With the ever-increasing amount of cyberthreats out there, securing IT and OT infrastructures against these threats has become not only desirable, but fundamental. Network Intrusion Detection Systems (NIDS) are key assets for system protection, providing early alerts of network attacks. An important class of NIDS are those based on ML techniques, around which a substantial amount of research is being done these days. Unfortunately, being ML-based, these NIDS can be targeted by adversarial evasion attacks (AEA), which malicious parties try to exploit to perform network attacks without being detected.

Abstract

Malicious software or malware is a serious cybersecurity threat, and the research communi

Our daily lives are becoming increasingly dependent on smart cyber-physical infrastructures, such as smart homes and cities, smart grid, smart transportation, smart healthcare, smart agriculture, and so on.

Networks are nowadays pervasive in Big Data. It is often useful to regroup such data in clusters according to distinctive node features and use a representative element for each cluster, hence generating a novel contracted graph that shrank in size.

 

Abstract

The talk will give an overview of research at the Department of Computer

As many types of IoT devices worm their way into numerous settings and many aspects of our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation.

Deep neural networks (DNNs) are revolutionizing computing, necessitating an integrated approach across the computing stack to optimize efficiency. In this talk, I will explore the frontier of DNN optimization, spanning algorithms, software, and hardware. We'll start with hardware-aware neural architecture search, demonstrating how tailoring DNN architectures to specific hardware can drastically enhance performance.

The rapid growth of Artificial Intelligence (AI) and Deep Learning mirrors an infectious phenomenon. While AI systems promise diverse applications and benefits, they bear substantial security and privacy risks. Indeed, AI represents a goldmine for the security and privacy research domain.

Machine learning (ML) has witnessed remarkable advancements in recent years, demonstrating its effectiveness in a wide array of applications, including intrusion detection systems (IDS). However, when operating in adversarial environments, ML-based systems are susceptible to a range of attacks.

Our society keeps entrusting ICT systems with high value cyber-only assets, such as our most sensitive data, finances, etc. However, when it comes to cyber-physical systems and their ability to act in and with the physical world, lifes are at risk and require rigorous protection against accidental faults and cyberattacks.

Federated Learning (FL) is a distributed machine learning approach that allows multiple parties to train a model collaboratively without sharing sensitive data.

Imagining a new Internet architecture enables us to explore new networking concepts without the constraints imposed by the current Infrastructure. In this presentation, we invite you to join us on our 14-year-long expedition of creating the SCION next-generation secure Internet architecture.

Machine learning (ML) is vulnerable to security and privacy attacks. Whereas security attacks aim at preventing model convergence or forcing convergence to wrong models, privacy attacks attempt to disclose the data used to train the model.

Internet of Things (IoT) applications can exploit energy harvesting systems to guarantee virtually uninterrupted operations. However, the use of energy harvesting poses issues concerning the optimization of the utility of the application while guaranteeing energy neutrality of the devices.

The risk of security breaches is now higher than ever, and attackers routinely break into corporate networks, government services, and even critical infrastructures. As a result, it is not a matter of `if' a system will be compromised, but only a matter of `when' -- thus making the way we handle computer incidents and investigations of paramount importance.

Security and privacy systems are often composed of complex components and details. However, users’ experience shouldn’t be as complex. In this seminar, Eman will discuss the human factor in the security and privacy chain. While human privacy perceptions and behaviors have been investigated in Western societies, little is known about these issues in non-Western societies.

The Domain Name System (DNS) is a core protocol for the Internet. It resolves mappings between Internet Protocol (IP) addresses and their corresponding Fully Qualified Domain Names (FQDNs). Since all Internet communications rely on it, DNS structuring should therefore be resilient and robust against failure to avoid any service interruption. While the research community and experienced practitioners have established best practices to this end, many worldwide DNS implementations are still prone to many types of configuration errors. In this talk, I discuss the adoption of these approaches in some countries. Also, a case study is presented considering domains in Saudi Arabia (.sa) that illustrates the value of measuring the DNS at this scale. The results are valuable to improve the DNS infrastructure in the kingdom. Lastly, I provide recommendations to improve DNS service resilience and robustness.

In recent years we are witnessing the advent of service computing and cloud technologies in industrial applications, with intriguing innovations and novel compelling challenges. For instance, in the automotive, there are initiatives for consolidating Electronic Control Units (ECUs) as virtual machines on the same board. Or in the Industry 4.0 (I4.0), researchers and practitioners are dealing with the challenge of making the factory floor programmable by softwarizing hardware elements with edge-cloud native components. The talk will delve into this novel trend, discussing enabling virtualization technologies for industrial systems, including hypervisors, real-time container-based solutions, and software orchestration approaches.

Cloud storage is pervasive nowadays; surprisingly, how to secure cloud storage that is usable in the real world is in fact still open. In this work, we propose a novel system called End-to-Same-End Encryption (E2SEE) that can be deployed directly on existing infrastructure and provide both security and usability. Our system can be flexibly used to augment any App with secure storage, for users to create a personal digital lockbox, and for the cloud to provide secure storage service. A preliminary version of E2SEE was deployed in Snapchat, serving hundreds of millions of users, and the research result was published at USENIX Security 22.

Federated learning (FL) is increasingly deployed among multiple clients to train a shared model over decentralized data. To address the privacy concerns, FL systems need to protect the clients' data from being revealed during training, and also control data leakage through trained models when exposed to untrusted domains. However, existing FL systems (with distributed differential privacy) work impractically in the presence of client dropout, resulting in either poor privacy guarantees or degraded training accuracy. In addition, existing FL systems focus on safeguarding the privacy of training data, but not on protecting the confidentiality of the models being trained, which are increasingly of high business value. In this talk, I will present two pieces of our recent work that aim to address these aforementioned issues.

This presentation addresses the challenges associated with trusting Neural Networks due to their black-box nature and limited ability to answer important questions on how they behave. The thesis proposes techniques that increase the trustworthiness of Neural Network models by employing approaches to overcome their black-box nature. The techniques include efficient extraction and verification of weights and decisions to ensure correctness with regards to pre-existing properties, continuous and exact explanations of the model behavior, and scalable training techniques providing strong, theoretically provable guarantees of privacy. We provide strong, approximation-free guarantees about Neural Networks, improving their trustworthiness to make it more likely that users will be willing to deploy them in the real world.

Despite long-ago predictions (e.g., see Bill Gates, 2004) that other user-authentication technologies would replace passwords, passwords remain not only pervasive but have flourished as the dominant form of account protection, especially at websites such as retailers that require a low-friction user experience. This talk will describe our research on methods to tackle three key ingredients of account takeovers for password-protected accounts today: (i) site database breaches, which is the largest source of stolen passwords for internet sites; (ii) the tendency of users to reuse the same or similar passwords across sites; and (iii) credential stuffing, in which attackers submit breached credentials for one site in login attempts for the same users' accounts at another.

In this talk I will discuss the shift towards hardware acceleration and show with several examples from industry and from research the large role that FPGAs are playing. I will hypothesize that we are in a new era where most of the established assumptions, rules of thumb, and accumulated wisdom about many aspects of computation in general and of data processing in particular no longer hold and need to be revisited.