PurposeThe purpose of this paper is to model and study the effectiveness of an attack on the anon... more PurposeThe purpose of this paper is to model and study the effectiveness of an attack on the anonymity of Internet users by a group of collaborating eavesdroppers.Design/methodology/approachThe paper is based on an analysis of the Internet topology. The study is based on two methods for choosing nodes that contribute the most to the detection of as many communicating Internet users as possible.FindingsThe paper illustrates that it is possible to compromise the anonymity of many Internet users when eavesdropping on a relatively small number of nodes, even when the most central ones are protected from eavesdropping.Research limitations/implicationsIt is assumed that the Internet users under attack are not using any anonymity enhancing technologies, but nodes can be protected from eavesdropping. It proposes a measure of the success of an attack on Internet users' anonymity, for a given deployment of collaborating eavesdroppers in the Internet.Practical implicationsThe paper shows t...
International Journal of Internet Technology and Secured Transactions, 2018
WebRTC is a technology that enables real-time communication between web browsers for information ... more WebRTC is a technology that enables real-time communication between web browsers for information streaming, including text, sound or direct data transfer. WebRTC is supported by all major browsers and has a flexible underlying infrastructure. In this study, we review current state of WebRTC and analyse security shortcomings during acts of communication disruption, modification, and eavesdropping. In addition, we examine WebRTC security in experimental scenarios.
Smartphones are becoming increasingly ubiquitous. Like recommended best practices for personal co... more Smartphones are becoming increasingly ubiquitous. Like recommended best practices for personal computers, users are encouraged to install antivirus and intrusion detection software on their mobile devices. However, even with such software these devises are far from being fully protected. Given that application stores are the source of most applications, malware detection on these platforms is an important issue. Based on our intuition, which suggests that an application’s suspicious behavior will be noticed by some users and influence their feedback, we present an approach for analyzing user reviews in mobile application stores for the purpose of detecting malicious apps. The proposed method transfers an application’s text reviews to numerical features in two main steps: (1) extract domain-phrases based on external domain-specific textual corpus on computer and network security, and (2) compute three statistical features based on domain-phrases occurrences. We evaluated the proposed...
2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2017
Flexibility and extendibility of Software Defined Networks allows development of diverse network ... more Flexibility and extendibility of Software Defined Networks allows development of diverse network management and flow monitoring techniques. Yet, there are inherent tradeoffs between the quality of flow monitoring and the required network resources. In particular, collecting flow statistics, at the level of specific source-destination addresses (and, moreover, specific protocols and ports), requires too many flow table entries. This problem is emphasized by the difficulty of anticipating the individual flows that need to be monitored. In this paper we propose a method for dynamic flow discovery at any required spatial resolution. In addition, we propose a method for balancing the monitoring effort among the switches. These methods allow increasing the spatial resolution of traffic monitoring with minimal effects of the network performance.
IEEE Transactions on Network and Service Management, 2021
Large content providers and content distribution network operators usually connect with large Int... more Large content providers and content distribution network operators usually connect with large Internet service providers (eyeball networks) through dedicated private peering. The capacity of these private network interconnects is provisioned to match the volume of the real content demand by the users. Unfortunately, in cases in which there is a surge in traffic demand, (e.g., due to trending content or massive software updates) the capacity of the private interconnect may deplete, requiring the content provider/distributor to reroute the excess traffic through transit providers. Although such overflow events are rare, they negatively impact content providers, Internet service providers, and end-users. Such impact includes unexpected delays and disruptions that reduce the quality of the user experience, as well as direct costs paid by the Internet service provider to the transit providers. In this article, we examine the problem of predicting an overflow event in order to enable content and Internet service providers to handle the excess traffic in a timely manner. We propose an ensemble of deep learning models trained to predict overflow events over a short-term horizon of 2–4 hours and predict the specific interconnections through which the excess traffic will enter the Internet service provider. Evaluated with 2.5 years (2017-2019) of traffic measurement data from a large European Internet service provider, the models were shown to successfully recall 65% of the events with precision of 51% on average. While the lockdowns imposed by the COVID-19 pandemic reduced the overflow prediction accuracy, the pandemic’s impact on the accuracy was temporary. Although the lockdown continued on and off, the performance of models trained before the pandemic regained their performance during April-May 2020.
BACKGROUND The COVID-19 pandemic has affected populations worldwide, with extreme health, economi... more BACKGROUND The COVID-19 pandemic has affected populations worldwide, with extreme health, economic, social, and political implications. Health care professionals (HCPs) are at the core of pandemic response and are among the most crucial factors in maintaining coping capacities. Yet, they are also vulnerable to mental health effects caused by managing a long-lasting emergency with a lack of resources and under complicated personal concerns. However, there are a lack of longitudinal studies that investigate the HCP population. OBJECTIVE The aim of this study was to analyze the state of mind of HCPs as expressed in online discussions published on Twitter in light of the COVID-19 pandemic, from the onset of the pandemic until the end of 2020. METHODS The population for this study was selected from followers of a few hundred Twitter accounts of health care organizations and common HCP points of interest. We used active learning, a process that iteratively uses machine learning and manual...
2016 Second International Symposium on Stochastic Models in Reliability Engineering, Life Science and Operations Management (SMRLO), 2016
The fascinating question of the relation of information and coding theory to the memories stored ... more The fascinating question of the relation of information and coding theory to the memories stored in the brain is our research scope. We speculate there is a similar code used to represent different memories, rather than unique code for different memories. The uniform cortex structure supports our speculation. Recently we suggested holographic coding that can fit Pribram's holographic memory theory. Using the holographic coding metaphor, the memory should be retrieved by a reference beam as in a hologram. We explore the possibility that the brain learns its directory (possibly in the temporal lobe), during memory consolidation. This directory is a neural network that is used for sending signals to the cortex to recall memories. The network learns to distinguish between objects during saving, in order to signal the correct recall. Haar features (HF) are 0/1 matrices used for face recognition. We use HF to learn to differentiate between objects. Namely when objects are saved, our system learns what is the best set of HF to distinguish between them using a genetic algorithm. The sets of HF are tested for the best clustering set without knowing their semantics (unsupervised learning). Later semantics is learned by interaction with the environment. The best sets continue to the next generation. We chose unsupervised learning due to the idea that it is possible to distinguish objects without knowing their identity.
Abstract. Transportation infrastructures have recently gained increasing attention in the context... more Abstract. Transportation infrastructures have recently gained increasing attention in the context of homeland security. Being both a main target for attacks as well as a method for carrying out such attacks, much effort is being allocated these days towards increasing our understanding regarding transportation networks [14]. Specifically, measuring and predicting human mobility patterns along the links of a transportation network has been of a great importance to researchers in the field, as it contains the basic information needed in order to cope with transportation related threats more efficiently. Such threats can take for example the form of a group of terrorists trying to reach their target by car, or a truck filled with chemical or radioactive material. These threats require homeland security agencies to rapidly deploy monitoring or surveillance units in key junctions, dispatch air units to central locations etc. Clearly, carrying out this mission relies on the knowledge of what are those key traffic junctions, and how to deploy the existing (and always on shortage) resources most efficiently. Hitherto, producing the transportation data required for answering these questions
Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, 2015
Online social networks are a popular and important channel for people to share, find and dissemin... more Online social networks are a popular and important channel for people to share, find and disseminate information on a massive scale. Some of the information exposed through these networks is meant to be private. However, sensitive organizational information can be accidentally leaked by employees and become exposed to adversaries or competitors. The threat is escalated due to socialbots used by adversaries to penetrate the informal social network of an organization's employees in order to harvest sensitive information. This study evaluates the ability of an attacker to harvest leaked information using socialbots versus the effort required to wire the profiles into the organizational network. The evaluation is performed using real information diffusion data of two social networks and extensive simulations of socialbot wiring strategies. Our results demonstrate that organizations whose social network topologies are characterized by low clustering coefficient are more vulnerable to eavesdropping. We also show that the most effective socialbot wiring strategy for harvesting information is different from the most effective strategies for infiltrating the organization.
2019 European Intelligence and Security Informatics Conference (EISIC), 2019
In recent years, the perpetrators of cyber-attacks have been playing a dynamic cat and mouse game... more In recent years, the perpetrators of cyber-attacks have been playing a dynamic cat and mouse game with cybersecurity analysts who try to trace the attack and reconstruct the attack steps. While analysts rely on alert correlations, machine learning, and advanced visualizations in order to come up with sound attack hypotheses, they primarily rely on their knowledge and experience. Cyber Threat Intelligence (CTI) on past similar attacks may help with attack reconstruction by providing a deeper understanding of the tools and attack patterns used by attackers. In this paper, we present the Attack Hypothesis Generator (AHG) which takes advantage of a knowledge graph derived from threat intelligence in order to generate hypotheses regarding attacks that may be present in an organizational network. Based on five recommendation algorithms we have developed and preliminary analysis provided by a security analyst, AHG provides an attack hypothesis comprised of yet unobserved attack patterns and tools presumed to have been used by the attacker. The proposed algorithms can help security analysts by improving attack reconstruction and proposing new directions for investigation. Experiments show that when implemented with the MITRE ATT&CK knowledge graph, our algorithms can significantly increase the accuracy of the analyst's preliminary analysis.
International Journal of Environmental Research and Public Health
Background: Healthcare professionals (HCPs) are on the frontline of fighting the COVID-19 pandemi... more Background: Healthcare professionals (HCPs) are on the frontline of fighting the COVID-19 pandemic. Recent reports have indicated that, in addition to facing an increased risk of being infected by the virus, HCPs face an increased risk of suffering from emotional difficulties associated with the pandemic. Therefore, understanding HCPs’ experiences and emotional displays during emergencies is a critical aspect of increasing the surge capacity of communities and nations. Methods: In this study, we analyzed posts published by HCPs on Twitter to infer the content of discourse and emotions of the HCPs in the United States (US) and United Kingdom (UK), before and during the COVID-19 pandemic. The tweets of 25,207 users were analyzed using natural language processing (NLP). Results: Our results indicate that HCPs in the two countries experienced common health, social, and political issues related to the pandemic, reflected in their discussion topics, sentiments, and emotional display. Howe...
PurposeThe purpose of this paper is to model and study the effectiveness of an attack on the anon... more PurposeThe purpose of this paper is to model and study the effectiveness of an attack on the anonymity of Internet users by a group of collaborating eavesdroppers.Design/methodology/approachThe paper is based on an analysis of the Internet topology. The study is based on two methods for choosing nodes that contribute the most to the detection of as many communicating Internet users as possible.FindingsThe paper illustrates that it is possible to compromise the anonymity of many Internet users when eavesdropping on a relatively small number of nodes, even when the most central ones are protected from eavesdropping.Research limitations/implicationsIt is assumed that the Internet users under attack are not using any anonymity enhancing technologies, but nodes can be protected from eavesdropping. It proposes a measure of the success of an attack on Internet users' anonymity, for a given deployment of collaborating eavesdroppers in the Internet.Practical implicationsThe paper shows t...
International Journal of Internet Technology and Secured Transactions, 2018
WebRTC is a technology that enables real-time communication between web browsers for information ... more WebRTC is a technology that enables real-time communication between web browsers for information streaming, including text, sound or direct data transfer. WebRTC is supported by all major browsers and has a flexible underlying infrastructure. In this study, we review current state of WebRTC and analyse security shortcomings during acts of communication disruption, modification, and eavesdropping. In addition, we examine WebRTC security in experimental scenarios.
Smartphones are becoming increasingly ubiquitous. Like recommended best practices for personal co... more Smartphones are becoming increasingly ubiquitous. Like recommended best practices for personal computers, users are encouraged to install antivirus and intrusion detection software on their mobile devices. However, even with such software these devises are far from being fully protected. Given that application stores are the source of most applications, malware detection on these platforms is an important issue. Based on our intuition, which suggests that an application’s suspicious behavior will be noticed by some users and influence their feedback, we present an approach for analyzing user reviews in mobile application stores for the purpose of detecting malicious apps. The proposed method transfers an application’s text reviews to numerical features in two main steps: (1) extract domain-phrases based on external domain-specific textual corpus on computer and network security, and (2) compute three statistical features based on domain-phrases occurrences. We evaluated the proposed...
2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2017
Flexibility and extendibility of Software Defined Networks allows development of diverse network ... more Flexibility and extendibility of Software Defined Networks allows development of diverse network management and flow monitoring techniques. Yet, there are inherent tradeoffs between the quality of flow monitoring and the required network resources. In particular, collecting flow statistics, at the level of specific source-destination addresses (and, moreover, specific protocols and ports), requires too many flow table entries. This problem is emphasized by the difficulty of anticipating the individual flows that need to be monitored. In this paper we propose a method for dynamic flow discovery at any required spatial resolution. In addition, we propose a method for balancing the monitoring effort among the switches. These methods allow increasing the spatial resolution of traffic monitoring with minimal effects of the network performance.
IEEE Transactions on Network and Service Management, 2021
Large content providers and content distribution network operators usually connect with large Int... more Large content providers and content distribution network operators usually connect with large Internet service providers (eyeball networks) through dedicated private peering. The capacity of these private network interconnects is provisioned to match the volume of the real content demand by the users. Unfortunately, in cases in which there is a surge in traffic demand, (e.g., due to trending content or massive software updates) the capacity of the private interconnect may deplete, requiring the content provider/distributor to reroute the excess traffic through transit providers. Although such overflow events are rare, they negatively impact content providers, Internet service providers, and end-users. Such impact includes unexpected delays and disruptions that reduce the quality of the user experience, as well as direct costs paid by the Internet service provider to the transit providers. In this article, we examine the problem of predicting an overflow event in order to enable content and Internet service providers to handle the excess traffic in a timely manner. We propose an ensemble of deep learning models trained to predict overflow events over a short-term horizon of 2–4 hours and predict the specific interconnections through which the excess traffic will enter the Internet service provider. Evaluated with 2.5 years (2017-2019) of traffic measurement data from a large European Internet service provider, the models were shown to successfully recall 65% of the events with precision of 51% on average. While the lockdowns imposed by the COVID-19 pandemic reduced the overflow prediction accuracy, the pandemic’s impact on the accuracy was temporary. Although the lockdown continued on and off, the performance of models trained before the pandemic regained their performance during April-May 2020.
BACKGROUND The COVID-19 pandemic has affected populations worldwide, with extreme health, economi... more BACKGROUND The COVID-19 pandemic has affected populations worldwide, with extreme health, economic, social, and political implications. Health care professionals (HCPs) are at the core of pandemic response and are among the most crucial factors in maintaining coping capacities. Yet, they are also vulnerable to mental health effects caused by managing a long-lasting emergency with a lack of resources and under complicated personal concerns. However, there are a lack of longitudinal studies that investigate the HCP population. OBJECTIVE The aim of this study was to analyze the state of mind of HCPs as expressed in online discussions published on Twitter in light of the COVID-19 pandemic, from the onset of the pandemic until the end of 2020. METHODS The population for this study was selected from followers of a few hundred Twitter accounts of health care organizations and common HCP points of interest. We used active learning, a process that iteratively uses machine learning and manual...
2016 Second International Symposium on Stochastic Models in Reliability Engineering, Life Science and Operations Management (SMRLO), 2016
The fascinating question of the relation of information and coding theory to the memories stored ... more The fascinating question of the relation of information and coding theory to the memories stored in the brain is our research scope. We speculate there is a similar code used to represent different memories, rather than unique code for different memories. The uniform cortex structure supports our speculation. Recently we suggested holographic coding that can fit Pribram's holographic memory theory. Using the holographic coding metaphor, the memory should be retrieved by a reference beam as in a hologram. We explore the possibility that the brain learns its directory (possibly in the temporal lobe), during memory consolidation. This directory is a neural network that is used for sending signals to the cortex to recall memories. The network learns to distinguish between objects during saving, in order to signal the correct recall. Haar features (HF) are 0/1 matrices used for face recognition. We use HF to learn to differentiate between objects. Namely when objects are saved, our system learns what is the best set of HF to distinguish between them using a genetic algorithm. The sets of HF are tested for the best clustering set without knowing their semantics (unsupervised learning). Later semantics is learned by interaction with the environment. The best sets continue to the next generation. We chose unsupervised learning due to the idea that it is possible to distinguish objects without knowing their identity.
Abstract. Transportation infrastructures have recently gained increasing attention in the context... more Abstract. Transportation infrastructures have recently gained increasing attention in the context of homeland security. Being both a main target for attacks as well as a method for carrying out such attacks, much effort is being allocated these days towards increasing our understanding regarding transportation networks [14]. Specifically, measuring and predicting human mobility patterns along the links of a transportation network has been of a great importance to researchers in the field, as it contains the basic information needed in order to cope with transportation related threats more efficiently. Such threats can take for example the form of a group of terrorists trying to reach their target by car, or a truck filled with chemical or radioactive material. These threats require homeland security agencies to rapidly deploy monitoring or surveillance units in key junctions, dispatch air units to central locations etc. Clearly, carrying out this mission relies on the knowledge of what are those key traffic junctions, and how to deploy the existing (and always on shortage) resources most efficiently. Hitherto, producing the transportation data required for answering these questions
Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, 2015
Online social networks are a popular and important channel for people to share, find and dissemin... more Online social networks are a popular and important channel for people to share, find and disseminate information on a massive scale. Some of the information exposed through these networks is meant to be private. However, sensitive organizational information can be accidentally leaked by employees and become exposed to adversaries or competitors. The threat is escalated due to socialbots used by adversaries to penetrate the informal social network of an organization's employees in order to harvest sensitive information. This study evaluates the ability of an attacker to harvest leaked information using socialbots versus the effort required to wire the profiles into the organizational network. The evaluation is performed using real information diffusion data of two social networks and extensive simulations of socialbot wiring strategies. Our results demonstrate that organizations whose social network topologies are characterized by low clustering coefficient are more vulnerable to eavesdropping. We also show that the most effective socialbot wiring strategy for harvesting information is different from the most effective strategies for infiltrating the organization.
2019 European Intelligence and Security Informatics Conference (EISIC), 2019
In recent years, the perpetrators of cyber-attacks have been playing a dynamic cat and mouse game... more In recent years, the perpetrators of cyber-attacks have been playing a dynamic cat and mouse game with cybersecurity analysts who try to trace the attack and reconstruct the attack steps. While analysts rely on alert correlations, machine learning, and advanced visualizations in order to come up with sound attack hypotheses, they primarily rely on their knowledge and experience. Cyber Threat Intelligence (CTI) on past similar attacks may help with attack reconstruction by providing a deeper understanding of the tools and attack patterns used by attackers. In this paper, we present the Attack Hypothesis Generator (AHG) which takes advantage of a knowledge graph derived from threat intelligence in order to generate hypotheses regarding attacks that may be present in an organizational network. Based on five recommendation algorithms we have developed and preliminary analysis provided by a security analyst, AHG provides an attack hypothesis comprised of yet unobserved attack patterns and tools presumed to have been used by the attacker. The proposed algorithms can help security analysts by improving attack reconstruction and proposing new directions for investigation. Experiments show that when implemented with the MITRE ATT&CK knowledge graph, our algorithms can significantly increase the accuracy of the analyst's preliminary analysis.
International Journal of Environmental Research and Public Health
Background: Healthcare professionals (HCPs) are on the frontline of fighting the COVID-19 pandemi... more Background: Healthcare professionals (HCPs) are on the frontline of fighting the COVID-19 pandemic. Recent reports have indicated that, in addition to facing an increased risk of being infected by the virus, HCPs face an increased risk of suffering from emotional difficulties associated with the pandemic. Therefore, understanding HCPs’ experiences and emotional displays during emergencies is a critical aspect of increasing the surge capacity of communities and nations. Methods: In this study, we analyzed posts published by HCPs on Twitter to infer the content of discourse and emotions of the HCPs in the United States (US) and United Kingdom (UK), before and during the COVID-19 pandemic. The tweets of 25,207 users were analyzed using natural language processing (NLP). Results: Our results indicate that HCPs in the two countries experienced common health, social, and political issues related to the pandemic, reflected in their discussion topics, sentiments, and emotional display. Howe...
Uploads
Papers by Rami Puzis