Intelli-Sec Group

Computational Intelligence for Security

[Research Statement] [Publications] [Members]

Research Statement

An increasing number of security problems arise from the fact that the sheer amount of data is too large to be managed or understood by a human administrator. Examples are enterprise-scale security configurations, networks of firewall routers, peer-to-peer networks, and corpora of third-party applications for mobile devices. We aim at providing methods to automatically extract meaningful, security-relevant information and to automatically configure large systems or write code such that predefined requirements are fulfilled. In addition, the large amount of publicly available data and records from an ever increasing number of sensors provide novel attack surfaces against the integrity of systems and against the privacy of system users. We identify novel attacks and propose countermeasures. The challenges in our exiting field of research stem from various sources. First, the variability of problems requires a large methodological flexibility. Second, in many applications there is a tension between deterministic security requirements and probabilistic approaches, requiring theoretical guarantees that are often hard to derive. Finally, the scalability requirement for analyzing big data disqualifies many of-the-shelf solutions and demands fast approaches that are tailored to the particular problems.


"On the Security of Trustee-based Social Authentications."
Neil Zhenqiang Gong, Di Wang.
Under submission, 2014.
"SybilBelief: A Semi-supervised Learning Approach for Structure-based Sybil Detection."
Neil Zhenqiang Gong, Mario Frank, Prateek Mittal.
Accepted by IEEE Transactions on Information Forensics and Security (TIFS), April, 2014.
"Reciprocal vs. Parasocial Relationships in Online Social Networks."
Neil Zhenqiang Gong, Wenchang Xu.
Accepted by Social Network Analysis and Mining (SNAM), Springer , March, 2014.
"Joint Link Prediction and Attribute Inference using a Social-Attribute Network."
Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Richard Shin, Emil Stefanov, Elaine Shi, and Dawn Song.
ACM Transactions on Intelligent Systems and Technology (TIST), 5(2), 2014.
"Role Mining with Probabilistic Models."
Mario Frank, Joachim M. Buhmann, David Basin.
In ACM Transactions on Information and System Security (TISSEC), in press.
"Preserving Link Privacy in Social Network based Systems."
Prateek Mittal, Charalampos Papamanthou, and Dawn Song.
In Network and Distributed System Security Symposium (NDSS), 2013.
"Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication."
Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song.
In IEEE Transactions on Information Forensics and Security (Vol. 8, No. 1), pages 136-148, IEEE 2013.
PDF [Project Page]
"Mining Permission Request Patterns from Android and Facebook Applications."
Mario Frank, Ben Dong, Adrienne Porter-Felt, and Dawn Song.
In IEEE International Conference on Data Mining (ICDM), 2012.
"Evolution of Social-Attribute Networks: Measurements, Modeling, and Implications using Google+."
Neil Zhenqiang Gong, Wenchang Xu, Ling Huang, Prateek Mittal, Emil Stefanov, Vyas Sekar and Dawn Song.
In ACM/USENIX Internet Measurement Conference (IMC), 2012.
"Jointly Predicting Links and Inferring Attributes using a Social-Attribute Network (SAN)."
Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine(Runting) Shi and Dawn Song.
In ACM Workshop on Social Network Mining and Analysis (SNA-KDD), co-located with KDD, 2012.
PDF Dataset
"On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces."
Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros and Dawn Song. In Proceedings of 21st Usenix Security Symposium (Usenix Security), 2012.
PDF [Project Page]
"Multi-Assignment Clustering for Boolean Data."
Mario Frank, Andreas P. Streich, David Basin and Joachim M. Buhmann. In Journal of Machine Learning Research, 13(Feb): pages 459-489, 2012.
"Stimuli for Gaze Based Intrusion Detection."
Ralf Biedert, Mario Frank, Ivan Martinovic and Dawn Song. In Proceedings of 6th International Symposium on Digital Forensics and Information Security, 2012.
"On the Feasibility of Internet-Scale Author Identification."
Arvind Narayanan, Hristo Spassimirov Paskov, Neil Zhenqiang Gong, John Bethencourt, Eui Chul Richard Shin, Emil Stefanov and Dawn Song. In Proceedings of IEEE Symposium on Security and Privacy, 2012.
"Design and Evaluation of a Real-Time URL Spam Filtering Service."
Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, May 2011.
"A Learning-Based Approach to Reactive Security."
Adam Barth, Benjamin I. P. Rubinstein, Mukund Sundararajan, John C. Mitchell, Dawn Song, and Peter Bartlett. In the Proceedings of the Financial Cryptography and Data Security '10. Fourteenth International Conference. January 2010.
"Tracking Dynamic Sources of Malicious Activity at Internet-Scale."
Shobha Venkataraman, Avrim Blum, Dawn Song, Subhabrata Sen and Oliver Spatscheck. In Proceedings of Neural Information Processing Systems (NIPS) 2009, December 2009.
"Limits of Learning-based Signature Generation with Adversaries."
Shobha Venkataraman, Avrim Blum, Dawn Song. In Proceedings of NDSS, Feb 2008.
"Exploiting Network Structure for Proactive Spam Mitigation."
Shobha Venkataraman, Subhabrata Sen, Oliver Spatscheck, Patrick Haffner, and Dawn Song. In Proceedings of USENIX Security Symposium, Aug 2007.
"FiG: Automatic Fingerprint Generation."
Juan Caballero,Shobha Venkataraman, Pongsin Poosankam, Min Gyung Kang, Dawn Song and Avrim Blum. In Proceedings of NDSS, Feb 2007.
"Black-box Anomaly Detection---Is it Utopian?"
Shobha Venkataraman, Juan Caballero, Dawn Song, Avrim Blum, Jennifer Yates. In Proceedings of HotNets, Nov 2006.
"Thwarting Signature Learning by Training Maliciously."
James Newsome, Brad Karp, and Dawn Song. In Proceedings of the 9th International Symposium On Recent Advances In Intrusion Detection (RAID 2006), September 2006.
"Polygraph: Automatic Signature Generation for Polymorphic Worms."
James Newsome, Brad Karp, Dawn Song. In IEEE Security and Privacy Symposium, May 2005.
"Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds."
Avrim Blum, Dawn Song, and Shobha Venkataraman. In Conference of Recent Advance in Intrusion Detection (RAID) 2004.
"Timing Analysis of Keystrokes and SSH Timing Attacks."
D. Song, D. Wagner, and X. Tian. In 10th USENIX Security Symposium, 2001.


Dawn Song (Faculty)
Mario Frank (Postdoc)
Prateek Mittal (Postdoc)
Daniele Perito(Postdoc)
Neil Gong (Ph.D. Student)