Publications‎ > ‎

Other International Conference Publications

Detecting Anomalies in Embedded Computing Systems via a Novel HMM-based Machine Learning Approach

posted Mar 25, 2015, 9:14 AM by Eric Medvet   [ updated Mar 25, 2015, 9:14 AM ]

  • 10th International Conference on Hybrid Artificial Intelligence Systems (HAIS), 2015, Bilbao (Spain), to appear
  • Alfredo Cuzzocrea, Eric Medvet, Enzo Mumolo, Riccardo Cecolin
Computing systems are vulnerable to anomalies that might occur during execution of deployed software: e.g., faults, bugs or deadlocks. When occurring on embedded computing systems, these anomalies may severely hamper the corresponding devices; on the other hand, embedded systems are designed to perform autonomously, i.e., without any human intervention, and thus it is difficult to debug an application to manage the anomaly. Runtime anomaly detection techniques are the primary means of being aware of anomalous conditions. In this paper, we describe a novel approach to detect an anomaly during the execution of one or more applications. Our approach describes the behaviour of the applications using the sequences of memory references generated during runtime. The memory references are seen as signals: they are divided in overlapping frames, then parametrized and finally described with Hidden Markov Models (HMM) for detecting anomalies. The motivations of using such methodology for embedded systems are the following: first, the memory references could be extracted with very low overhead with software or architectural tools. Second, the device HMM analysis framework, while being very powerful in gathering high level information, has low computational complexity and thus is suitable to the rather low  memory and computational capabilities of embedded systems. We experimentally evaluated our proposal on a ARM9, Linux based, embedded system using the SPEC 2006 CPU benchmark suite and found that it shows very low error rates for some artificially injected anomalies, namely a malware, an infinite loop and random errors during execution.

Visual Similarity-Based Phishing Detection

posted Mar 14, 2012, 5:17 AM by Eric Medvet   [ updated Dec 13, 2012, 8:01 AM ]

  • 4th International Conference on Security and Privacy in Comminication Networks (SecureComm), 2008, Istanbul (Turkey)
  • Eric Medvet, Engin Kirda, Christopher Kruegel
  • Google Scholar
Phishing is a form of online fraud that aims to steal a user’s sensitive information, such as online banking passwords or credit card numbers. The victim is tricked into entering such information on a web page that is crafted by the attacker so that it mimics a legitimate page. Recent statistics about the increasing number of phishing attacks suggest that this security problem still deserves significant attention.
In this paper, we present a novel technique to visually compare a suspected phishing page with the legitimate one. The goal is to determine whether the two pages are suspiciously similar. We identify and consider three page features that play a key role in making a phishing page look similar to a legitimate one. These features are text pieces and their style, images embedded in the page, and the overall visual appearance of the page as rendered by the browser.
To verify the feasibility of our approach, we performed an experimental evaluation using a dataset composed of 41 realworld phishing pages, along with their corresponding legitimate targets. Our experimental results are satisfactory in terms of false positives and false negatives.

1-2 of 2