Showing 1–50 of 60 results for author: Choo, K R

Beyond Text-to-SQL for IoT Defense: A Comprehensive Framework for Querying and Classifying IoT Threats

Authors: Ryan Pavlich, Nima Ebadi, Richard Tarbell, Billy Linares, Adrian Tan, Rachael Humphreys, Jayanta Kumar Das, Rambod Ghandiparsi, Hannah Haley, Jerris George, Rocky Slavin, Kim-Kwang Raymond Choo, Glenn Dietrich, Anthony Rios

Abstract: Recognizing the promise of natural language interfaces to databases, prior studies have emphasized the development of text-to-SQL systems. While substantial progress has been made in this field, existing research has concentrated on generating SQL statements from text queries. The broader challenge, however, lies in inferring new information about the returned data. Our research makes two major co… ▽ More Recognizing the promise of natural language interfaces to databases, prior studies have emphasized the development of text-to-SQL systems. While substantial progress has been made in this field, existing research has concentrated on generating SQL statements from text queries. The broader challenge, however, lies in inferring new information about the returned data. Our research makes two major contributions to address this gap. First, we introduce a novel Internet-of-Things (IoT) text-to-SQL dataset comprising 10,985 text-SQL pairs and 239,398 rows of network traffic activity. The dataset contains additional query types limited in prior text-to-SQL datasets, notably temporal-related queries. Our dataset is sourced from a smart building's IoT ecosystem exploring sensor read and network traffic data. Second, our dataset allows two-stage processing, where the returned data (network traffic) from a generated SQL can be categorized as malicious or not. Our results show that joint training to query and infer information about the data can improve overall text-to-SQL performance, nearly matching substantially larger models. We also show that current large language models (e.g., GPT3.5) struggle to infer new information about returned data, thus our dataset provides a novel test bed for integrating complex domain-specific reasoning into LLMs. △ Less

Submitted 25 June, 2024; originally announced June 2024.

Shadow-Free Membership Inference Attacks: Recommender Systems Are More Vulnerable Than You Thought

Authors: Xiaoxiao Chi, Xuyun Zhang, Yan Wang, Lianyong Qi, Amin Beheshti, Xiaolong Xu, Kim-Kwang Raymond Choo, Shuo Wang, Hongsheng Hu

Abstract: Recommender systems have been successfully applied in many applications. Nonetheless, recent studies demonstrate that recommender systems are vulnerable to membership inference attacks (MIAs), leading to the leakage of users' membership privacy. However, existing MIAs relying on shadow training suffer a large performance drop when the attacker lacks knowledge of the training data distribution and… ▽ More Recommender systems have been successfully applied in many applications. Nonetheless, recent studies demonstrate that recommender systems are vulnerable to membership inference attacks (MIAs), leading to the leakage of users' membership privacy. However, existing MIAs relying on shadow training suffer a large performance drop when the attacker lacks knowledge of the training data distribution and the model architecture of the target recommender system. To better understand the privacy risks of recommender systems, we propose shadow-free MIAs that directly leverage a user's recommendations for membership inference. Without shadow training, the proposed attack can conduct MIAs efficiently and effectively under a practice scenario where the attacker is given only black-box access to the target recommender system. The proposed attack leverages an intuition that the recommender system personalizes a user's recommendations if his historical interactions are used by it. Thus, an attacker can infer membership privacy by determining whether the recommendations are more similar to the interactions or the general popular items. We conduct extensive experiments on benchmark datasets across various recommender systems. Remarkably, our attack achieves far better attack accuracy with low false positive rates than baselines while with a much lower computational cost. △ Less

Submitted 11 May, 2024; originally announced May 2024.

Comments: This paper has been accepted by IJCAI-24

A2-DIDM: Privacy-preserving Accumulator-enabled Auditing for Distributed Identity of DNN Model

Authors: Tianxiu Xie, Keke Gai, Jing Yu, Liehuang Zhu, Kim-Kwang Raymond Choo

Abstract: Recent booming development of Generative Artificial Intelligence (GenAI) has facilitated an emerging model commercialization for the purpose of reinforcement on model performance, such as licensing or trading Deep Neural Network (DNN) models. However, DNN model trading may trigger concerns of the unauthorized replications or misuses over the model, so that the benefit of the model ownership will b… ▽ More Recent booming development of Generative Artificial Intelligence (GenAI) has facilitated an emerging model commercialization for the purpose of reinforcement on model performance, such as licensing or trading Deep Neural Network (DNN) models. However, DNN model trading may trigger concerns of the unauthorized replications or misuses over the model, so that the benefit of the model ownership will be violated. Model identity auditing is a challenging issue in protecting intellectual property of DNN models and verifying the integrity and ownership of models for guaranteeing trusts in transactions is one of the critical obstacles. In this paper, we focus on the above issue and propose a novel Accumulator-enabled Auditing for Distributed Identity of DNN Model (A2-DIDM) that utilizes blockchain and zero-knowledge techniques to protect data and function privacy while ensuring the lightweight on-chain ownership verification. The proposed model presents a scheme of identity records via configuring model weight checkpoints with corresponding zero-knowledge proofs, which incorporates predicates to capture incremental state changes in model weight checkpoints. Our scheme ensures both computational integrity of DNN training process and programmability, so that the uniqueness of the weight checkpoint sequence in a DNN model is preserved, ensuring the correctness of the model identity auditing. In addition, A2-DIDM also addresses privacy protections in distributed identity via a proposed method of accumulators. We systematically analyze the security and robustness of our proposed model and further evaluate the effectiveness and usability of auditing DNN model identities. △ Less

Submitted 7 May, 2024; originally announced May 2024.

Holistic Evaluation Metrics: Use Case Sensitive Evaluation Metrics for Federated Learning

Authors: Yanli Li, Jehad Ibrahim, Huaming Chen, Dong Yuan, Kim-Kwang Raymond Choo

Abstract: A large number of federated learning (FL) algorithms have been proposed for different applications and from varying perspectives. However, the evaluation of such approaches often relies on a single metric (e.g., accuracy). Such a practice fails to account for the unique demands and diverse requirements of different use cases. Thus, how to comprehensively evaluate an FL algorithm and determine the… ▽ More A large number of federated learning (FL) algorithms have been proposed for different applications and from varying perspectives. However, the evaluation of such approaches often relies on a single metric (e.g., accuracy). Such a practice fails to account for the unique demands and diverse requirements of different use cases. Thus, how to comprehensively evaluate an FL algorithm and determine the most suitable candidate for a designated use case remains an open question. To mitigate this research gap, we introduce the Holistic Evaluation Metrics (HEM) for FL in this work. Specifically, we collectively focus on three primary use cases, which are Internet of Things (IoT), smart devices, and institutions. The evaluation metric encompasses various aspects including accuracy, convergence, computational efficiency, fairness, and personalization. We then assign a respective importance vector for each use case, reflecting their distinct performance requirements and priorities. The HEM index is finally generated by integrating these metric components with their respective importance vectors. Through evaluating different FL algorithms in these three prevalent use cases, our experimental results demonstrate that HEM can effectively assess and identify the FL algorithms best suited to particular scenarios. We anticipate this work sheds light on the evaluation process for pragmatic FL algorithms in real-world applications. △ Less

Submitted 2 May, 2024; originally announced May 2024.

GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model

Authors: Zhiyu Zhu, Huaming Chen, Xinyi Wang, Jiayu Zhang, Zhibo Jin, Kim-Kwang Raymond Choo, Jun Shen, Dong Yuan

Abstract: Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data, i.e., images, text, and audio. Accordingly, its promising performance has led to the GAN-based adversarial attack methods in the white-box and black-box attack scenarios. The importance of transferable black-box attacks lies in their ability to be effective across… ▽ More Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data, i.e., images, text, and audio. Accordingly, its promising performance has led to the GAN-based adversarial attack methods in the white-box and black-box attack scenarios. The importance of transferable black-box attacks lies in their ability to be effective across different models and settings, more closely aligning with real-world applications. However, it remains challenging to retain the performance in terms of transferable adversarial examples for such methods. Meanwhile, we observe that some enhanced gradient-based transferable adversarial attack algorithms require prolonged time for adversarial sample generation. Thus, in this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples whilst improving the algorithm's efficiency. The main approach is via optimising the training process of the generator parameters. With the functional and characteristic similarity analysis, we introduce a novel gradient editing (GE) mechanism and verify its feasibility in generating transferable samples on various models. Moreover, by exploring the frequency domain information to determine the gradient editing direction, GE-AdvGAN can generate highly transferable adversarial samples while minimizing the execution time in comparison to the state-of-the-art transferable adversarial attack algorithms. The performance of GE-AdvGAN is comprehensively evaluated by large-scale experiments on different datasets, which results demonstrate the superiority of our algorithm. The code for our algorithm is available at: https://github.com/LMBTough/GE-advGAN △ Less

Submitted 29 January, 2024; v1 submitted 11 January, 2024; originally announced January 2024.

Comments: Accepted by SIAM International Conference on Data Mining (SDM24)

FairCompass: Operationalising Fairness in Machine Learning

Authors: Jessica Liu, Huaming Chen, Jun Shen, Kim-Kwang Raymond Choo

Abstract: As artificial intelligence (AI) increasingly becomes an integral part of our societal and individual activities, there is a growing imperative to develop responsible AI solutions. Despite a diverse assortment of machine learning fairness solutions is proposed in the literature, there is reportedly a lack of practical implementation of these tools in real-world applications. Industry experts have p… ▽ More As artificial intelligence (AI) increasingly becomes an integral part of our societal and individual activities, there is a growing imperative to develop responsible AI solutions. Despite a diverse assortment of machine learning fairness solutions is proposed in the literature, there is reportedly a lack of practical implementation of these tools in real-world applications. Industry experts have participated in thorough discussions on the challenges associated with operationalising fairness in the development of machine learning-empowered solutions, in which a shift toward human-centred approaches is promptly advocated to mitigate the limitations of existing techniques. In this work, we propose a human-in-the-loop approach for fairness auditing, presenting a mixed visual analytical system (hereafter referred to as 'FairCompass'), which integrates both subgroup discovery technique and the decision tree-based schema for end users. Moreover, we innovatively integrate an Exploration, Guidance and Informed Analysis loop, to facilitate the use of the Knowledge Generation Model for Visual Analytics in FairCompass. We evaluate the effectiveness of FairCompass for fairness auditing in a real-world scenario, and the findings demonstrate the system's potential for real-world deployability. We anticipate this work will address the current gaps in research for fairness and facilitate the operationalisation of fairness in machine learning systems. △ Less

Submitted 27 December, 2023; originally announced December 2023.

Comments: Accepted in IEEE Transactions on Artificial Intelligence

MFABA: A More Faithful and Accelerated Boundary-based Attribution Method for Deep Neural Networks

Authors: Zhiyu Zhu, Huaming Chen, Jiayu Zhang, Xinyi Wang, Zhibo Jin, Minhui Xue, Dongxiao Zhu, Kim-Kwang Raymond Choo

Abstract: To better understand the output of deep neural networks (DNN), attribution based methods have been an important approach for model interpretability, which assign a score for each input dimension to indicate its importance towards the model outcome. Notably, the attribution methods use the axioms of sensitivity and implementation invariance to ensure the validity and reliability of attribution resu… ▽ More To better understand the output of deep neural networks (DNN), attribution based methods have been an important approach for model interpretability, which assign a score for each input dimension to indicate its importance towards the model outcome. Notably, the attribution methods use the axioms of sensitivity and implementation invariance to ensure the validity and reliability of attribution results. Yet, the existing attribution methods present challenges for effective interpretation and efficient computation. In this work, we introduce MFABA, an attribution algorithm that adheres to axioms, as a novel method for interpreting DNN. Additionally, we provide the theoretical proof and in-depth analysis for MFABA algorithm, and conduct a large scale experiment. The results demonstrate its superiority by achieving over 101.5142 times faster speed than the state-of-the-art attribution algorithms. The effectiveness of MFABA is thoroughly evaluated through the statistical analysis in comparison to other methods, and the full implementation package is open-source at: https://github.com/LMBTough/MFABA △ Less

Submitted 21 December, 2023; originally announced December 2023.

Comments: Accepted by The 38th Annual AAAI Conference on Artificial Intelligence (AAAI-24)

VFedMH: Vertical Federated Learning for Training Multiple Heterogeneous Models

Authors: Shuo Wang, Keke Gai, Jing Yu, Liehuang Zhu, Kim-Kwang Raymond Choo, Bin Xiao

Abstract: Vertical federated learning has garnered significant attention as it allows clients to train machine learning models collaboratively without sharing local data, which protects the client's local private data. However, existing VFL methods face challenges when dealing with heterogeneous local models among participants, which affects optimization convergence and generalization. To address this chall… ▽ More Vertical federated learning has garnered significant attention as it allows clients to train machine learning models collaboratively without sharing local data, which protects the client's local private data. However, existing VFL methods face challenges when dealing with heterogeneous local models among participants, which affects optimization convergence and generalization. To address this challenge, this paper proposes a novel approach called Vertical federated learning for training multiple Heterogeneous models (VFedMH). VFedMH focuses on aggregating the local embeddings of each participant's knowledge during forward propagation. To protect the participants' local embedding values, we propose an embedding protection method based on lightweight blinding factors. In particular, participants obtain local embedding using local heterogeneous models. Then the passive party, who owns only features of the sample, injects the blinding factor into the local embedding and sends it to the active party. The active party aggregates local embeddings to obtain global knowledge embeddings and sends them to passive parties. The passive parties then utilize the global embeddings to propagate forward on their local heterogeneous networks. However, the passive party does not own the sample labels, so the local model gradient cannot be calculated locally. To overcome this limitation, the active party assists the passive party in computing its local heterogeneous model gradients. Then, each participant trains their local model using the heterogeneous model gradients. The objective is to minimize the loss value of their respective local heterogeneous models. Extensive experiments are conducted to demonstrate that VFedMH can simultaneously train multiple heterogeneous models with heterogeneous optimization and outperform some recent methods in model performance. △ Less

Submitted 8 February, 2024; v1 submitted 20 October, 2023; originally announced October 2023.

Source Inference Attacks: Beyond Membership Inference Attacks in Federated Learning

Authors: Hongsheng Hu, Xuyun Zhang, Zoran Salcic, Lichao Sun, Kim-Kwang Raymond Choo, Gillian Dobbie

Abstract: Federated learning (FL) is a popular approach to facilitate privacy-aware machine learning since it allows multiple clients to collaboratively train a global model without granting others access to their private data. It is, however, known that FL can be vulnerable to membership inference attacks (MIAs), where the training records of the global model can be distinguished from the testing records.… ▽ More Federated learning (FL) is a popular approach to facilitate privacy-aware machine learning since it allows multiple clients to collaboratively train a global model without granting others access to their private data. It is, however, known that FL can be vulnerable to membership inference attacks (MIAs), where the training records of the global model can be distinguished from the testing records. Surprisingly, research focusing on the investigation of the source inference problem appears to be lacking. We also observe that identifying a training record's source client can result in privacy breaches extending beyond MIAs. For example, consider an FL application where multiple hospitals jointly train a COVID-19 diagnosis model, membership inference attackers can identify the medical records that have been used for training, and any additional identification of the source hospital can result the patient from the particular hospital more prone to discrimination. Seeking to contribute to the literature gap, we take the first step to investigate source privacy in FL. Specifically, we propose a new inference attack (hereafter referred to as source inference attack -- SIA), designed to facilitate an honest-but-curious server to identify the training record's source client. The proposed SIAs leverage the Bayesian theorem to allow the server to implement the attack in a non-intrusive manner without deviating from the defined FL protocol. We then evaluate SIAs in three different FL frameworks to show that in existing FL frameworks, the clients sharing gradients, model parameters, or predictions on a public dataset will leak such source information to the server. We also conduct extensive experiments on various datasets to investigate the key factors in an SIA. The experimental results validate the efficacy of the proposed SIAs. △ Less

Submitted 29 September, 2023; originally announced October 2023.

Comments: Accepted by IEEE Transactions on Dependable and Secure Computing

Ethical Considerations and Policy Implications for Large Language Models: Guiding Responsible Development and Deployment

Authors: Jianyi Zhang, Xu Ji, Zhangchi Zhao, Xiali Hei, Kim-Kwang Raymond Choo

Abstract: This paper examines the ethical considerations and implications of large language models (LLMs) in generating content. It highlights the potential for both positive and negative uses of generative AI programs and explores the challenges in assigning responsibility for their outputs. The discussion emphasizes the need for proactive ethical frameworks and policy measures to guide the responsible dev… ▽ More This paper examines the ethical considerations and implications of large language models (LLMs) in generating content. It highlights the potential for both positive and negative uses of generative AI programs and explores the challenges in assigning responsibility for their outputs. The discussion emphasizes the need for proactive ethical frameworks and policy measures to guide the responsible development and deployment of LLMs. △ Less

Submitted 1 August, 2023; originally announced August 2023.

Comments: 5 pages

Edge Learning for 6G-enabled Internet of Things: A Comprehensive Survey of Vulnerabilities, Datasets, and Defenses

Authors: Mohamed Amine Ferrag, Othmane Friha, Burak Kantarci, Norbert Tihanyi, Lucas Cordeiro, Merouane Debbah, Djallel Hamouda, Muna Al-Hawawreh, Kim-Kwang Raymond Choo

Abstract: The ongoing deployment of the fifth generation (5G) wireless networks constantly reveals limitations concerning its original concept as a key driver of Internet of Everything (IoE) applications. These 5G challenges are behind worldwide efforts to enable future networks, such as sixth generation (6G) networks, to efficiently support sophisticated applications ranging from autonomous driving capabil… ▽ More The ongoing deployment of the fifth generation (5G) wireless networks constantly reveals limitations concerning its original concept as a key driver of Internet of Everything (IoE) applications. These 5G challenges are behind worldwide efforts to enable future networks, such as sixth generation (6G) networks, to efficiently support sophisticated applications ranging from autonomous driving capabilities to the Metaverse. Edge learning is a new and powerful approach to training models across distributed clients while protecting the privacy of their data. This approach is expected to be embedded within future network infrastructures, including 6G, to solve challenging problems such as resource management and behavior prediction. This survey article provides a holistic review of the most recent research focused on edge learning vulnerabilities and defenses for 6G-enabled IoT. We summarize the existing surveys on machine learning for 6G IoT security and machine learning-associated threats in three different learning modes: centralized, federated, and distributed. Then, we provide an overview of enabling emerging technologies for 6G IoT intelligence. Moreover, we provide a holistic survey of existing research on attacks against machine learning and classify threat models into eight categories, including backdoor attacks, adversarial examples, combined attacks, poisoning attacks, Sybil attacks, byzantine attacks, inference attacks, and dropping attacks. In addition, we provide a comprehensive and detailed taxonomy and a side-by-side comparison of the state-of-the-art defense methods against edge learning vulnerabilities. Finally, as new attacks and defense technologies are realized, new research and future overall prospects for 6G-enabled IoT are discussed. △ Less

Submitted 8 February, 2024; v1 submitted 17 June, 2023; originally announced June 2023.

Comments: This paper has been accepted for publication in IEEE Communications Surveys \& Tutorials

Towards Understanding the Generalization of Medical Text-to-SQL Models and Datasets

Authors: Richard Tarbell, Kim-Kwang Raymond Choo, Glenn Dietrich, Anthony Rios

Abstract: Electronic medical records (EMRs) are stored in relational databases. It can be challenging to access the required information if the user is unfamiliar with the database schema or general database fundamentals. Hence, researchers have explored text-to-SQL generation methods that provide healthcare professionals direct access to EMR data without needing a database expert. However, currently availa… ▽ More Electronic medical records (EMRs) are stored in relational databases. It can be challenging to access the required information if the user is unfamiliar with the database schema or general database fundamentals. Hence, researchers have explored text-to-SQL generation methods that provide healthcare professionals direct access to EMR data without needing a database expert. However, currently available datasets have been essentially "solved" with state-of-the-art models achieving accuracy greater than or near 90%. In this paper, we show that there is still a long way to go before solving text-to-SQL generation in the medical domain. To show this, we create new splits of the existing medical text-to-SQL dataset MIMICSQL that better measure the generalizability of the resulting models. We evaluate state-of-the-art language models on our new split showing substantial drops in performance with accuracy dropping from up to 92% to 28%, thus showing substantial room for improvement. Moreover, we introduce a novel data augmentation approach to improve the generalizability of the language models. Overall, this paper is the first step towards developing more robust text-to-SQL models in the medical domain.\footnote{The dataset and code will be released upon acceptance. △ Less

Submitted 22 March, 2023; originally announced March 2023.

Poisoning Attacks in Federated Edge Learning for Digital Twin 6G-enabled IoTs: An Anticipatory Study

Authors: Mohamed Amine Ferrag, Burak Kantarci, Lucas C. Cordeiro, Merouane Debbah, Kim-Kwang Raymond Choo

Abstract: Federated edge learning can be essential in supporting privacy-preserving, artificial intelligence (AI)-enabled activities in digital twin 6G-enabled Internet of Things (IoT) environments. However, we need to also consider the potential of attacks targeting the underlying AI systems (e.g., adversaries seek to corrupt data on the IoT devices during local updates or corrupt the model updates); hence… ▽ More Federated edge learning can be essential in supporting privacy-preserving, artificial intelligence (AI)-enabled activities in digital twin 6G-enabled Internet of Things (IoT) environments. However, we need to also consider the potential of attacks targeting the underlying AI systems (e.g., adversaries seek to corrupt data on the IoT devices during local updates or corrupt the model updates); hence, in this article, we propose an anticipatory study for poisoning attacks in federated edge learning for digital twin 6G-enabled IoT environments. Specifically, we study the influence of adversaries on the training and development of federated learning models in digital twin 6G-enabled IoT environments. We demonstrate that attackers can carry out poisoning attacks in two different learning settings, namely: centralized learning and federated learning, and successful attacks can severely reduce the model's accuracy. We comprehensively evaluate the attacks on a new cyber security dataset designed for IoT applications with three deep neural networks under the non-independent and identically distributed (Non-IID) data and the independent and identically distributed (IID) data. The poisoning attacks, on an attack classification problem, can lead to a decrease in accuracy from 94.93% to 85.98% with IID data and from 94.18% to 30.04% with Non-IID. △ Less

Submitted 21 March, 2023; originally announced March 2023.

Comments: The paper is accepted and will be published in the IEEE ICC 2023 Conference Proceedings

Blockchain for Unmanned Underwater Drones: Research Issues, Challenges, Trends and Future Directions

Authors: Neelu Jyoti Ahuja, Adarsh Kumar, Monika Thapliyal, Sarthika Dutt, Tanesh Kumar, Diego Augusto De Jesus Pacheco, Charalambos Konstantinou, Kim-Kwang Raymond Choo

Abstract: Underwater drones have found a place in oceanography, oceanic research, bathymetric surveys, military, surveillance, monitoring, undersea exploration, mining, commercial diving, photography and several other activities. Drones housed with several sensors and complex propulsion systems help oceanographic scientists and undersea explorers to map the seabed, study waves, view dead zones, analyze fish… ▽ More Underwater drones have found a place in oceanography, oceanic research, bathymetric surveys, military, surveillance, monitoring, undersea exploration, mining, commercial diving, photography and several other activities. Drones housed with several sensors and complex propulsion systems help oceanographic scientists and undersea explorers to map the seabed, study waves, view dead zones, analyze fish counts, predict tidal wave behaviors, aid in finding shipwrecks, building windfarms, examine oil platforms located in deep seas and inspect nuclear reactors in the ship vessels. While drones can be explicitly programmed for specific missions, data security and privacy are crucial issues of serious concern. Blockchain has emerged as a key enabling technology, amongst other disruptive technological enablers, to address security, data sharing, storage, process tracking, collaboration and resource management. This study presents a comprehensive review on the utilization of Blockchain in different underwater applications, discussing use cases and detailing benefits. Potential challenges of underwater applications addressed by Blockchain have been detailed. This work identifies knowledge gaps between theoretical research and real-time Blockchain integration in realistic underwater drone applications. The key limitations for effective integration of Blockchain in real-time integration in UUD applications, along with directions for future research have been presented. △ Less

Submitted 12 October, 2022; originally announced October 2022.

Multi-Domain Virtual Network Embedding Algorithm based on Horizontal Federated Learning

Authors: Peiying Zhang, Ning Chen, Shibao Li, Kim-Kwang Raymond Choo, Chunxiao Jiang

Abstract: Network Virtualization (NV) is an emerging network dynamic planning technique to overcome network rigidity. As its necessary challenge, Virtual Network Embedding (VNE) enhances the scalability and flexibility of the network by decoupling the resources and services of the underlying physical network. For the future multi-domain physical network modeling with the characteristics of dynamics, heterog… ▽ More Network Virtualization (NV) is an emerging network dynamic planning technique to overcome network rigidity. As its necessary challenge, Virtual Network Embedding (VNE) enhances the scalability and flexibility of the network by decoupling the resources and services of the underlying physical network. For the future multi-domain physical network modeling with the characteristics of dynamics, heterogeneity, privacy, and real-time, the existing related works perform satisfactorily. Federated learning (FL) jointly optimizes the network by sharing parameters among multiple parties and is widely employed in disputes over data privacy and data silos. Aiming at the NV challenge of multi-domain physical networks, this work is the first to propose using FL to model VNE, and presents a VNE architecture based on Horizontal Federated Learning (HFL) (HFL-VNE). Specifically, combined with the distributed training paradigm of FL, we deploy local servers in each physical domain, which can effectively focus on local features and reduce resource fragmentation. A global server is deployed to aggregate and share training parameters, which enhances local data privacy and significantly improves learning efficiency. Furthermore, we deploy the Deep Reinforcement Learning (DRL) model in each server to dynamically adjust and optimize the resource allocation of the multi-domain physical network. In DRL-assisted FL, HFL-VNE jointly optimizes decision-making through specific local and federated reward mechanisms and loss functions. Finally, the superiority of HFL-VNE is proved by combining simulation experiments and comparing it with related works. △ Less

Submitted 29 May, 2022; originally announced May 2022.

Forensic Artefact Discovery and Attribution from Android Cryptocurrency Wallet Applications

Authors: Eugene Chang, Paul Darcy, Kim-Kwang Raymond Choo, Nhien-An Le-Khac

Abstract: Cryptocurrency has been (ab)used to purchase illicit goods and services such as drugs, weapons and child pornography (also referred to as child sexual abuse materials), and thus mobile devices (where cryptocurrency wallet applications are installed) are a potential source of evidence in a criminal investigation. Not surprisingly, there has been increased focus on the security of cryptocurrency wal… ▽ More Cryptocurrency has been (ab)used to purchase illicit goods and services such as drugs, weapons and child pornography (also referred to as child sexual abuse materials), and thus mobile devices (where cryptocurrency wallet applications are installed) are a potential source of evidence in a criminal investigation. Not surprisingly, there has been increased focus on the security of cryptocurrency wallets, although forensic extraction and attribution of forensic artefacts from such wallets is understudied. In this paper, we examine Bitcoin and Dogecoin. The latter is increasingly popular partly due to endorsements from celebrities and being positioned as an introductory path to cryptocurrency for newcomers. Specifically, we demonstrate how one can acquire forensic artefacts from Android Bitcoin and Dogecoin cryptocurrency wallets, such as wallet IDs, transaction IDs, timestamp information, email addresses, cookies, and OAuth tokens. △ Less

Submitted 29 May, 2022; originally announced May 2022.

BABD: A Bitcoin Address Behavior Dataset for Pattern Analysis

Authors: Yuexin Xiang, Yuchen Lei, Ding Bao, Wei Ren, Tiantian Li, Qingqing Yang, Wenmao Liu, Tianqing Zhu, Kim-Kwang Raymond Choo

Abstract: Cryptocurrencies are no longer just the preferred option for cybercriminal activities on darknets, due to the increasing adoption in mainstream applications. This is partly due to the transparency associated with the underpinning ledgers, where any individual can access the record of a transaction record on the public ledger. In this paper, we build a dataset comprising Bitcoin transactions betwee… ▽ More Cryptocurrencies are no longer just the preferred option for cybercriminal activities on darknets, due to the increasing adoption in mainstream applications. This is partly due to the transparency associated with the underpinning ledgers, where any individual can access the record of a transaction record on the public ledger. In this paper, we build a dataset comprising Bitcoin transactions between 12 July 2019 and 26 May 2021. This dataset (hereafter referred to as BABD-13) contains 13 types of Bitcoin addresses, 5 categories of indicators with 148 features, and 544,462 labeled data, which is the largest labeled Bitcoin address behavior dataset publicly available to our knowledge. We then use our proposed dataset on common machine learning models, namely: k-nearest neighbors algorithm, decision tree, random forest, multilayer perceptron, and XGBoost. The results show that the accuracy rates of these machine learning models for the multi-classification task on our proposed dataset are between 93.24% and 97.13%. We also analyze the proposed features and their relationships from the experiments, and propose a k-hop subgraph generation algorithm to extract a k-hop subgraph from the entire Bitcoin transaction graph constructed by the directed heterogeneous multigraph starting from a specific Bitcoin address node (e.g., a known transaction associated with a criminal investigation). Besides, we initially analyze the behavior patterns of different types of Bitcoin addresses according to the extracted features. △ Less

Submitted 5 May, 2022; v1 submitted 10 April, 2022; originally announced April 2022.

Comments: 14 pages, 4 figures

MSC Class: 68-11 ACM Class: H.2.8

Journal ref: in IEEE Transactions on Information Forensics and Security, vol. 19, pp. 2171-2185, 2024

A Systematic Review of Bio-Cyber Interface Technologies and Security Issues for Internet of Bio-Nano Things

Authors: Sidra Zafar, Mohsin Nazir, Taimur Bakhshi, Hasan Ali Khattak, Sarmadullah Khan, Muhammad Bilal, Kim-Kwang Raymond Choo, Kyung-Sup Kwak7, Aneeqa Sabah

Abstract: Advances in synthetic biology and nanotechnology have contributed to the design of tools that can be used to control, reuse, modify, and re-engineer cells' structure, as well as enabling engineers to effectively use biological cells as programmable substrates to realize Bio-Nano Things (biological embedded computing devices). Bio-NanoThings are generally tiny, non-intrusive, and concealable device… ▽ More Advances in synthetic biology and nanotechnology have contributed to the design of tools that can be used to control, reuse, modify, and re-engineer cells' structure, as well as enabling engineers to effectively use biological cells as programmable substrates to realize Bio-Nano Things (biological embedded computing devices). Bio-NanoThings are generally tiny, non-intrusive, and concealable devices that can be used for in-vivo applications such as intra-body sensing and actuation networks, where the use of artificial devices can be detrimental. Such (nano-scale) devices can be used in various healthcare settings such as continuous health monitoring, targeted drug delivery, and nano-surgeries. These services can also be grouped to form a collaborative network (i.e., nanonetwork), whose performance can potentially be improved when connected to higher bandwidth external networks such as the Internet, say via 5G. However, to realize the IoBNT paradigm, it is also important to seamlessly connect the biological environment with the technological landscape by having a dynamic interface design to convert biochemical signals from the human body into an equivalent electromagnetic signal (and vice versa). This, unfortunately, risks the exposure of internal biological mechanisms to cyber-based sensing and medical actuation, with potential security and privacy implications. This paper comprehensively reviews bio-cyber interface for IoBNT architecture, focusing on bio-cyber interfacing options for IoBNT like biologically inspired bio-electronic devices, RFID enabled implantable chips, and electronic tattoos. This study also identifies known and potential security and privacy vulnerabilities and mitigation strategies for consideration in future IoBNT designs and implementations. △ Less

Submitted 27 June, 2021; originally announced June 2021.

Comments: 41 pages, 9 tables, 6 figures

A Lightweight Privacy-Preserving Scheme Using Label-based Pixel Block Mixing for Image Classification in Deep Learning

Authors: Yuexin Xiang, Tiantian Li, Wei Ren, Tianqing Zhu, Kim-Kwang Raymond Choo

Abstract: To ensure the privacy of sensitive data used in the training of deep learning models, a number of privacy-preserving methods have been designed by the research community. However, existing schemes are generally designed to work with textual data, or are not efficient when a large number of images is used for training. Hence, in this paper we propose a lightweight and efficient approach to preserve… ▽ More To ensure the privacy of sensitive data used in the training of deep learning models, a number of privacy-preserving methods have been designed by the research community. However, existing schemes are generally designed to work with textual data, or are not efficient when a large number of images is used for training. Hence, in this paper we propose a lightweight and efficient approach to preserve image privacy while maintaining the availability of the training set. Specifically, we design the pixel block mixing algorithm for image classification privacy preservation in deep learning. To evaluate its utility, we use the mixed training set to train the ResNet50, VGG16, InceptionV3 and DenseNet121 models on the WIKI dataset and the CNBC face dataset. Experimental findings on the testing set show that our scheme preserves image privacy while maintaining the availability of the training set in the deep learning models. Additionally, the experimental results demonstrate that we achieve good performance for the VGG16 model on the WIKI dataset and both ResNet50 and DenseNet121 on the CNBC dataset. The pixel block algorithm achieves fairly high efficiency in the mixing of the images, and it is computationally challenging for the attackers to restore the mixed training set to the original training set. Moreover, data augmentation can be applied to the mixed training set to improve the training's effectiveness. △ Less

Submitted 18 May, 2021; originally announced May 2021.

Comments: 11 pages, 16 figures

MSC Class: 68T07 ACM Class: I.2.6; I.2.9

Journal ref: Engineering Applications of Artificial Intelligence 126 (2023): 107180

Investigating Protected Health Information Leakage from Android Medical Applications

Authors: George Grispos, Talon Flynn, William Glisson, Kim-Kwang Raymond Choo

Abstract: As smartphones and smartphone applications are widely used in a healthcare context (e.g., remote healthcare), these devices and applications may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. In other words, adequate safeguards to protect the user's sensitive information (e.g., personally identifiable information and/or medical history) are required to… ▽ More As smartphones and smartphone applications are widely used in a healthcare context (e.g., remote healthcare), these devices and applications may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. In other words, adequate safeguards to protect the user's sensitive information (e.g., personally identifiable information and/or medical history) are required to be enforced on such devices and applications. In this study, we forensically focus on the potential of recovering residual data from Android medical applications, with the objective of providing an initial risk assessment of such applications. Our findings (e.g., documentation of the artifacts) also contribute to a better understanding of the types and location of evidential artifacts that can, potentially, be recovered from these applications in a digital forensic investigation. △ Less

Submitted 16 May, 2021; originally announced May 2021.

Comments: Presented at the 5th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures (EAI FABULOUS 2021), Zagreb, Croatia

Consumer, Commercial and Industrial IoT (In)Security: Attack Taxonomy and Case Studies

Authors: Christos Xenofontos, Ioannis Zografopoulos, Charalambos Konstantinou, Alireza Jolfaei, Muhammad Khurram Khan, Kim-Kwang Raymond Choo

Abstract: Internet of Things (IoT) devices are becoming ubiquitous in our lives, with applications spanning from the consumer domain to commercial and industrial systems. The steep growth and vast adoption of IoT devices reinforce the importance of sound and robust cybersecurity practices during the device development life-cycles. IoT-related vulnerabilities, if successfully exploited can affect, not only t… ▽ More Internet of Things (IoT) devices are becoming ubiquitous in our lives, with applications spanning from the consumer domain to commercial and industrial systems. The steep growth and vast adoption of IoT devices reinforce the importance of sound and robust cybersecurity practices during the device development life-cycles. IoT-related vulnerabilities, if successfully exploited can affect, not only the device itself, but also the application field in which the IoT device operates. Evidently, identifying and addressing every single vulnerability is an arduous, if not impossible, task. Attack taxonomies can assist in classifying attacks and their corresponding vulnerabilities. Security countermeasures and best practices can then be leveraged to mitigate threats and vulnerabilities before they emerge into catastrophic attacks and ensure overall secure IoT operation. Therefore, in this paper, we provide an attack taxonomy which takes into consideration the different layers of IoT stack, i.e., device, infrastructure, communication, and service, and each layer's designated characteristics which can be exploited by adversaries. Furthermore, using nine real-world cybersecurity incidents, that had targeted IoT devices deployed in the consumer, commercial, and industrial sectors, we describe the IoT-related vulnerabilities, exploitation procedures, attacks, impacts, and potential mitigation mechanisms and protection strategies. These (and many other) incidents highlight the underlying security concerns of IoT systems and demonstrate the potential attack impacts of such connected ecosystems, while the proposed taxonomy provides a systematic procedure to categorize attacks based on the affected layer and corresponding impact. △ Less

Submitted 13 May, 2021; originally announced May 2021.

Comments: IEEE Internet of Things Journal

DeepKeyGen: A Deep Learning-based Stream Cipher Generator for Medical Image Encryption and Decryption

Authors: Yi Ding, Fuyuan Tan, Zhen Qin, Mingsheng Cao, Kim-Kwang Raymond Choo, Zhiguang Qin

Abstract: The need for medical image encryption is increasingly pronounced, for example to safeguard the privacy of the patients' medical imaging data. In this paper, a novel deep learning-based key generation network (DeepKeyGen) is proposed as a stream cipher generator to generate the private key, which can then be used for encrypting and decrypting of medical images. In DeepKeyGen, the generative adversa… ▽ More The need for medical image encryption is increasingly pronounced, for example to safeguard the privacy of the patients' medical imaging data. In this paper, a novel deep learning-based key generation network (DeepKeyGen) is proposed as a stream cipher generator to generate the private key, which can then be used for encrypting and decrypting of medical images. In DeepKeyGen, the generative adversarial network (GAN) is adopted as the learning network to generate the private key. Furthermore, the transformation domain (that represents the "style" of the private key to be generated) is designed to guide the learning network to realize the private key generation process. The goal of DeepKeyGen is to learn the mapping relationship of how to transfer the initial image to the private key. We evaluate DeepKeyGen using three datasets, namely: the Montgomery County chest X-ray dataset, the Ultrasonic Brachial Plexus dataset, and the BraTS18 dataset. The evaluation findings and security analysis show that the proposed key generation network can achieve a high-level security in generating the private key. △ Less

Submitted 20 December, 2020; originally announced December 2020.

A Survey of Machine Learning Techniques in Adversarial Image Forensics

Authors: Ehsan Nowroozi, Ali Dehghantanha, Reza M. Parizi, Kim-Kwang Raymond Choo

Abstract: Image forensic plays a crucial role in both criminal investigations (e.g., dissemination of fake images to spread racial hate or false narratives about specific ethnicity groups) and civil litigation (e.g., defamation). Increasingly, machine learning approaches are also utilized in image forensics. However, there are also a number of limitations and vulnerabilities associated with machine learning… ▽ More Image forensic plays a crucial role in both criminal investigations (e.g., dissemination of fake images to spread racial hate or false narratives about specific ethnicity groups) and civil litigation (e.g., defamation). Increasingly, machine learning approaches are also utilized in image forensics. However, there are also a number of limitations and vulnerabilities associated with machine learning-based approaches, for example how to detect adversarial (image) examples, with real-world consequences (e.g., inadmissible evidence, or wrongful conviction). Therefore, with a focus on image forensics, this paper surveys techniques that can be used to enhance the robustness of machine learning-based binary manipulation detectors in various adversarial scenarios. △ Less

Submitted 19 October, 2020; originally announced October 2020.

Comments: 37 pages, 24 figures, Accepted to the Journal Computer and Security (Elsevier)

Journal ref: 2020

Pocket Diagnosis: Secure Federated Learning against Poisoning Attack in the Cloud

Authors: Zhuoran Ma, Jianfeng Ma, Yinbin Miao, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng

Abstract: Federated learning has become prevalent in medical diagnosis due to its effectiveness in training a federated model among multiple health institutions (i.e. Data Islands (DIs)). However, increasingly massive DI-level poisoning attacks have shed light on a vulnerability in federated learning, which inject poisoned data into certain DIs to corrupt the availability of the federated model. Previous wo… ▽ More Federated learning has become prevalent in medical diagnosis due to its effectiveness in training a federated model among multiple health institutions (i.e. Data Islands (DIs)). However, increasingly massive DI-level poisoning attacks have shed light on a vulnerability in federated learning, which inject poisoned data into certain DIs to corrupt the availability of the federated model. Previous works on federated learning have been inadequate in ensuring the privacy of DIs and the availability of the final federated model. In this paper, we design a secure federated learning mechanism with multiple keys to prevent DI-level poisoning attacks for medical diagnosis, called SFPA. Concretely, SFPA provides privacy-preserving random forest-based federated learning by using the multi-key secure computation, which guarantees the confidentiality of DI-related information. Meanwhile, a secure defense strategy over encrypted locally-submitted models is proposed to defense DI-level poisoning attacks. Finally, our formal security analysis and empirical tests on a public cloud platform demonstrate the security and efficiency of SFPA as well as its capability of resisting DI-level poisoning attacks. △ Less

Submitted 22 September, 2020; originally announced September 2020.

Generating Image Adversarial Examples by Embedding Digital Watermarks

Authors: Yuexin Xiang, Tiantian Li, Wei Ren, Tianqing Zhu, Kim-Kwang Raymond Choo

Abstract: With the increasing attention to deep neural network (DNN) models, attacks are also upcoming for such models. For example, an attacker may carefully construct images in specific ways (also referred to as adversarial examples) aiming to mislead the DNN models to output incorrect classification results. Similarly, many efforts are proposed to detect and mitigate adversarial examples, usually for cer… ▽ More With the increasing attention to deep neural network (DNN) models, attacks are also upcoming for such models. For example, an attacker may carefully construct images in specific ways (also referred to as adversarial examples) aiming to mislead the DNN models to output incorrect classification results. Similarly, many efforts are proposed to detect and mitigate adversarial examples, usually for certain dedicated attacks. In this paper, we propose a novel digital watermark-based method to generate image adversarial examples to fool DNN models. Specifically, partial main features of the watermark image are embedded into the host image almost invisibly, aiming to tamper with and damage the recognition capabilities of the DNN models. We devise an efficient mechanism to select host images and watermark images and utilize the improved discrete wavelet transform (DWT) based Patchwork watermarking algorithm with a set of valid hyperparameters to embed digital watermarks from the watermark image dataset into original images for generating image adversarial examples. The experimental results illustrate that the attack success rate on common DNN models can reach an average of 95.47% on the CIFAR-10 dataset and the highest at 98.71%. Besides, our scheme is able to generate a large number of adversarial examples efficiently, concretely, an average of 1.17 seconds for completing the attacks on each image on the CIFAR-10 dataset. In addition, we design a baseline experiment using the watermark images generated by Gaussian noise as the watermark image dataset that also displays the effectiveness of our scheme. Similarly, we also propose the modified discrete cosine transform (DCT) based Patchwork watermarking algorithm. To ensure repeatability and reproducibility, the source code is available on GitHub. △ Less

Submitted 3 August, 2022; v1 submitted 14 August, 2020; originally announced September 2020.

Comments: 10 pages, 4 figures

ACM Class: I.2.0

Journal ref: Journal of Information Security and Applications 80 (2024): 103662

Blockchain-based Privacy Preservation for 5G-enabled Drone Communications

Authors: Yulei Wu, Hong-Ning Dai, Hao Wang, Kim-Kwang Raymond Choo

Abstract: 5G-enabled drones have potential applications in a variety of both military and civilian settings (e.g., monitoring and tracking of individuals in demonstrations and/or enforcing of social / physical distancing during pandemics such as COVID-19). Such applications generally involve the collection and dissemination of (massive) data from the drones to remote data centres for storage and analysis, f… ▽ More 5G-enabled drones have potential applications in a variety of both military and civilian settings (e.g., monitoring and tracking of individuals in demonstrations and/or enforcing of social / physical distancing during pandemics such as COVID-19). Such applications generally involve the collection and dissemination of (massive) data from the drones to remote data centres for storage and analysis, for example via 5G networks. Consequently, there are security and privacy considerations underpinning 5G-enabled drone communications. We posit the potential of leveraging blockchain to facilitate privacy preservation, and therefore in this article we will review existing blockchain-based solutions after introducing the architecture for 5G-enabled drone communications and blockchain. We will also review existing legislation and data privacy regulations that need to be considered in the design of blockchain-based solutions, as well as identifying potential challenges and open issues which will hopefully inform future research agenda. △ Less

Submitted 7 September, 2020; originally announced September 2020.

Comments: 8 pages, 3 figure, accepted by IEEE Network

VerifyTL: Secure and Verifiable Collaborative Transfer Learning

Authors: Zhuoran Ma, Jianfeng Ma, Yinbin Miao, Ximeng Liu, Wei Zheng, Kim-Kwang Raymond Choo, Robert H. Deng

Abstract: Getting access to labelled datasets in certain sensitive application domains can be challenging. Hence, one often resorts to transfer learning to transfer knowledge learned from a source domain with sufficient labelled data to a target domain with limited labelled data. However, most existing transfer learning techniques only focus on one-way transfer which brings no benefit to the source domain.… ▽ More Getting access to labelled datasets in certain sensitive application domains can be challenging. Hence, one often resorts to transfer learning to transfer knowledge learned from a source domain with sufficient labelled data to a target domain with limited labelled data. However, most existing transfer learning techniques only focus on one-way transfer which brings no benefit to the source domain. In addition, there is the risk of a covert adversary corrupting a number of domains, which can consequently result in inaccurate prediction or privacy leakage. In this paper we construct a secure and Verifiable collaborative Transfer Learning scheme, VerifyTL, to support two-way transfer learning over potentially untrusted datasets by improving knowledge transfer from a target domain to a source domain. Further, we equip VerifyTL with a cross transfer unit and a weave transfer unit employing SPDZ computation to provide privacy guarantee and verification in the two-domain setting and the multi-domain setting, respectively. Thus, VerifyTL is secure against covert adversary that can compromise up to n-1 out of n data domains. We analyze the security of VerifyTL and evaluate its performance over two real-world datasets. Experimental results show that VerifyTL achieves significant performance gains over existing secure learning schemes. △ Less

Submitted 18 May, 2020; originally announced May 2020.

Integrating Privacy Enhancing Techniques into Blockchains Using Sidechains

Authors: Reza M. Parizi, Sajad Homayoun, Abbas Yazdinejad, Ali Dehghantanha, Kim-Kwang Raymond Choo

Abstract: Blockchains are turning into decentralized computing platforms and are getting worldwide recognition for their unique advantages. There is an emerging trend beyond payments that blockchains could enable a new breed of decentralized applications, and serve as the foundation for Internet's security infrastructure. The immutable nature of the blockchain makes it a winner on security and transparency;… ▽ More Blockchains are turning into decentralized computing platforms and are getting worldwide recognition for their unique advantages. There is an emerging trend beyond payments that blockchains could enable a new breed of decentralized applications, and serve as the foundation for Internet's security infrastructure. The immutable nature of the blockchain makes it a winner on security and transparency; it is nearly inconceivable for ledgers to be altered in a way not instantly clear to every single user involved. However, most blockchains fall short in privacy aspects, particularly in data protection. Garlic Routing and Onion Routing are two of major Privacy Enhancing Techniques (PETs) which are popular for anonymization and security. Garlic Routing is a methodology using by I2P Anonymous Network to hide the identity of sender and receiver of data packets by bundling multiple messages into a layered encryption structure. The Onion Routing attempts to provide lowlatency Internet-based connections that resist traffic analysis, deanonymization attack, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routing servers themselves). As there are a few controversies over the rate of resistance of these two techniques to privacy attacks, we propose a PET-Enabled Sidechain (PETES) as a new privacy enhancing technique by integrating Garlic Routing and Onion Routing into a Garlic Onion Routing (GOR) framework suitable to the structure of blockchains. The preliminary proposed GOR aims to improve the privacy of transactions in blockchains via PETES structure. △ Less

Submitted 12 June, 2019; originally announced June 2019.

Comments: Accepted in the IEEE 32nd Canadian Conference of Electrical and Computer Engineering (IEEE CCECE), Edmonton, AB, Canada, May 5-8, 2019

A Blockchain-based Framework for Detecting Malicious Mobile Applications in App Stores

Authors: Sajad Homayoun, Ali Dehghantanha, Reza M. Parizi, Kim-Kwang Raymond Choo

Abstract: The dramatic growth in smartphone malware shows that malicious program developers are shifting from traditional PC systems to smartphone devices. Therefore, security researchers are also moving towards proposing novel antimalware methods to provide adequate protection. This paper proposes a Blockchain-Based Malware Detection Framework (B2MDF) for detecting malicious mobile applications in mobile a… ▽ More The dramatic growth in smartphone malware shows that malicious program developers are shifting from traditional PC systems to smartphone devices. Therefore, security researchers are also moving towards proposing novel antimalware methods to provide adequate protection. This paper proposes a Blockchain-Based Malware Detection Framework (B2MDF) for detecting malicious mobile applications in mobile applications marketplaces (app stores). The framework consists of two internal and external private blockchains forming a dual private blockchain as well as a consortium blockchain for the final decision. The internal private blockchain stores feature blocks extracted by both static and dynamic feature extractors, while the external blockchain stores detection results as blocks for current versions of applications. B2MDF also shares feature blocks with third parties, and this helps antimalware vendors to provide more accurate solutions. △ Less

Submitted 12 June, 2019; originally announced June 2019.

HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets

Authors: Fran Casino, Kim-Kwang Raymond Choo, Constantinos Patsakis

Abstract: As the size and source of network traffic increase, so does the challenge of monitoring and analysing network traffic. Therefore, sampling algorithms are often used to alleviate these scalability issues. However, the use of high entropy data streams, through the use of either encryption or compression, further compounds the challenge as current state of the art algorithms cannot accurately and eff… ▽ More As the size and source of network traffic increase, so does the challenge of monitoring and analysing network traffic. Therefore, sampling algorithms are often used to alleviate these scalability issues. However, the use of high entropy data streams, through the use of either encryption or compression, further compounds the challenge as current state of the art algorithms cannot accurately and efficiently differentiate between encrypted and compressed packets. In this work, we propose a novel traffic classification method named HEDGE (High Entropy DistinGuishEr) to distinguish between compressed and encrypted traffic. HEDGE is based on the evaluation of the randomness of the data streams and can be applied to individual packets without the need to have access to the entire stream. Findings from the evaluation show that our approach outperforms current state of the art. We also make available our statistically sound dataset, based on known benchmarks, to the wider research community. △ Less

Submitted 28 May, 2019; originally announced May 2019.

Comments: Accepted for publication at IEEE Transactions on Information Forensics and Security

Blockchain-enabled Authentication Handover with Efficient Privacy Protection in SDN-based 5G Networks

Authors: Abbas Yazdinejad, Reza M. Parizi, Ali Dehghantanha, Kim-Kwang Raymond Choo

Abstract: 5G mobile networks provide additional benefits in terms of lower latency, higher data rates, and more coverage, in comparison to 4G networks, and they are also coming close to standardization. For example, 5G has a new level of data transfer and processing speed that assures users are not disconnected when they move from one cell to another; thus, supporting faster connection. However, it comes wi… ▽ More 5G mobile networks provide additional benefits in terms of lower latency, higher data rates, and more coverage, in comparison to 4G networks, and they are also coming close to standardization. For example, 5G has a new level of data transfer and processing speed that assures users are not disconnected when they move from one cell to another; thus, supporting faster connection. However, it comes with its own technical challenges relating to resource management, authentication handover and user privacy protection. In 5G, the frequent displacement of the users among the cells as a result of repeated authentication handovers often lead to a delay, contradicting the 5G objectives. In this paper, we propose a new authentication approach that utilizes blockchain and software defined networking (SDN) techniques to remove the re-authentication in repeated handover among heterogeneous cells. The proposed approach is designed to assure the low delay, appropriate for the 5G network in which users can be replaced with the least delay among heterogeneous cells using their public and private keys provided by the devised blockchain component while protecting their privacy. In our comparison between Proof-of-Work (POW)-based and network-based models, the delay of our authentication handover was shown to be less than 1ms. Also, our approach demonstrated less signaling overhead and energy consumption compared to peer models. △ Less

Submitted 8 May, 2019; originally announced May 2019.

Comments: Submitted to IEEE Transactions on Network Science and Engineering

Journal ref: IEEE Transactions on Network Science and Engineering, 2019

Designing Sensing as a Service (S2aaS) Ecosystem for Internet of Things

Authors: Charith Perera, Mahmoud Barhamgi, Suparna De, Tim Baarslag, Massimo Vecchio, Kim-Kwang Raymond Choo

Abstract: The Internet of Things (IoT) envisions the creation of an environment where everyday objects (e.g. microwaves, fridges, cars, coffee machines, etc.) are connected to the internet and make users' lives more productive, efficient, and convenient. During this process, everyday objects capture a vast amount of data that can be used to understand individuals and their behaviours. In the current IoT eco… ▽ More The Internet of Things (IoT) envisions the creation of an environment where everyday objects (e.g. microwaves, fridges, cars, coffee machines, etc.) are connected to the internet and make users' lives more productive, efficient, and convenient. During this process, everyday objects capture a vast amount of data that can be used to understand individuals and their behaviours. In the current IoT ecosystems, such data is collected and used only by the respective IoT solutions. There is no formal way to share data with external entities. We believe this is very efficient and unfair for users. We believe that users, as data owners, should be able to control, manage, and share data about them in any way that they choose and make or gain value out of them. To achieve this, we proposed the Sensing as a Service (S2aaS) model. In this paper, we discuss the Sensing as a Service ecosystem in terms of its architecture, components and related user interaction designs. This paper aims to highlight the weaknesses of the current IoT ecosystem and to explain how S2aaS would eliminate those weaknesses. We also discuss how an everyday user may engage with the S2aaS ecosystem and design challenges. △ Less

Submitted 10 April, 2019; originally announced April 2019.

Journal ref: IEEE Internet of Things Magazine, 2019

Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains

Authors: Reza M. Parizi, Ali Dehghantanha, Kim-Kwang Raymond Choo, Amritraj Singh

Abstract: The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the introduction of smart contracts. Smart contracts are self-enforcing pieces of software, which reside and run over a hosting blockchain. Using blockc… ▽ More The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the introduction of smart contracts. Smart contracts are self-enforcing pieces of software, which reside and run over a hosting blockchain. Using blockchain-based smart contracts for secure and transparent management to govern interactions (authentication, connection, and transaction) in Internet-enabled environments, mostly IoT, is a niche area of research and practice. However, writing trustworthy and safe smart contracts can be tremendously challenging because of the complicated semantics of underlying domain-specific languages and its testability. There have been high-profile incidents that indicate blockchain smart contracts could contain various code-security vulnerabilities, instigating financial harms. When it involves security of smart contracts, developers embracing the ability to write the contracts should be capable of testing their code, for diagnosing security vulnerabilities, before deploying them to the immutable environments on blockchains. However, there are only a handful of security testing tools for smart contracts. This implies that the existing research on automatic smart contracts security testing is not adequate and remains in a very stage of infancy. With a specific goal to more readily realize the application of blockchain smart contracts in security and privacy, we should first understand their vulnerabilities before widespread implementation. Accordingly, the goal of this paper is to carry out a far-reaching experimental assessment of current static smart contracts security testing tools, for the most widely used blockchain, the Ethereum and its domain-specific programming language, Solidity to provide the first... △ Less

Submitted 7 September, 2018; originally announced September 2018.

Journal ref: In Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering (CASCON18), pp. 103-113, 2018

Digital Blues: An Investigation into the Use of Bluetooth Protocols

Authors: William Ledbetter, William Bradley Glisson, Todd McDonald, Todd Andel, George Grispos, Kim-Kwang Raymond Choo

Abstract: The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The… ▽ More The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The data collection took about an hour each day and identified 478 distinct devices. The contribution of this research is two-fold. First, it provides insight into real-world Bluetooth protocols that are being utilized by the general public. Second, it provides foundational research that is necessary for future Bluetooth penetration testing research. △ Less

Submitted 6 August, 2018; originally announced August 2018.

Comments: Presented at the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (IEEE TrustCom-18) July 31th - August 3rd, 2018, New York, USA

Non-Reciprocity Compensation Combined with Turbo Codes for Secret Key Generation in Vehicular Ad Hoc Social IoT Networks

Authors: Gregory Epiphaniou, Petros Karadimas, Dhouha Kbaier Ben Ismail, Haider Al-Khateeb, Ali Dehghantanha, Kim-Kwang Raymond Choo

Abstract: The physical attributes of the dynamic vehicle-to-vehicle (V2V) propagation channel can be utilised for the generation of highly random and symmetric cryptographic keys. However, in a physical-layer key agreement scheme, non-reciprocity due to inherent channel noise and hardware impairments can propagate bit disagreements. This has to be addressed prior to the symmetric key generation which is inh… ▽ More The physical attributes of the dynamic vehicle-to-vehicle (V2V) propagation channel can be utilised for the generation of highly random and symmetric cryptographic keys. However, in a physical-layer key agreement scheme, non-reciprocity due to inherent channel noise and hardware impairments can propagate bit disagreements. This has to be addressed prior to the symmetric key generation which is inherently important in social Internet of Things (IoT) networks, including in adversarial settings (e.g. battlefields). In this paper, we parametrically incorporate temporal variability attributes, such as three-dimensional (3D) scattering and scatterers mobility. Accordingly, this is the first work to incorporate such features into the key generation process by combining non-reciprocity compensation with turbo codes. Preliminary results indicate a significant improvement when using Turbo Codes in bit mismatch rate (BMR) and key generation rate (KGR) in comparison to sample indexing techniques. △ Less

Submitted 3 August, 2018; originally announced August 2018.

Comments: 10 Pages

Ubuntu One Investigation: Detecting Evidences on Client Machines

Authors: Mohammad Shariati, Ali Dehghantanha1, Ben Martini, Kim-Kwang Raymond Choo

Abstract: STorage as a Service (STaaS) cloud services has been adopted by both individuals and businesses as a dominant technology worldwide. Similar to other technologies, this widely accepted service can be misused by criminals. Investigating cloud platforms is becoming a standard component of contemporary digital investigation cases. Hence, digital forensic investigators need to have a working knowledge… ▽ More STorage as a Service (STaaS) cloud services has been adopted by both individuals and businesses as a dominant technology worldwide. Similar to other technologies, this widely accepted service can be misused by criminals. Investigating cloud platforms is becoming a standard component of contemporary digital investigation cases. Hence, digital forensic investigators need to have a working knowledge of the potential evidence that might be stored on cloud services. In this chapter, we conducted a number of experiments to locate data remnants of users' activities when utilizing the Ubuntu One cloud service. We undertook experiments based on common activities performed by users on cloud platforms including downloading, uploading, viewing, and deleting files. We then examined the resulting digital artifacts on a range of client devices, namely, Windows 8.1, Apple Mac OS X, and Apple iOS. Our examination extracted a variety of potentially evidential items ranging from Ubuntu One databases and log files on persistent storage to remnants of user activities in device memory and network traffic. △ Less

Submitted 27 July, 2018; originally announced July 2018.

Comments: 21 Pages

A Cyber Kill Chain Based Taxonomy of Banking Trojans for Evolutionary Computational Intelligence

Authors: Dennis Kiwia, Ali Dehghantanha, Kim-Kwang Raymond Choo, Jim Slaughter

Abstract: Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intellige… ▽ More Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major UK-based financial organisation. △ Less

Submitted 27 July, 2018; originally announced July 2018.

Comments: 33 Pages

Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study

Authors: Yee-Yang Teing, Ali Dehghantanha, Kim-Kwang Raymond Choo

Abstract: The pervasive nature of cloud-enabled big data storage solutions introduces new challenges in the identification, collection, analysis, preservation and archiving of digital evidences. Investigation of such complex platforms to locate and recover traces of criminal activities is a time-consuming process. Hence, cyber forensics researchers are moving towards streamlining the investigation process b… ▽ More The pervasive nature of cloud-enabled big data storage solutions introduces new challenges in the identification, collection, analysis, preservation and archiving of digital evidences. Investigation of such complex platforms to locate and recover traces of criminal activities is a time-consuming process. Hence, cyber forensics researchers are moving towards streamlining the investigation process by locating and documenting residual artefacts (evidences) of forensic value of users activities on cloud-enabled big data platforms in order to reduce the investigation time and resources involved in a real-world investigation. In this paper, we seek to determine the data remnants of forensic value from Syncany private cloud storage service, a popular storage engine for big data platforms. We demonstrate the types and the locations of the artefacts that can be forensically recovered. Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics, which can result in reduced time and resources spent in real-world investigations involving Syncany-based cloud platforms. △ Less

Submitted 27 July, 2018; originally announced July 2018.

Comments: 12 Pages

CloudMe Forensics: A Case of Big-Data Investigation

Authors: Yee-Yang Teing, Ali Dehghantanha, Kim-Kwang Raymond Choo

Abstract: The issue of increasing volume, variety and velocity of has been an area of concern in cloud forensics. The high volume of data will, at some point, become computationally exhaustive to be fully extracted and analysed in a timely manner. To cut down the size of investigation, it is important for a digital forensic practitioner to possess a well-rounded knowledge about the most relevant data artefa… ▽ More The issue of increasing volume, variety and velocity of has been an area of concern in cloud forensics. The high volume of data will, at some point, become computationally exhaustive to be fully extracted and analysed in a timely manner. To cut down the size of investigation, it is important for a digital forensic practitioner to possess a well-rounded knowledge about the most relevant data artefacts from the cloud product investigating. In this paper, we seek to tackle on the residual artefacts from the use of CloudMe cloud storage service. We demonstrate the types and locations of the artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation activities from the computer desktop and mobile clients. Findings from this research will pave the way towards the development of data mining methods for cloud-enabled big data endpoint forensics investigation. △ Less

Submitted 26 July, 2018; originally announced July 2018.

Comments: 12 Pages

Digital forensic investigation of two-way radio communication equipment and services

Authors: Arie Kouwen, Mark Scanlon, Kim-Kwang Raymond Choo, Nhien-An Le-Khac

Abstract: Historically, radio-equipment has solely been used as a two-way analogue communication device. Today, the use of radio communication equipment is increasing by numerous organisations and businesses. The functionality of these traditionally short-range devices have expanded to include private call, address book, call-logs, text messages, lone worker, telemetry, data communication, and GPS. Many of… ▽ More Historically, radio-equipment has solely been used as a two-way analogue communication device. Today, the use of radio communication equipment is increasing by numerous organisations and businesses. The functionality of these traditionally short-range devices have expanded to include private call, address book, call-logs, text messages, lone worker, telemetry, data communication, and GPS. Many of these devices also integrate with smartphones, which delivers Push-To-Talk services that make it possible to setup connections between users using a two-way radio and a smartphone. In fact, these devices can be used to connect users only using smartphones. To date, there is little research on the digital traces in modern radio communication equipment. In fact, increasing the knowledge base about these radio communication devices and services can be valuable to law enforcement in a police investigation. In this paper, we investigate what kind of radio communication equipment and services law enforcement digital investigators can encounter at a crime scene or in an investigation. Subsequent to seizure of this radio communication equipment we explore the traces, which may have a forensic interest and how these traces can be acquired. Finally, we test our approach on sample radio communication equipment and services. △ Less

Submitted 22 July, 2018; originally announced July 2018.

Journal ref: Digital Investigation, Volume 26, Supplement, 2018, Pages S77-S86, ISSN 1742-2876

A fuzzy-PSO system for indoor localization based on visible light communications

Authors: Giovanni Pau, Mario Collotta, Vincenzo Maniscalco, Kim-Kwang Raymond Choo

Abstract: Indoor positioning systems using visible light communication (VLC) have potential applications in smart buildings, for instance, in developing economical, easy-to-use, widely accessible positioning system based on light-emitting diodes. Thus using VLCs, we introduce a new fuzzy-based system for indoor localization in this paper. The system processes data from transmitters (i.e., anchor nodes) and… ▽ More Indoor positioning systems using visible light communication (VLC) have potential applications in smart buildings, for instance, in developing economical, easy-to-use, widely accessible positioning system based on light-emitting diodes. Thus using VLCs, we introduce a new fuzzy-based system for indoor localization in this paper. The system processes data from transmitters (i.e., anchor nodes) and delivers the calculated position of a receiver. A particle swarm optimization (PSO) technique is then employed to obtain the optimal configuration of the proposed fuzzy logic controllers (FLCs). Specifically, the proposed PSO technique optimizes the membership functions of the FLCs by adjusting their range to achieve the best results regarding the localization reliability. We demonstrate the utility of the proposed approach using experiments. △ Less

Submitted 27 April, 2018; originally announced May 2018.

Comments: 11 pages, 11 figures, 5 tables

Experimental observation of current reversal in a rocking Brownian motor

Authors: Christian Schwemmer, Stefan Fringes, Urs Duerig, Yu Kyoung Ryu Cho, Armin W. Knoll

Abstract: A reversal of the particle current in rocking Brownian motors was predicted more than 20 years ago; however, an experimental verification and a deeper insight into the underlying mechanisms remained elusive. Here, we investigate the high frequency behaviour of a rocking Brownian motor for charged nanoparticles based on electrostatic interactions in a 3D shaped nanofluidic slit and electro-osmotic… ▽ More A reversal of the particle current in rocking Brownian motors was predicted more than 20 years ago; however, an experimental verification and a deeper insight into the underlying mechanisms remained elusive. Here, we investigate the high frequency behaviour of a rocking Brownian motor for charged nanoparticles based on electrostatic interactions in a 3D shaped nanofluidic slit and electro-osmotic forcing of the particles. A sub ms temporal and $\approx\,10\,$nm spatial resolution of the 60 nm gold spheres allows us to measure the time-resolved and frequency dependent evolution of the particle probability density in-situ. At 250 Hz the particle current changes sign, in agreement with a theoretical model based on the time-dependent Fokker-Planck equation. From this fit-parameter free description and its excellent agreement with the observed behaviour, we trace the origin of the current reversal to the asymmetric and increasingly static probability density at high frequencies. △ Less

Submitted 23 July, 2018; v1 submitted 9 May, 2018; originally announced May 2018.

Comments: 6 pages, 4 figures, SM: 14 pages, 14 figures

Journal ref: Phys. Rev. Lett. 121, 104102 (2018)

Unmanned Aerial Vehicle Forensic Investigation Process: Dji Phantom 3 Drone As A Case Study

Authors: Alan Roder, Kim-Kwang Raymon Choo, Nhien-An Le-Khac

Abstract: Drones (also known as Unmanned Aerial Vehicles, UAVs) is a potential source of evidence in a digital investigation, partly due to their increasing popularity in our society. However, existing UAV/drone forensics generally rely on conventional digital forensic investigation guidelines such as those of ACPO and NIST, which may not be entirely fit_for_purpose. In this paper, we identify the challenge… ▽ More Drones (also known as Unmanned Aerial Vehicles, UAVs) is a potential source of evidence in a digital investigation, partly due to their increasing popularity in our society. However, existing UAV/drone forensics generally rely on conventional digital forensic investigation guidelines such as those of ACPO and NIST, which may not be entirely fit_for_purpose. In this paper, we identify the challenges associated with UAV/drone forensics. We then explore and evaluate existing forensic guidelines, in terms of their effectiveness for UAV/drone forensic investigations. Next, we present our set of guidelines for UAV/drone investigations. Finally, we demonstrate how the proposed guidelines can be used to guide a drone forensic investigation using the DJI Phantom 3 drone as a case study. △ Less

Submitted 23 April, 2018; originally announced April 2018.

Performance of Android Forensics Data Recovery Tools

Authors: Bernard Chukwuemeka Ogazi-Onyemaechi, Ali Dehghantanha, Kim-Kwang Raymond Choo

Abstract: Recovering deleted or hidden data is among most important duties of forensics investigators. Extensive utilisation of smartphones as subject, objects or tools of crime made them an important part of residual forensics. This chapter investigates the effectiveness of mobile forensic data recovery tools in recovering evidences from a Samsung Galaxy S2 i9100 Android phone. We seek to determine the amo… ▽ More Recovering deleted or hidden data is among most important duties of forensics investigators. Extensive utilisation of smartphones as subject, objects or tools of crime made them an important part of residual forensics. This chapter investigates the effectiveness of mobile forensic data recovery tools in recovering evidences from a Samsung Galaxy S2 i9100 Android phone. We seek to determine the amount of data that could be recovered using Phone image carver, Access data FTK, Foremost, Diskdigger, and Recover My File forensic tools. The findings reflected the difference between recovery capacities of studied tools showing their suitability in their specialised contexts only. △ Less

Submitted 15 September, 2017; originally announced September 2017.

Journal ref: (Elsevier) Contemporary Digital Forensic Investigations Of Cloud And Mobile Applications, 2016, Chapter 7 pp. 91-110

Investigation and Automating Extraction of Thumbnails Produced by Image viewers

Authors: Wybren van der Meer, Kim-Kwang Raymond Choo, Nhien-An Le-Khac, M-Tahar Kechadi

Abstract: Today, in digital forensics, images normally provide important information within an investigation. However, not all images may still be available within a forensic digital investigation as they were all deleted for example. Data carving can be used in this case to retrieve deleted images but the carving time is normally significant and these images can be moreover overwritten by other data. One o… ▽ More Today, in digital forensics, images normally provide important information within an investigation. However, not all images may still be available within a forensic digital investigation as they were all deleted for example. Data carving can be used in this case to retrieve deleted images but the carving time is normally significant and these images can be moreover overwritten by other data. One of the solutions is to look at thumbnails of images that are no longer available. These thumbnails can often be found within databases created by either operating systems or image viewers. In literature, most research and practical focus on the extraction of thumbnails from databases created by the operating system. There is a little research working on the thumbnails created by the image reviewers as these thumbnails are application-driven in terms of pre-defined sizes, adjustments and storage location. Eventually, thumbnail databases from image viewers are significant forensic artefacts for investigators as these programs deal with large amounts of images. However, investigating these databases so far is still manual or semi-automatic task that leads to the huge amount of forensic time. Therefore, in this paper we propose a new approach of automating extraction of thumbnails produced by image viewers. We also test our approach with popular image viewers in different storage structures and locations to show its robustness. △ Less

Submitted 29 August, 2017; originally announced August 2017.

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

Authors: George Grispos, William Bradley Glisson, Kim-Kwang Raymond Choo

Abstract: The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system… ▽ More The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations. △ Less

Submitted 17 August, 2017; originally announced August 2017.

Comments: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017)

Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study

Authors: Teing Yee Yang, Ali Dehghantanha, Kim-Kwang Raymond Choo, Zaiton Muda

Abstract: Cloud computing has been regarded as the technology enabler for the Internet of Things (IoT). To ensure the most effective collection of IoT-based evidence, it is vital for forensic practitioners to possess a contemporary understanding of the artefacts from different cloud services. In this paper, we seek to determine the data remnants from the use of BitTorrent Sync version 2.0. Findings from our… ▽ More Cloud computing has been regarded as the technology enabler for the Internet of Things (IoT). To ensure the most effective collection of IoT-based evidence, it is vital for forensic practitioners to possess a contemporary understanding of the artefacts from different cloud services. In this paper, we seek to determine the data remnants from the use of BitTorrent Sync version 2.0. Findings from our research using mobile and computer devices running Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4 suggested that artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation could be recovered, which are potential sources of IoT forensics. We also present a forensically sound investigation methodology for BitTorrent Sync. △ Less

Submitted 15 July, 2017; originally announced July 2017.

Comments: Computers and Electrical Engineering, (2016)

Investigating America Online Instant Messaging Application: Data Remnants on Windows 8.1 Client Machine

Authors: Teing Yee Yang, Ali Dehghantanha, Kim-Kwang Raymond Choo, Zaiton Muda

Abstract: Instant messaging applications (apps) are one potential source of evidence in a criminal investigation or a civil litigation. To ensure the most effective collection of evidence, it is vital for forensic practitioners to possess an up-to-date knowledge about artefacts of forensic interest from various instant messaging apps. Hence, in this chapter, we study America Online Instant Messenger (versio… ▽ More Instant messaging applications (apps) are one potential source of evidence in a criminal investigation or a civil litigation. To ensure the most effective collection of evidence, it is vital for forensic practitioners to possess an up-to-date knowledge about artefacts of forensic interest from various instant messaging apps. Hence, in this chapter, we study America Online Instant Messenger (version 7.14.5.8) with the aims of contributing to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and app on Windows 8.1 devices. Potential artefacts identified during the research include data relating to the installation or uninstallation, log-in and log-off information, contact lists, conversations, and transferred files. △ Less

Submitted 25 June, 2017; originally announced June 2017.

Comments: arXiv admin note: text overlap with arXiv:1603.05369

Journal ref: ContemporaryDigital Forensic Investigations of Cloud and Mobile Applications, Pages 21-40, Chapter 3, 2017

Honeypots for employee information security awareness and education training: A conceptual EASY training model

Authors: Lek Christopher, Kim-Kwang Raymond Choo, Ali Dehghantanha

Abstract: The increasing pervasiveness of internet-connected systems means that such systems will continue to be exploited for criminal purposes by cybercriminals (including malicious insiders such as employees and vendors). The importance of protecting corporate system and intellectual property, and the escalating complexities of the online environment underscore the need for ongoing information security a… ▽ More The increasing pervasiveness of internet-connected systems means that such systems will continue to be exploited for criminal purposes by cybercriminals (including malicious insiders such as employees and vendors). The importance of protecting corporate system and intellectual property, and the escalating complexities of the online environment underscore the need for ongoing information security awareness and education training and the promotion of a culture of security among employees. Two honeypots were deployed at a private university based in Singapore. Findings from the analysis of the honeypot data are presented in this paper. This paper then examines how analysis of honeypot data can be used in employee information security awareness and education training. Adapting the Routine Activity Theory, a criminology theory widely used in the study of cybercrime, this paper proposes a conceptual Engaging Stakeholders, Acceptable Behavior, Simple Teaching method, Yardstick (EASY) training model, and explains how the model can be used to design employee information security awareness and education training. Future research directions are also outlined in this paper. △ Less

Submitted 25 June, 2017; originally announced June 2017.

Comments: 20pages, book chapter

Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud

Authors: SeyedHossein Mohtasebi, Ali Dehghantanha, Kim-Kwang Raymond Choo

Abstract: STorage as a Service (STaaS) cloud platforms benefits such as getting access to data anywhere, anytime, on a wide range of devices made them very popular among businesses and individuals. As such forensics investigators are increasingly facing cases that involve investigation of STaaS platforms. Therefore, it is essential for cyber investigators to know how to collect, preserve, and analyse eviden… ▽ More STorage as a Service (STaaS) cloud platforms benefits such as getting access to data anywhere, anytime, on a wide range of devices made them very popular among businesses and individuals. As such forensics investigators are increasingly facing cases that involve investigation of STaaS platforms. Therefore, it is essential for cyber investigators to know how to collect, preserve, and analyse evidences of these platforms. In this paper, we describe investigation of three STaaS platforms namely SpiderOak, JustCloud, and pCloud on Windows 8.1 and iOS 8.1.1 devices. Moreover, possible changes on uploaded and downloaded files metadata on these platforms would be tracked and their forensics value would be investigated. △ Less

Submitted 25 June, 2017; originally announced June 2017.

Comments: 43 pages, book chapter