CAE Tech Talks
Mark your calendars and come join your friends in the CAE Forum! CAE Forum is a live, real-time, online, academic forum where members of the CAE community give non-technical presentation on topics of value to the CAE community. CAE Forum is about sharing your idea, knowledge, and expertise to empower and strengthen our community. It's that simple. CAE Forum presentations are normally held on the first Wednesday of each month during the Fall and Spring semesters.
- A recording of the live presentation will be available at: https://www.caecommunity.org/resources/case-forum-resources
- Questions? Email caeforum@caecommunity.org
2 November 2022
The use of Steganography and Steganalysis Trends in Computer Science
Time: 1:00pm – 1:50 pm EST
Log in to the presentation
Just log in as “Guest” and enter your name. No password required.
Presenter(s): Dinesh Reddy, Our Lady of the Lake University
Description: Steganography is the art and science of writing hidden messages. The goal is to hide information in files so that even if the files with hidden information are intercepted, it is not clear that information is hidden in those files. Steganalysis is the process of analyzing a file or files for hidden content. Steganalysis can show the likelihood that a given file has additional information hidden in it, by using tools such as S-Tools and Invisible Secrets. A forensic examiner must be very familiar with techniques and trends in steganography and steganalysis. This means a forensic examiner should be able to do steganography and steganalysis by knowing multiple techniques and best practices for hiding/scrambling and recovering information.
Vulnerabilities of Machine Learning Algorithms to Adversarial Attacks for Cyber-Physical Power Systems
Time: 2:00pm – 2:50 pm EST
Log in to the presentation
Just log in as “Guest” and enter your name. No password required.
Presenter(s): Tapadhir Das, Universityof Nevada, Reno
Description: Artificial intelligence (AI) techniques have been widely employed to monitor, control, and manage Cyber-Physical Power Systems (CPPS). AI algorithms provide several advantages over analytical algorithms including modeling flexibility and applicability to real-time control and operation. However, AI algorithms, especially those dependent on machine learning (ML), could be exposed to multiple attack vectors through unsecured and unencrypted communications. Recent attacks have shown several vulnerabilities of ML algorithms to adversarial attacks. Attacks can include fabricated samples, poisoned data, and changes in model architecture to make deliberate errors. Therefore, it has become crucial to ensure the security, reliability, and robustness of deployed ML algorithms against adversarial attacks. This chapter discusses the vulnerabilities of ML algorithms to adversarial attacks, possible attack vectors, real-work examples of adversarial attacks on ML algorithms, numerical examples, and discussions to enhance MLalgorithms against adversarial attacks in CPPS.
Mark your calendars and come join your friends in the CAE community for a Tech Talk. CAE Tech Talks are free and conducted live in real-time over the Internet so no travel is required. Capitol Technology University (CTU) hosts the presentations using Zoom which employs slides, VOIP, and chat for live interaction. Just log in as “Guest” and enjoy the presentation.
- View CAE Tech Talks recordings
- Questions? Email CAETechTalk@nsa.gov
21 October 2021
Agent-based Modeling of Entity Behavior in Cyberspace
PRESENTATION#1
Understanding How People with Upper Extremity Impairment Authenticate on their Personal Computing Devices
Time:1:00pm –1:50pm EST
Just log in as “Guest” and enter your name. No passwordrequired.
Presenter(s): Brittany Lewis, University of Rhode Island
Description:Authentication has become increasingly ubiquitous for controlling access to personal computing devices (e.g., laptops, tablets, and smartphones). However, current ways of authenticating to these devices often require users to perform complex actions with their arms, hands or fingers (e.g., typing complex passwords or positioning a camera for facial recognition). This can create barriers for people with upper extremity impairment (UEI). A person with UEI lacks range of motion, strength, endurance, speed, and/or accuracy associated with arms, hands, or fingers. My research focuses on creating more accessible personal computing device authentication for people with UEI. In this talk, I will be discussing my work which explores the experiences people with UEI have when authenticating to their personal computing devices, what future research is necessary to make authentication accessible to them, and what impact the COVID-19 pandemic has had on their computing device use.
PRESENTATION#2
A User-Oriented Approach and Tool for Security and Privacy Protection on the Web
Time:2:00pm –2:50pm EST
Just log in as “Guest” and enter your name. No password required.
Presenter(s): Dr. Phu Phung, University of Dayton
Description:We introduce a novel approach to protecting the privacy of web users. We propose to monitor the behaviors of JavaScript code within a web origin based on the source of the code, i.e., code origin, to detect and prevent malicious actions that would compromise users’ privacy. Our code-origin policy enforcement approach not only advances the conventional same-origin policy standard but also goes beyond the “all-or-nothing” contemporary ad-blockers and tracker-blockers. In particular, our monitoring mechanism does not rely on browsers’ network request interception and blocking as in existing blockers. In contrast, we monitor the code that reads or sends user data sent out of the browser to enforce fine-grained and context-aware policies based on the origin of the code. We implement a proof-of-concept prototype and perform practical evaluations to demonstrate the effectiveness of our approach. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin. We show that our prototype is compatible with major browsers and popular real-world websites with promising runtime performance. Although implemented as a browser extension, our approach is browser-agnostic and can be integrated into the core of a browser as it is based on standard JavaScript.
May 20, 2021
Agent-based Modeling of Entity Behavior in Cyberspace
Time: 1:00pm – 1:50 pm EST
Log in to the presentation
Just log in as “Guest” and enter your name. No password required.
Presenter(s): Dr. Guillermo Francia, III, Faculty Scholar and Professor, UWF Center for Cybersecurity
Description: The talk presents the results of an ongoing research project, which utilizes agent-based models and scenarios to simulate the effect of user trust, adversary sophistication, user training, and system defenses on cybersecurity. These independent simulations utilize software agents which assume certain pre-defined attributes to emulate their physical counterparts on an environment that represents cyberspace.
Healthcare Virtualization
Time: 2:00pm – 2:50 pm EST
Log in to the presentation
Just log in as “Guest” and enter your name. No password required.
Presenter(s): Dr. Byrian Ramsey, University of the Cumberlands
Description: Cloud computing and services is the now and future of technology. Healthcare organizations continue to struggle with using cloud computing and services due to security concerns and the reliability of having access to data. With the implementation of layers of redundancy, virtualization introduces new levels of reliability with cloud computing and services; therefore, healthcare organizations continue to evolve to implement these services. Many executive leadership team members are concerned with having “all their eggs in one basket”. Now, through the redundancy of services, possessing all these in one system is very low if any risk. Also, research shows that cloud computing and services increase the healthcare of patients with the readiness of data. This talk will bring to light these issues and how we can move forward improving healthcare through cloud computing and services
February 18, 2021
A Machine Learning Approach for Detecting Cheats of Computer Game
Time: 1:00pm – 1:50 pm EST
Log in to the presentation
Just log in as “Guest” and enter your name. No password required.
Presenter(s): Dr. Latifur Khan, University of Texas at Dallas
Description: Cheating in massive multiple online games (MMOGs) adversely affect the game’s popularity and reputation among its users. Therefore, game developers invest large amount of efforts to detect and prevent cheats that provide an unfair advantage to cheaters over other naive users during game play. Particularly, MMOG clients share data with the server during game play. Game developers leverage this data to detect cheating. However, detecting cheats is challenging mainly due to the limited client-side information, along with unknown and complex cheating techniques. In this presentation, we aim to leverage machine learning-based models to predict cheats over encrypted game traffic during game play. Concretely, network game traffic during game play from each player can be used to determine whether a cheat is employed. A major challenge in developing such a prediction model is the availability of 12 sufficient training data, which is sparingly available in practice. Game traffic obtained from a few known players can be easily labeled. However, if such players are not a good representation of the population (i.e., other players), then a supervised model trained on labeled game traffic from these set of players may not generalize well for the population. Here, we propose a Graphics Processing Unit (GPU) based scalable transfer learning approach to overcome the constraints of limited labeled data. Our empirical evaluation on a popular MMOG demonstrates significant improvement in cheat prediction compared to other competing methods.
Securing software supply chains with in-toto
Time: 2:00pm – 2:50 pm EST
Log in to the presentation
Just log in as “Guest” and enter your name. No password required.
Presenter(s): Reza Curtmola, New Jersey Institute of Technology
Description: The security of software supply chains is a topic that has been largely overlooked over the past few years, despite numerous recent incidents which show that attacks can happen at any point in this chain, including the most recent one involving SolarWinds. We have developed in-toto, a novel framework that provides insights about processes that occurred in the various steps of the software supply chain. in-toto is the first security mechanism that protects software from the point when the developer commits the code until the end user installs it. in-toto has been deployed into several real-world open source and commercial systems.
September 17, 2020
Secure Container for Data Protection in Transit and at Rest with Leakage Detection
Time: 1:00pm – 1:50pm EST
Log in to the presentation
Presenter(s): Denis Ulybyshev, Tennessee Tech
Description: To provide data protection in transit and at rest in decentralized environments, we developed a Microsoft Office® -compatible data container, which guarantees data confidentiality and integrity and supports different data formats, including text and images. It provides role-based and attribute-based access control in decentralized environments with limited Internet connectivity, which is important at times of disease pandemics or natural disasters. Our solution is able to detect several types of data leakages that can be made by authorized insiders. The container can be used to securely store and transfer
different types of documents, including tax forms, bank statements and Electronic Health Records. This solution can potentially allow healthcare providers to email protected clinical and administrative data to patients without using a HIPAA-compliant email server.
Reverse Engineering Malware (REM)
Time: 2:00pm – 2:50pm EST
Log in to the presentation
Presenter(s): Dr. Marwan Omar, Saint Leo University
Description: Knowing how to analyze malware can bring an element of control into an otherwise chaotic environment that exists around a security incident. It’s also a critical aspect of modern forensic analysis actions, because it’s all too frequent for investigators to discover malware on the compromised systems
Assessment of Audio and Visual Warnings to Mitigate Risk of Phishing Attacks
Date: 1 April 2020
Time: 1:10-1:50pm ET
Log in to the presentation
Audience: Students, Professors, Govt.
Presenter(s): Molly Cooper and Dr. Yair Levy, Nova Southeastern University
Description/Abstract: Phishing attacks target significant volume of Americans per year, and costs American organizations in the millions of dollars annually. Phishing is a cyber-attack using social engineering. Social engineering is the psychological manipulation of individuals in order to gain access to computer system(s) that the attacker is not authorized to use. Phishing can be presented in many ways: an email, link, website, text message, and other means. Phishing emails present a threat to both personal and organizational data loss. About 94% of cybersecurity incidents are due to phishing and/or social engineering.
Significant volume of prior literature documented that end users are continuing to click on phishing links in emails, even after phishing awareness training, and it appears that there is a strong need for creative ways to warn and alert end users to signs of phishing in emails. Understanding a more aware state of mind, ‘System 2 Thinking Mode’ (S2), describes an individual in a more aware and alert state that s/he can utilize when making important decisions. End users have tendency to be more deliberate with their choices in S2, as opposed to ‘System 1 Thinking Mode’ (S1). S1 is more routine and not as deliberate. Some ways to trigger S2 include audio alerts, visual alerts, and vibrations. Assisting the end user in noticing signs of phishing in emails could possibly be studied through the delivery of audio and visual alerts and warnings.
This study proposes to design and develop a method for a phishing alert and warning system that warns and alerts users to the signs of phishing in emails. The main goal of this work-in-progress research is to obtain Subject Matter Experts (SMEs) opinion to develop preliminary ranking of the top 10 signs of phishing in emails, and pair the signs of phishing with corresponding audio and visual warnings to be later used towards a phishing alert and warning system.
SEAL Team Transition and What That Means to You
Time: 2:00 – 2:40pm EST
Log in to the presentation
Audience: Students, Professors, Govt.
Presenter(s): Jill Curcio, CAE Program Office
Description: Recently, the CAE Program Office transitioned ownership of the CAE SEAL Program to a different area of NSA. This talk will discuss what that transition means to you as an institution and how we expect the future of the relationship to be adjusted going forward.
A recording of the live presentation will be available within 48 hours of the presentation at: https://www.caecommunity.org/content/cae-forum-resources
Contact us at: caeforum@caecommunity.org
March 19, 2020
A Cybersecurity Center to Support Hands-on Cybersecurity Education
Topic: A Cybersecurity Center to Support Hands-on Cybersecurity Education
Time: 1:10pm – 1:50pm EST
Log in to the presentation
Presenter(s): Dr. Hossein Sarrafzadeh, Chair of the Cybersecurity Department, St. Bonaventure University
Description: Western New York Cybersecurity Research Center was established at St. Bonaventure University in 2018 in collaboration with multiple international research collaborators and local industry partners. The center provides monitoring and alerting services to clients and government. The data
collected through monitoring will make it possible to perform comparative multinational studies. The center uses machine learning, data mining and opinion mining to perform research, develop new technologies and produce intellectual property. The center aims to become a hub for cybersecurity and
create partnerships of research, actual industry practice and commercialization. Closely linked to the center is St. Bonaventure University's Security Operations Center (SOC), a student operated center providing 24/7 monitoring and defense. The center has been a valuable resource to provide hands on
training and industry engagement for the students and faculty and services to businesses in the area. The center, how it operates and students and industry engagement in this facility will be presented in this talk.