Filtering, Fusion and Dynamic Information Presentation: Towards a General Information Firewall

Gregory Conti College of Computing Georgia Institute of TechnologyUnited States Military Academy

http://www.sharky.tv/

Denial of Information Attacks:

Intentional Attacks that overwhelm the human or otherwise alter their decision makinghttp://circadianshift.net/images/Virginia_Tech_1920s_NS5423_Y_small.jpg

The Problem of Information GrowthThe surface WWW contains ~170TB (17xLOC) IM generates five billion messages a day (750GB), or 274 terabytes a year. Email generates about 400,000 TB/year. P2P file exchange on the Internet is growing rapidly. The largest files exchanged are video files larger than 100 MB, but the most frequently exchanged files contain music (MP3 files).

http://www.sims.berkeley.edu/research/projects/how-much-info-2003/

Defense Taxonomy (Big Picture)Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04)Federal Can Spam Legislation (Jan 04)California Business and Professions Code, prohibits the sending of unsolicited commercial email (September 98)http://www.metroactive.com/papers/metro/12.04.03/booher-0349.htmlFirst Spam Conference (Jan 03)

Legal

Lawsuits

New Laws

Regulatory

Government Regulation

Moral

PR Campaign

Code of Ethics

Cultural

Communities

Organizational

Topical counter-DoI groups

Financial

Increasing cost of DoI operations

Violence

Violence against DoI perpetrators

Technology

(see next slide)

Defense Taxonomy (Big Picture)Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04)Federal Can Spam Legislation (Jan 04)California Business and Professions Code, prohibits the sending of unsolicited commercial email (September 98)http://www.metroactive.com/papers/metro/12.04.03/booher-0349.htmlFirst Spam Conference (Jan 03)

Legal

Lawsuits

New Laws

Regulatory

Government Regulation

Moral

PR Campaign

Code of Ethics

Cultural

Communities

Organizational

Topical counter-DoI groups

Financial

Increasing cost of DoI operations

Violence

Violence against DoI perpetrators

Technology

(see next slide)

Human ConsumerHuman ProducerCommunicationChannelConsumerNodeRAMHardDriveCPUProducerNodeSTMLTMCognitionConsumerProducerRAMHardDriveCPUSTMLTMCognitionVisionHearingSpeechMotorVisionHearingSpeechMotorSystem Model

Human ConsumerHuman ProducerCommunicationChannelConsumerNodeRAMHardDriveCPUProducerNodeSTMLTMCognitionConsumerProducerRAMHardDriveCPUSTMLTMCognitionVisionHearingSpeechMotorVisionHearingSpeechMotorvery small textexploit round off algorithmtrigger many alertsExampleDoI Attacksmisleadingadvertisementsspoof browser

Human ConsumerHuman ProducerCommunicationChannelConsumerNodeRAMHardDriveCPUProducerNodeSTMLTMCognitionConsumerProducerRAMHardDriveCPUSTMLTMCognitionVisionHearingSpeechMotorVisionHearingSpeechMotorTCP DampingUsableSecurityEliza Spam ResponderDecompression BombsExampleDoI DefensesComputationalPuzzle Solving

DoI Countermeasures in the Web Domain

TransformDatabaseContent Producer

Transform Processing EngineOrganizationalWeb Serverview original documentInformation Firewallpublish contentsubmit suggestedtransformstore and retrieve transformsContent Consumerreceive original contentsubmit new or modifiedtransform submit feedbackon transformsearch for desiredtransformrequest transformedcontentreceive transformed contentrequest original content

parserdata sourcesinformation firewallfilteringfusionfilter all but headlinesrules enginetransformdatabaseanalyst viewsfilter all but todays weathertransform processing engine

Demo

For more information G. Conti, M. Ahamad and R. Norback; "Filtering, Fusion and Dynamic Information Presentation: Towards a General Information Firewall;" IEEE International Conference on Intelligence and Security Informatics (IEEE-ISI); May 2005. for extended version email me

G. Conti and M. Ahamad; "A Taxonomy and Framework for Countering Denial of Information Attacks;" IEEE Security and Privacy. (to be published)email me

G. Conti, M. Ahamad and J. Stasko; "Attacking Information Visualization System Usability: Overloading and Deceiving the Human;" Symposium on Usable Privacy and Security (SOUPS); July 2005. (accepted, to be published)

For more information Rennison, Earl. Galaxy of News: An Approach to Visualizing and Understanding Expansive News Landscapes. Proceedings of the 7th Annual ACM Symposium on User Interface Software and Technology, 1994, pp. 3 - 12.

M. Ahamad, W. Lee, L. Liu, L. Mark, E. Omicienski, C. Pu and A. Dos Santos; Guarding the Next Internet Frontier: Countering Denial of Information Attacks; Proceedings of the New Security Paradigms Workshop; pp 136-143; September 2002.

Questions?Image: http://altura.speedera.net/ccimg.catalogcity.com/210000/211700/211780/Products/6203927.jpgGreg Conticonti@cc.gatech.eduwww.cc.gatech.edu/~conti

Backup Slides

GreaseMonkeyhttp://developers.slashdot.org/article.pl?sid=05/05/16/0052245&tid=95&tid=154&tid=156&tid=1

OrientObserveActDecideScan Subject Line

SpamDelete

Confirm DeletionSuccessful

Not SpamNo ObservationNo Action

OverheadNumber of Email x Time to Decide OverheadNumber of Spam x Time to Delete OverheadNumber of Spam x Time to Observe Total Overhead= (Number of Spam x (Time to Delete + Time to Observe))+(Number of Email X (Time to Decide + Time to Scan)) OverheadNumber of Email x Time to Scan

overview of DoI problemattacking people through their computer systemmalicious visualizationsphoto from virginia tech circa 1920s

contrast this with denial of service attacksunintentional attacks fall approach information overloadintentional attacks by active malicious entitites

CategoriesIntentional vs. unintentional possibly self inflictedDatabase corruptionMisleading information, tricking users or protocolsToo much vs. wrong informationRestricted Information

http://www.rdpslides.com/pptfaq/FAQ00170.htm

Charles Booher, Nov 2003 arrested for spam ragehttp://www.rdpslides.com/pptfaq/FAQ00170.htm

Charles Booher, Nov 2003 arrested for spam rageUseful to consider what solutions fall into which categories.Where is there room for future work.Useful to consider what solutions fall into which categories.Where is there room for future work.