Transcript Data and Applications Security - The University of Texas at Dallas

Data and Applications Security
Research at the
University of Texas at Dallas
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
April 25, 2006
Cyber Security
Research Areas at UTD






Network Security
 Secure wireless and sensor networks
Systems and Language Security
 Embedded systems security, Buffer overflow defense
Data and Applications Security
 Information sharing, Geospatial data management, Surveillance,
Secure web services, Privacy, Dependable information management,
Intrusion detection
Security Theory and Protocols
 Secure group communication
Security Engineering
 Secure component-based software
Cross Cutting Themes
 Vulnerability analysis, Access control
Research Group:
Data and Applications Security
 Core Group
- Prof. Bhavai Thuraisingham (Professor & Director, Cyber
Security Research Center)
- Prof. Latifur Khan (Director, Data Mining Laboratory)
- Prof. Murat Kantarcioglu (Joined Fall 2005, PhD. Purdue U.)
- Prof. Kevin Hamlen (will join Fall 2006 from Cornell U.)
 Students and Funding
- 10 PhD Students, 16 MS students
- Research grants (Since 2005) Air Force Office of Scientific
Research Center, Raytheon Corporation, Nokia Corporation and
proposals submitted to NSF, DHS, etc.
- Our Vision:

Assured Information Sharing, Secure Geospatial data
management, Video Surveillance
Vision 1: Assured Information Sharing
Data/Policy for Coalition
Publish
Data/Policy
Publish
Data/Policy
Publish
Data/Policy
Component
Data/Policy for
Agency A
Component
Data/Policy for
Agency C
Component
Data/Policy for
Agency B
1.
Friendly partners
2.
Semi-honest partners
3.
Untrustworthy partners
Vision 2: Secure Geospatial Data Management
Data Source A
Data Source B
Data Source C
Semantic Metadata
Extraction
Decision Centric Fusion
Geospatial data
interoperability through
web services
Geospatial data mining
Geospatial semantic web
Tools for
Analysts
SECURITY/ QUALITY
Discussions on collaborative research between UTD, OGC (Open Geospatial Consortium),
Oracle and Raytheon
Vision 3: Surveillance and Privacy
Raw video surveillance data
Face Detection and
Face
Derecognizing
system
Faces of trusted people
derecognized to
preserve privacy
Suspicious Event
Detection System
Manual Inspection
of video data
Suspicious people
found
Suspicious events
found
Report of security personnel
Comprehensive
security report
listing suspicious
events and people
detected
Example Projects
 Assured Information Sharing
-
Secure Semantic Web Technologies
Social Networks
Privacy Preserving Data Mining
 Geospatial Data Management
-
Geospatial data mining
Geospatial data security
 Surveillance
-
Suspicious Event Detention
Privacy preserving Surveillance
Automatic Face Detection
 Cross Cutting Themes
-
Data Mining for Security Applications (e.g., Intrusion detection, Mining
Arabic Documents); Dependable Information Management
Secure Semantic Web
Technology
At UTD
Interface to the Semantic Web
Inference Engine/
Rules Processor
Policies
Ontologies
Rules
Semantic Web
Engine
XML, RDF
Documents
Web Pages,
Databases
Social Networks
 Individuals engaged in suspicious or undesirable behavior rarely
act alone
 We can infer than those associated with a person positively
identified as suspicious have a high probability of being either:
Accomplices (participants in suspicious activity)
Witnesses (observers of suspicious activity)
 Making these assumptions, we create a context of association
between users of a communication network
-
Privacy Preserving Data Mining
 Prevent useful results from mining
- Introduce “cover stories” to give “false” results
- Only make a sample of data available so that an adversary is
unable to come up with useful rules and predictive functions
 Randomization and Perturbation
- Introduce random values into the data and/or results
- Challenge is to introduce random values without significantly
affecting the data mining results
- Give range of values for results instead of exact values
 Secure Multi-party Computation
- Each party knows its own inputs; encryption techniques used to
compute final results
Geospatial Data Mining:
Change Detection
 Trained Neural Network to predict “new” pixel from “old” pixel
- Neural Networks good for multidimensional continuous data
- Multiple nets gives range of “expected values”
 Identified pixels where actual value substantially outside range
of expected values
Anomaly if three or more bands (of seven) out of range
 Identified groups of anomalous pixels
-
Framework for Geospatial Data Security
DATA PRESENTATION COMPONENTS
Open
Geospatial
Consortium
Framework
Traditional GIS
GIS Web Services
Wrapper
SECURITY LAYER
Core &
Application
Schemas
Geospatial
Features
Geography
Markup
Language
Authentic
Data Publication
DAC/RBAC Policy
Specification
Policy Reasoning
Engine
Access Control
Module
Trust & Privacy
Management
Auditing
Misuse Detection
Metadata
DATA ACCESS LAYER
Geospatial Data Registration
spatial and temporal
registration of geospatial data
Geospatial
Data
Repositories
Data Integration Services
&
Data Repository Access
Data Mining for Surveillance
 We define an event representation measure based on low-level
features
 This allows us to define “normal” and “suspicious” behavior and
classify events in unlabeled video sequences appropriately
 A visualization tool can then be used to enable more efficient
browsing of video data
Data Mining for Intrusion Detection
Training
Data
Classification
Hierarchical
Clustering (DGSOT)
SVM Class Training
Testing
DGSOT: Dynamically growing self organizing tree
SVM: Support Vector Machine
Testing Data
Information
Assurance Education

Current Courses
Introduction to Information Security: Prof. Sha
Trustworthy Computing: Prof. Sha
Cryptography: Prof. Sudburough
Information Assurance: Prof. Yen
Data and Applications Security: Prof. Thuraisingham
Biometrics: Prof. Thuraisingham
Privacy: Prof. Murat Kantarcioglu
 Future Courses
Network Security: Profs. Ventatesan, Sarac
Security Engineering: Profs. Bastani, Cooper
Digital Forensics: Prof. Venkatesan
Intrusion Detection: Prof. Khan
Digital Watermarking: Prof. Prabhakaran
Technical and Professional
Accomplishments

Publications of research in top journals and conferences, books
 IEEE Transactions on Knowledge and Data Engineering, IEEE Transaction on
Software Engineering, IEEE Computer,
IEEE Transactions on Systems, Man and Cybernetics, IEEE Transactions on
Parallel and Distributed Systems, VLDB Journal, 7 books published and 2 books
in preparation including one on UTD research (Data Mining Applications, Awad,
Khan and Thuraisingham)
 Member of Editorial Boards/Editor in Chief
 Journal of Computer Security, ACM Transactions on Information and Systems
Security, IEEE Transactions on Dependable and Secure Computing, IEEE
Transactions on Knowledge Engineering, Computer Standards and Interfaces - - -
 Advisory Boards / Memberships
Purdue University CS Department, - - -
 Awards and Fellowships
 IEEE Fellow, AAAS Fellow, BCS Fellow, IEEE Technical Achievement Award,
IEEE Senior Member, - - -