posted Wednesday, July 30th, 2014
MS Thesis Defense
Remedy: A Semantic and Collaborative
Approach to Community Health-Care
10:00am Thursday, 31 July 2014, ITE 325b
Community Health Workers (CHWs) act as liaisons between health-care providers and patients in underserved or un-served areas. However, the lack of information sharing and training support impedes the effectiveness of CHWs and their ability to correctly diagnose patients. In this thesis, we propose and describe a system for mobile and wearable computing devices called Remedy which assists CHWs in decision making and facilitates collaboration among them. Remedy can infer possible diseases and treatments by representing the diseases, their symptoms, and patient context in OWL ontologies and by reasoning over this model. The use of semantic representation of data makes it easier to share knowledge such as disease, symptom, diagnosis guidelines, and demography related information, between various personnel involved in health-care (e.g., CHWs, patients, health-care providers). We describe the Remedy system with the help of a motivating community health-care scenario and present an Android prototype for smart phones and Google Glass.
Committee: Drs. Anupam Joshi (chair), Tim Finin, Michael Grasso, Aryya Gangopadhyay
posted Tuesday, July 29th, 2014
MS Thesis Defense
Analyzing Opinions in the Mom Community on Youtube
2:00pm Wednesday, 30 June 2014, ITE 325b
The “Mom Community” on YouTube consists of a large group of parents that share their parenting beliefs and experiences to connect and share information with others. Although there is a lot of positive support in this community, it is often a hotspot for debate of controversial parenting topics. Many of these topics have one side that represents the belief of “crunchy” moms. Crunchy is a term used to describe parents that intentionally choose natural parenting methods and eco-friendly products to raise their children. Debate over these practices has led to “mompetition” and the idea that there is a right way to parent. This research investigates these claims such as how different crunchy topics are discussed and how the community has changed over time. Video comments and user data are collected from YouTube and used to understand parenting practices and opinions in the mom community.
Committee: Drs. Anupam Joshi (chair), Tim Finin, Karuna Joshi
posted Monday, July 28th, 2014
MS Thesis Defense
Comparison of Cloud Security Standards and a
Cloud Security Control Recommendation System
Amit S. Hendre
8:30am Thursday, 31 July 2014, ITE346
Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users’ data remains confidential and secure. On one hand, cloud providers are implementing their own security and privacy controls. On the other hand, standards bodies like Cloud Security Alliance (CSA), International Organization for Standards (ISO), National Institute for Standards and Technology (NIST), etc. are developing broad standards for cloud security. In this thesis we provide a comprehensive analysis of the cloud security standards that are being developed and how they compare with the security controls of cloud providers. Our study is mainly focused on policies about mobility of resources, identity and access management, data protection, incident response and audit and assessment. This thesis will help consumer organizations with their compliance needs by evaluating the security controls and policies of cloud providers and assisting them in identifying their enterprise cloud security policies.
Committee: Drs. Karuna Joshi, Tim Finin and Yelena Yesha
posted Monday, July 28th, 2014
MS Thesis Defense
Android Malware Detection and Classification
using Machine Learning Techniques
10:30am Wednesday, 30 July 2014, ITE 325b
Android is popular mobile operating system and there exists multiple marketplaces for Android applications. Most of these market places allow applications to be signed using self-signed certificates. Due to this practice there exists little or very limited control over the kind of applications that are being distributed. Also advancement of Android root kits are increasingly making it easier to repackage existing Android application with malicious code. Conventional signature based techniques fail to detect such malware. So detection and classification of Android malware is a very difficult problem. We present a method to classify and detect such malware by performing a dynamic analysis of the system call sequences. Here we make use of machine learning techniques to build multiple models using distributions of syscalls as features. Using these models we predict whether given application is malicious or benign. Also we try to classify given application to specific known malware family. We also explore deep learning methods such as stacked denoising autoencoder algorithms (SdA) and its effectiveness. We experimentally evaluate our methods using a real dataset of 600 applications from 38 malware families and 25 popular benign applications from various areas. We find that a deep learning algorithm (SdA) is most accurate in detecting a malware with lowest false positives while AdaBoost performs better in classifying a malware family.
Committee: Drs. Anupam Joshi (chair), Tim Finin and Charles Nicholas
posted Friday, July 25th, 2014
Earlier this year HP and the Scholarship for Women Studying Information Security (SWSIS) selected UMBC undergraduate Victoria Lentz (Computer Science, 2015) and ten other female cybersecurity students from across the U.S. to receive scholarships.
Lentz was in the first cohort of students to be accepted into the UMBC Cyber Scholars Program, which began in Fall 2013. The program prides itself on influencing minorities and women to become involved in the cyber security and computing industries.
With particular interests in malware and digital forensics, Lentz plans to work in the cybersecurity industry after finishing her undergraduate education to gain experience before returning to school for a Master’s degree.
More from Lentz appears in Technically Baltimore.
from a post by Achsah Joseph on UMBC Insights
posted Friday, July 18th, 2014
CSEE professor Nilanjan Banerjee was interviewed at the Microsoft Faculty Summit on UMBC research that is developing sensors that can be sewn into textiles such as clothing or bedding and used control devices though gestures. Professor Banerjee is working with colleagues Ryan Robucci, Chintan Patel and Sandy McCombe-Waller (UMB) and students to prototype the hardware sensors and software components that can be part of an Internet of Things environment.
With support from Microsoft, their experimental systems are using Microsoft’s Lab of Things platform for research on connected devices in homes and other spaces. One of the use cases driving the research is helping people with limited mobility lead more independent lives by enabling them to control the environment. Buz Chmielewski, who became a quadriplegic after a surfing accident, is helping the team test and refine the system and its usability.
posted Monday, June 16th, 2014
UMBC CSEE Professor Marie desJardins will be a guest on WAMU’s Kojo Nnamdi show from 12:00 to 1:00pm tomorrow, Tuesday, June 17, 2014. She will be one of three experts discussing Coding and the Computer Science Conundrum with Kojo and callers. Listen live over the air on WAMU (88.5 mhz) or online. After she broadcast, you can hear it on the segment’s page or download it from their podcast archives.
The program’s description is:
“For years following the dot-com bust, computer science enrollment plunged steadily, prompting hand wringing over America’s competitiveness in technology and innovation. But a nationwide push to bring coding to classrooms, plus rapid innovation in apps and communications, has prompted a 13.4% jump in computer science majors in the 2012-13 academic year alone. But retaining those budding programmers — especially females and minorities — remains a significant challenge. Kojo explores local and national efforts to boost computer science competency, and learns how educators are revamping computational learning to give it relevance far beyond the classroom.”
The expert guests are:
Listeners can ask questions or make comments during the show via Twitter (@kojoshow) or phone (800-433-8850).
posted Friday, June 13th, 2014
Innovations in Cybersecurity Education Workshop
University of Maryland, Baltimore County
9:30 – 4:30 Tuesday, 24 June 2014
Innovations in Cybersecurity Education is a regional workshop on cybersecurity education at all levels, from Kindergarden through post-graduate. It will include discussions about cyber competitions, hands-on exercises, educational games, and integrating cybersecurity throughout the curriculum. There will be an opportunity to experience hands-on cyber defense exercises and to play new computer security education games, including SecurityEmpire developed at UMBC.
The workshop is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials.
Please see the links above for the schedule and location and register to help us plan for the number of participants.
The workshop is organized by Dr. Alan T. Sherman with support provided in part by the National Science Foundation under SFS grant 1241576.
posted Monday, June 9th, 2014
Ph.D. Dissertation proposal
Creating a Collaborative Situational-Aware IDPS
11:00am Tuesday, 10 June 2014, ITE 346
Traditional intrusion detection and prevention systems (IDPSs) have well known limitations that decrease their utility against many kinds of attacks. Current state-of-the-art IDPSs are point based solutions that perform a simple analysis of host or network data and then flag an alert. Only known attacks whose signatures have been identified and stored in some form can be discovered by most of these systems. They cannot detect “zero day” type attacks or attacks that use “low-and-slow” vectors. Many times an attack is only revealed by post facto forensics after some damage has already been done.
To address these issues, we are developing a semantic approach to intrusion detection that uses traditional as well non-traditional sensors collaboratively. Traditional sensors include hardware or software such as network scanners, host scanners, and IDPSs like Snort. Potential non-traditional sensors include open sources or information such as online forums, blogs, and vulnerability databases which contain textual descriptions of proposed attacks or discovered exploits. After analyzing the data streams from these sensors, the information extracted is added as facts to a knowledge base using a W3C standards based ontology that our group has developed. We have also developed rules/policies that can reason over the facts to identify the situation or context in which an attack can occur. By having different sources collaborate to discover potential security threats and create additional rules/policies, the resulting situational-aware IDPS is better equipped to stop creative attacks such as those that follow a low-and-slow intrusion pattern. Leveraging information from these heterogeneous sources leads to a more robust, situational-aware IDPS that is better equipped to detect complicated attacks. This will allow for detection in soft real time. We will create a prototype of this system and test the efficiency and accuracy of its ability to detect complex malware.
Committee: Drs. Anupam Joshi (Chair), Tim Finin, John Pinkston, Charles Nicholas, Claudia Pearce, Yul Williams
posted Wednesday, May 28th, 2014
UMBC has been redesignated as a National Center of Academic Excellence in Information Assurance by the National Security Agency and Department of Homeland Security for both Cyber Defense Research (CAE-R) and Education (CAE-IA/CD) for the academic years 2014-2021. UMBC is one of only 38 institutions in the US. that have recognized by NSA and DHS for both education and research.
The CAE educational designation includes (among other elements) a certification that our curriculum satisfies focus areas and knowledge units (KUs) as outlined in the NICE Framework. This framework aims to establish a common lexicon for students, universities, and employers for describing knoweldge and skills needed for various cybersecurity jobs. The CAE research designation signifies UMBC’s demonstrated excellence in conducting quality research activities pertaining to cybersecurity.
The CAE certification process was coordinated by Dr. Alan Sherman through the Center for Information Security and Assurance (CISA). Among other things, CISA oversees UMBC’s Federal CyberCorps Scholarship For Service program and is actively involved with cybersecurity education and research activities at UMBC, to include the upcoming Innovations in Cybersecurity Education Workshop on June 24.