Revealing the unseen: how to expose cloud usage while protecting user privacy

Cloud users have little visibility into the performance characteristics and utilization of the physical machines underpinning the virtualized cloud resources they use. This uncertainty forces users and researchers to reverse engineer the inner workings of cloud systems in order to understand and optimize the conditions their applications operate. At Massachusetts Open Cloud (MOC), as a public cloud operator, we'd like to expose the utilization of our physical infrastructure to stop this wasteful effort. Mindful that such exposure can be used maliciously for gaining insight into other user's workloads, in this position paper we argue for the need for an approach that balances openness of the cloud overall with privacy for each tenant inside of it. We believe that this approach can be instantiated via a novel combination of several security and privacy technologies. We discuss the potential benefits, implications of transparency for cloud systems and users, and technical challenges/possibilities.Accepted manuscrip

Characterizing Phishing Threats with Natural Language Processing

Spear phishing is a widespread concern in the modern network security landscape, but there are few metrics that measure the extent to which reconnaissance is performed on phishing targets. Spear phishing emails closely match the expectations of the recipient, based on details of their experiences and interests, making them a popular propagation vector for harmful malware. In this work we use Natural Language Processing techniques to investigate a specific real-world phishing campaign and quantify attributes that indicate a targeted spear phishing attack. Our phishing campaign data sample comprises 596 emails - all containing a web bug and a Curriculum Vitae (CV) PDF attachment - sent to our institution by a foreign IP space. The campaign was found to exclusively target specific demographics within our institution. Performing a semantic similarity analysis between the senders' CV attachments and the recipients' LinkedIn profiles, we conclude with high statistical certainty (p $< 10^{-4}$) that the attachments contain targeted rather than randomly selected material. Latent Semantic Analysis further demonstrates that individuals who were a primary focus of the campaign received CVs that are highly topically clustered. These findings differentiate this campaign from one that leverages random spam.Comment: This paper has been accepted for publication by the IEEE Conference on Communications and Network Security in September 2015 at Florence, Italy. Copyright may be transferred without notice, after which this version may no longer be accessibl

Integration of technologies for understanding the functional relationship between reef habitat and fish growth and production

Functional linkage between reef habitat quality and fish growth and production has remained elusive. Most current research is focused on correlative relationships between a general habitat type and presence/absence of a species, an index of species abundance, or species diversity. Such descriptive information largely ignores how reef attributes regulate reef fish abundance (density-dependent habitat selection), trophic interactions, and physiological performance (growth and condition). To determine the functional relationship between habitat quality, fish abundance, trophic interactions, and physiological performance, we are using an experimental reef system in the northeastern Gulf of Mexico where we apply advanced sensor and biochemical technologies. Our study site controls for reef attributes (size, cavity space, and reef mosaics) and focuses on the processes that regulate gag grouper (Mycteroperca microlepis) abundance, behavior and performance (growth and condition), and the availability of their pelagic prey. We combine mobile and fixed-active (fisheries) acoustics, passive acoustics, video cameras, and advanced biochemical techniques. Fisheries acoustics quantifies the abundance of pelagic prey fishes associated with the reefs and their behavior. Passive acoustics and video allow direct observation of gag and prey fish behavior and the acoustic environment, and provide a direct visual for the interpretation of fixed fisheries acoustics measurements. New application of biochemical techniques, such as Electron Transport System (ETS) assay, allow the in situ measurement of metabolic expenditure of gag and relates this back to reef attributes, gag behavior, and prey fish availability. Here, we provide an overview of our integrated technological approach for understanding and quantifying the functional relationship between reef habitat quality and one element of production – gag grouper growth on shallow coastal reefs

The approaches to quantify web application security scanners quality: A review

The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality

A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Moving Target Defense (MTD) has emerged as a newcomer into the asymmetric field of attack and defense, and shuffling-based MTD has been regarded as one of the most effective ways to mitigate DDoS attacks. However, previous work does not acknowledge that frequent shuffles would significantly intensify the overhead. MTD requires a quantitative measure to compare the cost and effectiveness of available adaptations and explore the best trade-off between them. In this paper, therefore, we propose a new cost-effective shuffling method against DDoS attacks using MTD. By exploiting Multi-Objective Markov Decision Processes to model the interaction between the attacker and the defender, and designing a cost-effective shuffling algorithm, we study the best trade-off between the effectiveness and cost of shuffling in a given shuffling scenario. Finally, simulation and experimentation on an experimental software defined network (SDN) indicate that our approach imposes an acceptable shuffling overload and is effective in mitigating DDoS attacks