-
DEVIAS: Learning Disentangled Video Representations of Action and Scene for Holistic Video Understanding
Authors:
Kyungho Bae,
Geo Ahn,
Youngrae Kim,
Jinwoo Choi
Abstract:
When watching a video, humans can naturally extract human actions from the surrounding scene context, even when action-scene combinations are unusual. However, unlike humans, video action recognition models often learn scene-biased action representations from the spurious correlation in training data, leading to poor performance in out-of-context scenarios. While scene-debiased models achieve impr…
▽ More
When watching a video, humans can naturally extract human actions from the surrounding scene context, even when action-scene combinations are unusual. However, unlike humans, video action recognition models often learn scene-biased action representations from the spurious correlation in training data, leading to poor performance in out-of-context scenarios. While scene-debiased models achieve improved performance in out-of-context scenarios, they often overlook valuable scene information in the data. Addressing this challenge, we propose Disentangled VIdeo representations of Action and Scene (DEVIAS), which aims to achieve holistic video understanding. Disentangled action and scene representations with our method could provide flexibility to adjust the emphasis on action or scene information depending on downstream task and dataset characteristics. Disentangled action and scene representations could be beneficial for both in-context and out-of-context video understanding. To this end, we employ slot attention to learn disentangled action and scene representations with a single model, along with auxiliary tasks that further guide slot attention. We validate the proposed method on both in-context datasets: UCF-101 and Kinetics-400, and out-of-context datasets: SCUBA and HAT. Our proposed method shows favorable performance across different datasets compared to the baselines, demonstrating its effectiveness in diverse video understanding scenarios.
△ Less
Submitted 11 July, 2024; v1 submitted 30 November, 2023;
originally announced December 2023.
-
Guaranteeing Anonymity in Attribute-Based Authorization
Authors:
Erin Lanus,
Charles J. Colbourn,
Gail-Joon Ahn
Abstract:
Attribute-based methods, such as attribute-based access control and attribute-based encryption, make decisions based on attributes possessed by a subject rather than the subject's identity. While this allows for anonymous authorization -- determining that a subject is authorized without knowing the identity of the subject -- it does not guarantee anonymity. If a policy can be composed such that fe…
▽ More
Attribute-based methods, such as attribute-based access control and attribute-based encryption, make decisions based on attributes possessed by a subject rather than the subject's identity. While this allows for anonymous authorization -- determining that a subject is authorized without knowing the identity of the subject -- it does not guarantee anonymity. If a policy can be composed such that few subjects possess attributes satisfying the policy, then when the policy is used for access control, in addition to making a grant or deny decision, the system can also guess with high probability the identity of the subject making the request. Other approaches to achieving anonymity in attribute-based authorization do not address this attribute distribution problem. Suppose polices contain conjunctions of at most $t$ attributes and the system must not be able to guess with probability greater than $\frac{1}{r}$ the identity of a subject using a policy for authorization. We say the anonymity guarantee is $r$ for maximum credential size $t$. An anonymizing array is a combinatorial array proposed as an abstraction to address the underlying attribute distribution problem by ensuring that any assignment of values to $t$ attributes appearing in the array appears at least $r$ times. Anonymizing arrays are related to covering arrays with higher coverage, but have an additional desired property, homogeneity, due to their application domain. In this work, we discuss the application of anonymizing arrays to guarantee anonymous authorization in attribute-based methods. Additionally, we develop metrics, local and global homogeneity, to compare anonymizing arrays with the same parameters.
△ Less
Submitted 7 October, 2023;
originally announced October 2023.
-
Scam Pandemic: How Attackers Exploit Public Fear through Phishing
Authors:
Marzieh Bitaab,
Haehyun Cho,
Adam Oest,
Penghui Zhang,
Zhibo Sun,
Rana Pourmohamad,
Doowon Kim,
Tiffany Bao,
Ruoyu Wang,
Yan Shoshitaishvili,
Adam Doupé,
Gail-Joon Ahn
Abstract:
As the COVID-19 pandemic started triggering widespread lockdowns across the globe, cybercriminals did not hesitate to take advantage of users' increased usage of the Internet and their reliance on it. In this paper, we carry out a comprehensive measurement study of online social engineering attacks in the early months of the pandemic. By collecting, synthesizing, and analyzing DNS records, TLS cer…
▽ More
As the COVID-19 pandemic started triggering widespread lockdowns across the globe, cybercriminals did not hesitate to take advantage of users' increased usage of the Internet and their reliance on it. In this paper, we carry out a comprehensive measurement study of online social engineering attacks in the early months of the pandemic. By collecting, synthesizing, and analyzing DNS records, TLS certificates, phishing URLs, phishing website source code, phishing emails, web traffic to phishing websites, news articles, and government announcements, we track trends of phishing activity between January and May 2020 and seek to understand the key implications of the underlying trends.
We find that phishing attack traffic in March and April 2020 skyrocketed up to 220\% of its pre-COVID-19 rate, far exceeding typical seasonal spikes. Attackers exploited victims' uncertainty and fear related to the pandemic through a variety of highly targeted scams, including emerging scam types against which current defenses are not sufficient as well as traditional phishing which outpaced the ecosystem's collective response.
△ Less
Submitted 23 March, 2021;
originally announced March 2021.
-
Clear the Fog: Combat Value Assessment in Incomplete Information Games with Convolutional Encoder-Decoders
Authors:
Hyungu Kahng,
Yonghyun Jeong,
Yoon Sang Cho,
Gonie Ahn,
Young Joon Park,
Uk Jo,
Hankyu Lee,
Hyungrok Do,
Junseung Lee,
Hyunjin Choi,
Iljoo Yoon,
Hyunjae Lee,
Daehun Jun,
Changhyeon Bae,
Seoung Bum Kim
Abstract:
StarCraft, one of the most popular real-time strategy games, is a compelling environment for artificial intelligence research for both micro-level unit control and macro-level strategic decision making. In this study, we address an eminent problem concerning macro-level decision making, known as the 'fog-of-war', which rises naturally from the fact that information regarding the opponent's state i…
▽ More
StarCraft, one of the most popular real-time strategy games, is a compelling environment for artificial intelligence research for both micro-level unit control and macro-level strategic decision making. In this study, we address an eminent problem concerning macro-level decision making, known as the 'fog-of-war', which rises naturally from the fact that information regarding the opponent's state is always provided in the incomplete form. For intelligent agents to play like human players, it is obvious that making accurate predictions of the opponent's status under incomplete information will increase its chance of winning. To reflect this fact, we propose a convolutional encoder-decoder architecture that predicts potential counts and locations of the opponent's units based on only partially visible and noisy information. To evaluate the performance of our proposed method, we train an additional classifier on the encoder-decoder output to predict the game outcome (win or lose). Finally, we designed an agent incorporating the proposed method and conducted simulation games against rule-based agents to demonstrate both effectiveness and practicality. All experiments were conducted on actual game replay data acquired from professional players.
△ Less
Submitted 11 February, 2019; v1 submitted 30 November, 2018;
originally announced November 2018.
-
Moving Target Defense for Web Applications using Bayesian Stackelberg Games
Authors:
Sailik Sengupta,
Satya Gautam Vadlamudi,
Subbarao Kambhampati,
Marthony Taguinod,
Adam Doupé,
Ziming Zhao,
Gail-Joon Ahn
Abstract:
The present complexity in designing web applications makes software security a difficult goal to achieve. An attacker can explore a deployed service on the web and attack at his/her own leisure. Moving Target Defense (MTD) in web applications is an effective mechanism to nullify this advantage of their reconnaissance but the framework demands a good switching strategy when switching between multip…
▽ More
The present complexity in designing web applications makes software security a difficult goal to achieve. An attacker can explore a deployed service on the web and attack at his/her own leisure. Moving Target Defense (MTD) in web applications is an effective mechanism to nullify this advantage of their reconnaissance but the framework demands a good switching strategy when switching between multiple configurations for its web-stack. To address this issue, we propose modeling of a real-world MTD web application as a repeated Bayesian game. We then formulate an optimization problem that generates an effective switching strategy while considering the cost of switching between different web-stack configurations. To incorporate this model into a developed MTD system, we develop an automated system for generating attack sets of Common Vulnerabilities and Exposures (CVEs) for input attacker types with predefined capabilities. Our framework obtains realistic reward values for the players (defenders and attackers) in this game by using security domain expertise on CVEs obtained from the National Vulnerability Database (NVD). We also address the issue of prioritizing vulnerabilities that when fixed, improves the security of the MTD system. Lastly, we demonstrate the robustness of our proposed model by evaluating its performance when there is uncertainty about input attacker information.
△ Less
Submitted 16 November, 2016; v1 submitted 22 February, 2016;
originally announced February 2016.