Using machine learning to hunt down cybercriminals

MIT News  October 8, 2019 Border Gateway Protocol (BGP allows different parts of the internet to talk to each other) hijacks remain an acute problem in today’s Internet with widespread consequences. To predict these incidents in advance by tracing things back to the hijackers a team of scientists in the US (MIT, UC San Diego) developed and trained a machine learning model to automatically identify Autonomous Systems (ASes) that exhibit characteristics like serial hijackers. The classifier identifies ≈ 900 ASes with similar behavior in the global IPv4 routing table. They analyze and categorize these networks, finding a wide range of […]

Attackers could be listening to what you type

Science Daily  August 14, 2019 Researchers at the Southern Methodist University investigate the capability of mobile phone sensor arrays, using audio and motion sensor data, for classifying keystrokes that occur on a keyboard in proximity to phones around a table, as would be common in a meeting. They developed a system of mixed convolutional and recurrent neural networks and deployed the system in a human subjects experiment with 20 users typing naturally while talking. Using leave-one-user-out cross validation, they found that mobile phone arrays have the ability to detect 41.8% of keystrokes and 27% of typed words correctly in such […]

Russian hackers are infiltrating companies via the office printer

MIT Technology Review  August 5, 2019 The Russian hackers, who go by names like Strontium, Fancy Bear, and APT28, are linked to the military intelligence agency GRU. The new campaign from GRU compromised popular internet of things devices including a VOIP phone, a connected office printer, and a video decoder in order to gain access to corporate networks. Although things like smartphones and desktop computers are often top of mind when it comes to security, it’s often the printer, camera, or decoder that leaves a door open for a hacker to exploit. The hackers moved from one device to another, […]

Hackers could use connected cars to gridlock whole cities

EurekAlert  July 28, 2019 A team of researchers in the US (Georgia Institute of Technology, industry) studied a scenario envisioned by cybersecurity experts leading to a large number of internet-connected vehicles being suddenly and simultaneously disabled. To investigate the aftermath of the post hack they used an agent-based simulation and discovered the critical relevance of percolation for probabilistically predicting the outcomes on a multilane road in the immediate aftermath of a vehicle-targeted cyberattack. They developed an analytic percolation-based model to rapidly assess road conditions given the density of disabled vehicles and applied it to study the street network of Manhattan […]

New computer attack mimics user’s keystroke characteristics and evades detection

Science Daily  June 6, 2019 Researchers in Israel have developed a new attack called Malboard and a detection module. Malboard automatically generates keystrokes that have the attacked user’s behavioral characteristics. The keystrokes are injected into the computer in the form of malicious commands and thus can evade existing detection mechanisms designed to continuously verify the user’s identity based on keystroke dynamics. In demonstration attack against three existing detection mechanisms, the results showed that Malboard managed to evade detection in 83–100% of the cases, depending on the detection tools in place. They also developed three different modules, aimed at detecting keystroke […]

How You Walk and Hold Your Device Could Replace Passwords

Next Big Future  May 22, 2019 DISA (Defense Information Systems Agency) has identified 46 factors that could be used to help it get rid of passwords on your mobile device, including gait, the way you swipe, and how you hold your phone or tablet. Continuous multi-factor authentication (CMFA) will run seamlessly in the background allowing access through biometric data distinct to each user. Two years into the program and after 18 months of research, the handsets are beginning to meet some user requirements and are garnering feedback for future iterations. There are two primary steps to the program for assured […]

New way to improve cybersecurity

Science Daily  April 17, 2109 Use of distributed network intrusion detection requires data to be transmitted from sensors requiring large bandwidth, hence most systems only send alerts or summaries of activities back to the security analyst. To overcome this, a team of researchers in the US (ARL, Towson University) developed a tool that would stop transmitting traffic after a given number of messages had been transmitted based on the theory that malicious network activity would manifest its maliciousness early in the transmission process. In tests they found their theory to be correct. They are working to reduce the amount of […]

Creating a cloak for grid data in the cloud

Phys.org  April 19, 2019 Grid operators perform complex computations of very sensitive data to deliver power to consumers. Cloud-based tools can help manage the data and facilitate computation, but utility owners and system operators are concerned about security. Researchers at Argonne National Laboratory are developing framework which masks sensitive data and provides for secure computation. The Argonne framework warps, or “perturbs,” the model and data being sent for calculations, changing key variables and equations. A disguised version of the problem goes to a cloud-based “solver” computer, and the answer is returned to a local, secure server for decoding. During the […]

Toward novel computing and fraud detection technologies with on-demand polymers

Science Daily  April 1, 2019 Researchers in France have constructed synthetic polymers with fully controlled primary structures using solid-phase iterative chemistry, a process that was originally developed to make peptides. In the last few years, the team has been making precisely tailored polymers for data-storage applications. In these polymers, each monomer or subunit stands for a specific piece of information. So far, the researchers have created tiny data storage devices made of layered sequence-coded polymers. Recently observed that the molecular bits that they contain occupy much smaller volumes than do the nucleotides in DNA. They believe that within the next […]

Engineers develop novel techniques to trick object detection systems

Science Daily  April 4, 2019 To understand and document vulnerabilities in deep and machine-learning algorithms, researchers at the Southwestern Research Institute have developed patterns when worn or mounted on a vehicle, cause the algorithms in the camera to either misclassify or mislocate objects, creating a vulnerability. Malicious parties could place these patterns near roadways, potentially creating chaos for vehicles equipped with object detectors. The researchers call these patterns ‘perception invariant’ adversarial examples because they don’t need to cover the entire object or be parallel to the camera to trick the algorithm. The algorithms can misclassify the object as long as […]