Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.

Wincite Knowledge Warehousing and Networking Sophisticated Simplicity.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

Internet Phishing Not the kind of Fishing you are used to.

Cyber X-Force-SMS alert system for threats.

CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

Machine Learning Methods for Personalized Cybersecurity Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Applying machine learning and artificial intelligence.

Personalized Cybersecurity for Dummies Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Application of machine learning and crowdsourcing to adapt cybersecurity.

Detection of Internet Scam Using Logistic Regression

Norman SecureSurf Protect your users when surfing the Internet.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.

SEC835 Database and Web application security Information Security Architecture.

Drive Customer Satisfaction. Cut Costs. Improve Efficiencies. Oracle i Support Chris Kirby Senior Sales Consultant Oracle.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

C OMPUTER C ONCEPTS Unit 1 Concept 3 – Solving Technological Problems.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)

Computer & Network Security

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

Information Warfare Playgrounds to Battlegrounds.

“Stronger” Web Authentication: A Security Review Cory Scott.

Here is a list of viruses Adware- or advertising-supported software-, is any software package which automatically plays, displays, or downloads advertisements.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008

How Phishing Works Prof. Vipul Chudasama.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Hurdles in implementation of cyber security in India.

Information Warfare Playgrounds to Battlegrounds.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.

Machine Learning Methods for Cybersecurity Jaime G. Carbonell Eugene Fink Mehrbod Sharifi.

Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.

McAfee Antivirus Support By Techdotcomp nd Ave, Seattle, WA 98122, USA Phone: Based on Seattle, WA.

Remove [Browser Hijackers] For more information regarding [Browser Hijackers] Please Visit:

Computer Security Keeping you and your computer safe in the digital world.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

Exposing Private Information by Timing Web Applications Stephen Kleinheider.

KNOWLEDGE MANAGEMENT (KM) Session # 32

Detection of Internet Scam Using Logistic Regression

Instructor Materials Chapter 7 Network Security

Lesson 3 Safe Computing.

Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.

Software Applications for end-users

Outline Introduction Characteristics of intrusion detection systems

Cross-Site Request Forgeries: Exploitation and Prevention

Cybersecurity Awareness

4 ways to stay safe online 1. Avoid viruses and phishing scams

Home Internet Vulnerabilities

Cross-Site Request Forgery (CSRF) Attack Lab

Computer Security.

Lorenzo Biasiolo 3°AI INFORMATION SECURITY.

Computer Security By: Muhammed Anwar.

Spear Phishing Awareness

Presentation transcript:

Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi

Individual user differences Security needs - Data confidentiality - Data-loss tolerance - Recovery costs Usage patterns Computer knowledge Different users need different security tools.

Problems “Advanced user” assumption - Complicated customization - Unclear security warnings Inflexible engineered solutions with “too much security” - Too high security at high costs - Insufficient customization

Population statistics Almost everyone uses a computer Most users are naïve, with limited technical knowledge Many security problems are due to the user naïveté

Long-term goal We need an intelligent security assistant that... Learns the user needs Detects complex threats Prevents human mistakes Helps the user to apply available security tools

Crowdsourcing architecture Identification of web scams Detection of cross-site request forgery Initial results

Crowdsourcing architecture Gathering, sharing, and integration of opinions and warnings about web security threats.

Crowdsourcing architecture

Browser Extension Web Browser Multiple Users Web Service External Data Sources

Identification of web scams A web scam is fraudulent or intentionally misleading information posted on the web (e.g. work at home and miracle cures).

Identification of web scams Machine learning approach: Collect data about websites, available from various public services Collect human opinions Apply machine learning (currently, logistic regression) to recognize scams based on the available data Accuracy: 98%

Detection of cross-site request forgery A cross-site request forgery is an attack through a browser, in which a malicious website uses a trusted session to send unauthorized requests to a target site. Malicious Ads News Bank … … … …

Detection of cross-site request forgery Machine learning approach: Learn patterns of legitimate requests Detect deviations from these patterns Warn the user about potentially malicious sites and requests

Future research... newly evolving threats, not yet addressed by the standard defenses... cyber attacks by their observed “symptoms” in addition to using direct analysis of attacking code... “nontraditional” threats that go beyond malware attacks, such as scams and other social engineering Application of machine learning and crowdsourcing to detect...