The Internet of Things (IoT) is an emerging computing paradigm spanning smart home, wearable devices, smart cities, and intelligent transportation systems. Building security into IoT is critical today. However, many unique features in IoT, including device resource constraints, device/vendor diversity, and cross-device physical interactions often make traditional IT security approaches impractical. To address those challenges, in this talk, I will present three of our recent research efforts. First, I will introduce a lightweight malware infection detector for IoT devices. Second, I will present a system that mitigates volumetric DDoS attacks with programmable switches. Third, I will briefly discuss an IoT device physical interaction control system, which can discover real IoT physical interactions and enforce safety and security policies.Biography:
Hongxin Hu is an Associate Professor in the Department of Computer Science and Engineering at University at Buffalo, SUNY. He is a recipient of NSF CAREER Award for 2019. His research spans security, privacy, networking, and systems. He has participated in multiple cross-university, cross-disciplinary projects funded by NSF. His research has also been funded by USDOT, Google, VMware, Amazon, Dell, etc. He has published over 100 refereed technical papers, many of which appeared in top-tier conferences such as CCS, USENIX Security, NDSS, SIGCOMM, and CHI, and well-recognized journals such as IEEE TIFS, IEEE TDSC, IEEE/ACM TON, and IEEE TKDE. He is the recipient of the Best Paper Awards from ACSAC 2020,IEEE ICC 2020, ACM SIGCSE 2018, and ACM CODASPY 2014. His research has won the First Place in ACM SIGCOMM 2018 SRC. His research has also been featured by the IEEE Special Technical Community on Social Networking, and received 50+ press coverage including ACM TechNews, InformationWeek, Slashdot, etc.
The ubiquitous access to mobile devices exposes users to increasing threats of shoulder-surfing attacks. An attacker can spy on a user when he is entering a password, opening the door to various security threats. With the guide of shoulder-surfing resistance strategies and unique strengths of password and behavioral biometrics in mobile user authentication, we designed a touch gesture-based password authentication method. We empirically evaluated the performance of the proposed method against the traditional keystroke-based method in protecting users from shoulder-surfing attacks under various settings. The results demonstrate the effectiveness of the proposed method, and have implications for the design of password authentication method for mobile devices.Biography:
Lina Zhou is a Professor of Management Information Systems at the Belk College of Business at UNC Charlotte. Her research interests in the areas of cybersecurity focus on deception detection and usable mobile user authentication. Her research combines methods of the design science and behavioral science paradigms. Dr. Zhou has worked on several related projects sponsored by NSF and AFOSR.
The proliferation of advanced threat actors in cyberspace has left cybersecurity practitioners, engineers, and social scientists struggling to stay ahead of a phenomenon that is reshaping political conflict. The timely detection and attribution of these incidents is necessary to understand the threat environment, the actors therein, and the capabilities and objectives of those actors. Better attribution, along with more precise measurement of cybersecurity events in general, will not only lead to better legal and policy outcomes but also to an understanding of how political conflict occurs in a cyber-connected world. In this talk, Dr. Radford will discuss his research that applies machine learning to assist analysts with incident discovery and response. The talk will also explore the state of cybersecurity data available for quantitative social science research, the importance of having such data, and the challenges of acquiring it.Biography:
Benjamin J. Radford studies political conflict, cybersecurity, and the application of machine learning to problems in these domains. Dr. Radford has worked on several research programs for the United States Government including projects at DARPA and the Office of Naval Research. He was the principal investigator for a government-funded cybersecurity attribution program. His research has been published in the "Journal of Conflict Resolution" and "Political Science Research and Methods", among other venues. Dr. Radford received his PhD in political science from Duke University. He is currently an assistant professor of Political Science and Public Administration at UNC Charlotte.