Invited Talk

Anomaly Detection and Social Interactions: A Social Informatics approach for Insider Threats

- Abstract: Social informatics is the study of information and communication tools under different cultural and community contexts and how people interact with each other using those tools in computer-mediated environments. It concerns the design, uses and consequences of information technologies that take into account their interaction with different social contexts. These new forms of communication enable our social interactions being digitally analyzed real-time at a large scale, which poses both new challenges/concerns and opportunities to the community of cyber security. One potential area of development under social informatics is anomaly detection on social behavioral models for online users. For instance, social exchange theories developed in cultural anthropology, neoclassical economics, communication and psychology can be applied to analyze how power relations shape interaction between individuals, and ways to achieve balance in these relations. Various forms of social capitals, derived from social networks, might be considered as quantitative measures regarding common set of expectations, shared values, and a sense of trust among people connected in these networks. In this talk, a model of social interactive networks will be presented and, more importantly, we will discuss how this new model can be potentially applied to the context of anomaly detection for insider threats.

- 4 - - Speaker: Prof. Shyhtsun Felix Wu (UC Davis, USA)

Prof. S. Felix Wu has been doing “experimental” system research, i.e., building prototype systems to justify and validate novel architectural concepts. Since 1995, he and his students/postdocs have built many experimental systems in the areas of fault tolerant network, IPSec/VPN security policy, attack source tracing, wireless network security, intrusion detection and response, visual information analytics, and, more recently, future Internet design. An article titled "Networking: Four ways to reinvent the Internet" published in Nature 463 (February 3rd, 2010, by Katharine Gammon) provided a brief but very nice cover about his primary thought on a Social-network-based future Internet architecture (much more comprehensible than if he were to write it, actually). During the past couple years, he has been pretending (and hoping) to know a little bit more about humanity science so he can claim that he is working on multidisciplinary research. And, he strongly believes that thoroughly considering the factor of human relationships is necessary for any IT innovation. Therefore, his primary research objective, before he retires, is to help and contribute to the information technology advancement that would truly help our human society. As an initial step, he recently released the SINCERE (Social Interactive Networking and Conversation Entropy Ranking Engine, sponsored by NSF) search engine under http://www.sincere.se, which is trying to help our Internet society to discover "interesting/unusual" discussions. Felix received his BS from Tunghai University, Taiwan, in 1985, both MS and PhD from Columbia University in 1989 and 1995, all in Computer Science. He has about 110+ academic publications, which means that he should probably focus much more on the depth and quality. He is currently a Professor with the Computer Science department at UC Davis.

- 5 - Panel Discussion Chairs and Panelists

Panel Discussion Chair: Dr. William R. Claycomb (Carnegie Mellon University, USA)

William R. Claycomb is the Lead Research Scientist for the CERT Enterprise Threat and Vulnerability Management program at Carnegie Mellon University’s Software Engineering Institute. His primary research topic is the insider threat; current work includes discovery of insider threat behavioral patterns and corresponding sociotechnical countermeasures. Dr. Claycomb is also involved in other efforts at CERT exploring cloud computing, incident response, systems modeling, and vulnerability analysis. Prior to joining CMU, he was a Member of Technical Staff at Sandia National Laboratories, focusing on enterprise systems security research, including insider threats, malware detection, and data protection. Bill is currently an adjunct faculty member at CMU’s Heinz College, teaching in the School of Information Systems and Management.

Panelist: Prof. S. Felix Wu (UC Davis, USA) Prof. S. Felix Wu's short biography is given above.

Panelist: Dr. Christian W. Probst (Technical University of Denmark)

Dr. Christian W. Probst is an Associate Professor in the Department of Applied Mathematics and Computer Science at the Technical University of Denmark, where he works in the section for Language-Based Technologies. The motivation behind Christian’s research is to realize systems with guaranteed properties. An important aspect of his work are questions related to safety and security properties, most notably insider threats. He is the creator of ExASyM, the extendable, analysable system model, which supports the identification of insider threats in organisations. Christian has co-organized cross-disciplinary workshops on insider threats and has co-edited a book on the topic.

- 6 - Panelist: Dr. Dongwan Shin (New Mexico Tech, USA)

Dr. Dongwan Shin is an Associate Professor in the Computer Science and Engineering Department at New Mexico Tech. His research focuses on information and system security. He is the founding director of the Secure Computing Laboratory and faculty researcher at the Institute of Complex Additive Systems Analysis (ICASA) at New Mexico Tech. His research at Tech has been supported by NSF, DoD, Sandia Labs, Los Alamos Lab, Intel, VirtualBridge, and CAaNES. Dr. Shin received his Ph.D. in Information Technology from the University of North Carolina at Charlotte in 2004.

- 7 - Program Overview

Time October 24 (Thursday) Time October 25 (Friday)

09:00 ~ 17:00 Registration 09:00 ~ 16:00 Registration

09:00 ~ 10:30 MIST1: 4 presentations 09:00 ~ 10:30 MIST6: 4 presentations

10:30 ~ 10:50 Coffee Break 10:30 ~ 11:00 Coffee Break MIST2: 1 tutorial, 2 10:50 ~ 12:00 11:00 ~ 12:00 MIST7: 3 presentations presentations 12:00 ~ 13:30 Lunch 12:00 ~ 13:20 Lunch

13:30 ~ 14:30 MIST3: Invited Talk 13:20 ~ 15:00 MIST8: 5 presentations

14:30 ~ 15:00 Coffee Break 15:00 ~ 15:30 Coffee Break

15:00 ~ 16:30 MIST4: 4 presentations 15:30 ~ 17:30 MIST9: 6 presentations

16:30 ~ 17:00 Coffee Break

17:00 ~ 18:40 MIST5: Panel Discussion

19:00 ~ Banquet

- 8 - MIST 2013 Program

October 24th Thursday, 2013

09:00-17:30 Registration Desk Open

09:00-10:30 MIST1 - Managing Insider Threats 1 Session Chair: Dr. Ilsun You (Korean Bible Univ., Republic of Korea)

Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection P.A. Legg, N. Moffat, J.R.C. Nurse, J. Happa, I. Agrafiotis, M. Goldsmith, and S. Creese University of Oxford, UK Guidelines for the Prevention of Internal Improprieties in Japanese Organization Shigeyoshi Shima1 and Ayako Komatsu2 1NEC Corporation, Japan, and 2Information-Technology Promotion Agency, Japan Externalizing Behaviour for Analysing System Models Marieta Georgieva Ivanova1, Christian W. Probst1, René Rydhof Hansen2, and Florian Kammüller3 1Technical University of Denmark, and 2Aalborg University, Denmark 3Middlesex University, UK Towards Cognitive Cryptography Lidia Ogiela and Marek Ogiela AGH University of Science and Technology, Poland

10:30-10:50 Coffee Break

10:50-12:00 MIST2 - Managing Insider Threats 2 Session Chair: Prof. Kyung Hyune Rhee (Pukyong National Univ., Republic of Korea)

A Brief Tutorial on Managing Insider Threats Dr. William Claycomb CERT® Insider Threat Center, Carnegie Mellon University, USA A Method For Characterizing Sociotechnical Events Related to Insider Threat William Claycomb and Carly Huth CERT® Insider Threat Center, Carnegie Mellon University, USA Reachability-based Impact as a Measure for Insiderness Christian W. Probst1 and René Rydhof Hansen2 1Technical University of Denmark and 2Aalborg University, Denmark

12:00-13:30 Lunch Break

- 9 - 13:30-14:30 MIST3 - Invited Talk Session Chair: Prof. Fang-Yie Leu (Tunghai University, Taiwan)

Anomaly Detection and Social Interactions:A Social Informatics approach for Insider Threats Prof. Felix Wu (UC Davis, USA)

14:30~15:00 Coffee Break

15:00-16:30 MIST4 - Related Technologies 1 Session Chair: Dr. Kangbin Yim (Soonchunhyang University, Republic of Korea)

A Secure ECC-based Electronic Medical Record SystemKun-Lin Tsai, Kun-Lin Tsai, Fang-Yie Leu, Tien-Han Wu, Shin-shiuan Chiou, Yu-Wei Liu, and Han-Yun Liu Tunghai University, Taiwan Detection and prevention of LeNa Malware on Android Hwan-Taek Lee1, Minkyu Park2 and Seong-Je Cho1 1Dankook University, and 2Konkuk University, Republic of Korea Detecting of Web based DDoS Attack using MapReduce operations in Cloud Computing Environment Jun Ho Choi, Chang Choi, Byeong Kyu Ko, Dongjin Choi, and Pan Koo Kim Chosun University, Republic of Korea A New Logging-based IP Traceback Approach using Data Mining Techniques Ho-Seok Kang and Sung-Ryul Kim Konkuk University,

16:30-17:00 Coffee Break

17:00-18:40 MIST5 - Panel Discussion “Key Challenges in Defending Against Insider Threats” Session Chair: William R. Claycomb (Carnegie Mellon University, USA) Panelists:  Prof. S. Felix Wu (UC Davis, USA)  Dr. Christian W. Probst (Technical University of Denmark)  Dr. Dongwan Shin (New Mexico Tech, USA)

19:00- MIST 2013 Banquet

- 10 - October 25th Friday, 2013

09:00-16:00 Registration Desk Open

09:00-10:30 MIST6 - Information Leakage Prevention 1 Session Chair: Prof. Kouichi Sakurai (Kyushu University, Japan)

DRM Cloud Architecture and Service Scenario for Content Protection Hyejoo Lee1, Changho Seo1, and Sang Uk Shin2 1Kongju National University and 2PuKyong National University, Republic of Korea A New Exponentiation Algorithm Resistant to Combined Side Channel Attack Hyungdong Kim1, Yongje Choi2, Dooho Choi2, and Jaecheol Ha1 1Hoseo University, and 2ETRI, Republic of Korea MobiShare+: Security Improved System for Location Sharing in Mobile Online Social Networks Jingwei Li1, Jin Li2, Xiaofeng Chen3, Zheli Liu1, and Chunfu Jia1 1Nankai University, 2Guangzhou University, and 3Xidian University, China Implementation and Performance of Distributed Text Processing System Using Hadoop for e-Discovery Cloud Service Taerim Lee, Hun Kim, Kyung Hyune Rhee, Sang Uk Shin PuKyong National University, Republic of Korea

10:30-11:00 Coffee Break

11:00-12:00 MIST7 - Related Technologies 2 Session Chair: Prof. Kyung Hyun Rhee (Pukyong National Univ., Republic of Korea)

Lattice Based Efficient Threshold Public Key Encryption Scheme Kunwar Singh1, C. Pandu Rangan2, and A.K.Banerjee1 1NIT Trichy, and 2IIT Madras, India An Improved Privacy-Preserving Navigation Protocol in VANETs Wonjun Cho, Youngho Park, Chul Sur and Kyung Hyune Rhee Pukyong National University, Republic of Korea The Method of Personalized Recommendation with Ensemble Combination Ji-Wan Seo, Seung-Jin Choi, Mu-Cheol Kim and Sang-Yong Han Chung-Ang University, Republic of Korea

12:00-13:20 Lunch Break

13:20-15:00 MIST8 - Information Leakage Prevention 2 Session Chair: Dr. Sang Uk Shin (Pukyong National Univ., Republic of Korea)

A User Study of Security Warnings for Detecting QR Code Based Attacks on Android Phone

- 11 - Dongwan Shin and Huiping Yao New Mexico Tech, USA Vulnerability to Flash Controller for Secure USB Drives Kyungroul Lee, Youngjun Lee, Dmitry Volokhov and Kangbin Yim Soonchunhyang Univ., Republic of Korea A Fuzzy-based Trust Management in WSNs Guowei Wu, Zuosong Liu, Lin Yao, Zhenzhen Xu, and Wei Wang Dalian University of Technology, China Lattice Based Universal Re-encryption for Mixnet Kunwar Singh1, C. Pandu Rangan2, and A.K.Banerjee1 1NIT Trichy, and 2IIT Madras, India Constructing Verifiable Random Number in Finite Field Jun Ye, Xiaofeng Chen, and Jianfeng Ma Xidian University, China

15:00-15:30 Coffee Break

15:30-17:30 MIST9 - Related Technologies 3 Session Chair: Dr. Kangbin Yim (Soonchunhyang Univ., Republic of Korea)

Lattice Based Identity Based Proxy Re-Encryption Scheme Kunwar Singh1, C. Pandu Rangan2, and A.K.Banerjee1 1NIT Trichy, and 2IIT Madras, India The Electronic Cash Protocol Based on Dynamic Group Signature Jian Xu, Yuxi Li1, Jingwei Miao2, Fucai Zhou1 1Northeastern University, China 2University of Lyon, France Privacy-Preserving Predicate Proof of Attributes with CL-Anonymous Credential Nan Guo1, Jia Wang1, Tianhan Gao1, and Kangbin Yim2 1Northeastern University, China 2Soonchunhyang University, Republic of Korea Improving Recommender Systems by Incorporating Similarity, Trust and Reputation Chanchamnab Than and Sangyong Han Chung-Ang University, Republic of Korea DGA-Based Botnet Detection Using DNS Traffic Yong-lin Zhou1, Qing-shan LI2, Qidi Miao3, and Kangbin Yim4 1Computer Emergency Response Team, China 2MoE Key Lab. of Network and Software Security Assurance of Peking University, China 3Northeastern University, China 4Soonchunhyang University, Republic of Korea Distributed Capability-based Access Control for the Internet of Things José L. Hernández-Ramos1, Antonio J. Jara2, Leandro Marín1, and Antonio F. Skarmeta1 1University of Murcia, Spain 2University of Applied Sciences Western Switzerland (HES-SO), Switzerland

- 12 - Workshop Venue Pukyong National University(PKNU), Daeyeon Campus

How to get to PKNU

Light Rail Transit : Route A Entrance to the airport→ Sasang station (Transfer) From Gimhae Subway Line 2: International Airport Sasang station→ Kyungsung Univ./Pukyong Nat'l Univ. Station Subway Line 1 : Station→ Seomyeon Station (Transfer) Route B Subway Line 2 : From Seomyeon station→ Kyungsung Univ./Pukyong Nat'l Univ. Station Route C Bus No. 27, 40, 41, 139, 1001, 1003 : From Busan Station Busan Station→ Munhyeon Rotary→ Pukyong Nat'l Univ.

- 13 - Workshop Venue in PKNU Daeyeon Campus

(Ref. Map URL: http://www.pknu.ac.kr/jsp_eng/intro_h_02.jsp)

1. October 24 (Thursday) - Leadership Hall , The third floor in Dongwon Jang Bogo Hall

2. October 25 (Friday) - C.E.O Hall , The second floor in Mirae Bldg.

※ Lunch for two days(24, 25) : Lounge O, The first floor in Dongwon Jang Bogo Hall

Back Gate

Mirae Bldg. ⓑ Main Gate

ⓐ Dongwon Jang Bogo Hall

- 14 - Banquet

1. Venue : the View (buffet, the second floor) 2. Address : 5-4, Yongho 3-dong, Nam-gu, Busan, Korea 3. Road Name : Igidaegongwon-ro 57-170 4. Map

How to get to the VIEW

Taxi Time : about 10 minutes (recommend) Fare : about 4,000 won

Bus No. Namgu2-1 : PKNU Main Gate→ Bunpo High School Bus and on foot On foot : Bunpo High School→ the VIEW (about 660m)

- 15 - Busan Tour Info. http://etour.busan.go.kr Haeundae Beach Haeundae Beach is located near Jangsan Mountain at the height of 634m. The national largest beach with capacity of over 120,000 people opened in 1965, providing best conditions for swimming with water depth of 1m and water temperature 22.5 . Gwanganri Beach Gwangan Beach is known for its beautiful sandy beach and is one of the most popular beaches in Busan along with Haeundae Beach. Gwangan Bridge Gwangan Bridge opened in 6 Jan, 2003. It can display over 100,000 lighting and has become Busan’s favorite tourist attraction. Igidae Galmaetgil Igidae Galmaetgil is a coast shore road where you can hear the sound of the waves. The view of the mountain and the sea has been-called ‘Sampojihyang’ for its beautiful scenery from old times. BEXCO Bexco decentralizes exhibitions and international conferences by holding them in Busan and contributes to globalization, industry growth and IT improvement of Busan and Gyeongnam province Nurimaru located in Dongbaek Island, Joong-dong, Haeundae-gu, Busan, the house represents a modern version of the traditional Korean pavilion. It was used as a conference hall for the 13rd APEC held on 18 ~ 19 Nov 2005 and noted for the most beautiful scenery in all the past APEC conference halls Located in Busan Centum City, the symbol of Busan International Film Festival was born on 29 Sep 2011 on the foundation of aspiration of filmmakers and strong will of Busan citizens to become a best film festival in Asia and possibly in the world as well as a representative film city in Asia. Busan Aquarium Busan Aquarium is the national largest theme aquarium built with investment of total 39 billion won by Haeundae-gu Office and private capital inducement. It is equipped with a variety of facilities including total 40 theme exhibits, an

- 16 - 80-meter underwater tunnel and simulator touch pools Haedong-yonggung Temple Haedong-yonggung Temple is a Buddhist temple founded in 1376 by Nawong. The place is known as one of Top 3 Kwan-yin sacred places in Korea. According to a legend, any wish made here facing the sea comes true. There are endless visitors who come to make a wish. Beomeo Temple Beomeo Temple is one of the leading 10 temples of Hwaom denomination (a branch of Mahayana Buddhism). There are two stories regarding its origin. The more potential story is that it was built in 678 by Saint Euisang. According to ‘Sinseung donggungnyeojiseungnam,’ a golden fish came down from the sky and swam in the pond. It was thus named Keumjeong Mountain and a temple was built and named as Beomeo. Taejongdae Taejongdae was designated #17 of Korea’s most beautiful cultural properties. It used to be called ‘Shinsundae’ because hermits with miraculous powers lived there, but after King Taejong Muyeol of Dynasty, its name was universalized as Taejongdae. Jagalchi Market Jagalchi Market first started during the Korean War and was named ‘Jagalchi Ahjimae.’ It is Korea’s biggest seafood market and you can purchase the freshest seafood. Busan National Maritime Museum Busan National Maritime Museum was initially constructed under a purpose to enhance the progressive spirit, as a landmark of Busan. And in Jul 2012, it was inaugurated with objectives to provide comprehensive and systemic maritime vision for citizens through collection, research and exhibition of sea-related artifacts

- 17 -