Data and Applications Security Research at the

University of Texas at Dallas

Dr. Bhavani Thuraisingham

The University of Texas at Dallas

April 25, 2006

Cyber Security Research Areas at UTD Network Security

Secure wireless and sensor networks Systems and Language Security

Embedded systems security, Buffer overflow defense Data and Applications Security

Information sharing, Geospatial data management, Surveillance, Secure web services, Privacy, Dependable information management, Intrusion detection

Security Theory and Protocols Secure group communication

Security Engineering Secure component-based software

Cross Cutting Themes Vulnerability analysis, Access control

Research Group: Data and Applications Security

Core Group

- Prof. Bhavai Thuraisingham (Professor & Director, Cyber Security Research Center)

- Prof. Latifur Khan (Director, Data Mining Laboratory)

- Prof. Murat Kantarcioglu (Joined Fall 2005, PhD. Purdue U.)

- Prof. Kevin Hamlen (will join Fall 2006 from Cornell U.) Students and Funding

- 10 PhD Students, 16 MS students

- Research grants (Since 2005) Air Force Office of Scientific Research Center, Raytheon Corporation, Nokia Corporation and proposals submitted to NSF, DHS, etc.

- Our Vision: Assured Information Sharing, Secure Geospatial data

management, Video Surveillance

Vision 1: Assured Information Sharing

PublishData/Policy

ComponentData/Policy for Agency A

Data/Policy for Coalition

PublishData/Policy

ComponentData/Policy for Agency C

ComponentData/Policy for Agency B

PublishData/Policy

1. Friendly partners

2. Semi-honest partners

3. Untrustworthy partners

Vision 2: Secure Geospatial Data Management

Data Source A

Data Source B

Data Source CSECURITY/ QUALITY

Semantic Metadata ExtractionDecision Centric FusionGeospatial data interoperability through web servicesGeospatial data miningGeospatial semantic web

Tools for Analysts

Discussions on collaborative research between UTD, OGC (Open Geospatial Consortium), Oracle and Raytheon

Vision 3: Surveillance and Privacy

Raw video surveillance data

Face Detection and Face Derecognizing system

Suspicious Event Detection System

Manual Inspection of video data

Comprehensive security report listing suspicious events and people detected

Suspicious people found

Suspicious events found

Report of security personnel

Faces of trusted people derecognized to preserve privacy

Example Projects Assured Information Sharing

- Secure Semantic Web Technologies

- Social Networks

- Privacy Preserving Data Mining

Geospatial Data Management

- Geospatial data mining

- Geospatial data security

Surveillance

- Suspicious Event Detention

- Privacy preserving Surveillance

- Automatic Face Detection

Cross Cutting Themes

- Data Mining for Security Applications (e.g., Intrusion detection, Mining Arabic Documents); Dependable Information Management

Secure Semantic Web

Policies

Ontologies

Rules

Semantic Web Engine

XML, RDF DocumentsWeb Pages, Databases

Inference Engine/Rules Processor

Interface to the Semantic WebTechnologyAt UTD

Social Networks

Individuals engaged in suspicious or undesirable behavior rarely act alone

We can infer than those associated with a person positively identified as suspicious have a high probability of being either:

- Accomplices (participants in suspicious activity)

- Witnesses (observers of suspicious activity) Making these assumptions, we create a context of association

between users of a communication network

Privacy Preserving Data Mining Prevent useful results from mining

- Introduce “cover stories” to give “false” results

- Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functions

Randomization and Perturbation

- Introduce random values into the data and/or results

- Challenge is to introduce random values without significantly affecting the data mining results

- Give range of values for results instead of exact values Secure Multi-party Computation

- Each party knows its own inputs; encryption techniques used to compute final results

Geospatial Data Mining:Change Detection

Trained Neural Network to predict “new” pixel from “old” pixel

- Neural Networks good for multidimensional continuous data

- Multiple nets gives range of “expected values” Identified pixels where actual value substantially outside range

of expected values

- Anomaly if three or more bands (of seven) out of range Identified groups of anomalous pixels

Framework for Geospatial Data Security

DATA PRESENTATION COMPONENTS

Access Control Module

Geospatial Data Registration

spatial and temporal registration of geospatial data

Data Integration Services&

Data Repository Access

DATA ACCESS LAYER

DAC/RBAC Policy Specification

Policy ReasoningEngine

Trust & Privacy Management

Authentic Data Publication

Auditing

Misuse Detection

SECURITY LAYER

OpenGeospatialConsortiumFramework

Core &ApplicationSchemas

GeospatialFeatures

GeographyMarkupLanguage

Metadata

GIS Web ServicesTraditional GIS

Wrapper

GeospatialDataRepositories

Data Mining for Surveillance

We define an event representation measure based on low-level features

This allows us to define “normal” and “suspicious” behavior and classify events in unlabeled video sequences appropriately

A visualization tool can then be used to enable more efficient browsing of video data

Data Mining for Intrusion Detection

TrainingData Classification

Hierarchical Clustering (DGSOT)

Testing

Testing Data

SVM Class Training

DGSOT: Dynamically growing self organizing treeSVM: Support Vector Machine

Information Assurance Education

Current CoursesIntroduction to Information Security: Prof. ShaTrustworthy Computing: Prof. Sha Cryptography: Prof. SudburoughInformation Assurance: Prof. YenData and Applications Security: Prof. ThuraisinghamBiometrics: Prof. ThuraisinghamPrivacy: Prof. Murat Kantarcioglu

Future CoursesNetwork Security: Profs. Ventatesan, Sarac Security Engineering: Profs. Bastani, CooperDigital Forensics: Prof. VenkatesanIntrusion Detection: Prof. KhanDigital Watermarking: Prof. Prabhakaran

Technical and Professional Accomplishments

Publications of research in top journals and conferences, books IEEE Transactions on Knowledge and Data Engineering, IEEE Transaction on Software Engineering, IEEE Computer, IEEE Transactions on Systems, Man and Cybernetics, IEEE Transactions on Parallel and Distributed Systems, VLDB Journal, 7 books published and 2 books in preparation including one on UTD research (Data Mining Applications, Awad, Khan and Thuraisingham)

Member of Editorial Boards/Editor in Chief Journal of Computer Security, ACM Transactions on Information and Systems Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Knowledge Engineering, Computer Standards and Interfaces - - -

Advisory Boards / MembershipsPurdue University CS Department, - - -

Awards and Fellowships IEEE Fellow, AAAS Fellow, BCS Fellow, IEEE Technical Achievement Award, IEEE Senior Member, - - -