Yisroel Mirsky, Wenke Lee Ben-Gurion University and Georgia Institute of Technology, May 2020 Link to document A deepfake is content generated by artificial intelligence which seems authentic in the eyes of a human being. The word deepfake is a combination of the words ‘deep learning’ and ‘fake’ and primarily relates to content generated by an artificial neural network, a branch of machine learning.The most common form of deepfakes involves the generation and manipulation of human imagery. This technology has creative and productive applications. For example, realistic video dubbing of foreign

Noga Agmon, Asaf Shabtai, Rami Puzis Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, 11 Apr 2019 Link to document The Internet of things (IoT) has become an integral part of our lifeat both work and home. However, these IoT devices are prone to vulnerability exploits due to their low cost, low resources, the diversityof vendors, and proprietary firmware. Moreover, short range communication protocols (e.g., Bluetooth or ZigBee) open additionalopportunities for the lateral movement of an attacker within an organization. Thus, the type and location of

Yisroel Mirsky, Tom Mahler, Ilan Shelef, Yuval Elovici Department of Information Systems Engineering, Ben-Gurion University, Israel Soroka University Medical Center. 3 Apr 2019 Link to document In 2018, clinics and hospitals were hit with numerous attacksleading to significant data breaches and interruptions inmedical services. An attacker with access to medical recordscan do much more than hold the data for ransom or sell it onthe black market.In this paper, we show how an attacker can use deeplearning to add or remove evidence of medical conditionsfrom volumetric (3D) medical scans. An attacker

Nir Sivan, Ron Bitton, Asaf Shabtai Department of Software and Information Systems Engineering Ben-Gurion University of the Negev. 12 Dec 2018 Link to document In recent years we have witnessed a shift towards personalized, context-based applications and services for mobile device users. A key component of many of these services is the ability to infer the current location and predict the future location of users based on location sensors embedded in the devices. Such knowledge enables service providers to present relevant and timely offers to their users and better manage

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) AN IEEE EUROPEAN SYMPOSIUM ON SECURITY & PRIVACY AFFILIATED WORKSHOP 23 April 2018, University College London (UCL), London, UK Link to document The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver

Adi Stein, Yair Yotam, Rami Puzis, Guy Shani, Meirav Taieb-Maimon Entertainment Computing Volume 25, March 2018, Pages 14-25 Link to document In online games, gamers may become frustrated when playing against stronger players or get bored when playing against weaker players, thus losing interest in the game. Dynamic Difficulty Adjustment (DDA) has been suggested as an intelligent handicapping mechanism, by reducing the difficulty for the weaker player, or increasing the difficulty for the stronger player. A key question when using DDA, is when to activate the difficulty adjustment. In this

R Bitton, A Finkelshtein, L Sidi, R Puzis, L Rokach, A Shabtai Computers & Security Volume 73, March 2018, Pages 266-293 Link to document The popularity of smartphones, coupled with the amount of valuable and private information they hold, make them attractive to attackers interested in exploiting the devices to harvest sensitive information. Exploiting human vulnerabilities (i.e., social engineering) is an approach widely used to achieve this goal. Improving the security awareness of users is an effective method for mitigating social engineering attacks. However, while in the domain of personal

E. Boyle, N. Gilboa, Y. Ishai, R. Lin and S. Tessaro 9th Innovations in Theoretical Computer Science Conference (ITCS 2018) Link to document Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong

S. Kampeas, A. Cohen and O. Gurewitz IEEE Transactions on Information Theory ( Volume: PP, Issue: 99 ) Page(s): 1 – 1 Link to document Consider the problem of a Multiple-Input Multiple-Output (MIMO) Multiple-Access Channel (MAC) at the limit of large number of users. Clearly, in practical scenarios, only a small subset of the users can be scheduled to utilize the channel simultaneously. Thus, a problem of user selection arises. However, since solutions which collect Channel State Information (CSI) from all users and decide on the best subset to transmit

Yehonatan Cohen, Daniel Gordon, Danny Hendler Knowledge-Based Systems Volume 142, 15 February 2018, Pages 241-255 Link to document We present ErDOS — an algorithm for the Early Detection Of Spamming accounts. The detection approach implemented by ErDOS combines content-based labelling and features based on inter-account communication patterns. We define new account features, based on the ratio between the numbers of sent and received emails, the distribution of emails received from different accounts, and the topological features of the network induced by inter-account communication. We also present ErDOS-LVS — a variant

Z Katzir, Y Elovici Expert Systems with Applications 92, 419-429, 2018 Link to document The use of machine learning algorithms for cyber security purposes gives rise to questions of adversarial resilience, namely: Can we quantify the effort required of an adversary to manipulate a system that is based on machine learning techniques? Can the adversarial resilience of such systems be formally modeled and evaluated? Can we quantify this resilience such that different systems can be compared using empiric metrics?Past works have demonstrated how an adversary can manipulate a system based

Yehonatan Cohen, Danny Hendler, Amir Rubin Knowledge-Based Systems Volume 141, 1 February 2018, Pages 67-79 Link to document Email remains one of the key media used by cybercriminals for distributing malware. Based on a large data set consisting of antivirus telemetry reports, we conduct the first comprehensive study of the properties of malicious webmail attachments. We show that they are distinct among the general web-borne malware population in terms of the malware reach (the number of machines to which the malware is downloaded), malware type and family. Furthermore, we show

Yisroel Mirsky, Tomer Doitshman, Yuval Elovici and Asaf Shabtai Network and Distributed Systems Security Symposium (NDSS), 2018 Link to document Neural networks have become an increasingly popular solution for network intrusion detection systems (NIDS). Their capability of learning complex patterns and behaviors make them a suitable solution for differentiating between normal traffic and network attacks. However, a drawback of neural networks is the amount of resources needed to train them. Many network gateways and routers devices, which could potentially host an NIDS, simply do not have the memory or processing

Mark Yampolskiy , Wayne King, Gregory Pope, Sofia Belikovetsky, Yuval Elovici ICCIP 2017: Critical Infrastructure Protection XI pp 23-44 Link to document Additive manufacturing involves a new class of cyber-physical systems that manufacture 3D objects incrementally by depositing and fusing together thin layers of source material. In 2015, the global additive manufacturing industry had $5.165 billion in revenue, with 32.5% of all manufactured objects used as functional parts. Because of their reliance on computerization, additive manufacturing devices (or 3D printers) are susceptible to a broad range of attacks. The rapid

Cooperation with IBM E Karpas, O Betzalel, SE Shimony, D Tolpin, A Felner Link to document The obvious way to use several admissible heuristics in searching for an optimal solution is to take their maximum. In this paper, we aim to reduce the time spent on computing heuristics within the context of ⁎A⁎ and ⁎IDA⁎ . We discuss Lazy ⁎A⁎ and Lazy ⁎IDA⁎ , variants of ⁎A⁎ and ⁎IDA⁎ , respectively, where heuristics are evaluated lazily: only when they are essential to a decision to be made in the search

E. Boyle, G. Couteau, N. Gilboa and Y. Ishai and M. Orru CCS ’17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pages 2105-2122 Link to document We continue the study of Homomorphic Secret Sharing (HSS), recently introduced by Boyle et al. (Crypto 2016, Eurocrypt 2017). A (2-party) HSS scheme splits an input x into shares (x0,x1) such that (1) each share computationally hides x, and (2) there exists an efficient homomorphic evaluation algorithm $\Eval$ such that for any function (or “program”) from a given class

Ori Bar-Ilan, Roni Stern and Meir Kalech The Twenty Seventh International Workshop on Principles of Diagnosis (DX-17), 2017 Link to document Software diagnosis algorithms aim to identify the faultysoftware components that caused a failure. A key challengesof existing software diagnosis algorithms is how to prioritizethe outputted diagnoses. To do so, previous work proposeda method for estimating the likelihood that each diagnosisis correct. Computing these diagnosis likelihoods is nontrivial.We propose to do this by learning a behavior modelof the software components and use it to identify abnormallybehaving components. In this work

In collaboration with IDC Herzliya + Technion and UCLA Elette Boyle, Niv Gilboa and Yuval Ishai Advances in Cryptology – EUROCRYPT 2017, pages 163-193, 2017 Link to document A recent work of Boyle et al. (Crypto 2016) suggests that“group-based” cryptographic protocols, namely ones that only rely on a cryptographically hard (Abelian) group, can be surprisingly powerful. In particular, they present succinct two-party protocols for securely computingbranching programs and NC1 circuits under the DDH assumption,providing the first alternative to fully homomorphic encryption.In this work we further explore the power of group-based

In collaboration with Technion and UCLA Amos Beimel, Yuval Ishai, Eyal Kushilevitz Advances in Cryptology – EUROCRYPT 2017, pages 580-608, 2017 Link to document We study the notion of ad hoc secure computation, recently introduced by Beimel et al. (ITCS 2016), in the context of the Private Simultaneous Messages (PSM) model of Feige et al. (STOC 2004). In ad hoc secure computation we have n parties that may potentially participate in a protocol but, at the actual time of execution, only k of them, whose identity is not known in

In collaboration with IBM Tomer Cohen, Danny Hendler and Dennis Potashnik CSCML 2017, pages 211-220 Link to document Traditional antivirus software relies on signatures to uniquely identify malicious files. Malware writers, on the other hand, have responded by developing obfuscation techniques with the goal of evading content-based detection. A consequence of this arms race is that numerous new malware instances are generated every day, thus limiting the effectiveness of static detection approaches. For effective and timely malware detection, signature-based mechanisms must be augmented with detection approaches that are harder to

In collaboration with IBM H Grushka-Cohen, O Sofer, O Biller, B Shapira, L Rokach Proceedings of the 25th ACM International on Conference on Information and Knowledge Management Link to document Security systems for databases produce numerous alerts aboutanomalous activities and policy rule violations. Prioritizing thesealerts will help security personnel focus their efforts on the mosturgent alerts. Currently, this is done manually by security expertsthat rank the alerts or define static risk scoring rules. Existingsolutions are expensive, consume valuable expert time, and do notdynamically adapt to changes in policy.Adopting a learning

Y Mirsky, A Shabtai, B Shapira, Y Elovici, L Rokach Pervasive and Mobile Computing 35, 83-107, 2017 Link to document Smartphones centralize a great deal of users’ private information and are thus a primary target for cyber-attack. The main goal of the attacker is to try to access and exfiltrate the private information stored in the smartphone without detection. In situations where explicit information is lacking, these attackers can still be detected in an automated way by analyzing data streams (continuously sampled information such as an application’s CPU consumption, accelerometer

Tomer Glick, Yossi Oren, Rami Puzis, Asaf Shabtai SEMS (2017) Link to document Security-conscious users are very careful with softwarethey allow their phone to run. They are much lesscareful with the choices they make regarding accessories suchas headphones or chargers and only few, if any, care aboutcyber security threats coming from the phone’s protectivecase. We show how a malicious smartphone protective casecan be used to detect and monitor the victim’s interactionwith the phone’s touchscreen, opening the door to keyloggerlikeattacks, threatening the user’s security and privacy. Thisfeat is achieved by implementing

Abigail Paradise, Rami Puzis, Aviad Elyashar, Yuval Elovici, Asaf Shabtai IEEE Transactions on Computational Social Systems (IEEE T-CSS), accepted (2017) Link to document Reconnaissance is the initial and essential phaseof a successful advanced persistent threat (APT). In manycases, attackers collect information from social media, such asprofessional social networks. This information is used to selectmembers that can be exploited to penetrate the organization.Detecting such reconnaissance activity is extremely hard becauseit is performed outside the organization premises. In this paper,we propose a framework for management of social networkhoneypots to aid in detection