Date post: | 17-Jan-2016 |
Category: |
Documents |
Upload: | linette-french |
View: | 216 times |
Download: | 0 times |
Filtering, Fusion and Dynamic Information Presentation: Towards a General Information Firewall
Gregory Conti College of Computing Georgia Institute of TechnologyUnited States Military Academy
http://www.sharky.tv/
Denial of Information Attacks:
Intentional Attacks that overwhelm the human or otherwise alter their decision makinghttp://circadianshift.net/images/Virginia_Tech_1920s_NS5423_Y_small.jpg
The Problem of Information GrowthThe surface WWW contains ~170TB (17xLOC) IM generates five billion messages a day (750GB), or 274 terabytes a year. Email generates about 400,000 TB/year. P2P file exchange on the Internet is growing rapidly. The largest files exchanged are video files larger than 100 MB, but the most frequently exchanged files contain music (MP3 files).
http://www.sims.berkeley.edu/research/projects/how-much-info-2003/
Defense Taxonomy (Big Picture)Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04)Federal Can Spam Legislation (Jan 04)California Business and Professions Code, prohibits the sending of unsolicited commercial email (September 98)http://www.metroactive.com/papers/metro/12.04.03/booher-0349.htmlFirst Spam Conference (Jan 03)
Legal
Lawsuits
New Laws
Regulatory
Government Regulation
Moral
PR Campaign
Code of Ethics
Cultural
Communities
Organizational
Topical counter-DoI groups
Financial
Increasing cost of DoI operations
Violence
Violence against DoI perpetrators
Technology
(see next slide)
Defense Taxonomy (Big Picture)Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04)Federal Can Spam Legislation (Jan 04)California Business and Professions Code, prohibits the sending of unsolicited commercial email (September 98)http://www.metroactive.com/papers/metro/12.04.03/booher-0349.htmlFirst Spam Conference (Jan 03)
Legal
Lawsuits
New Laws
Regulatory
Government Regulation
Moral
PR Campaign
Code of Ethics
Cultural
Communities
Organizational
Topical counter-DoI groups
Financial
Increasing cost of DoI operations
Violence
Violence against DoI perpetrators
Technology
(see next slide)
Human ConsumerHuman ProducerCommunicationChannelConsumerNodeRAMHardDriveCPUProducerNodeSTMLTMCognitionConsumerProducerRAMHardDriveCPUSTMLTMCognitionVisionHearingSpeechMotorVisionHearingSpeechMotorSystem Model
Human ConsumerHuman ProducerCommunicationChannelConsumerNodeRAMHardDriveCPUProducerNodeSTMLTMCognitionConsumerProducerRAMHardDriveCPUSTMLTMCognitionVisionHearingSpeechMotorVisionHearingSpeechMotorvery small textexploit round off algorithmtrigger many alertsExampleDoI Attacksmisleadingadvertisementsspoof browser
Human ConsumerHuman ProducerCommunicationChannelConsumerNodeRAMHardDriveCPUProducerNodeSTMLTMCognitionConsumerProducerRAMHardDriveCPUSTMLTMCognitionVisionHearingSpeechMotorVisionHearingSpeechMotorTCP DampingUsableSecurityEliza Spam ResponderDecompression BombsExampleDoI DefensesComputationalPuzzle Solving
DoI Countermeasures in the Web Domain
TransformDatabaseContent Producer
Transform Processing EngineOrganizationalWeb Serverview original documentInformation Firewallpublish contentsubmit suggestedtransformstore and retrieve transformsContent Consumerreceive original contentsubmit new or modifiedtransform submit feedbackon transformsearch for desiredtransformrequest transformedcontentreceive transformed contentrequest original content
parserdata sourcesinformation firewallfilteringfusionfilter all but headlinesrules enginetransformdatabaseanalyst viewsfilter all but todays weathertransform processing engine
Demo
For more information G. Conti, M. Ahamad and R. Norback; "Filtering, Fusion and Dynamic Information Presentation: Towards a General Information Firewall;" IEEE International Conference on Intelligence and Security Informatics (IEEE-ISI); May 2005. for extended version email me
G. Conti and M. Ahamad; "A Taxonomy and Framework for Countering Denial of Information Attacks;" IEEE Security and Privacy. (to be published)email me
G. Conti, M. Ahamad and J. Stasko; "Attacking Information Visualization System Usability: Overloading and Deceiving the Human;" Symposium on Usable Privacy and Security (SOUPS); July 2005. (accepted, to be published)
For more information Rennison, Earl. Galaxy of News: An Approach to Visualizing and Understanding Expansive News Landscapes. Proceedings of the 7th Annual ACM Symposium on User Interface Software and Technology, 1994, pp. 3 - 12.
M. Ahamad, W. Lee, L. Liu, L. Mark, E. Omicienski, C. Pu and A. Dos Santos; Guarding the Next Internet Frontier: Countering Denial of Information Attacks; Proceedings of the New Security Paradigms Workshop; pp 136-143; September 2002.
Questions?Image: http://altura.speedera.net/ccimg.catalogcity.com/210000/211700/211780/Products/6203927.jpgGreg [email protected]/~conti
Backup Slides
GreaseMonkeyhttp://developers.slashdot.org/article.pl?sid=05/05/16/0052245&tid=95&tid=154&tid=156&tid=1
OrientObserveActDecideScan Subject Line
SpamDelete
Confirm DeletionSuccessful
Not SpamNo ObservationNo Action
OverheadNumber of Email x Time to Decide OverheadNumber of Spam x Time to Delete OverheadNumber of Spam x Time to Observe Total Overhead= (Number of Spam x (Time to Delete + Time to Observe))+(Number of Email X (Time to Decide + Time to Scan)) OverheadNumber of Email x Time to Scan
overview of DoI problemattacking people through their computer systemmalicious visualizationsphoto from virginia tech circa 1920s
contrast this with denial of service attacksunintentional attacks fall approach information overloadintentional attacks by active malicious entitites
CategoriesIntentional vs. unintentional possibly self inflictedDatabase corruptionMisleading information, tricking users or protocolsToo much vs. wrong informationRestricted Information
http://www.rdpslides.com/pptfaq/FAQ00170.htm
Charles Booher, Nov 2003 arrested for spam ragehttp://www.rdpslides.com/pptfaq/FAQ00170.htm
Charles Booher, Nov 2003 arrested for spam rageUseful to consider what solutions fall into which categories.Where is there room for future work.Useful to consider what solutions fall into which categories.Where is there room for future work.