1,721,240 research outputs found
A Stackelberg Approach to Federated Learning for Malware Detection
Full text linkThe widespread use of smart devices requires effective malware detection tools to ensure user security and privacy.
The dynamic nature of the software ecosystem, characterized by data distribution changes, poses significant
challenges to the long term sustainability of machine learning models for malware detection, requiring periodic
updates to maintain their effectiveness. Additionally, collecting up-to-date information for training machine
learning models in a centralized fashion is costly, time-consuming, and privacy-invasive. To address these
shortcomings, this work proposes a Stackelberg game model to incentivize users to contribute to the training of a
malware detection model through Federated Learning. The proposed model takes into account heterogeneous
capabilities of the participants, allowing them to tune their contribution based on the quality and quantity of the
data they can provide. Experimental results demonstrate that the proposed approach can ensure the effectiveness
of the detection model over multiple years
BLIND: A privacy preserving truth discovery system for mobile crowdsensing
Full text linkNowadays, an increasing number of applications exploit users who act as intelligent sensors and can quickly provide high-level information. These users generate valuable data that, if mishandled, could potentially reveal sensitive information. Protecting user privacy is thus of paramount importance for crowdsensing systems. In this paper, we propose BLIND, an innovative open-source truth discovery system designed to improve the quality of information (QoI) through the use of privacy-preserving computation techniques in mobile crowdsensing scenarios. The uniqueness of BLIND lies in its ability to preserve user privacy by ensuring that none of the parties involved are able to identify the source of the information provided. The system uses homomorphic encryption to implement a novel privacy-preserving version of the well-known K-Means clustering algorithm, which directly groups encrypted user data. Outliers are then removed privately without revealing any useful information to the parties involved. We extensively evaluate the proposed system for both server-side and client-side scalability, as well as truth discovery accuracy, using a real-world dataset and a synthetic one, to test the system under challenging conditions. Comparisons with four state-of-the-art approaches show that BLIND optimizes QoI by effectively mitigating the impact of four different security attacks, with higher accuracy and lower communication overhead than its competitors. With the optimizations proposed in this paper, BLIND is up to three times faster than the baseline system, and the obtained Root Mean Squared Error (RMSE) values are up to 42% lower than other state-of-the-art approaches
A hybrid system for malware detection on big data
No full textIn recent years, the increasing diffusion of malicious software has encouraged the adoption of advanced machine learning algorithms to timely detect new threats. A cloud-based approach allows to exploit the big data produced by client agents to train such algorithms, but on the other hand, poses severe challenges on their scalability and performance. We propose a hybrid cloud-based malware detection system in which static and dynamic analyses are combined in order to find a good trade-off between response time and detection accuracy. Our system performs a continuous learning process of its models, based on deep networks, by exploiting the growing amount of data provided by clients. The preliminary experimental evaluation confirms the suitability of the approach proposed here
A Simulation Software for the Evaluation of Vulnerabilities in Reputation Management Systems
Full text linkMulti-agent distributed systems are characterized by autonomous entities that interact with each other to provide, and/or request, different kinds of services. In several contexts, especially when a reward is offered according to the quality of service, individual agents (or coordinated groups) may act in a selfish way. To prevent such behaviours, distributed Reputation Management Systems (RMSs) provide every agent with the capability of computing the reputation of the others according to direct past interactions, as well as indirect opinions reported by their neighbourhood. This last point introduces a weakness on gossiped information that makes RMSs vulnerable to malicious agents’ intent on disseminating false reputation values. Given the variety of application scenarios in which RMSs can be adopted, as well as the multitude of behaviours that agents can implement, designers need RMS evaluation tools that allow them to predict the robustness of the system to security attacks, before its actual deployment. To this aim, we present a simulation software for the vulnerability evaluation of RMSs and illustrate three case studies in which this tool was effectively used to model and assess state-of-the-art RMSs
NEP-IDS: a Network Intrusion Detection System Based on Entropy Prediction Error
No full textIntrusion Detection Systems (IDSs) are used to intercept unauthorized access and malicious activity in computer networks. However, cyber-attacks are becoming more sophisticated, using evasion techniques to prevent signature-based detection. The rise of previously unseen attacks poses a critical challenge to IDSs. In this work, we present a lightweight approach to anomaly detection in network traffic that exploits the entropy of packet header features to reveal attacks. Detection is performed through a predictive model and a sliding window cumulative sum algorithm. The experimental evaluation, conducted on various attacks, indicates our system’s effectiveness in detecting attacks generating both high and low amounts of traffic, maintaining a low false alarm rate
DRESS: A Distributed RMS Evaluation Simulation Software
No full textDistributed environments consist of a huge number of entities that cooperate to achieve complex goals. When interactions occur between unknown parties, intelligent techniques for estimating agents’ reputations are required. Reputation Management Systems (RMSs) allow agents to perform such estimation in a cooperative way. In particular, distributed RMSs exploit feedbacks provided after each interaction to predict future behaviors of agents. Such systems, are sensitive to fake information injected by malicious users, thus, predicting their performance is a very challenging task. Although many existing works have addressed some challenges concerning the design and assessment of specific RMSs, there are no simulation environments that adopt a general approach that can be applied to different application scenarios. To overcome this lack, in this work we present DRESS, an agent-based simulation framework that aims to support researchers in the evaluation of distributed RMSs under different security attacks
M2FD: Mobile malware federated detection under concept drift
Full text linkThe ubiquitous diffusion of mobile devices requires the availability of effective malware detection solutions to ensure user security and privacy. The dynamic nature of the mobile ecosystem, characterized by data distribution changes, poses significant challenges to the development of effective malware detection systems. Additionally, collecting up-to-date information for training machine learning models in a centralized fashion is costly, time-consuming, and privacy-invasive. To address these shortcomings, this paper presents a novel federated learning system for collaborative mobile malware detection. M2FD leverages the collective intelligence of the user community to collect valuable contributions to the detection system while preserving user privacy. Additionally, M2FD incorporates robust concept drift detection mechanisms and model retraining strategies to ensure the adaptability of the system to changing data distributions. By effectively handling concept drift, M2FD guarantees a high ability to detect malware, with 85% accuracy and 84% F1-score, even in presence of evolving attack strategies, thus avoiding the need for frequent model retraining, reducing the retraining frequency by up to 84%, so reducing the computational burden on clients. An extensive experimental evaluation performed on KronoDroid, an open-source real-world dataset, proves the effectiveness of M2FD in detecting concept drift, minimizing model updates, and achieving high accuracy in mobile malware detection
Hybrid Multilevel Detection of Mobile Devices Malware Under Concept Drift
Full text linkMalwares are a major threat to the security of mobile devices, and Machine Learn-
ing (ML) is a widespread approach to automatically detect them. However, running
ML analysis pipelines can be excessively burdensome for energy-constrained mobile
devices. On the other hand, completely off-loading all the analysis to a remote server
can introduce unacceptable communication overheads and delays in the detection
process. In this paper, we propose a multilevel approach for malware detection on
mobile devices that combines a lightweight local analysis of static features with a
more computationally expensive remote analysis of dynamic features, through the
adoption of ML methods. However, the effectiveness of automatic malware detec-
tion systems based on ML is often limited by unforeseen variations in the statistical
characteristics of the observed data. This phenomenon, known as concept drift, can
lead to a degradation of the performance of ML models over time. The proposed
malware detection system is equipped with self-evaluation capabilities, enabling it
to detect the occurrence of periods when its predictions become unreliable due to
concept drift so that appropriate response strategies can be activated. In particular,
when such critical events occur, the self-evaluation agent triggers the execution of
an additional layer of analysis, hosted by a remote server, which allows the system
to react to the unexpected reduction in its detection capabilities. The computational
cost of the detection process is minimized by limiting the remote analysis to only
those samples for which the analysis performed on-board the mobile device is likely
to incorrectly classify the app
Ambient Intelligence for Energy Efficiency in a Complex of Buildings
No full textThe quest for energy efficiency currently represents one of the most stimulating challenges both for academic and industrial organizations. We address the issue of ensuring timely and ubiquitous monitoring of a potentially large building complex in order to optimize their energy consumption
Tackling Selfish Clients in Federated Learning
Full text linkFederated Learning (FL) is a distributed machine learning paradigm facilitating participants to collaboratively train a model without revealing their local data. However, when FL is deployed into the wild, some intelligent clients can deliberately deviate from the standard training process to make the global model inclined toward their local model, thereby prioritizing their local data distribution. We refer to this novel category of misbehaving clients as selfish. In this paper, we propose a Robust aggregation strategy for the FL server to mitigate the effect of Selfishness (in short RFL-Self). RFL-Self incorporates an innovative method to recover (or estimate) the true updates of selfish clients from the received ones, leveraging robust statistics (median of norms) of the updates at every round. By including the recovered updates in aggregation, our strategy offers strong robustness against selfishness. Our experimental results, obtained on MNIST and CIFAR-10 datasets, demonstrate that just 2% of clients behaving selfishly can decrease the accuracy by up to 36%, and RFL-Self can mitigate that effect without degrading the global model performance
- …
