TIFS Volume 16 | 2021

Password strength meters (PSMs) are being widely used, but they often give conflicting, inaccurate and misleading feedback, which defeats their purpose. Except for fuzzyPSM, all PSMs assume passwords are newly constructed, which is not true in reality. FuzzyPSM considers password reuse, six major leet transformations and initial capitalization, and performs the best as evaluated by Golla and Dürmuth at ACM CCS’18. On the basis of fuzzyPSM, we propose a new PSM based on R euse, L eet and S eparation, namely RLS-PSM.

This paper presents a signal processing and machine learning (ML) based methodology to leverage Electromagnetic (EM) emissions from an embedded device to remotely detect a malicious application running on the device and classify the application into a malware family. We develop Fast Fourier Transform (FFT) based feature extraction followed by Support Vector Machine (SVM) and Random Forest (RF) based ML models to detect a malware. We further propose methods to learn characteristic behavior of different malwares from EM traces to reveal similarities to known malware families and improve efficiency of malware analysis.

Record linkage is the challenging task of deciding which records, coming from disparate data sources, refer to the same entity. Established back in 1946 by Halbert L. Dunn, the area of record linkage has received tremendous attention over the years due to its numerous real-world applications, and has led to a plethora of technologies, methods, metrics, and systems.

Machine learning techniques have been widely applied to various applications. However, they are potentially vulnerable to data poisoning attacks, where sophisticated attackers can disrupt the learning procedure by injecting a fraction of malicious samples into the training dataset. Existing defense techniques against poisoning attacks are largely attack-specific: they are designed for one specific type of attacks but do not work for other types, mainly due to the distinct principles they follow.

This paper presents a signal processing and machine learning (ML) based methodology to leverage Electromagnetic (EM) emissions from an embedded device to remotely detect a malicious application running on the device and classify the application into a malware family. We develop Fast Fourier Transform (FFT) based feature extraction followed by Support Vector Machine (SVM) and Random Forest (RF) based ML models to detect a malware. 

Deep learning-based person re-identification (Re-ID) has made great progress and achieved high performance recently. In this paper, we make the first attempt to examine the vulnerability of current person Re-ID models against a dangerous attack method, i.e. , the universal adversarial perturbation (UAP) attack, which has been shown to fool classification models with a little overhead.

Monitoring all the internal flows in a datacenter is important to protect a victim against internal distributed denial-of-service (DDoS) attacks. Unused virtual machines (VMs) in a datacenter are used as monitors and flows are copied to the monitors from software defined networking (SDN) switches by adding some special rules. In such a system, a VM runs a machine learning method to detect DDoS behavior but it can only process a limited number/amount of flows. 

User activities in cyberspace leave unique traces for user identification (UI). Individual users can be identified by their frequent activity items through statistical feature matching. However, such approaches face the data sparsity problem. In this paper, we propose to address this problem by multi-item-set fingerprinting that identifies users not only based on their frequent individual activity items, but also their frequent consecutive item sequences with different lengths.

Identifying information sources plays a significant role in network science and engineering. However, existing source identification approaches generally focus on static networks without considering the temporal features of networks. To this end, we comprehensively study the problem of identifying single and multiple information sources in time-varying networks.

In this paper, a cyber-physical system (CPS) is considered, whose state estimation is done by a central controller (CC) using the measurements received from a wireless powered sensor network (WPSN) over fading channels. An adversary injects false data in this system by compromising some of the idle sensor nodes (SNs) of the WPSN. Using the WPSN for transmitting supervision and control data, in the aforementioned setting, makes the CPS vulnerable to both error and false data injection (FDI).