacks

Eitan Menahem, Gabi Nakibly, Yuval Elovici

Tech. rep., 12 2012, 0

Currently, there are two ways for an attacker to harm the QoS of a network. The first way is to change the routes the normal production traffic takes. The second way to harm the QoS of a network is to induce extra production traffic that would normally not have been generated. The traffic diversion attacks are considered more subtle and harder to detect. There are various ways for an attacker to implement such attacks. In this short paper we present four such attacks: two OSPF based and two DNS based attacks.

Link
2022/9/28

Y. Fledel: U. Kanonov: Y. Elovici: S. Dolev: C. Glezer (2009); Google Android: A comprehensive security assessment

A Shabtai

IEEE Security and Privacy 8 (2), 0

2022/9/28

Y. Fledel: U. Kanonov: Y. Elovici: S. Dolev: C. Glezer (2009); Google Android: A comprehensive security assessment

A Shabtai

IEEE Security and Privacy 8 (2), 0

Link
2022/9/28

Message passing system for closely coupled multiprocessor system

Y Elovici, RD Hersh, H Azaria

17th Convention of Electrical and Electronics Engineers in Israel, 275-278, 1991

2022/9/28

Message passing system for closely coupled multiprocessor system

Y Elovici, RD Hersh, H Azaria

17th Convention of Electrical and Electronics Engineers in Israel, 275-278, 1991

A new Message Passing System (MPS) for general purpose application is based on the principle of similar Message Passing Cores placed in all the Processing Elements (PEs) of the network. Each Message Passing Core manages the communication and synchronization between the different Application Tasks by means of three approaches. The first is a primitive approach without synchronization between the tasks. The second approach permits to synchronize the communication between the tasks. The third approach minimizes the overhead of the synchronization mechanism by using the concepts of virtual channel. The MPS written in 3L Parallel C (ver 2.1) is implemented on a 16 Transputer (T800) network. Preliminary results point to good communication speed, memory consumption, congestion behavior, communication latency and computation overhead.< >

Link
2022/9/28

Multiple interfaces message passing system for transputer network

Helnye Azaria, Yuval Elovici, Roger D Hersch

Microprocessing and Microprogramming 34 (1-5), 237-242, 1992

2022/9/28

Multiple interfaces message passing system for transputer network

Helnye Azaria, Yuval Elovici, Roger D Hersch

Microprocessing and Microprogramming 34 (1-5), 237-242, 1992

One of the most important factor that determine the performance of the parallel multiprocessor system is the establishment of an optimized communication system between the different tasks of an application running in distinct Processing Elements (PE) of a parallel processor array. The presented work suggests the use of a Multiple Interface Message Passing System (MIMPS) for a distributed transputer network, as an efficient solution to complex application requirements. The MIMPS is studied on a mesh topology network of 16 transputers T800. The MIMPC manages communication between application tasks through three interfaces. The application designer chooses the appropriate interface depending on the function of the task. A send/receive asynchronous interface (Interface I) handles efficiently server tasks like central facilities, data storage and access tasks and graphic servers, a synchronous send/receive …

Link
2022/9/28

Modeling and evaluation of a new message-passing system for parallel multiprocessor systems

Helnye Azaria, Yuval Elovici

Parallel computing 19 (6), 633-649, 1993

2022/9/28

Modeling and evaluation of a new message-passing system for parallel multiprocessor systems

Helnye Azaria, Yuval Elovici

Parallel computing 19 (6), 633-649, 1993

As parallel implementation of complex applications is becoming popular, the need for a high performance interprocessor communication system becomes imminent, especially in loosely coupled distributed-memory multiprocessor networks. An important factor in the efficiency of these networks is the effectiveness of the message-passing system which manages the data exchanges among the processors of the network. This paper presents the modeling and performance evaluation of a new Message-Passing System (MPS) for distributed multiprocessor networks without shared-memory and where the processors or Processing Elements (PEs) are connected to each other by point-to-point communication links. For maximum performance, the MPS manages the communication and the synchronization between the different tasks of an application by means of three approaches. One is an asynchronous send/receive …

Link
2022/9/28

Evaluating parallel distributed system’s performance

N Ahituv, Y Elovici

Working Paper, Faculty of Management, Tel Aviv University, 1995

2022/9/28

Evaluating parallel distributed system’s performance

N Ahituv, Y Elovici

Working Paper, Faculty of Management, Tel Aviv University, 1995

Link
2022/9/28

A Fuzzy-Based Algorithm for Web Document

Menahem Friedman, Abraham K, el, Moti Schneider, Mark Last, Bracha Shapka, Yuval Elovici, Omer Zaafrany

pp. S24-S27, 2004

2022/9/28

A Fuzzy-Based Algorithm for Web Document

Menahem Friedman, Abraham K, el, Moti Schneider, Mark Last, Bracha Shapka, Yuval Elovici, Omer Zaafrany

pp. S24-S27, 2004

Link
2022/9/28

Detection of Unknown Computer Worms Activity Based on Computer Behavior using Machine Learning Techniques

R Moskovitch, I Gus, S Pluderman, D Stopel, C Glezer, Y Shahar, Y Elovici

Department of Information System Engineering, 2006

2022/9/28

Detection of Unknown Computer Worms Activity Based on Computer Behavior using Machine Learning Techniques

R Moskovitch, I Gus, S Pluderman, D Stopel, C Glezer, Y Shahar, Y Elovici

Department of Information System Engineering, 2006

Link
2022/9/28

Evasive routing: Achieving anonymity using multiple ISPs

Yuval Elovici, Yehuda Ben-Shimol, Gad Alon

網際網路技術學刊 8 (1), 83-96, 2007

2022/9/28

Evasive routing: Achieving anonymity using multiple ISPs

Yuval Elovici, Yehuda Ben-Shimol, Gad Alon

網際網路技術學刊 8 (1), 83-96, 2007

Anonymous communication is an important public issue and gains even greater significance when discussed in the context of the World Wide Web. This paper presents a new protocol of anonymity preservation named Evasive Routing which allows users to surf the Internet while maintaining their anonymity. This protocol offers similar routing techniques as were suggested in the Crowds protocol for anonymous communication, while assuming simultaneous connection of users to several Internet service providers (ISPs). The mathematical analysis shows that Evasive Routing offers higher anonymity properties against ISPs which are considered as local eavesdroppers than other suggested solutions, while maintaining similar anonymity properties against other obvious attackers. The performance of Evasive Routing was analyzed and compared to existing protocols using network simulation techniques and has …

Link
2022/9/28

Enhancement to the Advanced Terrorist Detection System (ATDS)

Bracha Shapira, Yuval Elovici, Mark Last, Abraham K, el

NATO security through science series D-Information and communication …, 2008

2022/9/28

Enhancement to the Advanced Terrorist Detection System (ATDS)

Bracha Shapira, Yuval Elovici, Mark Last, Abraham K, el

NATO security through science series D-Information and communication …, 2008

The ATDS system is aimed at detecting potential terrorists on the Web by tracking and analyzing the content of pages accessed by users in a known environment (eg, university, organization). The system would alert and report on any user who is” too” interested in terrorist-related content. The system learns and represents the typical interests of the users in the environment. It then monitors the content of pages the users access and compares it to the typical interests of the users in the environment. The system issues an alarm if it discovers a user whose interests are significantly and consistently dissimilar to the other users’ interests. This paper briefly reviews the main ideas of the system and suggests improving the detection accuracy by learning terrorists’ typical behaviors from known terrorist related sites. An alarm would be issued only if a” non-typical” user is found to be similar to the typical interests of terrorists. Another enhancement suggested is the analysis of the visual content of the pages in addition to the textual content.

Link
2022/9/28

Protecting persons while protecting the people

S Kisilevich, Y Elovici, B Shapira, L Rokach

Berlin, Heidelberg: Springer-Verlag, 63-81, 2009

2022/9/28

Protecting persons while protecting the people

S Kisilevich, Y Elovici, B Shapira, L Rokach

Berlin, Heidelberg: Springer-Verlag, 63-81, 2009

Link
2022/9/28

Collaborative Attack on Internet Users» Anonymity. Internet Research, 19 (1): 60 {77

R Puzis, D Yagil, Y Elovici, D Braha

2022/9/28

Collaborative Attack on Internet Users» Anonymity. Internet Research, 19 (1): 60 {77

R Puzis, D Yagil, Y Elovici, D Braha

Link
2022/9/28

Securing android-powered mobile devices using selinux. IEEE Secur. Priv. 8 (3), 36–44 (2010)

A Shabtai, Y Fledel, Y Elovici

2022/9/28

Securing android-powered mobile devices using selinux. IEEE Secur. Priv. 8 (3), 36–44 (2010)

A Shabtai, Y Fledel, Y Elovici

Link
2022/9/28

Google Android: State of the Art Review of Security Mechanisms

Y Fledel, U Kanonov, Y Elovici, S Dolev, Asaf Shabtai

arXiv preprint arXiv 912, 2009

2022/9/28

Google Android: State of the Art Review of Security Mechanisms

Y Fledel, U Kanonov, Y Elovici, S Dolev, Asaf Shabtai

arXiv preprint arXiv 912, 2009

Link
2022/9/28

EloviciChananGlezer

RobertMoskovitchYuval AsafShabtai

Detection of malicious code by applying machine learning classifiers on …, 2009

2022/9/28

EloviciChananGlezer

RobertMoskovitchYuval AsafShabtai

Detection of malicious code by applying machine learning classifiers on …, 2009

Link
2022/9/28

A decision theoretic approach to combining information filtering

Alex, er Binun, Bracha Shapira, Yuval Elovici

Online Information Review 33 (5), 920-942, 2009

2022/9/28

A decision theoretic approach to combining information filtering

Alex, er Binun, Bracha Shapira, Yuval Elovici

Online Information Review 33 (5), 920-942, 2009

The purpose of this paper is to present an extension to a framework based on the information structure (IS) model for combining information filtering (IF) results. The main goal of the framework is to combine the results of the different IF systems so as to maximise the expected payoff (EP) to the user. In this paper we compare three different approaches to tuning the relevance thresholds of individual IF systems that are being combined in order to maximise the EP to the user. In the first approach we set the same threshold for each of the IF systems. In the second approach the threshold of each IF system is tuned independently to maximise its own EP (“local optimisation”). In the third approach the thresholds of the IF systems are jointly tuned to maximise the EP of the combined system (“global optimisation”).An empirical evaluation is conducted to examine the performance of …

Link
2022/9/28

Automated static code analysis for classifying android applications using machine learning. CIS. Conf

A Shabtai, Y Fledel, Y Elovici

IEEE, 2010

2022/9/28

Automated static code analysis for classifying android applications using machine learning. CIS. Conf

A Shabtai, Y Fledel, Y Elovici

IEEE, 2010

Link
2022/9/28

Stealing reality

Yaniv Altshuler, Nadav Aharony, Yuval Elovici, Alex Pentl, , Manuel Cebrian

arXiv preprint arXiv:1010.1028, 2010

2022/9/28

Stealing reality

Yaniv Altshuler, Nadav Aharony, Yuval Elovici, Alex Pentl, , Manuel Cebrian

arXiv preprint arXiv:1010.1028, 2010

In this paper we discuss the threat of malware targeted at extracting information about the relationships in a real-world social network as well as characteristic information about the individuals in the network, which we dub Stealing Reality. We present Stealing Reality, explain why it differs from traditional types of network attacks, and discuss why its impact is significantly more dangerous than that of other attacks. We also present our initial analysis and results regarding the form that an SR attack might take, with the goal of promoting the discussion of defending against such an attack, or even just detecting the fact that one has already occurred.

Link
2022/9/28

A new model for data leakage prevention

G Katz, Y Elovici, B Shapira

ACM Trans. on Information and System Security (TIS SEC) on Wh of Jan, 2011

2022/9/28

A new model for data leakage prevention

G Katz, Y Elovici, B Shapira

ACM Trans. on Information and System Security (TIS SEC) on Wh of Jan, 2011

Link
2022/9/28

Rhythms in twitter. Privacy, security, risk and trust (passat)

D Chalmers, S Fleming, I Wakeman, D Watson

2011 ieee third international conference on and 2011 ieee third …, 2011

2022/9/28

Rhythms in twitter. Privacy, security, risk and trust (passat)

D Chalmers, S Fleming, I Wakeman, D Watson

2011 ieee third international conference on and 2011 ieee third …, 2011

Link
2022/9/28

Link Prediction in social networks using computationally efficient topological features. In 2011 IEEE third int’l conference on privacy, security, risk and trust (PASSAT)/2011 IEEE third int’l conference on social computing (SocialCom)

M Fire, L Tenenboim, O Lesser, R Puzis, L Rokach, Y Elovici

Social Computing (IEEE, 2011), 73-80, 2011

2022/9/28

Link Prediction in social networks using computationally efficient topological features. In 2011 IEEE third int’l conference on privacy, security, risk and trust (PASSAT)/2011 IEEE third int’l conference on social computing (SocialCom)

M Fire, L Tenenboim, O Lesser, R Puzis, L Rokach, Y Elovici

Social Computing (IEEE, 2011), 73-80, 2011

Link
2022/9/28

LoOkie-It feels like being there

Talya Porat, Inbal Rief, Rami Puzis, Yuval Elovici

CHI'11 Extended Abstracts on Human Factors in Computing Systems, 1873-1878, 2011

2022/9/28

LoOkie-It feels like being there

Talya Porat, Inbal Rief, Rami Puzis, Yuval Elovici

CHI'11 Extended Abstracts on Human Factors in Computing Systems, 1873-1878, 2011

In this paper, we describe an interaction design process and the challenges encountered during the development of LoOkie, a social mobile application, which enables members to request and receive live videos or pictures of desired locations from people who are present at the scene. The paper describes, from a human-computer interaction perspective, the development of the application from the birth of the idea through the design process encountered up to the point of the launch of the application for Beta at the beginning of 2011.

Link
2022/9/28

TTLed random walks for collaborative monitoring in mobile and social networks

Yaniv Altshuler, Shlomi Dolev, Yuval Elovici

Handbook of Optimization in Complex Networks: Theory and Applications, 507-538, 2012

2022/9/28

TTLed random walks for collaborative monitoring in mobile and social networks

Yaniv Altshuler, Shlomi Dolev, Yuval Elovici

Handbook of Optimization in Complex Networks: Theory and Applications, 507-538, 2012

Complex network and complex systems research has been proven to have great implications in practice in many scopes including Social Networks, Biology, Disease Propagation, and Information Security. One can use complex network theory to optimize resource locations and optimize actions. Randomly constructed graphs and probabilistic arguments lead to important conclusions with a possible great social and financial influence. Security in online social networks has recently become a major issue for network designers and operators. Being “open” in their nature and offering users the ability to compose and share information, such networks may involuntarily be used as an infection platform by viruses and other kinds of malicious software. This is specifically true for mobile social networks, that allow their users to download millions of applications created by various individual programers, some of …

Link
2022/9/28

Data leakage

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 5-10, 2012

2022/9/28

Data leakage

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 5-10, 2012

Data leakage is defined as the accidental or unintentional distribution of private or sensitive data to an unauthorized entity. Sensitive data in companies and organizations include intellectual property (IP), financial information, patient information, personal credit-card data, and other information depending on the business and the industry. Data leakage poses a serious issue for companies as the number of incidents and the cost to those experiencing them continue to increase. Data leakage is enhanced by the fact that transmitted data (both inbound and outbound), including emails, instant messaging, website forms, and file transfers among others, are largely unregulated and unmonitored on their way to their destinations. Furthermore, in many cases, sensitive data are shared among various stakeholders such as employees working from outside the organization’s premises (e.g., on laptops), business …

Link
2022/9/28

Combining One class classifiers via meta learning

Menahem Eitan, Rokach Lior

Proceedings of the 22nd ACM International conference on Conference on …, 2013

2022/9/28

Combining One class classifiers via meta learning

Menahem Eitan, Rokach Lior

Proceedings of the 22nd ACM International conference on Conference on …, 2013

Link
2022/9/28

Owning the Routing Table

Gabi Nakibly, Eitan Menahem, Ariel Waizel, Yuval Elovici

Part II. Presentation at Black Hat USA, 2013

2022/9/28

Owning the Routing Table

Gabi Nakibly, Eitan Menahem, Ariel Waizel, Yuval Elovici

Part II. Presentation at Black Hat USA, 2013

Owning the Routing Table Page 1 Owning the Routing Table Part II Gabi Nakibly1, Eitan
Menahem2, Ariel Waizel2, Yuval Elovici2 1National EW Research & Simulation Center, Rafael
– Advanced Defense Systems Ltd. 2Telekom Innovation Laboratories, Ben Gurion University
Page 2 Background • This work is a second installment of our research on OSPF security. –
The first part was presented at Black Hat USA 2011. • In this part we push the envelope further
and present a more powerful attack that allows to take control of a Cisco’s router routing table.
Page 3 Overview • The holy grail of routing attacks is owning the routing table of a router –
without having to own the router itself. • We present a newly found vulnerability of the OSPF
protocol. • It allows to own the routing tables of all routers in a routing domain from just a single
compromised router. Page 4 Why is this so desirable? • Owning the routing tables allows …

Link
2022/9/28

An active learning enhancement for conditions severity classification

N Nissim, MR Bol, , R Moskovitch, NP Tatonetti, Y Elovici, Y Shahar

NYC, USA: ACM KDD on Workshop on Connected Health at Big Data Era, 2014

2022/9/28

An active learning enhancement for conditions severity classification

N Nissim, MR Bol, , R Moskovitch, NP Tatonetti, Y Elovici, Y Shahar

NYC, USA: ACM KDD on Workshop on Connected Health at Big Data Era, 2014

An active learning enhancement for conditions severity classification — Ben-Gurion University
Research Portal Skip to main navigation Skip to search Skip to main content Ben-Gurion
University Research Portal Home Ben-Gurion University Research Portal Logo Help & FAQ
Home Profiles Research output Research Units Prizes Press / Media Activities Student theses
Research Labs / Equipment Datasets Projects Search by expertise, name or affiliation An active
learning enhancement for conditions severity classification N Nissim, MR Boland, R
Moskovitch, NP Tatonetti, Y Elovici, Y Shahar Department of Economics Program of Science &
Technology Education Department of Software and Information Systems Engineering Research
output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review
Overview Original language English GB Title of host publication NYC, USA: ACM KDD …

Link
2022/9/28

Subtractive vs

Mark Yampolskiy, Wayne E King, Gregory Pope, Sofia Belikovetsky, Yuval Elovici

Additive Manufacturing–Similarities and Differences from the Security …, 2017

2022/9/28

Subtractive vs

Mark Yampolskiy, Wayne E King, Gregory Pope, Sofia Belikovetsky, Yuval Elovici

Additive Manufacturing–Similarities and Differences from the Security …, 2017

Link
2022/9/28

MindDesktop: a general purpose brain computer interface

Ori Ossmy, Ofir Tam, Rami Puzis, Lior Rokach, Ohad Inbar, Yuval Elovici

arXiv preprint arXiv:1705.07490, 2017

2022/9/28

MindDesktop: a general purpose brain computer interface

Ori Ossmy, Ofir Tam, Rami Puzis, Lior Rokach, Ohad Inbar, Yuval Elovici

arXiv preprint arXiv:1705.07490, 2017

Recent advances in electroencephalography (EEG) and electromyography (EMG) enable communication for people with severe disabilities. In this paper we present a system that enables the use of regular computers using an off-the-shelf EEG/EMG headset, providing a pointing device and virtual keyboard that can be used to operate any Windows based system, minimizing the user effort required for interacting with a personal computer. Effectiveness of the proposed system is evaluated by a usability study, indicating decreasing learning curve for completing various tasks. The proposed system is available in the link provided.

Link
2022/9/28

Liability exposure when 3D-printed parts fall from the sky

Lynne Graves, Mark Yampolskiy, Wayne King, Sofia Belikovetsky, Yuval Elovici

Critical Infrastructure Protection XII: 12th IFIP WG 11.10 International …, 2018

2022/9/28

Liability exposure when 3D-printed parts fall from the sky

Lynne Graves, Mark Yampolskiy, Wayne King, Sofia Belikovetsky, Yuval Elovici

Critical Infrastructure Protection XII: 12th IFIP WG 11.10 International …, 2018

Additive manufacturing, also referred to as 3D printing, has become viable for manufacturing functional parts. For example, the U.S. Federal Aviation Administration recently approved General Electric jet engine fuel nozzles that are produced by additive manufacturing. BecUniversity of South Alabama, Mobile, Alabama with cyber technology, a number of security concerns have been raised. This chapter specifically considers attacks that deliberately sabotage the mechanical properties of functional parts produced by additive manufacturing; the feasibility of these attacks has already been discussed in the literature.Investments in security measures directly depend on cost-benefit analyses conducted by the participants involved in additive manufacturing processes. This chapter discusses the entities that can be considered to be financially liable in the event of a successful sabotage attack. The …

Link
2022/9/28

A Weighted Risk Score Model for IoT Devices

Yuval Elovici

Security, Privacy, and Anonymity in Computation, Communication, and Storage …, 2019

2022/9/28

A Weighted Risk Score Model for IoT Devices

Yuval Elovici

Security, Privacy, and Anonymity in Computation, Communication, and Storage …, 2019

The Internet of Things (IoT) defines a new era where ordinary physical objects are being transformed into smart connected devices. These advanced devices have the ability to sense, compute, and communicate with their surroundings via the Internet. This may result in severe network security breaches, as these devices in-crease the attack surface by exposing new vulnerabilities and infiltration points into restricted networks. One of the major challenges in such deployments is determining the security risks that IoT devices pose to the environment they operated in. This paper proposes an IoT device risk score model, denoted as the Weighted Risk Ranking (WRR) model. The proposed approach focuses on quantifying the static and dynamic properties of a device, in order to define a risk score. Our practical proof of concept demonstrates the use of the WRR scheme for several IoT devices in the context of an …

Link
2022/9/28

Game of Drones-Detecting Spying Drones Using Time Domain Analysis

Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici

Cyber Security Cryptography and Machine Learning: 5th International …, 2021

2022/9/28

Game of Drones-Detecting Spying Drones Using Time Domain Analysis

Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici

Cyber Security Cryptography and Machine Learning: 5th International …, 2021

Drones have created a new threat to people’s privacy. We are now in an era in which anyone with a drone equipped with a video camera can use it to invade a subject privacy by filming the subject in his/her private space using encrypted First Person View (FPV) channel. Although many methods have been suggested to detect a nearby drone, they all suffer from the same shortcoming: they cannot detect what specifically is being captured and therefore they fail to distinguish between the legitimate use of a drone that does not invade a subject’s privacy (for example, neighbor’s drone flying and shoot his garden) and illegitimate use (same drone shooting the subject’s property), where in many cases depends on the orientation of the drone’s video camera rather than on the drone’s location. In this paper we present a method that utilizes a flicker in order to detect whether the drone’s camera is directed towards …

Link
2022/9/28

A dual-layer context-based architecture for the detection of anomalous instructions sent to medical devices

Tom Mahler, Erez Shalom, Yuval Elovici, Yuval Shahar

Artificial Intelligence in Medicine 123, 102229, 2022

2022/9/28

A dual-layer context-based architecture for the detection of anomalous instructions sent to medical devices

Tom Mahler, Erez Shalom, Yuval Elovici, Yuval Shahar

Artificial Intelligence in Medicine 123, 102229, 2022

Complex medical devices are controlled by instructions sent from a host personal computer (PC) to the device. Anomalous instructions can introduce many potentially harmful threats to patients (e.g., radiation overexposure), to physical device components (e.g., manipulation of device motors), or to functionality (e.g., manipulation of medical images). Threats can occur due to cyber-attacks, human error (e.g., using the wrong protocol, or misconfiguring the protocol’s parameters by a technician), or host PC software bugs. Thus, anomalous instructions might represent an intentional threat to the patient or to the device, a human error, or simply a non-optimal operation of the device.To protect medical devices, we propose a new dual-layer architecture. The architecture analyzes the instructions sent from the host PC to the physical components of the device, to detect anomalous instructions using two detection layers: (1 …

Link
2022/9/28

VISAS–Detecting GPS spoofing attacks against drones by analyzing camera’s video stream

Barak Davidovich, Ben Nassi, Yuval Elovici

arXiv preprint arXiv:2201.00419, 2022

2022/9/28

VISAS–Detecting GPS spoofing attacks against drones by analyzing camera’s video stream

Barak Davidovich, Ben Nassi, Yuval Elovici

arXiv preprint arXiv:2201.00419, 2022

In this study, we propose an innovative method for the real-time detection of GPS spoofing attacks targeting drones, based on the video stream captured by a drone’s camera. The proposed method collects frames from the video stream and their location (GPS); by calculating the correlation between each frame, our method can identify an attack on a drone. We first analyze the performance of the suggested method in a controlled environment by conducting experiments on a flight simulator that we developed. Then, we analyze its performance in the real world using a DJI drone. Our method can provide different levels of security against GPS spoofing attacks, depending on the detection interval required; for example, it can provide a high level of security to a drone flying at an altitude of 50-100 meters over an urban area at an average speed of 4 km/h in conditions of low ambient light; in this scenario, the method can provide a level of security that detects any GPS spoofing attack in which the spoofed location is a distance of 1-4 meters (an average of 2.5 meters) from the real location.

Link
2022/9/28

A Cyber-Security Risk Assessment Methodology for Medical Imaging Devices: the Radiologists’ Perspective

Tom Mahler, Erez Shalom, Arnon Makori, Yuval Elovici, Yuval Shahar

Journal of Digital Imaging 35 (3), 666-677, 2022

2022/9/28

A Cyber-Security Risk Assessment Methodology for Medical Imaging Devices: the Radiologists’ Perspective

Tom Mahler, Erez Shalom, Arnon Makori, Yuval Elovici, Yuval Shahar

Journal of Digital Imaging 35 (3), 666-677, 2022

Medical imaging devices (MIDs) are exposed to cyber-security threats. Currently, a comprehensive, efficient methodology dedicated to MID cyber-security risk assessment is lacking. We propose the Threat identification, ontology-based Likelihood, severity Decomposition, and Risk assessment (TLDR) methodology and demonstrate its feasibility and consistency with existing methodologies, while being more efficient, providing details regarding the severity components, and supporting organizational prioritization and customization. Using our methodology, the impact of 23 MIDs attacks (that were previously identified) was decomposed into six severity aspects. Four Radiology Medical Experts (RMEs) were asked to assess these six aspects for each attack. The TLDR methodology’s external consistency was demonstrated by calculating paired T-tests between TLDR severity assessments and those of existing …

Link
2022/9/28

Adversarial Attacks Against IoT Identification Systems

Jaidip Kotak, Yuval Elovici

IEEE Internet of Things Journal, 2022

2022/9/28

Adversarial Attacks Against IoT Identification Systems

Jaidip Kotak, Yuval Elovici

IEEE Internet of Things Journal, 2022

While machine learning (ML)-based solutions for Internet of Things (IoT) device identification are effective in identifying IoT devices connected to the network, they may be vulnerable to adversarial attacks. Conventional approaches for crafting adversarial attacks from the computer vision (CV) domain are not applicable in the computer network domain as they interfere with the meaningful communication of devices. In this research, we evaluate the robustness of payload-based IoT device identification solutions against adversarial examples generated using our new approach for the real-time crafting of adversarial examples; this approach, which is also applicable to the computer network domain, uses heatmaps generated by class activation mapping (CAM) and Grad-CAM++. We evaluate the effectiveness of adversarial examples generated using the above two methods against six variants of an existing payload …

Link
2022/9/28

IoT device identification based on network communication analysis using deep learning

Jaidip Kotak, Yuval Elovici

Journal of Ambient Intelligence and Humanized Computing 14 (7), 9113-9129, 2023

2022/9/28

IoT device identification based on network communication analysis using deep learning

Jaidip Kotak, Yuval Elovici

Journal of Ambient Intelligence and Humanized Computing 14 (7), 9113-9129, 2023

Attack vectors for adversaries have increased in organizations because of the growing use of less secure IoT devices. The risk of attacks on an organization’s network has also increased due to the bring your own device (BYOD) policy which permits employees to bring IoT devices onto the premises and attach them to the organization’s network. To tackle this threat and protect their networks, organizations generally implement security policies in which only white-listed IoT devices are allowed on the organization’s network. To monitor compliance with such policies, it has become essential to distinguish IoT devices permitted within an organization’s network from non-white-listed (unknown) IoT devices. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network. In contrast to existing methods, the proposed approach does not require …

Link
2022/9/28

Evaluating the performance of an application running on a distributed system

N Ahituv, Y Elovici

Journal of the Operational Research Society 52, 916-927, 2001

2022/9/28

Evaluating the performance of an application running on a distributed system

N Ahituv, Y Elovici

Journal of the Operational Research Society 52, 916-927, 2001

Link
2022/9/28

Performance evaluation of a distributed application

Niv Ahituv, Yuval Elovici

Journal of the Operational Research Society 52, 916-927, 2001

2022/9/28

Performance evaluation of a distributed application

Niv Ahituv, Yuval Elovici

Journal of the Operational Research Society 52, 916-927, 2001

Analysing the performance of an application performed on a distributed system is discussed in this paper. An analogy between a distributed system and a production process is portrayed, particularly for an application running on several computers. Consequently, theories of management of production processes are employed to help analyse and manage distributed systems, specifically, the Theory of Constraints (TOC). Using TOC combined with the cost/utilization model, which was initially developed to evaluate the utilization of a single processor and is extended here to handle a distributed system, it is demonstrated how the performance of a distributed system can be examined. The methodology presented here is based on a simple graphic display aimed to allow managers of information systems to locate constrained resources, to optimize the distribution of the computer application, and to examine and …

Link
2022/9/28

A Structure Preserving Database Encryption Scheme. SDM 2004

Y Elovici, R Waisenberg, E Shmueli, E Gudes

Workshop on Secure Data Management, Toronto, Canada, August, 2004

2022/9/28

A Structure Preserving Database Encryption Scheme. SDM 2004

Y Elovici, R Waisenberg, E Shmueli, E Gudes

Workshop on Secure Data Management, Toronto, Canada, August, 2004

Link
2022/9/28

Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining

C Feher, Ch Glezer, Y Shahar, Y Elovici

Conference of Computational Intelligence in Security and Defense …, 2007

2022/9/28

Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining

C Feher, Ch Glezer, Y Shahar, Y Elovici

Conference of Computational Intelligence in Security and Defense …, 2007

Link
2022/9/28

Detecting malicious applications on android by applying machine learning classifiers to static features (Poster)

A Shabtai, Y Fledel, Y Elovici

25th annual computer security applications conference (ACSAC), 2009

2022/9/28

Detecting malicious applications on android by applying machine learning classifiers to static features (Poster)

A Shabtai, Y Fledel, Y Elovici

25th annual computer security applications conference (ACSAC), 2009

Link
2022/9/28

A state-of-the-art review of security mechanisms

Asaf Shabtai, Yuval Fledel, Uri Kanonov, Yuval Elovici, Shlomi Dolev

Cornell University, 2009

2022/9/28

A state-of-the-art review of security mechanisms

Asaf Shabtai, Yuval Fledel, Uri Kanonov, Yuval Elovici, Shlomi Dolev

Cornell University, 2009

Link
2022/9/28

Google android: A state-of-the-art review of security mechanisms. arXiv 2009

A Shabtai, Y Fledel, U Kanonov, Y Elovici, S Dolev

arXiv preprint arXiv:0912.5101, 2009

2022/9/28

Google android: A state-of-the-art review of security mechanisms. arXiv 2009

A Shabtai, Y Fledel, U Kanonov, Y Elovici, S Dolev

arXiv preprint arXiv:0912.5101, 2009

Link
2022/9/28

Privacy, security, and trust in KDD

R Moskovitch, N Nissim, Y Elovici

Malicious Code Detection Using Active Learning, 74-91, 2009

2022/9/28

Privacy, security, and trust in KDD

R Moskovitch, N Nissim, Y Elovici

Malicious Code Detection Using Active Learning, 74-91, 2009

Link
2022/9/28

Rendezvous tunnel for anonymous publishing: Clean slate and tor based designs

Ofer Hermoni, Niv Gilboa, Eyal Felstaine, Yuval Elovici, Shlomi Dolev

Stabilization, Safety, and Security of Distributed Systems: 13th …, 2011

2022/9/28

Rendezvous tunnel for anonymous publishing: Clean slate and tor based designs

Ofer Hermoni, Niv Gilboa, Eyal Felstaine, Yuval Elovici, Shlomi Dolev

Stabilization, Safety, and Security of Distributed Systems: 13th …, 2011

Anonymous communication, and in particular anonymous Peer-to-Peer (P2P) file sharing systems, have received considerable attention in recent years. In a P2P file sharing system, there are three types of participants: publishers that insert content into the system, servers that store content, and readers that retrieve content from the servers. Existing anonymous P2P file sharing systems confer partial anonymity. They provide anonymity to participant pairs, such as servers and readers or publishers and readers, but they do not consider the anonymity of all three types of participants.In this work we propose two solutions for anonymous P2P file sharing systems. Both of our solutions provide anonymity to all three types of participants. The proposed solutions are based on indexing by global hash functions (rather than an index server), dispersal of information, and three anonymity tunnels. Each anonymity …

Link
2022/9/28

Special issue on Data Mining for Information Security

Y Elovici, L Rokach, S Albayrak

Information Sciences, 2012

2022/9/28

Special issue on Data Mining for Information Security

Y Elovici, L Rokach, S Albayrak

Information Sciences, 2012

Link
2022/9/28

How many makes a crowd

Y Altshuler, M Fire, N Aharony, Y Elovici, A Pentl,

On the Correlation between Groups’ Size and the Accuracy of Modeling, Social …, 2012

2022/9/28

How many makes a crowd

Y Altshuler, M Fire, N Aharony, Y Elovici, A Pentl,

On the Correlation between Groups’ Size and the Accuracy of Modeling, Social …, 2012

Link
2022/9/28

VIII, 92 p. 9 illus

Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 2012

2022/9/28

VIII, 92 p. 9 illus

Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 2012

Link
2022/9/28

Homing Socialbots: Intrusion on a specific organization’s employee using Socialbots, IEEE

Aviad Elyashar, Michael Fire, Dima Kagan, Yuval Elovici

ACM International Conference on Advances in Social Networks Analysis and Mining, 2013

2022/9/28

Homing Socialbots: Intrusion on a specific organization’s employee using Socialbots, IEEE

Aviad Elyashar, Michael Fire, Dima Kagan, Yuval Elovici

ACM International Conference on Advances in Social Networks Analysis and Mining, 2013

Link
2022/9/28

Improving condition severity classification learning using support vector machine-based active learning methodology

N Nissim, MR Bol, , R Moskovitch, NTY Elovici, Y Shahar, G Hripcsak

Journal of Biomedical Informatics 10, 2016

2022/9/28

Improving condition severity classification learning using support vector machine-based active learning methodology

N Nissim, MR Bol, , R Moskovitch, NTY Elovici, Y Shahar, G Hripcsak

Journal of Biomedical Informatics 10, 2016

Link
2022/9/28

Complexity Reduction in Graphs: A user Centric Approach to Graph Exploration

Tim Grube, Florian Volk, Max Mühlhäuser, Suhas Bhairav, Vinay Sachidan, a, Yuval Elovici

10th International Conference on Advances in Human-oriented and Personalized …, 2017

2022/9/28

Complexity Reduction in Graphs: A user Centric Approach to Graph Exploration

Tim Grube, Florian Volk, Max Mühlhäuser, Suhas Bhairav, Vinay Sachidan, a, Yuval Elovici

10th International Conference on Advances in Human-oriented and Personalized …, 2017

Human exploration of large graph structures becomes increasingly difficult with growing graph sizes. A visual representation of such large graphs, for example, social networks and citational networks, has to find a trade-off between showing details in a magnified view and the verall graph structure. Displaying these both aspects at the same time results in an overloaded visualization that is inaccessible for human users. In this paper, we present a new approach to address this issue by combining and extending graph-theoretic properties with community detection algorithms. Our approach is semi-automated and non-destructive. The aim is to retain core properties of the graph while–at the same time–hiding less important side information from the human user. We analyze the results yielded by applying our approach to large real-world network data sets, revealing a massive reduction of displayed nodes and links.

Link
2022/9/28

On packet loss modeling: An empirical assessment

Alfonso Iacovazzi, Daniel Frassinelli, Yuval Elovici

2017 8th International Conference on the Network of the Future (NOF), 33-39, 2017

2022/9/28

On packet loss modeling: An empirical assessment

Alfonso Iacovazzi, Daniel Frassinelli, Yuval Elovici

2017 8th International Conference on the Network of the Future (NOF), 33-39, 2017

Accurately modeling the packet loss behavior of network components is a longstanding problem due to the impact of loss on quality of service (QoS) management and optimization strategies for real-time multimedia applications. Although a few models have been proposed in the literature with the purpose of estimating the statistical behavior of packet loss processes, none of them correctly reflect the property of a network to form both bursts of consecutive losses and aggregates of single (and/or small bursts of) losses occurring at short distance from one another. In this paper we propose a new model that incorporates the characteristics of burstiness and aggregateness observable in a sequence of packet loss events. We also provide a comprehensive comparison of it and the current state-of-the- art models with traffic traces routed by a bottleneck node. Our results demonstrate our proposed model’s ability to …

Link
2022/9/28

Anti-forensic= suspicious: detection of stealthy malware that hides its network traffic

Mayank Agarwal, Rami Puzis, Jawad Haj-Yahya, Polina Zilberman, Yuval Elovici

ICT Systems Security and Privacy Protection: 33rd IFIP TC 11 International …, 2018

2022/9/28

Anti-forensic= suspicious: detection of stealthy malware that hides its network traffic

Mayank Agarwal, Rami Puzis, Jawad Haj-Yahya, Polina Zilberman, Yuval Elovici

ICT Systems Security and Privacy Protection: 33rd IFIP TC 11 International …, 2018

Stealthy malware hides its presence from the users of a system by hooking the relevant libraries, drivers, system calls or manipulating the services commonly used to monitor system behaviour. Tampering the network sensors of host-based intrusion detection systems (HIDS) may impair their ability to detect malware and significantly hinders subsequent forensic investigations. Nevertheless, the mere attempt to hide the traffic indicates malicious intentions. In this paper we show how comparison of the data collected by multiple sensors at different levels of resilience may reveal these intentions. At the lowest level of resilience, information from untrusted sensors such as netstat and process lists are used. At the highest resilience level, we analyse mirrored traffic using a secured hardware device. This technique can be considered as fully trusted. The detection of a discrepancy between what is reported by these …

Link
2022/9/28

PALE: partially asynchronous agile leader election

Bronislav Sidik, Rami Puzis, Polina Zilberman, Yuval Elovici

arXiv preprint arXiv:1801.03734, 2018

2022/9/28

PALE: partially asynchronous agile leader election

Bronislav Sidik, Rami Puzis, Polina Zilberman, Yuval Elovici

arXiv preprint arXiv:1801.03734, 2018

Many tasks executed in dynamic distributed systems, such as sensor networks or enterprise environments with bring-your-own-device policy, require central coordination by a leader node. In the past it has been proven that distributed leader election in dynamic environments with constant changes and asynchronous communication is not possible. Thus, state-of-the-art leader election algorithms are not applicable in asynchronous environments with constant network changes. Some algorithms converge only after the network stabilizes (an unrealistic requirement in many dynamic environments). Other algorithms reach consensus in the presence of network changes but require a global clock or some level of communication synchronization. Determining the weakest assumptions, under which leader election is possible, remains an unresolved problem. In this study we present a leader election algorithm that operates in the presence of changes and under weak (realistic) assumptions regarding message delays and regarding the clock drifts of the distributed nodes. The proposed algorithm is self-sufficient, easy to implement and can be extended to support multiple regions, self-stabilization, and wireless ad-hoc networks. We prove the algorithm’s correctness and provide a complexity analysis of the time, space, and number of messages required to elect a leader.

Link
2022/9/28

PIDS: a behavioral framework for analysis and detection of network printer attacks

Asaf Hecht, Adi Sagi, Yuval Elovici

2018 13th International Conference on Malicious and Unwanted Software …, 2018

2022/9/28

PIDS: a behavioral framework for analysis and detection of network printer attacks

Asaf Hecht, Adi Sagi, Yuval Elovici

2018 13th International Conference on Malicious and Unwanted Software …, 2018

Nowadays, every organization might be attacked through its network printers. The malicious exploitation of printing protocols is a dangerous and underestimated threat against every printer today. This article presents PIDS (Printers’ IDS), an intrusion detection system for detecting attacks on printing protocols. PIDS continuously captures various features and events obtained from traffic produced by printing protocols in order to detect attacks. As part of this research, we conducted thousands of automatic and manual printing protocol attacks on various printers and recorded thousands of the printers’ benign network sessions. Then we applied various supervised machine learning algorithms to classify the collected data as normal (benign) or abnormal (malicious). We evaluated several detection algorithms in order to obtain the best detection results for malicious protocol traffic of printers. Our empirical results suggest …

Link
2022/9/28

Why blocking targeted adversarial perturbations impairs the ability to learn

Ziv Katzir, Yuval Elovici

arXiv preprint arXiv:1907.05718, 2019

2022/9/28

Why blocking targeted adversarial perturbations impairs the ability to learn

Ziv Katzir, Yuval Elovici

arXiv preprint arXiv:1907.05718, 2019

Despite their accuracy, neural network-based classifiers are still prone to manipulation through adversarial perturbations. Those perturbations are designed to be misclassified by the neural network, while being perceptually identical to some valid input. The vast majority of attack methods rely on white-box conditions, where the attacker has full knowledge of the attacked network’s parameters. This allows the attacker to calculate the network’s loss gradient with respect to some valid input and use this gradient in order to create an adversarial example. The task of blocking white-box attacks has proven difficult to solve. While a large number of defense methods have been suggested, they have had limited success. In this work we examine this difficulty and try to understand it. We systematically explore the abilities and limitations of defensive distillation, one of the most promising defense mechanisms against adversarial perturbations suggested so far in order to understand the defense challenge. We show that contrary to commonly held belief, the ability to bypass defensive distillation is not dependent on an attack’s level of sophistication. In fact, simple approaches, such as the Targeted Gradient Sign Method, are capable of effectively bypassing defensive distillation. We prove that defensive distillation is highly effective against non-targeted attacks but is unsuitable for targeted attacks. This discovery leads us to realize that targeted attacks leverage the same input gradient that allows a network to be trained. This implies that blocking them will require losing the network’s ability to learn, presenting an impossible tradeoff to the research community.

Link
2022/9/28

Spoofing Mobileye 630’s Video Camera Using a Projector

Ben Nassi, Dudi Nassi, Raz Ben-Netanel, Yuval Elovici

Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2021, 25, 2021

2022/9/28

Spoofing Mobileye 630’s Video Camera Using a Projector

Ben Nassi, Dudi Nassi, Raz Ben-Netanel, Yuval Elovici

Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2021, 25, 2021

In this paper, we evaluate the robustness of Mobileye 630 PRO, the most popular off-the-shelf ADAS on the market today, to camera spoofing attacks applied using a projector. We show that Mobileye 630 issues false notifications about road signs projected in proximity to the car that the system is installed in. We assess how changes of the road signs (eg, changes in color, shape, projection speed, diameter and ambient light) affect the outcome of an attack. We find that while Mobileye 630 PRO rejects fake projected road signs that consists of non-original shapes and objects, it accepts fake projected road signs that consists of non-original colors. We demonstrate how attackers can leverage these findings to apply a remote attack in a realistic scenario by using a drone that carries a portable projector which projects the spoofed traffic sign on a building located in proximity to a passing car equipped with Mobileye 630. Our experiments show that it is possible to fool Mobileye 630 PRO to issue false notification about a traffic sign projected from a drone.

Link
2022/9/28

Lamphone: Passive sound recovery from a desk lamp’s light bulb vibrations

Ben Nassi, Yaron Pirutin, Raz Swisa, Adi Shamir, Yuval Elovici, Boris Zadov

31st USENIX Security Symposium (USENIX Security 22), 4401-4417, 2022

2022/9/28

Lamphone: Passive sound recovery from a desk lamp’s light bulb vibrations

Ben Nassi, Yaron Pirutin, Raz Swisa, Adi Shamir, Yuval Elovici, Boris Zadov

31st USENIX Security Symposium (USENIX Security 22), 4401-4417, 2022

In this paper, we introduce” Lamphone,” an optical side-channel attack used to recover sound from desk lamp light bulbs; such lamps are commonly used in home offices, which became a primary work setting during the COVID-19 pandemic. We show how fluctuations in the air pressure on the surface of a light bulb, which occur in response to sound and cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech passively, externally, and using equipment that provides no indication regarding its application. We analyze a light bulb’s response to sound via an electro-optical sensor and learn how to isolate the audio signal from the optical signal. We compare Lamphone to related methods presented in other studies and show that Lamphone can recover sound at high quality and lower volume levels that those methods. Finally, we show that eavesdroppers can apply Lamphone in order to recover speech at the sound level of a virtual meeting with fair intelligibility when the victim is sitting/working at a desk that contains a desk lamp with a light bulb from a distance of 35 meters.

Link
2022/9/28

Attack Hypotheses Generation Based on Threat Intelligence Knowledge Graph

Florian Klaus Kaiser, Uriel Dardik, Aviad Elitzur, Polina Zilberman, Nir Daniel, Marcus Wiens, Frank Schultmann, Yuval Elovici, Rami Puzis

IEEE Transactions on Dependable and Secure Computing, 2023

2022/9/28

Attack Hypotheses Generation Based on Threat Intelligence Knowledge Graph

Florian Klaus Kaiser, Uriel Dardik, Aviad Elitzur, Polina Zilberman, Nir Daniel, Marcus Wiens, Frank Schultmann, Yuval Elovici, Rami Puzis

IEEE Transactions on Dependable and Secure Computing, 2023

Cyber threat intelligence on past attacks may help with attack reconstruction and the prediction of the course of an ongoing attack by providing deeper understanding of the tools and attack patterns used by attackers. Therefore, cyber security analysts employ threat intelligence, alert correlations, machine learning, and advanced visualizations in order to produce sound attack hypotheses. In this paper, we present AttackDB, a multi-level threat knowledge base that combines data from multiple threat intelligence sources to associate high-level ATT&CK techniques with low-level telemetry found in behavioral malware reports. We also present the Attack Hypothesis Generator which relies on knowledge graph traversal algorithms and a variety of link prediction methods to automatically infer ATT&CK techniques from a set of observable artifacts. Results of experiments performed with 53K VirusTotal reports indicate that …

Link
2022/9/28

Large-Scale Shill Bidder Detection in E-commerce

Michael Fire, Rami Puzis, Dima Kagan, Yuval Elovici

Proceedings of the 27th International Database Engineered Applications …, 2023

2022/9/28

Large-Scale Shill Bidder Detection in E-commerce

Michael Fire, Rami Puzis, Dima Kagan, Yuval Elovici

Proceedings of the 27th International Database Engineered Applications …, 2023

User feedback is one of the most effective methods to build and maintain trust in electronic commerce platforms. Unfortunately, dishonest sellers often bend over backward to manipulate users’ feedback or place phony bids in order to increase their own sales and harm competitors. The black market of user feedback, supported by a plethora of shill bidders, prospers on top of legitimate electronic commerce. In this paper, we investigate the ecosystem of shill bidders based on large-scale data by analyzing hundreds of millions of users who performed billions of transactions, and we propose a machine-learning-based method for identifying communities of users that methodically provide dishonest feedback. Our results show that (1) shill bidders can be identified with high precision based on their transaction and feedback statistics; and (2) in contrast to legitimate buyers and sellers, shill bidders form cliques to support …

Link
2022/9/28

Fansmitter. Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers, 2016

M Guri, Y Solewicz, A Daidakulov, Y Elovici

arXiv preprint arXiv:1606.05915, 0

2022/9/28

Fansmitter. Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers, 2016

M Guri, Y Solewicz, A Daidakulov, Y Elovici

arXiv preprint arXiv:1606.05915, 0

Link
2022/9/28

Terrorist detection system

Yuval Elovici, Abraham K, el, Mark Last, Bracha Shapira, Omer Zaafrany, Moti Schneider, Menahem Friedman

Knowledge Discovery in Databases: PKDD 2004: 8th European Conference on …, 2004

2022/9/28

Terrorist detection system

Yuval Elovici, Abraham K, el, Mark Last, Bracha Shapira, Omer Zaafrany, Moti Schneider, Menahem Friedman

Knowledge Discovery in Databases: PKDD 2004: 8th European Conference on …, 2004

Terrorist Detection System (TDS) is aimed at detecting suspicious users on the Internet by the content of information they access. TDS consists of two main modules: a training module activated in batch mode, and an on-line detection module. The training module is provided with web pages that include terror related content and learns the typical interests of terrorists by applying data mining algorithms to the training data. The detection module performs real-time monitoring on users’ traffic and analyzes the content of the pages they access. An alarm is issued upon detection of a user whose content of accessed pages is “too” similar to typical terrorist content. TDS feasibility was tested in a network environment. Its detection rate was better than the rate of a state of the art Intrusion Detection System based on anomaly detection.

Link
2022/9/28

OHT-Online-HTML Tracer for Detecting Terrorist Activities on the Web

Omer Zaafrany, Bracha Shapira, Yuval Elovici, Mark Last, Abraham K, el, Moti Schneider, Menahem Friedman

3rd European Conference on Information Warfare and Security, 371, 2004

2022/9/28

OHT-Online-HTML Tracer for Detecting Terrorist Activities on the Web

Omer Zaafrany, Bracha Shapira, Yuval Elovici, Mark Last, Abraham K, el, Moti Schneider, Menahem Friedman

3rd European Conference on Information Warfare and Security, 371, 2004

The Terrorist Detection System (TDS) is aimed at tracking down suspected terrorists by the content of information that they access. One requirement identified during the implementation of TDS was the need for a module able to intercept textual Web pages from the network traffic in real time. Online-HTML Tracer (OHT) is the module of TDS in charge of tracing HTML pages transferred on to the Web. The design considerations of OHT and its architecture are described. Initial evaluations of OHT were performed in a LAN environment.

Link
2022/9/28

Detection of unknown computer worms activity using active learning

R Moskovitch, N Nissim, R Englert, Y Elovici

The 11th international conference on information fusion, Cologne, Germany, June, 2008

2022/9/28

Detection of unknown computer worms activity using active learning

R Moskovitch, N Nissim, R Englert, Y Elovici

The 11th international conference on information fusion, Cologne, Germany, June, 2008

Link
2022/9/28

Introduction to information security

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 1-4, 2012

2022/9/28

Introduction to information security

Asaf Shabtai, Yuval Elovici, Lior Rokach, Asaf Shabtai, Yuval Elovici, Lior Rokach

A Survey of Data Leakage Detection and Prevention Solutions, 1-4, 2012

The NIST Computer Security Handbook [NIST, 1995] defines the term computer security as “protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” The security concepts of confidentiality, integrity and availability are also called the CIA triad.

Link
2022/9/28

Cost-sensitive detection of malicious applications in mobile devices

Yael Weiss, Yuval Fledel, Yuval Elovici, Lior Rokach

Mobile Computing, Applications, and Services: Second International ICST …, 2012

2022/9/28

Cost-sensitive detection of malicious applications in mobile devices

Yael Weiss, Yuval Fledel, Yuval Elovici, Lior Rokach

Mobile Computing, Applications, and Services: Second International ICST …, 2012

Mobile phones have become a primary communication device nowadays. In order to maintain proper functionality, various existing security solutions are being integrated into mobile devices. Some of the more sophisticated solutions, such as host-based intrusion detection systems (HIDS) are based on continuously monitoring many parameters in the device such as CPU and memory consumption. Since the continuous monitoring of many parameters consumes considerable computational resources it is necessary to reduce consumption in order to efficiently use HIDS. One way to achieve this is to collect less parameters by means of cost-sensitive feature selection techniques. In this study, we evaluate ProCASH, a new cost-sensitive feature selection algorithm which considers resources consumption, misclassification costs and feature grouping. ProCASH was evaluated on an Android-based mobile device …

Link
2022/9/28

Detecting spammers via aggregated historical data set

Eitan Menahem, Rami Pusiz, Yuval Elovici

Network and System Security: 6th International Conference, NSS 2012 …, 2012

2022/9/28

Detecting spammers via aggregated historical data set

Eitan Menahem, Rami Pusiz, Yuval Elovici

Network and System Security: 6th International Conference, NSS 2012 …, 2012

In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 …

Link
2022/9/28

Network-based intrusion detection systems go active!

Eitan Menahem, Gabi Nakibly, Yuval Elovici

Proceedings of the 2012 ACM conference on Computer and communications …, 2012

2022/9/28

Network-based intrusion detection systems go active!

Eitan Menahem, Gabi Nakibly, Yuval Elovici

Proceedings of the 2012 ACM conference on Computer and communications …, 2012

In this work we investigate a new approach for detecting network-wide attacks that aim to degrade the network’s Quality of Service (QoS). To this end, a new network-based intrusion detection system (NIDS) is proposed. In contrast to the passive approach which most contemporary NIDS follow and which relies solely on production traffic monitoring, the propose NIDS takes the active approach where special crafted probes are sent according to a known probability distribution in order to monitor the network for anomalous behavior. The proposed approach takes away much of the variability of network traffic that makes it so difficult to classify, and therefore can detect subtle attacks which would not be detected passively. Furthermore, the active probing approach allows the NIDS to be effectively trained using only examples of the network’s normal states, hence enabling an effective detection of zero-day attacks …

Link
2022/9/28

Introduction to security and privacy in social networks

Yuval Elovici, Yaniv Altshuler

Security and Privacy in Social Networks, 1-6, 2013

2022/9/28

Introduction to security and privacy in social networks

Yuval Elovici, Yaniv Altshuler

Security and Privacy in Social Networks, 1-6, 2013

As the area of online social networking develops and many online services add social features to their offerings, the definition of online social networking services broadens. Online social networking services range from social interaction-centered sites such as Facebook or MySpace, to information dissemination-centric services such as Twitter or Google Buzz, to social interaction features added to existing sites and services such as Flickr or Amazon. Each of these services has different characteristics of social interaction and different vulnerabilities to attack.

Link
2022/9/28

Spill the Beans: Extrospection of Internet of Things by exploiting denial of service

Vinay Sachidan, a, Suhas Bhairav, Yuval Elovici

EAI Endorsed Transactions on Security and Safety 6 (20), 2019

2022/9/28

Spill the Beans: Extrospection of Internet of Things by exploiting denial of service

Vinay Sachidan, a, Suhas Bhairav, Yuval Elovici

EAI Endorsed Transactions on Security and Safety 6 (20), 2019

Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an attack and defense framework called OWL which is tailored for IoT and that can perform various forms of DoS on IP, Bluetooth, and Zigbee devices. We consider various DoS vulnerabilities such as illegitimate packet injection, Bluetooth Low Energy (BLE) scanning attack, Zigbee frame counter-attack, etc., regarding IP, Bluetooth and Zigbee devices. To understand how resilient is IoT for DoS, we propose two new metrics to measure the Resilience and the Quality of Service (QoS) degradation in IoT. We have conducted large-scale experimentation with real IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices. We have also compared our framework with the existing state of the art tools.

Link
2022/9/28

A dual-layer architecture for the protection of medical devices from anomalous instructions

Tom Mahler, Erez Shalom, Yuval Elovici, Yuval Shahar

International Conference on Artificial Intelligence in Medicine, 273-286, 2020

2022/9/28

A dual-layer architecture for the protection of medical devices from anomalous instructions

Tom Mahler, Erez Shalom, Yuval Elovici, Yuval Shahar

International Conference on Artificial Intelligence in Medicine, 273-286, 2020

Complex medical devices are controlled by instructions sent from a host PC. Anomalous instructions introduce many potentially harmful threats to patients (e.g., radiation overexposure), to physical components (e.g., manipulation of device motors) devices, or to functionality (e.g., manipulation of medical images). Threats can occur due to cyber-attacks, human errors (e.g., a technician’s configuration mistake), or host PC software bugs. To protect medical devices, we propose to analyze the instructions sent from the host PC to the physical components using a new architecture for the detection of anomalous instructions. Our architecture includes two detection layers: (1) an unsupervised context-free (CF) layer that detects anomalies based solely on the instructions’ content and inter-correlations; and (2) a supervised context-sensitive (CS) layer that detects anomalies with respect to the classifier’s output …

Link
2022/9/28

Who’s afraid of adversarial transferability?

Ziv Katzir, Yuval Elovici

arXiv preprint arXiv:2105.00433, 2021

2022/9/28

Who’s afraid of adversarial transferability?

Ziv Katzir, Yuval Elovici

arXiv preprint arXiv:2105.00433, 2021

Adversarial transferability, namely the ability of adversarial perturbations to simultaneously fool multiple learning models, has long been the “big bad wolf” of adversarial machine learning. Successful transferability-based attacks requiring no prior knowledge of the attacked model’s parameters or training data have been demonstrated numerous times in the past, implying that machine learning models pose an inherent security threat to real-life systems. However, all of the research performed in this area regarded transferability as a probabilistic property and attempted to estimate the percentage of adversarial examples that are likely to mislead a target model given some predefined evaluation set. As a result, those studies ignored the fact that real-life adversaries are often highly sensitive to the cost of a failed attack. We argue that overlooking this sensitivity has led to an exaggerated perception of the transferability threat, when in fact real-life transferability-based attacks are quite unlikely. By combining theoretical reasoning with a series of empirical results, we show that it is practically impossible to predict whether a given adversarial example is transferable to a specific target model in a black-box setting, hence questioning the validity of adversarial transferability as a real-life attack tool for adversaries that are sensitive to the cost of a failed attack.

Link
2022/9/28

Anonymity Enhancing Technologies (AET) Opportunities and Threats

Y Elovici, C Glezer

Journal of Information Warfare 3 (3), 48-62, 2004

2022/9/28

Anonymity Enhancing Technologies (AET) Opportunities and Threats

Y Elovici, C Glezer

Journal of Information Warfare 3 (3), 48-62, 2004

Privacy of Web surfers nowadays is frequently compromised by eavesdroppers. The threat applies to surfers’ identities, the World Wide Web (hereafter: the Web) site being browsed, and their association. This article provides a comprehensive review of AET for the Web. First, the article examines the nature of threats to anonymity. Next, theoretical and practical solutions for protecting surfers’ anonymity are presented and their capabilities are extracted. The solutions are then analyzed and mapped with regards to their performance and the degree of anonymity they cater for. The analysis clearly demonstrates the inherent trade-off between performance and anonymity provided by AET.

Link
2022/9/28

ACTIDS: an active strategy for detecting and localizing network attacks

Eitan Menahem, Yuval Elovici, Nir Amar, Gabi Nakibly

Proceedings of the 2013 ACM workshop on Artificial intelligence and security …, 2013

2022/9/28

ACTIDS: an active strategy for detecting and localizing network attacks

Eitan Menahem, Yuval Elovici, Nir Amar, Gabi Nakibly

Proceedings of the 2013 ACM workshop on Artificial intelligence and security …, 2013

In this work we investigate a new approach for detecting attacks which aim to degrade the network’s Quality of Service (QoS). To this end, a new network-based intrusion detection system (NIDS) is proposed. Most contemporary NIDSs take a passive approach by solely monitoring the network’s production traffic. This paper explores a complementary approach in which distributed agents actively send out periodic probes. The probes are continuously monitored to detect anomalous behavior of the network. The proposed approach takes away much of the variability of the network’s production traffic that makes it so difficult to classify. This enables the NIDS to detect more subtle attacks which would not be detected using the passive approach alone. Furthermore, the active probing approach allows the NIDS to be effectively trained using only examples of the network’s normal states, hence enabling an effective detection …

Link
2022/9/28

Friend or foe

M Fire, D Kagan, A Elyashar, Y Elovici

Fake Profile Identification in Online Social Networks, Telekom Innovation …, 2014

2022/9/28

Friend or foe

M Fire, D Kagan, A Elyashar, Y Elovici

Fake Profile Identification in Online Social Networks, Telekom Innovation …, 2014

Link
2022/9/28

Scholarly Digital Libraries as a Platform for Malware Distribution.

Nir Nissim, Aviad Cohen, Jian Wu, Andrea Lanzi, Lior Rokach, Yuval Elovici, C Lee Giles

SG-CRC, 107-128, 2017

2022/9/28

Scholarly Digital Libraries as a Platform for Malware Distribution.

Nir Nissim, Aviad Cohen, Jian Wu, Andrea Lanzi, Lior Rokach, Yuval Elovici, C Lee Giles

SG-CRC, 107-128, 2017

Researchers from academic institutions and the corporate sector rely heavily on scholarly digital libraries for accessing journal articles and conference proceedings. Primarily downloaded in the form of PDF files, there is a risk that these documents may be compromised by attackers. PDF files have many capabilities that have been widely used for malicious operations. Attackers increasingly take advantage of innocent users who open PDF files with little or no concern, mistakenly considering these files safe and relatively non-threatening. Researchers also consider scholarly digital libraries reliable and home to a trusted corpus of papers and untainted by malicious files. For these reasons, scholarly digital libraries are an attractive target for cyber-attacks launched via PDF files. In this study, we present several vulnerabilities and practical distribution attack approaches tailored for scholarly digital libraries. To support our claim regarding the attractiveness of scholarly digital libraries as an attack platform, we evaluated more than two million scholarly papers in the CiteSeerX library that were collected over 8 years and found it to be contaminated with a surprisingly large number (0.3%-2%) of malicious scholarly PDF documents, the origin of which is 46 different countries spread worldwide. More than 55% of the malicious papers in CiteSeerX were crawled from IP’s belonging to USA universities, followed by those belonging to Europe (33.6%). We show how existing scholarly digital libraries can be easily leveraged as a distribution platform both for a targeted attack and in a worldwide manner. On average, a certain malicious paper caused high impact …

Link
2022/9/28

Hvacker: Bridging the air-gap by manipulating the environment temperature

Yisroel Mirsky, Mordechai Guri, Yuval Elovici

Magdeburger J. zur Sicherheitsforschung 14, 815-829, 2017

2022/9/28

Hvacker: Bridging the air-gap by manipulating the environment temperature

Yisroel Mirsky, Mordechai Guri, Yuval Elovici

Magdeburger J. zur Sicherheitsforschung 14, 815-829, 2017

 Abstract—Modern corporations physically separate their sensitive computational infrastructure from public or other accessible networks in order to prevent cyber-attacks. However, attackers still manage to infect these networks, either by means of an insider or by infiltrating the supply chain. Therefore, an attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (eg, the Internet).In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather unexplored domain, we propose a novel line-encoding and protocol suitable for this type of channel. Moreover, we provide experimental results to demonstrate the covert channel’s feasibility, and to calculate the channel’s bandwidth. Lastly, we offer a forensic analysis and propose various ways this channel can be detected and prevented.

Link
2022/9/28

Introduction to the special issue on data mining for cybersecurity

Nathalie Japkowicz, Yuval Elovici

IEEE Intelligent Systems 33 (02), 3-4, 2018

2022/9/28

Introduction to the special issue on data mining for cybersecurity

Nathalie Japkowicz, Yuval Elovici

IEEE Intelligent Systems 33 (02), 3-4, 2018

Computer and communication systems are subject to repeated security attacks. Given the variety of new vulnerabilities discovered every day, the introduction of new attack schemes, and the ever-expanding use of the Internet, it is not surprising that the field of computer and network security has grown and evolved significantly in recent years. Attacks are so pervasive nowadays that many firms, especially large financial institutions, spend over 10% of their total information and communication technology budget directly on computer and network security. Changes in the type of attacks and the identification of new vulnerabilities have resulted in a highly dynamic threat landscape that is unamenable to traditional security approaches.Data mining techniques that explore data in order to discover hidden patterns and develop predictive models have proven to be effective in tackling the aforementioned information security …

Link
2022/9/28

Exploring the back alleys: Analysing the robustness of alternative neural network architectures against adversarial attacks

Yi Xiang Marcus Tan, Yuval Elovici, Alex, er Binder

arXiv preprint arXiv:1912.03609, 2019

2022/9/28

Exploring the back alleys: Analysing the robustness of alternative neural network architectures against adversarial attacks

Yi Xiang Marcus Tan, Yuval Elovici, Alex, er Binder

arXiv preprint arXiv:1912.03609, 2019

We investigate to what extent alternative variants of Artificial Neural Networks (ANNs) are susceptible to adversarial attacks. We analyse the adversarial robustness of conventional, stochastic ANNs and Spiking Neural Networks (SNNs) in the raw image space, across three different datasets. Our experiments reveal that stochastic ANN variants are almost equally as susceptible as conventional ANNs when faced with simple iterative gradient-based attacks in the white-box setting. However we observe, that in black-box settings, stochastic ANNs are more robust than conventional ANNs, when faced with boundary attacks, transferability and surrogate attacks. Consequently, we propose improved attacks and defence mechanisms for stochastic ANNs in black-box settings. When performing surrogate-based black-box attacks, one can employ stochastic models as surrogates to observe higher attack success on both stochastic and deterministic targets. This success can be further improved with our proposed Variance Mimicking (VM) surrogate training method, against stochastic targets. Finally, adopting a defender’s perspective, we investigate the plausibility of employing stochastic switching of model mixtures as a viable hardening mechanism. We observe that such a scheme does provide a partial hardening.

Link
2022/9/28

ATHAFI: Agile threat hunting and forensic investigation

Rami Puzis, Polina Zilberman, Yuval Elovici

arXiv preprint arXiv:2003.03663, 2020

2022/9/28

ATHAFI: Agile threat hunting and forensic investigation

Rami Puzis, Polina Zilberman, Yuval Elovici

arXiv preprint arXiv:2003.03663, 2020

Attackers rapidly change their attacks to evade detection. Even the most sophisticated Intrusion Detection Systems that are based on artificial intelligence and advanced data analytic cannot keep pace with the rapid development of new attacks. When standard detection mechanisms fail or do not provide sufficient forensic information to investigate and mitigate attacks, targeted threat hunting performed by competent personnel is used. Unfortunately, many organization do not have enough security analysts to perform threat hunting tasks and today the level of automation of threat hunting is low. In this paper we describe a framework for agile threat hunting and forensic investigation (ATHAFI), which automates the threat hunting process at multiple levels. Adaptive targeted data collection, attack hypotheses generation, hypotheses testing, and continuous threat intelligence feeds allow to perform simple investigations in a fully automated manner. The increased level of automation will significantly boost the analyst’s productivity during investigation of the harshest cases. Special Workflow Generation module adapts the threat hunting procedures either to the latest Threat Intelligence obtained from external sources (e.g. National CERT) or to the likeliest attack hypotheses generated by the Attack Hypotheses Generation module. The combination of Attack Hypotheses Generation and Workflows Generation enables intelligent adjustment of workflows, which react to emerging threats effectively.

Link
2022/9/28

O, and Kandel

M Elovici Last, Y Shapira, B Zaafrany

A.: Using Data Mining for Detecting Terror-Related Activities on the Web …, 2003

2022/9/28

O, and Kandel

M Elovici Last, Y Shapira, B Zaafrany

A.: Using Data Mining for Detecting Terror-Related Activities on the Web …, 2003

Link
2022/9/28

Fast algorithm for successive group betweenness centrality computation

R Puzis, Y Elovici, S Dolev

Physical Review E 76, 056709, 2007

2022/9/28

Fast algorithm for successive group betweenness centrality computation

R Puzis, Y Elovici, S Dolev

Physical Review E 76, 056709, 2007

Link
2022/9/28

Andromaly: an anomaly detection framework for android devices

A Shabtai, Y Wiess, U Kanonov, Y Elovici, C Glezer

Lecture Notes in information system engineering Ben-Gurion University, 2009

2022/9/28

Andromaly: an anomaly detection framework for android devices

A Shabtai, Y Wiess, U Kanonov, Y Elovici, C Glezer

Lecture Notes in information system engineering Ben-Gurion University, 2009

Link
2022/9/28

Detecting unknown malicious code by applying classification techniques on OpCode patterns, Security Informatics 2012, 1: 1

Asaf Shabtai, Robert Moskovitch, Clint Feher, Shlomi Dolev, Yuval Elovici

2022/9/28

Detecting unknown malicious code by applying classification techniques on OpCode patterns, Security Informatics 2012, 1: 1

Asaf Shabtai, Robert Moskovitch, Clint Feher, Shlomi Dolev, Yuval Elovici

Link
2022/9/28

Reaction to new security threat class

Yuval Elovici, Lior Rokach

arXiv preprint arXiv:1406.3110, 2014

2022/9/28

Reaction to new security threat class

Yuval Elovici, Lior Rokach

arXiv preprint arXiv:1406.3110, 2014

Each new identified security threat class triggers new research and development efforts by the scientific and professional communities. In this study, we investigate the rate at which the scientific and professional communities react to new identified threat classes as it is reflected in the number of patents, scientific articles and professional publications over a long period of time. The following threat classes were studied: Phishing; SQL Injection; BotNet; Distributed Denial of Service; and Advanced Persistent Threat. Our findings suggest that in most cases it takes a year for the scientific community and more than two years for industry to react to a new threat class with patents. Since new products follow patents, it is reasonable to expect that there will be a window of approximately two to three years in which no effective product is available to cope with the new threat class.

Link
2022/9/28

PIT: A probe into internet of things by comprehensive security analysis

Vinay Sachidan, a, Suhas Bhairav, Nirnay Ghosh, Yuval Elovici

2019 18th IEEE International Conference On Trust, Security And Privacy In …, 2019

2022/9/28

PIT: A probe into internet of things by comprehensive security analysis

Vinay Sachidan, a, Suhas Bhairav, Nirnay Ghosh, Yuval Elovici

2019 18th IEEE International Conference On Trust, Security And Privacy In …, 2019

One of the major issues which are hindering widespread and seamless adoption of Internet of Thing (IoT) is security. The IoT devices are vulnerable and susceptible to attacks which became evident from a series of recent large-scale distributed denial-of-service (DDoS) attacks, leading to substantial business and financial losses. Furthermore, in order to find vulnerabilities in IoT, there is a lack of comprehensive security analysis framework. In this paper, we present a modular, adaptable and tunable framework, called PIT, to probe IoT systems at different layers of design and implementation. PIT consists of several security analysis engines, viz., penetration testing, fuzzing, static analysis, and dynamic analysis and an exploitation engine to discover multiple IoT vulnerabilities, respectively. We also develop a novel grey-box fuzzer, called Applica, as a part of the fuzzing engine to overcome the limitations of the present …

Link
2022/9/28

Pale: Time bounded practical agile leader election

Bronislav Sidik, Rami Puzis, Polina Zilberman, Yuval Elovici

IEEE Transactions on Parallel and Distributed Systems 31 (2), 470-485, 2019

2022/9/28

Pale: Time bounded practical agile leader election

Bronislav Sidik, Rami Puzis, Polina Zilberman, Yuval Elovici

IEEE Transactions on Parallel and Distributed Systems 31 (2), 470-485, 2019

Many tasks executed in dynamic distributed systems, such as sensor networks or enterprise environments with bring-your-own-device policy, require central coordination by a leader node. In the past it has been proven that distributed leader election in dynamic environments with constant changes and asynchronous communication is not possible. Thus, state-of-the-art leader election algorithms are not applicable in asynchronous environments with constant network changes. Some algorithms converge only after the network stabilizes (an unrealistic requirement in many dynamic environments). Other algorithms reach consensus in the presence of network changes but require a global clock or some level of communication synchrony. Determining the weakest assumptions, under which bounded leader election is possible, remains an unresolved problem. In this study we present a leader election algorithm that …

Link
2022/9/28

A distributed framework for the detection of new worm-related malware

Boris Rozenberg, Ehud Gudes, Yuval Elovici

Intelligence and Security Informatics: First European Conference, EuroISI …, 2008

2022/9/28

A distributed framework for the detection of new worm-related malware

Boris Rozenberg, Ehud Gudes, Yuval Elovici

Intelligence and Security Informatics: First European Conference, EuroISI …, 2008

Detection and containment of unknown malware are challenging tasks. In this research we propose an innovative distributed framework for detection and containment of new worm-related malware. The framework consists of distributed agents that are installed at several client computers and a Centralized Decision Maker module (CDM) that interacts with the agents. The new detection process is performed in two phases. In the first phase agents detect potential malware on local machines and send their detection results to the CDM. In the second phase, the CDM builds a propagation graph for every potential malware. These propagation graphs are compared to known malware propagation characteristics in order to determine whether the potential malware is indeed a malware. All the agents are notified with a final decision in order to start the containment process. The new framework was evaluated and …

Link
2022/9/28

Identity Theft

Robert Moskovitch, Clint Feher, Arik Messerman, Niklas Kirschnick, T Mustafic, Ahmet Camtepe, B Lohlein, Ulrich Heister, S Moller, Lior Rokach, Yuval Elovici

Computers and Behavioral Biometrics.[Online] Available at:< http://dl. acm …, 2009

2022/9/28

Identity Theft

Robert Moskovitch, Clint Feher, Arik Messerman, Niklas Kirschnick, T Mustafic, Ahmet Camtepe, B Lohlein, Ulrich Heister, S Moller, Lior Rokach, Yuval Elovici

Computers and Behavioral Biometrics.[Online] Available at:< http://dl. acm …, 2009

Link
2022/9/28

Securing your transactions: Detecting anomalous patterns in xml documents

Eitan Menahem, Alon Schclar, Lior Rokach, Yuval Elovici

arXiv preprint arXiv:1209.1797, 2012

2022/9/28

Securing your transactions: Detecting anomalous patterns in xml documents

Eitan Menahem, Alon Schclar, Lior Rokach, Yuval Elovici

arXiv preprint arXiv:1209.1797, 2012

XML transactions are used in many information systems to store data and interact with other systems. Abnormal transactions, the result of either an on-going cyber attack or the actions of a benign user, can potentially harm the interacting systems and therefore they are regarded as a threat. In this paper we address the problem of anomaly detection and localization in XML transactions using machine learning techniques. We present a new XML anomaly detection framework, XML-AD. Within this framework, an automatic method for extracting features from XML transactions was developed as well as a practical method for transforming XML features into vectors of fixed dimensionality. With these two methods in place, the XML-AD framework makes it possible to utilize general learning algorithms for anomaly detection. Central to the functioning of the framework is a novel multi-univariate anomaly detection algorithm, ADIFA. The framework was evaluated on four XML transactions datasets, captured from real information systems, in which it achieved over 89% true positive detection rate with less than a 0.2% false positive rate.

Link
2022/9/28

Trusted detection of sensitive activities on mobile phones using power consumption measurements

Mordechai Guri, Gabi Kedma, Boris Zadov, Yuval Elovici

2014 IEEE Joint Intelligence and Security Informatics Conference, 145-151, 2014

2022/9/28

Trusted detection of sensitive activities on mobile phones using power consumption measurements

Mordechai Guri, Gabi Kedma, Boris Zadov, Yuval Elovici

2014 IEEE Joint Intelligence and Security Informatics Conference, 145-151, 2014

The unprecedented popularity of modern mobile phones has made them a lucrative target for skillful and motivated offenders. A typical mobile phone is packed with sensors, which can be turned on silently by a malicious program, providing invaluable information to the attacker. Detecting such hidden activities through software monitors can be blindfolded and bypassed by rootkits and by anti-forensic methods applied by the malicious program. Moreover, detecting power consumption by software running on the mobile phone is susceptible to similar evasive techniques. Consequently, software based detection of hidden malicious activities, particularly the silent activation of sensors, cannot be considered as trusted. In this paper we present a method which detects hidden activities using external measurement of power consumption. The classification model is acquired using machine-learning multi-label …

Link
2022/9/28

Exploiting reshaping subgraphs from bilateral propagation graphs

Saeid Hosseini, Hongzhi Yin, Ngai-Man Cheung, Kan Pak Leng, Yuval Elovici, Xiaofang Zhou

Database Systems for Advanced Applications: 23rd International Conference …, 2018

2022/9/28

Exploiting reshaping subgraphs from bilateral propagation graphs

Saeid Hosseini, Hongzhi Yin, Ngai-Man Cheung, Kan Pak Leng, Yuval Elovici, Xiaofang Zhou

Database Systems for Advanced Applications: 23rd International Conference …, 2018

Given a graph over which defects, viruses, or contagions spread, leveraging a set of highly correlated subgraphs is an appealing research area with many applications. However, the challenges abound. Firstly, an initial defect in one node can cause different defects in other nodes. Second, while the time is the most significant medium to understand diffusion processes, it is not clear when the members of a subgraph may change. Third, given a pair of nodes, a contagion can spread in both directions. Previous works only consider the sequential time-window and suppose that the contagion may spread from one node to the other during a predefined time span. But the propagation can differ in various temporal dimensions (e.g. hours and days). Therefore, we propose a framework that takes both sequential and multi-aspect attributes of the time into consideration. Moreover, we devise an empirical model to estimate …

Link
2022/9/28

Privacy-preserving detection of iot devices connected behind a nat in a smart home setup

Yair Meidan, Vinay Sachidan, a, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:1905.13430, 2019

2022/9/28

Privacy-preserving detection of iot devices connected behind a nat in a smart home setup

Yair Meidan, Vinay Sachidan, a, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:1905.13430, 2019

Today, telecommunication service providers (telcos) are exposed to cyber-attacks executed by compromised IoT devices connected to their customers’ networks. Such attacks might have severe effects not only on the target of attacks but also on the telcos themselves. To mitigate those risks we propose a machine learning based method that can detect devices of specific vulnerable IoT models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telco’s infrastructure and availability of services. As part of the effort to preserve the domestic customers’ privacy, our method relies on NetFlow data solely, refraining from inspecting the payload. To promote future research in this domain we share our novel dataset, collected in our lab from numerous and various commercial IoT devices.

Link
2022/9/28

Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques

Ibrahim Sadek, Penny Chong, Shafiq Ul Rehman, Yuval Elovici, Alex, er Binder

Data in brief 26, 104437, 2019

2022/9/28

Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques

Ibrahim Sadek, Penny Chong, Shafiq Ul Rehman, Yuval Elovici, Alex, er Binder

Data in brief 26, 104437, 2019

This article presents a dataset for studying the detection of obfuscated malware in volatile computer memory. Several obfuscated reverse remote shells were generated using Metasploit-Framework, Hyperion, and PEScrambler tools. After compromising the host, Memory snapshots of a Windows 10 virtual machine were acquired using the open-source Rekall’s WinPmem acquisition tool. The dataset is complemented by memory snapshots of uncompromised virtual machines. The data includes a reference for all running processes as well as a mapping for the designated malware running inside the memory. The datasets are available in the article, for advancing research towards the detection of obfuscated malware from volatile computer memory during a forensic analysis.

Link
2022/9/28

Using malware for the greater good: Mitigating data leakage

Mordechai Guri, Rami Puzis, Kim-Kwang Raymond Choo, Sergey Rubinshtein, Gabi Kedma, Yuval Elovici

Journal of Network and Computer Applications 145, 102405, 2019

2022/9/28

Using malware for the greater good: Mitigating data leakage

Mordechai Guri, Rami Puzis, Kim-Kwang Raymond Choo, Sergey Rubinshtein, Gabi Kedma, Yuval Elovici

Journal of Network and Computer Applications 145, 102405, 2019

Accidental (i.e., non-malicious) data leakage can occur through emails, storage media, file-sharing services, social networks, and so on, and are one of the most commonly reported threats. We present DocGuard, a novel method designed to counter accidental data leakage. Unlike existing solutions, DocGuard is effective even when a file has already leaked out of the organization’s network. However, our approach does not require additional installation or software update, outside the organizational network, and it supports virtually any type of file (e.g., binaries, source-code, documents and media). Specifically, the key idea is to let existing anti-malware/anti-virus (AV) products (at the user PCs, cloud services, ISPs and e-mail gateways) identify the leaked file and block access to the identified file, in the same manner the AV product stops the propagation of an identified malware. DocGuard injects a hidden signature …

Link
2022/9/28

HADES-IoT: A practical and effective host-based anomaly detection system for IoT devices (extended version)

Dominik Breitenbacher, Ivan Homoliak, Yan Lin Aung, Yuval Elovici, Nils Ole Tippenhauer

IEEE Internet of Things Journal 9 (12), 9640-9658, 2021

2022/9/28

HADES-IoT: A practical and effective host-based anomaly detection system for IoT devices (extended version)

Dominik Breitenbacher, Ivan Homoliak, Yan Lin Aung, Yuval Elovici, Nils Ole Tippenhauer

IEEE Internet of Things Journal 9 (12), 9640-9658, 2021

Internet of Things (IoT) devices have become ubiquitous, with applications in many domains, including industry, transportation, and healthcare; these devices also have many household applications. The proliferation of IoT devices has raised security and privacy concerns, however many manufacturers neglect these aspects, focusing solely on the core functionality of their products due to the short time to market and the need to reduce product costs. Consequently, vulnerable IoT devices are left unpatched, allowing attackers to exploit them for various purposes, which include compromising the device users’ privacy or recruiting the devices to an IoT botnet. We present a practical and effective host-based anomaly detection system for IoT devices (HADES-IoT) as a novel last line of defense. HADES-IoT has proactive detection capabilities that enable the execution of any malicious process to be stopped before it even …

Link
2022/9/28

WinoGAViL: Gamified association benchmark to challenge vision-and-language models

Yonatan Bitton, Nitzan Bitton Guetta, Ron Yosef, Yuval Elovici, Mohit Bansal, Gabriel Stanovsky, Roy Schwartz

Advances in Neural Information Processing Systems 35, 26549-26564, 2022

2022/9/28

WinoGAViL: Gamified association benchmark to challenge vision-and-language models

Yonatan Bitton, Nitzan Bitton Guetta, Ron Yosef, Yuval Elovici, Mohit Bansal, Gabriel Stanovsky, Roy Schwartz

Advances in Neural Information Processing Systems 35, 26549-26564, 2022

While vision-and-language models perform well on tasks such as visual question answering, they struggle when it comes to basic human commonsense reasoning skills. In this work, we introduce WinoGAViL: an online game of vision-and-language associations (eg, between werewolves and a full moon), used as a dynamic evaluation benchmark. Inspired by the popular card game Codenames, a spymaster gives a textual cue related to several visual candidates, and another player tries to identify them. Human players are rewarded for creating associations that are challenging for a rival AI model but still solvable by other human players. We use the game to collect 3.5 K instances, finding that they are intuitive for humans (> 90% Jaccard index) but challenging for state-of-the-art AI models, where the best model (ViLT) achieves a score of 52%, succeeding mostly where the cue is visually salient. Our analysis as well as the feedback we collect from players indicate that the collected associations require diverse reasoning skills, including general knowledge, common sense, abstraction, and more. We release the dataset, the code and the interactive game, allowing future data collection that can be used to develop models with better association abilities.

Link
2022/9/28

Using data mining for detecting terror-related activities on the Web

Y Elovici, A K, el, M Last, B Shapira, O Zaafrany

Proceedings of the Second European Conference on Information Warfare and …, 2003

2022/9/28

Using data mining for detecting terror-related activities on the Web

Y Elovici, A K, el, M Last, B Shapira, O Zaafrany

Proceedings of the Second European Conference on Information Warfare and …, 2003

Using data mining for detecting terror-related activities on the Web — Ben-Gurion University
Research Portal Skip to main navigation Skip to search Skip to main content Ben-Gurion
University Research Portal Home Ben-Gurion University Research Portal Logo Help & FAQ
Home Profiles Research output Research Units Prizes Datasets Activities Press / Media
Student theses Research Labs / Equipment Search by expertise, name or affiliation Using data
mining for detecting terror-related activities on the Web Y Elovici, A Kandel, M Last, B Shapira,
O Zaafrany Department of Software and Information Systems Engineering Research output:
Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review
Overview Original language English GB Title of host publication Proceedings of the Second
European Conference on Information Warfare and Security (ECIW’03) Pages 271-280 State …

Link
2022/9/28

Identifying computers hidden behind a nat using machine learning techniques

Ori Zakin, Metal Levi, Yuval Elovici, Lior Rockach, Nir Shafrir, Guy Sinter, Ofer Pen

ECIW2008-7th European Conference on Information Warfare and Security …, 2008

2022/9/28

Identifying computers hidden behind a nat using machine learning techniques

Ori Zakin, Metal Levi, Yuval Elovici, Lior Rockach, Nir Shafrir, Guy Sinter, Ofer Pen

ECIW2008-7th European Conference on Information Warfare and Security …, 2008

Attackers may use computers hidden behind a Network Address Translator (NAT) in order to conduct malicious activities such as denial of service (DoS). In such cases law enforcement agencies are unable in many cases to single out an attacker from all the users hidden behind the NAT. In this paper we present an innovative approach for clustering the sessions emanating from the NAT in order to identify the attacker. Each cluster should ideally include only the sessions emanating from a specific computer. A system that implements the new approach was developed. It was used to evaluate the new approach performance in a real environment that included 24 computers hidden behind the NAT. The preliminary evaluation results have demonstrated the superiority of the new approach over existing solutions and its ability to assist in locating potential attackers hidden behind a NAT.

Link
2022/9/28

Active learning to improve the detection of unknown computer worms activity

Robert Moskovitch, Nir Nissim, Roman Englert, Yuval Elovici

2008 11th International Conference on Information Fusion, 1-8, 2008

2022/9/28

Active learning to improve the detection of unknown computer worms activity

Robert Moskovitch, Nir Nissim, Roman Englert, Yuval Elovici

2008 11th International Conference on Information Fusion, 1-8, 2008

Detecting unknown worms is a challenging task. We propose an innovative technique for detecting the presence of an unknown worm based on the computer measurements extracted from the operating system. We designed an experiment to test the new technique employing several computer configurations and background applications activity. During the experiments 323 computer features were monitored. Four feature selection measures were used to reduce the number of features. We applied support vector machines on the resulting feature subsets. In addition, we used active learning as a selective sampling method to increase the performance of the classifier and improve its robustness in noisy data. Our results indicate that using the proposed approach resulted in a mean accuracy in excess of 90%, and for specific unknown worms accuracy reached above 94%, using just 20 features while maintaining a …

Link
2022/9/28

Unknown malicious code detection–practical issues

Robert Moskovitch, Yuval Elovici

Proceedings of the 7th European Conference on Information Warfare, 145-153, 2008

2022/9/28

Unknown malicious code detection–practical issues

Robert Moskovitch, Yuval Elovici

Proceedings of the 7th European Conference on Information Warfare, 145-153, 2008

The recent growth in Internet usage has motivated the creation of new malicious code for various purposes, including information warfare. Today’s signature-based anti-viruses can detect accurately known malicious code but are very limited in detecting new malicious code. New malicious codes are being created every day, and their number is expected to increase in the coming years. Recently, machine learning methods, such as classification algorithms, were used successfully for the detection of unknown malicious code. These studies were based on a test collection with a limited size of less than 3,000 files, and the proportions of malicious and benign files in both the training and test sets were identical. These test collections do not correspond to real life conditions, in which the percentage of malicious files is significantly lower than that of the benign files. In this study we present a methodology for the detection of unknown malicious code. The executable binary code is represented by n-grams. We performed an extensive evaluation using a test collection of more than 30,000 files, in which we investigated the imbalance problem. Five levels of Malicious Files Percentage (MFP) in the training set (16.7, 33.4, 50, 66.7 and 83.4%) were used to train classifiers. 17 levels of MFP (5, 7.5, 10, 12.5, 15, 20, 30, 40, 50, 60, 70, 80, 85, 87.5, 90, 92.5 and 95%) were set in the test set to represent various benign/malicious files ratio during the detection. Our evaluation results suggest that varying classification algorithms react differently to the various benign/malicious files ratio. For 10% MFP in the test set, representing real life conditions, in general the …

Link
2022/9/28

Nesto-Network selection and traffic offloading system for android mobile devices

Ariel Bar, Dudu Mimran, Lena Chekina, Yuval Elovici, Bracha Shapira

2013 9th International Wireless Communications and Mobile Computing …, 2013

2022/9/28

Nesto-Network selection and traffic offloading system for android mobile devices

Ariel Bar, Dudu Mimran, Lena Chekina, Yuval Elovici, Bracha Shapira

2013 9th International Wireless Communications and Mobile Computing …, 2013

In this paper we present Nesto, a network selection and offloading system for android based mobile devices. Nesto chooses the best connectivity solution between available heterogeneous wireless networks using network switching. The suggested framework supports several configurable policies and addresses the following requirements: battery energy saving, bandwidth maximization, an offloading strategy for cellular operators and granting the best available network QoS to current running applications (e.g. minimizing delay and jitter for voip applications). Nesto is designed to support two primary connectivity modes: a traditional single connectivity mode and a full dual mode, where both the cellular and ad-hoc WiFi networks are used simultaneously. The full dual mode allows us to extend the always best connected definition from the device level to the application level, i.e.: selecting the best network for each …

Link
2022/9/28

A particle swarm model for estimating reliability and scheduling system maintenance

Rami Puzis, Dov Shirtz, Yuval Elovici

Enterprise Information Systems 10 (4), 349-377, 2016

2022/9/28

A particle swarm model for estimating reliability and scheduling system maintenance

Rami Puzis, Dov Shirtz, Yuval Elovici

Enterprise Information Systems 10 (4), 349-377, 2016

Modifying data and information system components may introduce new errors and deteriorate the reliability of the system. Reliability can be efficiently regained with reliability centred maintenance, which requires reliability estimation for maintenance scheduling. A variant of the particle swarm model is used to estimate reliability of systems implemented according to the model view controller paradigm. Simulations based on data collected from an online system of a large financial institute are used to compare three component-level maintenance policies. Results show that appropriately scheduled component-level maintenance greatly reduces the cost of upholding an acceptable level of reliability by reducing the need in system-wide maintenance.

Link
2022/9/28

Analyst intuition inspired high velocity big data analysis using PCA ranked fuzzy k-means clustering with multi-layer perceptron (MLP) to obviate cyber security risk

TT Teoh, Yue Zhang, YY Nguwi, Yuval Elovici, WL Ng

2017 13th International Conference on Natural Computation, Fuzzy Systems and …, 2017

2022/9/28

Analyst intuition inspired high velocity big data analysis using PCA ranked fuzzy k-means clustering with multi-layer perceptron (MLP) to obviate cyber security risk

TT Teoh, Yue Zhang, YY Nguwi, Yuval Elovici, WL Ng

2017 13th International Conference on Natural Computation, Fuzzy Systems and …, 2017

The growing prevalence of cyber threats in the world are affecting every network user. Numerous security monitoring systems are being employed to protect computer networks and resources from falling victim to cyber-attacks. There is a pressing need to have an efficient security monitoring system to monitor the large network datasets generated in this process. A large network datasets representing Malware attacks have been used in this work to establish an expert system. The characteristics of attacker’s IP addresses can be extracted from our integrated datasets to generate statistical data. The cyber security expert provides to the weight of each attribute and forms a scoring system by annotating the log history. We adopted a special semi supervise method to classify cyber security log into attack, unsure and no attack by first breaking the data into 3 cluster using Fuzzy K mean (FKM), then manually label a small …

Link
2022/9/28

Pay attention: Improving classification of PE malware using attention mechanisms based on system call analysis

Ori Or-Meir, Aviad Cohen, Yuval Elovici, Lior Rokach, Nir Nissim

2021 International Joint Conference on Neural Networks (IJCNN), 1-8, 2021

2022/9/28

Pay attention: Improving classification of PE malware using attention mechanisms based on system call analysis

Ori Or-Meir, Aviad Cohen, Yuval Elovici, Lior Rokach, Nir Nissim

2021 International Joint Conference on Neural Networks (IJCNN), 1-8, 2021

Malware poses a threat to computing systems worldwide, and security experts work tirelessly to detect and classify malware as accurately and quickly as possible. Since malware can use evasion techniques to bypass static analysis and security mechanisms, dynamic analysis methods are more useful for accurately analyzing the behavioral patterns of malware. Previous studies showed that malware behavior can be represented by sequences of executed system calls and that machine learning algorithms can leverage such sequences for the task of malware classification (a.k.a. malware categorization). Accurate malware classification is helpful for malware signature generation and is thus beneficial to antivirus vendors; this capability is also valuable to organizational security experts, enabling them to mitigate malware attacks and respond to security incidents. In this paper, we propose an improved methodology …

Link
2022/9/28

Toward scalable and unified example-based explanation and outlier detection

Penny Chong, Ngai-Man Cheung, Yuval Elovici, Alex, er Binder

IEEE Transactions on Image Processing 31, 525-540, 2021

2022/9/28

Toward scalable and unified example-based explanation and outlier detection

Penny Chong, Ngai-Man Cheung, Yuval Elovici, Alex, er Binder

IEEE Transactions on Image Processing 31, 525-540, 2021

When neural networks are employed for high-stakes decision-making, it is desirable that they provide explanations for their prediction in order for us to understand the features that have contributed to the decision. At the same time, it is important to flag potential outliers for in-depth verification by domain experts. In this work we propose to unify two differing aspects of explainability with outlier detection. We argue for a broader adoption of prototype-based student networks capable of providing an example-based explanation for their prediction and at the same time identify regions of similarity between the predicted sample and the examples. The examples are real prototypical cases sampled from the training set via a novel iterative prototype replacement algorithm. Furthermore, we propose to use the prototype similarity scores for identifying outliers. We compare performance in terms of the classification, explanation …

Link
2022/9/28

Evaluating the security of open radio access networks

Dudu Mimran, Ron Bitton, Yehonatan Kfir, Eitan Klevansky, Oleg Brodt, Heiko Lehmann, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2201.06080, 2022

2022/9/28

Evaluating the security of open radio access networks

Dudu Mimran, Ron Bitton, Yehonatan Kfir, Eitan Klevansky, Oleg Brodt, Heiko Lehmann, Yuval Elovici, Asaf Shabtai

arXiv preprint arXiv:2201.06080, 2022

The Open Radio Access Network (O-RAN) is a promising RAN architecture, aimed at reshaping the RAN industry toward an open, adaptive, and intelligent RAN. In this paper, we conducted a comprehensive security analysis of Open Radio Access Networks (O-RAN). Specifically, we review the architectural blueprint designed by the O-RAN alliance — A leading force in the cellular ecosystem. Within the security analysis, we provide a detailed overview of the O-RAN architecture; present an ontology for evaluating the security of a system, which is currently at an early development stage; detect the primary risk areas to O-RAN; enumerate the various threat actors to O-RAN; and model potential threats to O-RAN. The significance of this work is providing an updated attack surface to cellular network operators. Based on the attack surface, cellular network operators can carefully deploy the appropriate countermeasure for increasing the security of O-RAN.

Link
2022/9/28

Sisr–a new model for epidemic spreading of electronic threats

Boris Rozenberg, Ehud Gudes, Yuval Elovici

Information Security: 12th International Conference, ISC 2009, Pisa, Italy …, 2009

2022/9/28

Sisr–a new model for epidemic spreading of electronic threats

Boris Rozenberg, Ehud Gudes, Yuval Elovici

Information Security: 12th International Conference, ISC 2009, Pisa, Italy …, 2009

Epidemic spreading in complex networks has received much attention in recent years. Previous research identified a propagation scenario of electronic threats which has not been described by any of the existing analytical models. In this scenario an infected node instead of being removed contributes to the infection spreading upon the reinfection attempt (for example, Sober, Sobig, and Mydoom Worms). In this paper we formally define and describe analytically a new model, Susceptible-Infected-Suspended-Reinfected (SISR), which complies with this scenario of epidemic spreading in both homogeneous and complex networks. We then evaluate the model by comparing it to the SIR model and by comparing its estimations with simulation results.

Link
2022/9/28

Rendezvous tunnel for anonymous publishing

Ofer Hermoni, Niv Gilboa, Eyal Felstaine, Yuval Elovici, Shlomi Dolev

Proceedings of the 17th ACM conference on Computer and communications …, 2010

2022/9/28

Rendezvous tunnel for anonymous publishing

Ofer Hermoni, Niv Gilboa, Eyal Felstaine, Yuval Elovici, Shlomi Dolev

Proceedings of the 17th ACM conference on Computer and communications …, 2010

Many anonymous peer-to-peer (P2P) file sharing systems have been proposed in recent years. One problem that remains open is how to protect the anonymity of all participating users, namely, reader, server and publisher. In this work we propose a novel solution for a P2P file sharing system. Our solution provides overall anonymity to all participating users.Servers in our system store shares of documents, and each share is reached through a rendezvous tunnel between the server and an address given by a hash of the document’s name. To publish a document, the publisher first divides the document into shares, for each share finds the address of the entrance to the tunnel by hashing the document’s name. Next, the publisher uses anonymous communication to reach the entrance of the rendezvous tunnel. We then use a random walk and an anonymous key exchange scheme to set keys along the rendezvous …

Link
2022/9/28

Temporal pattern discovery for accurate sepsis diagnosis in ICU patients

Eitam Sheetrit, Nir Nissim, Denis Klimov, Lior Fuchs, Yuval Elovici, Yuval Shahar

arXiv preprint arXiv:1709.01720, 2017

2022/9/28

Temporal pattern discovery for accurate sepsis diagnosis in ICU patients

Eitam Sheetrit, Nir Nissim, Denis Klimov, Lior Fuchs, Yuval Elovici, Yuval Shahar

arXiv preprint arXiv:1709.01720, 2017

Sepsis is a condition caused by the body’s overwhelming and life-threatening response to infection, which can lead to tissue damage, organ failure, and finally death. Common signs and symptoms include fever, increased heart rate, increased breathing rate, and confusion. Sepsis is difficult to predict, diagnose, and treat. Patients who develop sepsis have an increased risk of complications and death and face higher health care costs and lo