November 29, 2017,  12:30-13:30,  Location : Zi 2042,  Speaker : R. Bortolameotti (Riccardo) MSc.

DECANTeR: DeteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting

We present DECANTeR, a system to detect anomalous outbound HTTP communication, which passively extracts fingerprints for each application running on a monitored host. The goal of our system is to detect unknown malware and backdoor communication indicated by unknown fingerprints extracted from a host's network traffic. We evaluate a prototype with realistic data from an international organization and datasets composed of malicious traffic. We show that our system achieves a false positive rate of 0.9%, an average detection rate of 97.7%, and that it cannot be evaded by malware using simple evasion techniques such as using known browser user agent values. Moreover, we show that our solution outperforms the current state of the art that detects covert communication channels by focusing only on benign data. Finally, DECANTeR detects 96.8% of information stealers in our dataset, which shows its potential to detect data exfiltration. 

November 21, 2017,  14:00-15:00,  Location : Zi 2042,  Speaker : T.R. van de Kamp (Tim) MSc.

How to Monitor When All Data Is Encrypted?

We propose the first multi-client predicate-only encryption scheme capable of efficiently testing the equality of two encrypted vectors.

Our construction can be used for the privacy-preserving monitoring of relations among multiple clients. Since both the clients' data and the predicates are encrypted, our system is suitable for situations in which this information is considered sensitive. We prove our construction plaintext and predicate private in the generic bilinear group model using random oracles, and secure under chosen-plaintext attack with unbounded corruptions under the symmetric external Diffie–Hellman assumption. Additionally, we provide a proof-of-concept implementation that is capable of evaluating one thousand predicates defined over the inputs of ten clients in less than a minute on commodity hardware. 

October 24, 2017,  14:00-14:30,  Location : Zi 2126,  Speaker : H.T. Esquivel Vargas (Herson) MSc.

Automatic Deployment of Specification-based Intrusion Detection in the BACnet Protocol

Specification-based intrusion detection (SB-ID) is a suitable approach to monitor Building Automation Systems (BASs) because the correct and non-compromised functioning of the system is well understood. The goal is to compare the expected behavior of devices with their actual behavior as observed in the network.

The main drawback of SB-ID is that the creation of specifications often require human intervention. Automated specification extraction, on the other hand, is crucial to effectively apply SB-ID in volatile environments such as BASs where new devices are often added, removed, or replaced.

We present an approach to automatically extract specifications in the context of the BACnet protocol (ISO 16484-5) extensively used in our university campus. 

September 05, 2017,  13:00-14:00,  Location : HalB 2E,  Speaker : Dilan Seckiner MSc

Safety: Forensic Gait Analysis: Morphometric body assessment with associated CCTV image quantification

Closed Circuit Television (CCTV) cameras are often referred to as 'the silent witness' and have rapidly become a universal presence capturing footage useful for activity level and some source level inference. From this, photo-comparative analysis of a trace or 'a "person of interest" (POI) can be assessed when compared to a suspect. Limitation of CCTV images arises however, from the various distortions present within the camera specification and environmental influences. Additional challenges exist when facial features are concealed or otherwise obscured, thus preventing facial analysis. One solution to overcome this, is the morphometric assessment of the body. Further, as POIs are frequently recorded in motion, implementing gait analysis could further determine whether distinct features are apparent within the POI.

The aim of this study was to produce a standardised method for morphometric gait analysis that incorporates the quantification of image distortion and to determine distinct features of the body during gait (stance, walk, run). Hypothesis being, H0: P(E|Same Source) = P(E|SS) and H1: P(E|Different Source) = P(E|DS). The method comprised of a morphometric assessment of 18 anthropometric measurements (static, dynamic and angle), 25 morphological features for stance and 52 morphological features for gait assessed, of both male and female volunteers (437 in total). From this, a standardised protocol was developed, and population databases established from which frequency statistics will be obtained once all data has been completed. Furthermore to ascertain which features exactly were common or distinct once compared to all age, race and sex categories for correlation determination and finally to apply the likelihood ratio to this research.

Body mapping as a forensic tool is often poorly validated or subjective. However, this does not mean it is not of value. The broader purpose of this research is therefore to establish a method of evaluating gait analysis that offers valuable information to the criminal justice system whilst being scientifically robust, and importantly adhering to the admissibility standards of the Australian legal system. 

August 22, 2017,  15:15-16:15,  Location : ZI 2126,  Speaker : Thomas Hupperich, Ruhr-Universit├Ąt Bochum, Germany

Cybersecurity: Fingerprinting - An Introduction to System Recognition

Client fingerprinting is a technique for state-less user tracking and recognizing user systems in Internet context. It is widely used and implemented by advertisers, online shops and website analytic engines. Current state-of-the-art fingerprinters utilize code snippets to obtain system fingerprints and aim to identify specific systems among others.

This lecture gives an introduction to the concept of web-based client fingerprinting and covers the principle of recognition performed by a computer system. It tackles the core problem of similarity measurement and presents approaches for system recognition based on fingerprint data. 

June 12, 2017,  15:00-16:00,  Location : Zi 2126,  Speaker : Thomas Hupperich (Ruhr University Bochum, Germany)

Mobile Device Fingerprinting

Client fingerprinting techniques enhance classical cookie-based user tracking to increase the robustness of tracking techniques. A unique identifier is created based on characteristic attributes of a client device, and then used for deployment of personalized advertisements or similar use cases. Whereas fingerprinting performs well for highly customized devices - especially desktop computers -, these methods often lack in precision for highly standardized devices like mobile phones. But are mobile devices save from fingerprinting or can such methods evolve to target also these systems?

Additionally, fingerprinting of web clients is often seen as an offence to web users' privacy as it usually takes place without the users' knowledge, awareness, and consent. Thus, we need to investigate possibilities to outrun fingerprinting mechanisms. 

May 23, 2017,  12:30-13:30,  Location : Zi 2126,  Speaker : Dr. T. Inan (Tolga)

Pose Robust 3D Face Recognition

Over the last decade, three-dimensional facial recognition has been extensively researched. Very good results have been reported for frontal and non-expressive faces. Recent studies have focused on identifying faces with orientation and expression variations. This problem is still being investigated.
We will also refer to our work for three-dimensional face recognition that is robust to orientation. This seminar will contain a short summary from the speaker's previous research experience. 

May 03, 2017,  12:30-13:30,  Location : Zi 2042,  Speaker : Drs. H.C.A. Wienen (Hans)

Elephantophagism, or the hunt for an accident

When conducting a literature review, you want to find as many relevant papers as possible. But how do you select relevant articles from an initial corpus of 1775 articles? How do you eat an elephant?

I present the way in which we surveyed the current state of the art in accident analysis methods, starting out from all 108 databases the University has available and ending in a set of three classes of accident models. How did we make sure that no relevant articles were missed, how did we compare results and which results did we compare?

Furthermore, I'll present some of our findings from the review: which classes of analysis methods are there, in what respects do they differ and what are our plans now that we know this. 

April 12, 2017,  13:00-14:00,  Location : Zi 2042,  Speaker : D.H. Apriyanti (Diah Harnoni) MSc.

Flower Biometrics: Identification of Orchid Species Using Flower Image

The system to identify orchid species has developed. Although taxonomists usually use the key identification that needs some parts of the plant, this system only needs the orchid's flower image. The system uses semi-automated segmentation process, takes the HSV colour feature also shape features such as Centroid Contour Distance, aspect ratio, roundness, etc from the flower image and then identifies them using k-Nearest Neighbors which is compared with Probabilistic Neural Network and Support Vector Machine. Orchid is a unique flower. It has a part of the flower called lip (labellum) that distinguishes it from other flowers even from other types of orchids. We also proposed to do feature extraction not only on flower region but also on lip (labellum) region. The result shows that our proposed method can increase the accuracy value of the system.