Data-Driven Approaches for Detecting Malware-Infected IoT Devices and Characterizing Their Unsolicited Behaviors by Leveraging Passive Internet Measurements

Despite the benefits of Internet of Things (IoT) devices, the insecurity of IoT and their deployment nature have turned them into attractive targets for adversaries, which contributed to the rise of IoT-tailored malware as a major threat to the Internet ecosystem. In this thesis, we address the threats associated with the emerging IoT malware, which utilize exploited devices to perform large-scale cyber attacks (e.g., DDoS). To mitigate such threat, there is a need to possess an Internet perspective of the deployed IoT devices while building a better understanding about the behavioral characteristic of malware-infected devices, which is challenging due to the lack of empirical data and knowledge about the deployed IoT devices and their behavioral characteristics. To address these challenges, in this thesis, we leverage passive Internet measurements and IoT device information to detect exploited IoT devices and investigate their generated traffic at the network telescope (darknet). We aim at proposing data-driven approaches for effective and near real-time IoT threat detection and characterization. Additionally, we leverage a specialized IoT Honeypot to analyze a large corpus of real IoT malware binary executable. We aim at building a better understanding about the current state of IoT malware while addressing the problems of IoT malware classification and family attribution. To this end, we perform the following to achieve our objectives: First, we address the lack of empirical data and knowledge about IoT devices and their activities. To this end, we leverage an online IoT search engine (e.g., Shodan.io) to obtain publicly available device information in the realms of consumer and cyber-physical system (CPS), while utilizing passive network measurements collected at a large-scale network telescope (CAIDA), to infer compromised devices and their unsolicited activities. Indeed, we were among the first to report experimental results on detecting compromised IoT devices and their behavioral characteristics in the wild, while demonstrating their active involvement in large-scale malware-generated malicious activities such as Internet scanning. Additionally, we leverage the IoT-generated backscatter traffic towards the network telescope to shed light on IoT devices that were victims of intensive Denial of Service (DoS) attacks. Second, given the highly orchestrated nature of IoT-driven cyber-attacks, we focus on the analysis of IoT-generated scanning activities to detect and characterize scanning campaigns generated by IoT botnets. To this end, we aggregate IoT-generated traffic and performing association rules mining to infer campaigns through common scanning objectives represented by targeted destination ports. Further, we leverage behavioural characteristics and aggregated flow features to correlate IoT devices using DBSCAN clustering algorithm. Indeed, our findings shed light on compromised IoT devices, which tend to operate within well coordinated IoT botnets. Third, considering the huge number of IoT devices and the magnitude of their malicious scanning traffic, we focus on addressing the operational challenges to automate large-scale campaign detection and analysis while generating threat intelligence in a timely manner. To this end, we leverage big data analytic frameworks such as Apache Spark to develop a scalable system for automated detection of infected IoT devices and characterization of their scanning activities using our proposed approach. Our evaluation results with over 4TB of IoT traffic demonstrated the effectiveness of the system to infer scanning campaigns generated by IoT botnets. Moreover, we demonstrate the feasibility of the implemented system/framework as a platform for implementing further supporting applications, which leverage passive Internet measurement for characterizing IoT traffic and generating IoT-related threat intelligence. Fourth, we take first steps towards mitigating threats associated with the rise of IoT malware by creating a better understanding about the characteristics and inter-relations of IoT malware. To this end, we analyze about 70,000 IoT malware binaries obtained by a specialized IoT honeypot in the past two years. We investigate the distribution of IoT malware across known families, while exploring their detection timeline and persistent. Moreover, while we shed light on the effectiveness of IoT honeypots in detecting new/unknown malware samples, we utilize static and dynamic malware analysis techniques to uncover adversarial infrastructure and investigate functional similarities. Indeed, our findings enable unknown malware labeling/attribution while identifying new IoT malware variants. Additionally, we collect malware-generated scanning traffic (whenever available) to explore behavioral characteristics and associated threats/vulnerabilities. We conclude this thesis by discussing research gaps that pave the way for future work

Unconventional Water Resources: Global Opportunities and Challenges

Water is of central importance for reaching the Sustainable Development Goals (SDGs) of the United Nations. With predictions of dire global water scarcity, attention is turning to resources that are considered to be unconventional, and hence called Unconventional Water Resources (UWRs). These are considered as supplementary water resources that need specialized processes to be used as water supply. The literature encompasses a vast number of studies on various UWRs and their usefulness in certain environmental and/or socio-economic contexts. However, a recent, all-encompassing article that brings the collective knowledge on UWRs together is missing. Considering the increasing importance of UWRs in the global push for water security, the current study intends to offer a nuanced understanding of the existing research on UWRs by summarizing the key concepts in the literature. The number of articles published on UWRs have increased significantly over time, particularly in the past ten years. And while most publications were authored from researchers based in the USA or China, other countries such as India, Iran, Australia, and Spain have also featured prominently. Here, twelve general types of UWRs were used to assess their global distribution, showing that climatic conditions are the main driver for the application of certain UWRs. For example, the use of iceberg water obviously necessitates access to icebergs, which are taken largely from arctic regions. Overall, the literature review demonstrated that, even though UWRs provide promising possibilities for overcoming water scarcity, current knowledge is patchy and points towards UWRs being, for the most part, limited in scope and applicability due to geographic, climatic, economic, and political constraints. Future studies focusing on improved documentation and demonstration of the quantitative and socio-economic potential of various UWRs could help in strengthening the case for some, if not all, UWRs as avenues for the sustainable provision of water

Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users

ABSTRACT Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population of active subscribers, has become a common place for sharing various types of HI. At the same time, Facebook was shown to be vulnerable to various attacks, resulting in unintended information disclosure, privacy invasion, and information misuse. As such, Facebook users face the dilemma of benefiting from HI sharing and risking their privacy. In this work, we investigate HI sharing practices, preferences, and risk perceptions among Facebook users. We interviewed 21 participants with chronic health conditions to identify the key factors that influence users' motivation to share HI on Facebook. We then conducted an online survey with 492 Facebook users in order to validate, refine, and extend our findings. While some factors related to sharing HI were found in literature, we provide a deeper understanding of the main factors that influenced users' motivation to share HI on Facebook. The results suggest that the gained benefits from prior HI sharing experiences, and users' overall attitudes toward privacy, correlate with their motivation to disclose HI. Furthermore, we identify other factors, specifically users' perceived health and the audience of the shared HI, that appear to be linked with users' motivation to share HI. Finally, we suggest design improvementssuch as anonymous identity as well as search and recommendation features-for facilitating HI sharing on Facebook and similar sites

Towards understanding users' motivation to share health information on Facebook

Motivated by the two-way benefits, people have used a variety of web-based services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population of active subscribers, has become a common place for sharing various types of HI. At the same time, Facebook was shown to be vulnerable to various attacks, resulting in unintended information disclosure, privacy invasion, and information misuse. As such, Facebook users face the dilemma of benefiting from HI sharing and risking their privacy. In this work, we investigate HI sharing practices, preferences, and risk perceptions among Facebook users. Our exploration focused on two main goals: (1) to identify the key factors that influenced users’ motivation to share HI on Facebook, and (2) to highlight a number of features that could motivate people toward engaging in effective HI sharing on Facebook. To achieve these goals, we first surveyed 166 active Facebook users about their HI sharing practices and risk perceptions. We quantified HI sharing practices and confirmed that it has become a common practice among users. Moreover, we found that the type of the shared HI and its recipients, can highly influence users’ perceived privacy risks when sharing HI. Following our preliminary survey, we interviewed 21 participants with chronic health conditions to identify the key factors that influence users’ motivation to share HI on Facebook. Then, we conducted an online survey with 492 Facebook users in order to validate, refine, and extend our findings. The results suggest that the gained benefits from prior HI sharing experiences, and users’ overall attitudes toward privacy, correlate with their motivation to disclose HI. Furthermore, we identify other factors, specifically users’ perceived health and the audience of the shared HI, that appear to be linked with users’ motivation to share HI. Finally, we suggest design improvements— such as anonymous identity as well as search and recommendation features— for facilitating HI sharing on Facebook and similar sites.Applied Science, Faculty ofElectrical and Computer Engineering, Department ofGraduat

Polar Ice as an Unconventional Water Resource: Opportunities and Challenges

Global water resources are under pressure due to increasing population and diminishing conventional water resources caused by global warming. Water scarcity is a daunting global problem which has prompted efforts to find unconventional resources as an appealing substitute for conventional water, particularly in arid and semiarid regions. Ice is one such unconventional water resource, which is available mainly in the Arctic and Antarctic. In this study, opportunities and challenges in iceberg utilization as a source of freshwater were investigated on the basis of a systematic literature review (SLR). A search in three databases (Scopus, Web of Science, and ProQuest) yielded 47 separate studies from 1974 to 2019. The SLR indicated that harvesting iceberg water, one of the purest sources of water, offers benefits ranging from supplying freshwater and creating new jobs to avoiding iceberg damage to offshore structures. Economic considerations and risks associated with iceberg towing were identified as the main limitations to iceberg harvesting, while environmental impacts were identified as the main challenge to exploiting this resource. Assessment of trends in ice sheets in Arctic and Antarctic across different spatiotemporal scales indicated that the main sources of icebergs showed a statistically significant (p < 0.01) decreasing trend for all months and seasons during 2005–2019

New indices for assessing changes in seasons and in timing characteristics of air temperature

Abstract Previous studies examining climate change and changes in the timing of seasons have used a fixed temperature threshold for season onset. In this study, the timing of seasons was determined using non-fixed threshold methods. Twelve new timing indices were defined to account for shifts in seasons and season onset day, thermal centroid day, and length. The Mann-Kendall test, Theil-Sen’s slope estimator, sequential Mann-Kendall test, and least square linear regression were used to assess trends. The timing indices were examined using data from two meteorological stations in Iran with 50 years of records. Spatio-temporal variations in each index over 30 years (1987–2016) were then determined for Khuzestan province in southwestern Iran. Trend analysis for several indices indicated that the timing of seasons had probably changed in the south and west of the study area, while mountainous regions showed non-significant trends. Based on the hottest and coldest 90-day periods (summer and winter, respectively), during the three decades studied, spring lengthened by 5–10 days/decade in the plain region of Khuzestan province and autumn shortened by about 5–8 days/decade. The centroid of winter occurred earlier, by 2–5 days/decade, in the plains area, while the thermal centroid of summer did not change significantly. Overall, the difference between the thermal centroid of winter and summer (Cwin-sum) in the plains area significantly decreased, by 6–8 days/decade, in the 30-year period

Polar ice as an unconventional water resource:opportunities and challenges

Abstract Global water resources are under pressure due to increasing population and diminishing conventional water resources caused by global warming. Water scarcity is a daunting global problem which has prompted efforts to find unconventional resources as an appealing substitute for conventional water, particularly in arid and semiarid regions. Ice is one such unconventional water resource, which is available mainly in the Arctic and Antarctic. In this study, opportunities and challenges in iceberg utilization as a source of freshwater were investigated on the basis of a systematic literature review (SLR). A search in three databases (Scopus, Web of Science, and ProQuest) yielded 47 separate studies from 1974 to 2019. The SLR indicated that harvesting iceberg water, one of the purest sources of water, offers benefits ranging from supplying freshwater and creating new jobs to avoiding iceberg damage to offshore structures. Economic considerations and risks associated with iceberg towing were identified as the main limitations to iceberg harvesting, while environmental impacts were identified as the main challenge to exploiting this resource. Assessment of trends in ice sheets in Arctic and Antarctic across different spatiotemporal scales indicated that the main sources of icebergs showed a statistically significant (p < 0.01) decreasing trend for all months and seasons during 2005–2019

A New Evolutionary Hybrid Random Forest Model for SPEI Forecasting

State-of-the-art random forest (RF) models have been documented as versatile tools to solve regression and classification problems in hydrology. They can model stochastic time series by bagging different decision trees. This article introduces a new hybrid RF model that increases the forecasting accuracy of RF-based models. The new model, called GARF, is attained by integrating genetic algorithm (GA) and hybrid random forest (RF), in which different decision trees are bagged. We applied GARF to model and forecast a multitemporal drought index (SPEI-3 and SPEI-6) at two meteorology stations (Beypazari and Nallihan) in Ankara, Turkey. We compared the associated results with classic RF, standalone extreme learning machine (ELM), and a hybrid ELM model optimized by Bat algorithm (Bat-ELM) to verify the new model accuracy. The performance assessment was performed using graphical and statistical analysis. The forecasting results demonstrated that the GARF outperformed the benchmark models. GARF achieved the least error in a quantitative assessment for the prediction of both SPEI-3 and SPEI-6, particularly in the testing period. The results of this study showed that the new model can improve the forecasting accuracy of the classic RF technique up to 30% and 40% at Beypazari and Nallihan stations, respectively

Determination of critical time points in non-collision incidents of elderly passengers in standing position on urban bus

Objective: Due to the reduced physical ability of elderly, the occurrence of non-collision incidents is higher for these passengers in standing position. Therefore, the purpose of the present study is to determine the critical time points of non-collision incidents using the level of leg muscle activity in elderly standing passengers on urban bus. Methods: To determine the critical time points in the occurrence of non-collision incidents, the level of muscular activity of the standing passengers was analyzed using a surface electromyography (surface EMG) device during the movement scenario of the bus. The results of assessing the leg muscle activity was analyzed in SPSS software. Results: The contraction pattern of the leg muscles in standing passengers was consistent with Newton’s First Law. The results showed that the level of muscular activity decreased in the right leg muscles when changing the phase of bus motion from acceleration to constant velocity. This level of muscular activity in the left leg muscles increased when constant velocity changed to deceleration. These changes were quite significant in the medial gastrocnemius and soleus muscles (P \u3c 0.05). Conclusions: According to these findings, it was found that the acceleration and deceleration phases, especially the starting and changing phases of bus motion, are the most critical time points in the occurrence of non-collision incidents in elderly standing passengers on urban bus