3 research outputs found
ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks
IoT application domains, device diversity and connectivity are rapidly
growing. IoT devices control various functions in smart homes and buildings,
smart cities, and smart factories, making these devices an attractive target
for attackers. On the other hand, the large variability of different
application scenarios and inherent heterogeneity of devices make it very
challenging to reliably detect abnormal IoT device behaviors and distinguish
these from benign behaviors. Existing approaches for detecting attacks are
mostly limited to attacks directly compromising individual IoT devices, or,
require predefined detection policies. They cannot detect attacks that utilize
the control plane of the IoT system to trigger actions in an
unintended/malicious context, e.g., opening a smart lock while the smart home
residents are absent.
In this paper, we tackle this problem and propose ARGUS, the first
self-learning intrusion detection system for detecting contextual attacks on
IoT environments, in which the attacker maliciously invokes IoT device actions
to reach its goals. ARGUS monitors the contextual setting based on the state
and actions of IoT devices in the environment. An unsupervised Deep Neural
Network (DNN) is used for modeling the typical contextual device behavior and
detecting actions taking place in abnormal contextual settings. This
unsupervised approach ensures that ARGUS is not restricted to detecting
previously known attacks but is also able to detect new attacks. We evaluated
ARGUS on heterogeneous real-world smart-home settings and achieve at least an
F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most
0.03%.Comment: To appear in the 32nd USENIX Security Symposium, August 2022, Anaheim
CA, US
Negapedia, the negative version of Wikipedia: a trip into conflicts and passions
If you had to define Wikipedia using only one word, what would you use?
The answer is easy: crowdsourcing. It is the power of crowdsourcing (individual efforts
that, summed up, make for a greater whole) that contributed to the enormous growth
of Wikipedia, leading it to its success. However, anything has pro’s and con’s, and as
such even crowdsourcing, a beautiful and effective idea, has its pitfalls. The dark side
of crowdsourcing is just its distributed nature: if everyone can contribute, then also
everyone can destroy. “Destroy” here is used figuratively: destroy the impartiality of
the information. So, what can happen is that everyone can alter information according
to various pulses, like bias, personal interests, commercial factors, political motivations
and so on. Information can therefore be changed, added, removed, so to present users
with a certain biased perspective. All this process stays in the background, as normal
users are only presented with the final version of every page, assuming it is the definitive
answer whereas it may be just a transient by-product of the underlying information
war. In order to ameliorate this problem, and also to further study these phenomena,
Negapedia, the negative version of Wikipedia, has been introduced. Negapedia is an
online system that analyzes these underlying layers of social wars and make them
explicit via online portals, so that anyone can actually see what is going on behind the
scene and grasp the complex turmoil that is behind the visible outer layer of Wikipedia.
In this paper we illustrate the state of project and its most recent developments
AuthentiSense: A Scalable Behavioral Biometrics Authentication Scheme using Few-Shot Learning for Mobile Platforms
Mobile applications are widely used for online services sharing a large amount of personal data online. One-time authentication techniques such as passwords and physiological biometrics (e.g., fingerprint, face, and iris) have their own advantages but also disadvantages since they can be stolen or emulated, and do not prevent access to the underlying device, once it is unlocked. To address these challenges, complementary authentication systems based on behavioural biometrics have emerged. The goal is to continuously profile users based on their interaction with the mobile device. However, existing behavioural authentication schemes are not (i) user-agnostic meaning that they cannot dynamically handle changes in the user-base without model re-training, or (ii) do not scale well to authenticate millions of users.
In this paper, we present AuthentiSense, a user-agnostic, scalable, and efficient behavioural biometrics authentication system that enables continuous authentication and utilizes only motion patterns (i.e., accelerometer, gyroscope, and magnetometer data) while users interact with mobile apps. Our approach requires neither manually engineered features nor a significant amount of data for model training. We leverage a few-shot learning technique, called Siamese network, to authenticate users at a large scale. We perform a systematic measurement study and report the impact of the parameters such as interaction time needed for authentication and n-shot verification (comparison with enrollment samples) at the recognition stage. Remarkably, AuthentiSense achieves high accuracy of up to 97% in terms of F1-score even when evaluated in a few-shot fashion that requires only a few behaviour samples per user (3 shots). Our approach accurately authenticates users only after 1 second of user interaction. For AuthentiSense, we report a FAR and FRR of 0.023 and 0.057, respectively