ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks

IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent. In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most 0.03%.Comment: To appear in the 32nd USENIX Security Symposium, August 2022, Anaheim CA, US

Negapedia, the negative version of Wikipedia: a trip into conflicts and passions

If you had to define Wikipedia using only one word, what would you use? The answer is easy: crowdsourcing. It is the power of crowdsourcing (individual efforts that, summed up, make for a greater whole) that contributed to the enormous growth of Wikipedia, leading it to its success. However, anything has pro’s and con’s, and as such even crowdsourcing, a beautiful and effective idea, has its pitfalls. The dark side of crowdsourcing is just its distributed nature: if everyone can contribute, then also everyone can destroy. “Destroy” here is used figuratively: destroy the impartiality of the information. So, what can happen is that everyone can alter information according to various pulses, like bias, personal interests, commercial factors, political motivations and so on. Information can therefore be changed, added, removed, so to present users with a certain biased perspective. All this process stays in the background, as normal users are only presented with the final version of every page, assuming it is the definitive answer whereas it may be just a transient by-product of the underlying information war. In order to ameliorate this problem, and also to further study these phenomena, Negapedia, the negative version of Wikipedia, has been introduced. Negapedia is an online system that analyzes these underlying layers of social wars and make them explicit via online portals, so that anyone can actually see what is going on behind the scene and grasp the complex turmoil that is behind the visible outer layer of Wikipedia. In this paper we illustrate the state of project and its most recent developments

AuthentiSense: A Scalable Behavioral Biometrics Authentication Scheme using Few-Shot Learning for Mobile Platforms

Mobile applications are widely used for online services sharing a large amount of personal data online. One-time authentication techniques such as passwords and physiological biometrics (e.g., fingerprint, face, and iris) have their own advantages but also disadvantages since they can be stolen or emulated, and do not prevent access to the underlying device, once it is unlocked. To address these challenges, complementary authentication systems based on behavioural biometrics have emerged. The goal is to continuously profile users based on their interaction with the mobile device. However, existing behavioural authentication schemes are not (i) user-agnostic meaning that they cannot dynamically handle changes in the user-base without model re-training, or (ii) do not scale well to authenticate millions of users. In this paper, we present AuthentiSense, a user-agnostic, scalable, and efficient behavioural biometrics authentication system that enables continuous authentication and utilizes only motion patterns (i.e., accelerometer, gyroscope, and magnetometer data) while users interact with mobile apps. Our approach requires neither manually engineered features nor a significant amount of data for model training. We leverage a few-shot learning technique, called Siamese network, to authenticate users at a large scale. We perform a systematic measurement study and report the impact of the parameters such as interaction time needed for authentication and n-shot verification (comparison with enrollment samples) at the recognition stage. Remarkably, AuthentiSense achieves high accuracy of up to 97% in terms of F1-score even when evaluated in a few-shot fashion that requires only a few behaviour samples per user (3 shots). Our approach accurately authenticates users only after 1 second of user interaction. For AuthentiSense, we report a FAR and FRR of 0.023 and 0.057, respectively