UMBC Center for Cybersecurity
Permanent URI for this collection
Browse
Recent Submissions
Item Pagers And Walkie-talkies Over Cellphones—a Security Expert Explains Why Hezbollah Went Low-tech For Communications(UMBC Magazine, 2024-09-19) Forno, Richard; Malla, HusseinItem Privacy-Preserving Data Sharing in Agriculture: Enforcing Policy Rules for Secure and Confidential Data Synthesis(IEEE, 2023-12) Kotal, Anantaa; Elluri, Lavanya; Gupta, Deepti; Mandalapu, Varun; Joshi, AnupamBig Data empowers the farming community with the information needed to optimize resource usage, increase productivity, and enhance the sustainability of agricultural practices. The use of Big Data in farming requires the collection and analysis of data from various sources such as sensors, satellites, and farmer surveys. While Big Data can provide the farming community with valuable insights and improve efficiency, there is significant concern regarding the security of this data as well as the privacy of the participants. Privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR), the EU Code of Conduct on agricultural data sharing by contractual agreement, and the proposed EU AI law, have been created to address the issue of data privacy and provide specific guidelines on when and how data can be shared between organizations. To make confidential agricultural data widely available for Big Data analysis without violating the privacy of the data subjects, we consider privacy-preserving methods of data sharing in agriculture. Synthetic data that retains the statistical properties of the original data but does not include actual individuals’ information provides a suitable alternative to sharing sensitive datasets. Deep learning-based synthetic data generation has been proposed for privacy-preserving data sharing. However, there is a lack of compliance with documented data privacy policies in such privacy-preserving efforts. In this study, we propose a novel framework for enforcing privacy policy rules in privacy-preserving data generation algorithms. We explore several available agricultural codes of conduct, extract knowledge related to the privacy constraints in data, and use the extracted knowledge to define privacy bounds in a privacy-preserving generative model. We use our framework to generate synthetic agricultural data and present experimental results that demonstrate the utility of the synthetic dataset in downstream tasks. We also show that our framework can evade potential threats, such as re-identification and linkage issues, and secure data based on applicable regulatory policy rules.Item Massive IT outage spotlights major vulnerabilities in the global information ecosystem(The Conversation, 2024-07-19) Forno, RichardA faulty software update crippled airlines, hospitals and government services. A security researcher explains why it’s likely to happen again and what needs to be done to lower the odds of a repeat.Item Social media and political violence – how to break the cycle(The Conversation, 2024-07-16) Forno, RichardWhen political discourse is devoid of facts and high on demonization, it’s no surprise that political violence is the result. There is a way out, but it’s slow and will take effort.Item KiNETGAN: Enabling Distributed Network Intrusion Detection through Knowledge-Infused Synthetic Data Generation(2024-05-26) Kotal, Anantaa; Luton, Brandon; Joshi, AnupamIn the realm of IoT/CPS systems connected over mobile networks, traditional intrusion detection methods analyze network traffic across multiple devices using anomaly detection techniques to flag potential security threats. However, these methods face significant privacy challenges, particularly with deep packet inspection and network communication analysis. This type of monitoring is highly intrusive, as it involves examining the content of data packets, which can include personal and sensitive information. Such data scrutiny is often governed by stringent laws and regulations, especially in environments like smart homes where data privacy is paramount. Synthetic data offers a promising solution by mimicking real network behavior without revealing sensitive details. Generative models such as Generative Adversarial Networks (GANs) can produce synthetic data, but they often struggle to generate realistic data in specialized domains like network activity. This limitation stems from insufficient training data, which impedes the model’s ability to grasp the domain’s rules and constraints adequately. Moreover, the scarcity of training data exacerbates the problem of class imbalance in intrusion detection methods. To address these challenges, we propose a Privacy-Driven framework that utilizes a knowledge-infused Generative Adversarial Network for generating synthetic network activity data (KiNETGAN). This approach enhances the resilience of distributed intrusion detection while addressing privacy concerns. Our Knowledge Guided GAN produces realistic representations of network activity, validated through rigorous experimentation. We demonstrate that KiNETGAN maintains minimal accuracy loss in downstream tasks, effectively balancing data privacy and utility.Item What is Volt Typhoon? A cybersecurity expert explains the Chinese hackers targeting US critical infrastructure(The Conversation, 2024-03-29) Forno, RichardChinese state-sponsored hackers are targeting critical infrastructure. Here’s what they’re doing, how the US government is responding and how you can help.Item UMBC’s Vandana Janeja aims to boost high-performance computing know-how to tackle environmental science challenges with a $1 million NSF grant(UMBC News, 2023-10-30) Meyers, CatherineItem No Silver Bullet: Fighting Russian Disinformation Requires Multiple Actions(National Cryptologic Museum Foundation, 2020-08) Thompson, Terry L.Item The SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Students(2018-11-12) Sherman, Alan; Golaszewski, Enis; LaFemina, Edward; Goldschen, Ethan; Khan, Mohammed; Mundy, Lauren; Rather, Mykah; Solis, Bryan; Tete, Wubnyonga; Valdez, Edwin; Weber, Brian; Doyle, Damian; O’Brien, Casey; Oliva, Linda; Roundy, Joseph; Suess, JackMay 30-June 2, 2017, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of a targeted aspect of the UMBC computer systems. During this hands-on study, with complete access to source code, students identified vulnerabilities, devised and implemented exploits, and suggested mitigations. As part of a pioneering program at UMBC to extend SFS scholarships to community colleges, the study helped initiate six students from two nearby community colleges, who transferred to UMBC in fall 2017 to complete their four-year degrees in computer science and information systems. The study examined the security of a set of "NetAdmin" custom scripts that enable UMBC faculty and staff to open the UMBC firewall to allow external access to machines they control for research purposes. Students discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly. For example, they implemented a record-overflow and code-injection exploit that exfiltrated the vital API key of the UMBC firewall. This report summarizes student activities and findings, and reflects on lessons learned for students, educators, and system administrators. Our students found the collaborative experience inspirational, students and educators appreciated the authentic case study, and IT administrators gained access to future employees and received free recommendations for improving the security of their systems. We hope that other universities can benefit from our motivational and educational strategy of teaming educators and system administrators to engage students in active project-based learning centering on focused questions about their university computer systems.