Semantics for Cybersecurity and Privacy Tim Finin, UMBC Joint work with Anupam Joshi, Karuna Joshi, Zareen Syed andmany UMBC graduate students

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

By Hiranmayi Pai Neeraj Jain

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Windows Defender Next Generation Anti-malware

OPC WPFHMI.NET.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

IT:Network:Microsoft Applications

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Smart Learning Services Based on Smart Cloud Computing

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Semantics for Big Data (,) Security and Privacy Tim Finin and Anupam Joshi University of Maryland, Baltimore County Baltimore MD NSF Workshop on Big Data.

An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.

Semantics for Privacy and Context Tim Finin University of Maryland, Baltimore County Joint work with Anupam Joshi, Prajit Das, Primal Pappachan, Eduado.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Semantic Web outlook and trends May The Past 24 Odd Years 1984 Lenat’s Cyc vision 1989 TBL’s Web vision 1991 DARPA Knowledge Sharing Effort 1996.

1 NETE4631 Mobile Cloud Computing Lecture Notes #10.

An approach to Intelligent Information Fusion in Sensor Saturated Urban Environments Charalampos Doulaverakis Centre for Research and Technology Hellas.

Open Web App. Purpose To explain Open Web Apps To explain Open Web Apps To demonstrate some opportunities for a small business with this technology To.

Tim Finin University of Maryland, Baltimore County 29 January 2013 Joint work with Anupam Joshi, Laura Zavala and our students SRI Social Media Workshop.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Software Security Testing Vinay Srinivasan cell:

The INTERNET how it works. the internet: defined So, what is it?

Microsoft Internet Explorer and the Internet Using Microsoft Explorer 5.

Time lag between discovering issue and resolving Difficult to find solutions and patches that can help resolve issue Service outages expensive and.

Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

4061 Session 26 (4/19). Today Network security Sockets: building a server.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Understand Malware LESSON Security Fundamentals.

Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.

Writing Security Alerts tbird Last modified 2/25/2016 8:55 PM.

Semantic Web in Context Broker Architecture Presented by Harry Chen, Tim Finin, Anupan Joshi At PerCom ‘04 Summarized by Sungchan Park

NSF Cyber Trust Annual Principal Investigator Meeting September 2005 Newport Beach, California UMBC an Honors University in Maryland Trust and Security.

Making Software Agents Smarter Tim Finin University of Maryland, Baltimore County ICAART 2010, 22 January 2010

CISC 849 : Applications in Fintech Vaishnavi Gandra Dept of Computer & Information Sciences University of Delaware Extracting Cybersecurity Related Linked.

Selected Semantic Web UMBC CoBrA – Context Broker Architecture  Using OWL to define ontologies for context modeling and reasoning  Taking.

Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.

GoRelations: an Intuitive Query System for DBPedia Lushan Han and Tim Finin 15 November 2011

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

 GEETHA P.  Originally coined by Tim O’Reilly Publishing Media  Second generation of services available on www.  Lets people collaborate and share.

Anupam Joshi University of Maryland, Baltimore County Joint work with Tim Finin and several students Computational/Declarative Policies.

Some Great Open Source Intrusion Detection Systems (IDSs)

Ilija Jovičić Sophos Consultant.

FaceBlock: Semantic Context-Aware Privacy for Mobile Devices

Managing Secure Network Systems

Secure Software Confidentiality Integrity Data Security Authentication

Faizel Lakhani | President & COO

MICROSOFT OUTLOOK and Outlook service Provider

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Home Internet Vulnerabilities

Secure once, run anywhere Simplify your security with Sophos

Revision PowerPoint By Nicole Davidson.

Presentation transcript:

Semantics for Cybersecurity and Privacy Tim Finin, UMBC Joint work with Anupam Joshi, Karuna Joshi, Zareen Syed andmany UMBC graduate students

Things, not Strings Today’s focus on big data requires semantics → Data variety requires analysis, integration & fusion → Must understand data’s meaning (i.e., semantics) → Exploit background knowledge Important for cybersecurity and privacy → Protect personal information, esp. in mobile/IOT → Modeling & using context often useful if not critical Needs high-performance computing → For machine learning and analytics → For information extraction from text

Use Case Examples We’ve used semantic technologies in support of assured information tasks including – Representing & enforcing information sharing policies – Negotiating for cloud services respecting organizational constraints (e.g., data privacy, location, …) – Modeling context for mobile users and using this to manage information sharing – Acquiring, using and sharing knowledge for situationally-aware intrusion detection systems Key technologies: Semantic Web languages (OWL, RDF) & tools and information extraction from text

Context-Aware Privacy & Security Smart mobile devices know a great deal about their users, including their current context Sensor data, , calendar, social media, … Acquiring & using this knowledge helps them provide better services Context-aware policies can be used to limit information sharing as well as to control the actions and information access of mobile apps Sharing context with other users, organizations and service providers can also be beneficial Context is more than time and GPS coordinates We’re in a two-hour budget meeting at X with A, B and C We’re in a important meeting We’re busy

FaceBlock Click image to play 80 second video or go to YoutubeYoutube

FaceBlock FaceBlock automatically obscures faces in pictures using image analysis, dynamic, context-aware policies and ad hoc device communication

Intrusion Detection Systems Current intrusion detection systems poor for zero-day and “low and slow” attacks, and APTs Sharing Information from heterogeneous data sources can provide useful information even when an attack signature is unavailable Implemented prototypes that integrate and reason over data from IDSs, host and network scanners, and text at the knowledge level We’ve established the feasibility of the approach in simple evaluation experiments

From dashboards & watchstanding (Simple) Analysis

… to situational awareness Non Traditional “Sensors” Traditional Sensors Facts / Information Context/Situation Rules Policies Analytics Alerts Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 …. [ a IDPS:text_entity; IDPS:has_vulnerability_term "true"; IDPS:has_security_exploit "true"; IDPS:has_text “Internet Explorer"; IDPS:has_text “arbitrary code "; IDPS:has_text "remote attackers".] [ a IDPS:system; IDPS:host_IP " ”.] [ a IDPS:scannerLog IDPS:scannerLogIP " "; …] [ a IDPS:gatewayLog IDPS:gatewayLogIP " "; …] [ IDPS:scannerLog IDPS:hasBrowser ?Browser IDPS:gatewayLog IDPS:hasURL ?URL ?URL IDPS:hasSymantecRating “unsafe” IDPS: scannerLog IDPS:hasOutboundConnection “true” IDPS:WiresharkLog IDPS:isConnectedTo ?IPAddress ?IPAddress IDSP:isZombieAddress “true”] => [IDPS:system IDPS:isUnderAttack “user-after-free vulnerability” IDPS:attack IDPS:hasMeans “Backdoor” IDPS:attack IDPS:hasConsequence “UnautorizedRemoteAccess”]

Maintaining the vulnerability KB Our approach requires us to keep the KB of software products and known or suspected vulnerabilities and attacks up to date Resources like NVD are great, but tapping into text can enrich their information and give earlier warn-ings of problems CVE disclosed (01/14/13) Vendor deploys software Attacker finds vuln. & exploits it (01/10/13) Exploit reported in mailing list (01/10/13) Vuln. reported in NVD RSS feed Analysis Vuln. Analyzed & included in NVD feed (02/16/2013) Vendor Analysis Threat disclosed in vendor bulletin (03/04/2013) Patch development Patch released (Critical Patch Update) (06/18/2013) Resolution System update

Information extraction from text CVE Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka ”Msvcrt.dll Buffer Overflow Vulnerability.” ebqids:hasMean s Identify relationships e/Buffer_overflow Link concepts to entities ows_7 ebqids:affectsProduct We use information extraction techniques to identify entities, relations and concepts in security related text These are mapped to terms in our ontology and the DBpedia knowledge base extracted from Wikipedia