data and applications security research at the university of texas at dallas dr. bhavani...
TRANSCRIPT
Data and Applications Security Research at the
University of Texas at Dallas
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
April 25, 2006
Cyber Security Research Areas at UTD Network Security
Secure wireless and sensor networks Systems and Language Security
Embedded systems security, Buffer overflow defense Data and Applications Security
Information sharing, Geospatial data management, Surveillance, Secure web services, Privacy, Dependable information management, Intrusion detection
Security Theory and Protocols Secure group communication
Security Engineering Secure component-based software
Cross Cutting Themes Vulnerability analysis, Access control
Research Group: Data and Applications Security
Core Group
- Prof. Bhavai Thuraisingham (Professor & Director, Cyber Security Research Center)
- Prof. Latifur Khan (Director, Data Mining Laboratory)
- Prof. Murat Kantarcioglu (Joined Fall 2005, PhD. Purdue U.)
- Prof. Kevin Hamlen (will join Fall 2006 from Cornell U.) Students and Funding
- 10 PhD Students, 16 MS students
- Research grants (Since 2005) Air Force Office of Scientific Research Center, Raytheon Corporation, Nokia Corporation and proposals submitted to NSF, DHS, etc.
- Our Vision: Assured Information Sharing, Secure Geospatial data
management, Video Surveillance
Vision 1: Assured Information Sharing
PublishData/Policy
ComponentData/Policy for Agency A
Data/Policy for Coalition
PublishData/Policy
ComponentData/Policy for Agency C
ComponentData/Policy for Agency B
PublishData/Policy
1. Friendly partners
2. Semi-honest partners
3. Untrustworthy partners
Vision 2: Secure Geospatial Data Management
Data Source A
Data Source B
Data Source CSECURITY/ QUALITY
Semantic Metadata ExtractionDecision Centric FusionGeospatial data interoperability through web servicesGeospatial data miningGeospatial semantic web
Tools for Analysts
Discussions on collaborative research between UTD, OGC (Open Geospatial Consortium), Oracle and Raytheon
Vision 3: Surveillance and Privacy
Raw video surveillance data
Face Detection and Face Derecognizing system
Suspicious Event Detection System
Manual Inspection of video data
Comprehensive security report listing suspicious events and people detected
Suspicious people found
Suspicious events found
Report of security personnel
Faces of trusted people derecognized to preserve privacy
Example Projects Assured Information Sharing
- Secure Semantic Web Technologies
- Social Networks
- Privacy Preserving Data Mining
Geospatial Data Management
- Geospatial data mining
- Geospatial data security
Surveillance
- Suspicious Event Detention
- Privacy preserving Surveillance
- Automatic Face Detection
Cross Cutting Themes
- Data Mining for Security Applications (e.g., Intrusion detection, Mining Arabic Documents); Dependable Information Management
Secure Semantic Web
Policies
Ontologies
Rules
Semantic Web Engine
XML, RDF DocumentsWeb Pages, Databases
Inference Engine/Rules Processor
Interface to the Semantic WebTechnologyAt UTD
Social Networks
Individuals engaged in suspicious or undesirable behavior rarely act alone
We can infer than those associated with a person positively identified as suspicious have a high probability of being either:
- Accomplices (participants in suspicious activity)
- Witnesses (observers of suspicious activity) Making these assumptions, we create a context of association
between users of a communication network
Privacy Preserving Data Mining Prevent useful results from mining
- Introduce “cover stories” to give “false” results
- Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functions
Randomization and Perturbation
- Introduce random values into the data and/or results
- Challenge is to introduce random values without significantly affecting the data mining results
- Give range of values for results instead of exact values Secure Multi-party Computation
- Each party knows its own inputs; encryption techniques used to compute final results
Geospatial Data Mining:Change Detection
Trained Neural Network to predict “new” pixel from “old” pixel
- Neural Networks good for multidimensional continuous data
- Multiple nets gives range of “expected values” Identified pixels where actual value substantially outside range
of expected values
- Anomaly if three or more bands (of seven) out of range Identified groups of anomalous pixels
Framework for Geospatial Data Security
DATA PRESENTATION COMPONENTS
Access Control Module
Geospatial Data Registration
spatial and temporal registration of geospatial data
Data Integration Services&
Data Repository Access
DATA ACCESS LAYER
DAC/RBAC Policy Specification
Policy ReasoningEngine
Trust & Privacy Management
Authentic Data Publication
Auditing
Misuse Detection
SECURITY LAYER
OpenGeospatialConsortiumFramework
Core &ApplicationSchemas
GeospatialFeatures
GeographyMarkupLanguage
Metadata
GIS Web ServicesTraditional GIS
Wrapper
GeospatialDataRepositories
Data Mining for Surveillance
We define an event representation measure based on low-level features
This allows us to define “normal” and “suspicious” behavior and classify events in unlabeled video sequences appropriately
A visualization tool can then be used to enable more efficient browsing of video data
Data Mining for Intrusion Detection
TrainingData Classification
Hierarchical Clustering (DGSOT)
Testing
Testing Data
SVM Class Training
DGSOT: Dynamically growing self organizing treeSVM: Support Vector Machine
Information Assurance Education
Current CoursesIntroduction to Information Security: Prof. ShaTrustworthy Computing: Prof. Sha Cryptography: Prof. SudburoughInformation Assurance: Prof. YenData and Applications Security: Prof. ThuraisinghamBiometrics: Prof. ThuraisinghamPrivacy: Prof. Murat Kantarcioglu
Future CoursesNetwork Security: Profs. Ventatesan, Sarac Security Engineering: Profs. Bastani, CooperDigital Forensics: Prof. VenkatesanIntrusion Detection: Prof. KhanDigital Watermarking: Prof. Prabhakaran
Technical and Professional Accomplishments
Publications of research in top journals and conferences, books IEEE Transactions on Knowledge and Data Engineering, IEEE Transaction on Software Engineering, IEEE Computer, IEEE Transactions on Systems, Man and Cybernetics, IEEE Transactions on Parallel and Distributed Systems, VLDB Journal, 7 books published and 2 books in preparation including one on UTD research (Data Mining Applications, Awad, Khan and Thuraisingham)
Member of Editorial Boards/Editor in Chief Journal of Computer Security, ACM Transactions on Information and Systems Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Knowledge Engineering, Computer Standards and Interfaces - - -
Advisory Boards / MembershipsPurdue University CS Department, - - -
Awards and Fellowships IEEE Fellow, AAAS Fellow, BCS Fellow, IEEE Technical Achievement Award, IEEE Senior Member, - - -