(NSF DUE-1315328), Project Title: "EDU: Collaborative: When Cyber Security Meets Physical World: A Multimedia-based Virtual Classroom for Cyber-Physical Systems Security Education to Serve City / Rural Colleges".

Year 2016-2017: Independent Study on Advanced Cybersecurity

Besides the course materials developed before (please click here: Link 1, Link 2), this year we have focused on the education of graduate students on the contemporary important cyber security topics.

For this Independent Study course, we have covered some common topics such as Cloud Security, Web security, Smart Grid security, medical device security, etc. Those topics have also been covered in the previous two courses: (1) ECE 493 - Introduction to CPS Security; and (2) ECE 593 - Advanced CPS security.

The new topics covered in this Independent Study include the following items:

(Note: For all PDF document provided here, they are used ONLY FOR EDUCATION purpose. The copyright all belong to the original publication sources.)

New Added Topics:

Topic 1

Ransom Attacks

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware [PDF] Paper Authors: Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda, Northeastern University (25th USENIX Security Symposium)

Teaching focus: Explain how to detect the ransomware attacks; The concept of file lockers; using artificial user environment; using dissimilarity scores of screenshots to detect screen lockers; Understand the UNVEIL implementation process.

Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks [PDF] Paper Authors: Amin Kharraz, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda

Teaching focus: Explain how to use simple ways to stop ransomware attacks. by looking at I/O requests and protecting Master File Table (MFT) in the NTFS file system, it is possible to detect and prevent a significant number of zero-day ransomware attacks.

Topic 2

Machine Learning Security

Can Machine Learning Be Secure? [ PDF] Paper Authors: Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, J. D. Tygar

Teaching focus: A taxonomy of different types of attacks on machine learning techniques and systems, a variety of defenses agains tthose attacks, a discussion of ideas that are important to security for machine learning.

Big Privacy: Challenges and Opportunities of Privacy Study in the Age of Big Data [PDF]  Paper Authors: Shui Yu

Teaching focus: The concept of big data privacy. Privacy categories. Math models of privacy. How to achieve privacy? (crytography, game theory, policy perspective, etc.)

Adversarial Feature Selection against Evasion Attacks [PDF] Paper authors: Fei Zheng, Patrick P. K. Chan, etc.

Teaching focus: Using reduced feature sets on classifier against the ML attacks; adversary-aware feature selection; wrapper-based implementation.

Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks [PDF]  Paper authors: Weilin Xu, David Evans, Yanjun Qi

Teaching focus: Secure deep neural networks (DNNs) by reducing the search space available to an adversary. It detects adversarial examples wth high accuracy. Bigger feature space exposes more attacks.

AUROR: Defending Against Poisoning Attacks in Collaborative Deep Learning Systems [PDF] Paper authors: Shiqi Shen, Shruti Tople, Prateek Saxena

Teaching focus: Security in collaborative deep learning. The poisoning attacks in deep learning. Countermeasure for such a posioning attack. Identify polluted data samples.

Topic 3

Smart City Attacks

An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks [PDF] by Cesar Cerrudo

Teaching focus: This is a good overview paper.Give students a big picture on various attacks in smart cities.

Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant [PDF] by Sridhar Adepu and Aditya Mathur

Teaching focus: Water distribution/treatment is important in smart cities. Teach multi-point CPS attack model; using the water flow features to detect such an attack.

Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks [PDF] by Saurabh Amin, Xavier Litrico, Shankar Sastry, and Alexandre M. Bayen

Teaching focus: Teach Deception attacks; control model and attacks; canal system security; SCADA security

 Cyber–Physical System Security for the Electric Power Grid [PDF]  by Siddharth Sridhar, Adam Hahn, Manimaran Govindarasu

Teaching focus: Teach CPS attacks in power grid. A layered approach to evaluating risk based on the security of both the physical power applications and the supporting cyber infrastructure. A classification method to highlight dependencies between the cyber–physical controls required to support the smart grid and the communication and computations that must be protected from cyber attacks. Current research efforts aimed at enhancing the smart grid’s application and infrastructure security.

 Secure Control: Towards Survivable Cyber-Physical Systems [PDF] By Alvaro A. C´ardenas Saurabh Amin Shankar Sastry

Teaching focus: Teach the problem of secure control; the defenses that information security and control theory can provide; challenges that need to be addressed to improve the survivability of cyber-physical systems.

 Topic 4

 Acoustic Attacks

 WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers

with Acoustic Injection Attacks [PDF] by Timothy Trippel, Ofir Weisse, Wenyuan Xu*, Peter Honeyman, Kevin Fu

Teaching focus: Teach smart phone security. Modeling the physics of malicious acoustic interference on MEMS accelerometers; discovering the circuit-level security flaws that cause the vulnerabilities by measuring acoustic injection attacks on MEMS accelerometers as well as systems that employ on these sensors; software-only defenses that mitigate many of the risks to the integrity of MEMS accelerometer outputs.

 Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components [PDF] by Anupam Das, Nikita Borisov, Matthew Caesar

Teaching focus: Using microphones and speakers embedded in smartphones to uniquely fingerprint individual devices; During fabrication, subtle imperfections arise in device microphones and speakers, which induce anomalies in produced and received sounds. We can exploit this observation to fingerprint smartphones through playback and recording of audio samples. We can further explore different acoustic features and analyze their ability to successfully fingerprint smartphones.

 PriWhisper: Enabling Keyless Secure Acoustic Communication for Smartphones [PDF], by Bingsheng Zhang, Qin Zhan, Junfei Wang, etc.

Teaching focus: A purely software-based solution to secure smartphone short-range communication without the key agreement phase. PriWhisper adopts the emerging friendly jamming technique from radio communication for data confidentiality.

Topic 5

Social-economic secutity 

Persona: An Online Social Network with User-Defined Privacy, [PDF] by Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee

Teaching focus: Persona is an online social network (OSN) where users dictate who

may access their information. Persona hides user data with attribute-based encryption (ABE), allowing users to apply fine-grained policies over who may view their data. Persona provides an effective means of creating applications in which users, not the OSN, define policy over access to private data.

Understanding and Combating Link Farming in the Twitter Social Network [PDF] by Saptarshi Ghosh, Bimal Viswanath, Farshad Kooti, etc.

Teaching focus: Twitter has become a target for link farming, where users, especially spammers, try to acquire large numbers of follower links in the social network. Acquiring followers not only increases the size of a user’s direct audience, but also contributes to the perceived influence of the user, which in turn impacts the ranking of the user’s tweets by search engines. A simple user ranking scheme that penalizes users for connecting to spammers can effectively address the problem by disincentivizing users from linking with other users simply to gain influence.