Norwegian Information Security Seminar

NISseminar is a weekly research seminar, which targets professors, researchers, PhD candidates, MSc and BSc students at NTNU i Gjøvik. It shall bring together researchers and students to have an academic exchange on a topic in information security presented by one of NISlab researchers. The seminar takes place on Fridays during the lunch break 12.15 - 13.00, and is open to all interested.To follow the online series, please find the playlist of recordings here: https://www.youtube.com/playlist?list=PL17KQCa8hhvApcc1LO8aarrNmm5sFgmni

*********************************************

01.09.2017, 12:15 – 13h, A146, A building

Speaker: Vivek Agrawal

Title: Challenges and opportunities in sharing information security knowledge  

 Recorded stream

Abstract : : We believe that proper sharing and re-use of information security knowledge among the information security professionals (ISP) can improve the quality of their work. Therefore, we aim to establish an open electronic community of practice for ISP in Norway under the project UnRizkNow. The proposed community should be the target’s group preferred venue for creating, obtaining, and sharing knowledge related to information security. In the NisSeminar session, I will talk about the challenges and opportunities that are associated with establishing this community of practice.

About Speaker : : Vivek Agrawal received the master’s degree in Information and communication systems security from Royal Institute of Technology (KTH), Sweden in 2013. He has been working as a PhD researcher at NTNU in Gjøvik in the field of Information security management since 2014. He is currently working on UnRizkNow project, funded by CCIS, as a part of his PhD research work. His research interests are Information security risk assessment, Information sharing, cloud computing. For further details about my publications, research interests, please check the following weblinks: https://www.ntnu.edu/employees/vivek.agrawal https://www.linkedin.com/in/vivek8705/

*********************************************

08.09.2017, 12:15 – 13h, A146, A building

Speaker: Stephen Wolhusen, Nils Kalstad Svendsen, and Stewart Kowalski

Title: From Bachelor and Master to PhD

Abstract: On this week seminar we will talk about making a bridge between Bachelor, Master and PhD studies, the challenges and opportunities that are associated with each of these groups.

*********************************************

15.09.2017, 12:15 – 13h, A146, A building

Speaker:  Carl Leichter

Title: Big Data Analytics: Topic Modeling for Digital Forensics Investigations and Cyber Threat Intelligence

 Recorded stream

Abstract :
Big Data Analytics” has become a high priority topic in Cyber Research and in the field of Cyber Security, Big Data represents a very serious problem. In the domain of Digital Forensics Investigations (DFI), the sheer volume of data to be analyzed impedes police operations that require timely reporting of DFI results to support active criminal investigations in the field. In the domain of Cyber Threat Intelligence (CTI), a rapid assessment of the available threat data is required to enable dissemination of actionable intelligence in a timely manner.
Topic Modeling is an unsupervised machine learning method for analyzing large bodies of text data and producing estimates of the topics under discussion in them. To gain some insight into how it works, we reviewed some of the underlying principles of Topic Modeling. Then, I presented experimental results that show how Topic Modeling would work in the specific domains of DFI (using the Enron data set) and CTI (using posts scraped from an online hacker forum).

About Speaker :
At the age of 19, Carl Leichter volunteered to serve in the United States Air Force as a Nuclear Missile Systems Analyst Specialist. After his Air Force service, Carl matriculated at the University of Colorado (Boulder) and then graduated Cum Laude with degrees in Mathematics,Philosophy and Electrical Engineering. Carl then went on to Purdue University, where he taught mathematics and earned an MSEE with an emphasis on Biomedical Engineering. During this time, Carl spent his summers engaged in research at the Los Alamos National Laboratory (LANL) in New Mexico.
After graduating from Purdue, Carl became a Flight Test and Product Development Engineer at Allied Signal Aerospace. In 1997, Carl emigrated to New Zealand and developed a Voice Over Internet application for the Production Engineering Corporation (NZ). In 2000, Carl left PEC to become a PhD Candidate at the University of Otago. As part of his PhD research, Carl returned to Los Alamos and made the discovery that became the basis for his doctoral dissertation on "Eigenspecters".
Dr Leichter is now a Senior Researcher at the Norwegian Univeristy of Science and Technology (NTNU). His research pursuits are directed towards Big Data analytics in support of Digital Forensics, from both a technology perspective (eg: Topic Modeling) and a public policy perspective (eg: legal and ethical ramifications of Digital Forensics research).

*********************************************

22.09.2017, 12:15 – 13h, A146, A building

Speaker: Slobodan Petrovic

Title:  Speeding-up K-means clustering

 Recorded stream   Slides  

Abstract :
 Modern Intrusion Detection Systems (IDS) must process enormous quantities of traffic data in real time. Reducing the amount of data that IDS has to process at a time is necessary in order for these systems to be practically useful. The reduction is performed by grouping the similar attack signatures in the IDS knowledge base and comparing the actual network traffic with the representatives of such groups instead of each member of the group. The problem of grouping similar attack signatures is solved by classifying these signatures, very often in an unsupervised way. In that case, we are talking about clustering of attack signatures, i.e. finding well separated groups of similar signatures without learning. There are many methods of clustering, of which a particular one, the K-means partitional clustering method has gained popularity due to its linear time complexity with respect to the number of data units (vectors of features) to cluster. But with the increase of network bandwidth, even linear time complexity becomes insufficient. Since the beginning of the 21st century, several methods of improvement of the 50 years old original K-means algorithm have been proposed with the idea of reducing its time complexity especially when implemented in a distributed computing environment. This talk reviews these proposals and puts some research questions related to the properties of clusters and their optimal number.

About Speaker :
Slobodan Petrovic obtained his PhD degree from University of Belgrade, Serbia in 1994. He worked at Institute of Applied Mathematics and Electronics and Institute of Mathematics in Belgrade from 1986 to 2000. He also worked on various information security-related projects at Institute of Applied Physics, Madrid, Spain, from 2000 to 2004. From 2004 to 2015, he was with Gjøvik University College, Norway, and since January 1st, 2016, he is professor of information security at Norwegian University of Science and Technology (NTNU), where he teaches cryptology and intrusion detection and prevention. His research interests include cryptology, intrusion detection, and digital forensics. He is author of more than 50 scientific papers from the field of information security, digital forensics, and cryptology.

*********************************************

06.10.2017, 12:15 – 13h, A146, A building

Speaker: Andrii Shalaginov

Title: Advancing Neuro-Fuzzy Algorithm for Automated Classification in Large-scale Forensic and Cybercrime Investigations

 Recorded stream

Abstract : Big Data is a reality and Cyber Crime Investigators are confronted with the amount and complexity of seized digital data in criminal cases. Human experts are sitting in the Court of Law and making decisions with respect to found evidences that are being presented. Therefore, there is a strong need to bridge data processing and automated analysis for providing human-understandable representation of evidences. There is a history of successful applications of Machine Learning methods in Digital Forensics such that Artificial Neural Networks, Support Vector Machines and Bayes Network. However, the challenge is that such methods neither provide human-explainable models nor can work without prior knowledge required for inference and data representation. In this work Andrii focuses on Neuro-Fuzzy, a Hybrid Intelligence method that is capable of connecting two worlds: Computational Intelligence and Digital Forensics.

About Speaker : Andrii Shalaginov received his Master Degree from the Gjøvik University College in 2013 and also holds his degree from the National Technical University of Ukraine “Kyiv Polytechnic Institute” - Department of Computer Aided Design. Before studying at HiG he had an industry experience, including Samsung R&D center in Kiev. He joined NTNU Digital Group as a PhD student with the research topic related to application of soft computing in digital forensics. Andrii also has extensive knowledge in malware analysis and machine learning.
*********************************************

20.10.2017, 12:15 – 13h, A146, A building

Speaker: Pankaj Wasnik

Title: Face Image Quality Assessment for Smartphone Biometrics

 Recorded stream

Abstract : In recent years, the popularity of smartphones has increased massively as a personal and authentication device. Face based biometrics is being used to secure the device and control access to several different services via smartphones such as payment gateways etc. Thus, to maintain the reliability and to obtain better verification performance, there is a need to adopt the standards recommended for face sample quality. Therefore, an evaluation of face image quality using well-established ISO standards is necessary for smartphone images. Since the ISO standards are defined for conventional face recognition systems. along with the existing metrics there is also need for new quality metrics which are specific to the smartphone environment. Further, one should also evaluate the impact of the state of the art research such as Deep Learning for the task like face quality assessment. This talk will consist of an overview of the face quality assessment for smartphone biometrics using conventional techniques and deep learning in specific Transfer Learning.

About Speaker : Pankaj hails from Middle part of the India. He has a bachelor in Instrumentation Engineering and masters in Image processing from IIT Kharagpur, India. Post masters, he worked with companies like Samsung, Philips and Ricoh as a Research Engineer and worked on various Image Processing related solutions. In Feb 2016, he joined Norwegian Biometrics Laboratory as a PhD Researcher under the supervision of Prof. Raghavendra Ramachandra. His research interests are Biometrics, Computer Vision and Deep Learning for Biometrics.

*********************************************

03.11.2017, 12:15 – 13h, A146, A building

Speaker: Ambika Shrestha Chitrakar

Title: Network Forensics with Snort: Collecting More Evidence Using Constrained Approximate Search

 Recorded stream

Abstract : Intrusion Detection Systems (IDS) are defensive tools that detect and identify malicious activities in networks and hosts. In network forensics, investigators often study logs that store alerts generated by the IDS. In this paper, we concentrate on a widely used open-source IDS Snort, which is a misuse-based IDS that detects network intrusions based on the pre-defined set of attack signatures. Whenever a security breach occurs, it is likely that the investigation will start from its log files. However, Snort cannot detect unknown attacks (so-called zero-day attacks), even if they are similar to the known ones. This may cause investigators losing evidence for the criminal cases. We demonstrate how easy it is to evade detection of malicious activity by Snort and show the possibility of using constrained approximate search algorithms instead of the default Snort search algorithm as a solution to finding evidence in such cases. Performance analysis of some of the constrained approximate search algorithms has been carried out. The experimental results show that these algorithms are capable of detecting previously unknown attack attempts that are similar to the known ones. However, these algorithms also generate additional false positives. The number of false positives can be reduced with careful choice of constraint values in the algorithms.

About Speaker : Ambika is a PhD candidate at NTNU Gjøvik. Her research area is “Approximate Search Techniques for Big Data Analysis”, with focus in the field of digital forensics. She did Bachelor in Information Technology from Nepal and Masters in Information Security from Høgskolen i Gjøvik (HiG). She has hands-on experience in Web Development and has also worked as a consultant in Norway.

*********************************************

10.11.2017, 12:15 – 13h, A146, A building

Speaker: Kyle Porter

Title: Obtaining Valuable Precision-Recall Trade-Offs for Fuzzy Searching Large E-mail Corpora

 Recorded stream

Abstract : Fuzzy search is used in digital forensics to find words words stringologically similar to a chosen keyword, but a common complaint is its high rate of false positives in big data environments. This presentation describes the design and implementation of cedas, a constrained edit distance approximate string matching algorithm which provides complete control over the type and number of elementary edit operations that are considered in an approximate search. The flexibility of this search algorithm is unique to cedas, and allows for fine-tuned control of precision-recall trade-offs. Using cedas, we experimentally show which edit operation constraints should be applied to achieve valuable precision-recall trade-offs for fuzzy searching an inverted index of the Enron e-mail corpus. In early stages of an investigation, precision is preferred over recall, and we show that by utilizing the correct constraints on edit operations we can consistently obtain higher recall than fuzzy searching using the unconstrained edit distance at an edit distance threshold of k=1 without sacrificing the precision of the results as seen by fuzzy searching at an edit distance threshold of k=2.

About the speaker: Kyle is a PhD candidate at NTNU Gjøvik working in the Digital Forensics research group. He received his Bachelor's degree in Mathematics from the University of Washington and his Master's degree in Information Security from NTNU Gjøvik. His current interests are the utilization of Automata Theory for approximate string matching, similarity preserving hash functions for data reduction, and cryptology.
*********************************************

17.11.2017, 12:15 – 13h, A146, A building

Speaker: Jose J Cabeza Gonzalez

Title: How does the second economy influence trends in information security?

 Recorded stream   Slides

Abstract : The first economy is the “real”, physical economy, that is the economy as it was, before information and communication technology became critical infrastructure. The second economy is the huge and interconnected set of digital systems serving as underpinnings for our first economy. Supply chains, financial networks, and stock markets depend on the working of the second economy. The talk analyzes trends in information security, focusing on the threat landscape, black markets for vulnerabilities and exploits, credit card exploits, ransomware, automation and the Internet of Things, and the asymmetric battle between black and white hats.

About the speaker: Jose Julio Gonzalez is Professor for Information and Communication Technology at the Department for ICT, University of Agder, Norway. He was adjunct professor 2005-2017 at the Centre for Cyber and Information Security, NTNU Gjøvik, Norway. He has a doctor degree in natural sciences (mathematical physics) and a doctor degree in technology (polymer science). He has published in various areas of natural sciences, technology and social sciences. Since 1999, his areas of interest are security management, management of emergencies and critical infrastructure protection, where he has led and cooperated successfully in various international projects. He led the project “A Model-based Approach to Security Culture (AMBASEC)”, running 2005-2010, concerned with protection of Norwegian offshore oil & gas infrastructure. In addition, he has participated as PI in several EU projects funded by CIPS, FP7 and Horizon2020. Currently he acts as scientific coordinator for the EU Horizon2020 project Smart Mature Resilience  http://smr-project.eu/home/. Dr Gonzalez was awarded the Research Prize from the Agder Academy of Science and Letters in 2012 for his research on Critical Infrastructure Protection, crisis and disaster management and security. He was director of the Centre of Integrated Emergency Management (CIEM) at the University of Agder 2011-2014.
*********************************************