Presentation is loading. Please wait.

Presentation is loading. Please wait.

Semantics for Big Data (,) Security and Privacy Tim Finin and Anupam Joshi University of Maryland, Baltimore County Baltimore MD NSF Workshop on Big Data.

Published byArthur Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "Semantics for Big Data (,) Security and Privacy Tim Finin and Anupam Joshi University of Maryland, Baltimore County Baltimore MD NSF Workshop on Big Data."— Presentation transcript:

1 Semantics for Big Data (,) Security and Privacy Tim Finin and Anupam Joshi University of Maryland, Baltimore County Baltimore MD NSF Workshop on Big Data Security and Privacy 2014-09-16, University of Texas at Dallas http://ebiq.org/r/363

2 The plot outline Big data → Variety → Need for integration & fusion → Must understand data semantics → Use semantic languages & tools (reasoners, ML) → Have shared ontologies & background knowledge Relevance to security and privacy – Protect personal information, especially in mobile/IOT scenarios – Better intrusion detection systems

3 Use Case Examples We’ve used semantic technologies in support of assured information tasks including – Representing & enforcing information sharing policies – Negotiating for cloud services respecting organizational constraints (e.g., data privacy, location, …) – Modeling context for mobile users and using this to manage information sharing – Acquiring, using and sharing knowledge for situationally-aware intrusion detection systems Key technologies include Semantic Web languages (OWL, RDF) and tools and information extraction from text

4 Context-Aware Privacy and Security Smart mobile devices know a great deal about their users, including their current context Acquiring and using this knowledge helps them provide better services Sharing the information with other users, organizations and service providers can also be beneficial (Mobile Ad-Hoc Knowledge Networks) Context-aware policies can be used to limit information sharing as well as to control the actions and information access of mobile apps We’re in a two-hour budget meeting at X with A, B and C We’re in a impor- tant meeting We’re busy http://ebiq.org/p/589

5 Context-aware power management Maintaining context model uses power We empirically determine power usage for a phone’s sensors and use this for optimization

6 Context-aware power management Maintaining the context model use power We developed an accurate power models for a phone’s sensors and use this for optimization When updating context model 1. Only enable sensors required by policy, reuse recent sensor readings whenever appropriate e.g., disable GPS sensor when at home in evening 2. Prefer sensors with lower energy footprint or already in use when several available e.g., Choose Wifi to GPS for location at office during day 3.Reorder rule conditions to reduce energy use e.g., Check conditions requiring no sensor access first When updating context model 1. Only enable sensors required by policy, reuse recent sensor readings whenever appropriate e.g., disable GPS sensor when at home in evening 2. Prefer sensors with lower energy footprint or already in use when several available e.g., Choose Wifi to GPS for location at office during day 3.Reorder rule conditions to reduce energy use e.g., Check conditions requiring no sensor access first http://ebiq.org/p/632

7 Intrusion Detection Systems Current intrusion detection systems poor for zero-day and “low and slow” attacks, and APTs Sharing Information from heterogeneous data sources can provide useful information even when an attack signature is unavailable Implemented prototypes that integrate and reason over data from IDSs, host and network scanners, and text at the knowledge level We’ve established the feasibility of the approach in simple evaluation experiments

8 From dashboards & watchstanding (Simple) Analysis

9 … to situational awareness Non Traditional “Sensors” Traditional Sensors Facts / Information Context/Situation Rules Policies Analytics Alerts Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 …. [ a IDPS:text_entity; IDPS:has_vulnerability_term "true"; IDPS:has_security_exploit "true"; IDPS:has_text “Internet Explorer"; IDPS:has_text “arbitrary code "; IDPS:has_text "remote attackers".] [ a IDPS:system; IDPS:host_IP "130.85.93.105”.] [ a IDPS:scannerLog IDPS:scannerLogIP "130.85.93.105"; …] [ a IDPS:gatewayLog IDPS:gatewayLogIP "130.85.93.105"; …] [ IDPS:scannerLog IDPS:hasBrowser ?Browser IDPS:gatewayLog IDPS:hasURL ?URL ?URL IDPS:hasSymantecRating “unsafe” IDPS: scannerLog IDPS:hasOutboundConnection “true” IDPS:WiresharkLog IDPS:isConnectedTo ?IPAddress ?IPAddress IDSP:isZombieAddress “true”] => [IDPS:system IDPS:isUnderAttack “user-after-free vulnerability” IDPS:attack IDPS:hasMeans “Backdoor” IDPS:attack IDPS:hasConsequence “UnautorizedRemoteAccess”] http://ebiq.org/p/604

10 Maintaining the vulnerability KB Our approach requires us to keep the KB of software products and known or suspected vulnerabilities and attacks up to date Resources like NVD are great, but tapping into text can enrich their info and give earlier warn-ings of problems CVE disclosed (01/14/13) Vendor deploys software Attacker finds vuln. & exploits it (01/10/13) Exploit reported in mailing list (01/10/13) Vuln. reported in NVD RSS feed Analysis Vuln. Analyzed & included in NVD feed (02/16/2013) Vendor Analysis Threat disclosed in vendor bulletin (03/04/2013) Patch development Patch released (Critical Patch Update) (06/18/2013) Resolution System update

11 Information extraction from text CVE-2012-0150 Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka ”Msvcrt.dll Buffer Overflow Vulnerability.” ebqids:hasMean s Identify relationships http://dbpedia.org/resourc e/Buffer_overflow Link concepts to entities http://dbpedia.org/resource/Wind ows_7 ebqids:affectsProduct http://dbpedia.org/resource/Arbitrary_code_execution We use information extraction techniques to identify entities, relations and concepts in security related text These are mapped to terms in our ontology and the DBpedia LOD KB (based on Wikipedia) Google’s slogan: “Things, not strings”

12 Security Bulletins Blogs Maintaining the vulnerability KB Unstructured Data (Vuln. Summaries) Entity & Concept Spotter Extracted Concepts Web Text Triple Store NVD dataset Structured Data (XML) IDS Ontology Linked Cybersecurity Data Consumers Linking & Mapping Entities RDF Generation http://ebiq.org/p/629

13 Faceblock http://ebiq.org/p/666 Click image to play 80 second video or go to YoutubeYoutube

14 Faceblock Ontology Faceblock’s (OWL) ontology lets one to write context policy rules using predefined activity and place types

15 Faceblock Ontology Faceblock’s (OWL) ontology lets one to write context policy rules using predefined activity and place types

16 Faceblock Protocols User device maintains context, reasons with policy rules and informs glass devices of Faceblock property: True or Fase

17 Taming Wild Big Data WBD is structured or semi-structured data for which we lack schema-level understanding – e.g, raw tables, graphs, xml, logs Developed tools to generate semantic data from background ontologies & KBs, e.g. for clinical trial tables It’s harder when the domain is not even known. We’re developing systems that use large background KBs (e.g., Google’s Freebase) to predict types/subtypes of data instances http://ebiq.org/p/672http://ebiq.org/p/661

18 Conclusion Google’s new slogan: things, not strings We also need: measurements, not numbers Common ontologies in semantic representations enable big data integration at a “knowledge level” – data, meta-data, provenance, certainty, rules Many advantages: – Enhancing discovery, integration and interoperability – Enabling inference and knowledge-level analytics – Expressing policy constraints in common semantic terms http://ebiq.org/r/363

19 Threat/Vulnerability Alert Knowledge Base ReasonerOntology Domain Expert Knowledge RDFS Knowledge Web Text Sources (Blogs, Forums, Feeds) Entity/Concept Extractor Named Entities Security Vulnerability Entities Extractor Security Vulnerability Terms IDS/IPS sensors Reports and Logs Host Based Activity Monitor Host Activity Logs Network Activity Monitor Network Activity Logs Hardware Security Sensors Security Logs System Architecture 2 http://ebiq.org/p/604

20 Populating KBs from Text Kelvin is a system for populating KBs with entities and relations extracted from text – Developed at JHU Human Language Technology Center of Excellence – E.g., extracts 300K entities and 3M relations from 50K newswire articles Supports analytics at KB level: inference, proba- bilistic reasoning, entities linking across KBs, … Top system in 2012 & 2013 NIST Text Analytics Conference Coldstart KBP task evaluations http://ebiq.org/p/671

Download ppt "Semantics for Big Data (,) Security and Privacy Tim Finin and Anupam Joshi University of Maryland, Baltimore County Baltimore MD NSF Workshop on Big Data."

Similar presentations

Improving Learning Object Description Mechanisms to Support an Integrated Framework for Ubiquitous Learning Scenarios María Felisa Verdejo Carlos Celorrio.

Improving Learning Object Description Mechanisms to Support an Integrated Framework for Ubiquitous Learning Scenarios María Felisa Verdejo Carlos Celorrio.
Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.

Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.
GridVine: Building Internet-Scale Semantic Overlay Networks By Lan Tian.

GridVine: Building Internet-Scale Semantic Overlay Networks By Lan Tian.
UMBC AN HONORS UNIVERSITY IN MARYLAND Future Research Challenges and Needed Resources for The Web, Semantics and Data Mining Tim Finin UMBC, Baltimore.

UMBC AN HONORS UNIVERSITY IN MARYLAND Future Research Challenges and Needed Resources for The Web, Semantics and Data Mining Tim Finin UMBC, Baltimore.
Semantic Web and Web Mining: Networking with Industry and Academia İsmail Hakkı Toroslu IST EVENT 2006.

Semantic Web and Web Mining: Networking with Industry and Academia İsmail Hakkı Toroslu IST EVENT 2006.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
Sensemaking and Ground Truth Ontology Development Chinua Umoja William M. Pottenger Jason Perry Christopher Janneck.

Sensemaking and Ground Truth Ontology Development Chinua Umoja William M. Pottenger Jason Perry Christopher Janneck.
1 Introduction The Database Environment. 2 Web Links Google General Database Search Database News Access Forums Google Database Books O’Reilly Books Oracle.

1 Introduction The Database Environment. 2 Web Links Google General Database Search Database News Access Forums Google Database Books O’Reilly Books Oracle.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Machine Reasoning about Anomalous Sensor Data Matt Calder, Francesco Peri, Bob Morris Center for Coastal Environmental Sensoring Networks CESN University.

Machine Reasoning about Anomalous Sensor Data Matt Calder, Francesco Peri, Bob Morris Center for Coastal Environmental Sensoring Networks CESN University.
Cloud based linked data platform for Structural Engineering Experiment Xiaohui Zhang

Cloud based linked data platform for Structural Engineering Experiment Xiaohui Zhang
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.

An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.
What Can Do for You! Fabian Christ

What Can Do for You! Fabian Christ
Managing & Integrating Enterprise Data with Semantic Technologies Susie Stephens Principal Product Manager, Oracle

Managing & Integrating Enterprise Data with Semantic Technologies Susie Stephens Principal Product Manager, Oracle
By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.

By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.
Semantics for Privacy and Context Tim Finin University of Maryland, Baltimore County Joint work with Anupam Joshi, Prajit Das, Primal Pappachan, Eduado.

Semantics for Privacy and Context Tim Finin University of Maryland, Baltimore County Joint work with Anupam Joshi, Prajit Das, Primal Pappachan, Eduado.
Semantic Web outlook and trends May 2013. The Past 24 Odd Years 1984 Lenat’s Cyc vision 1989 TBL’s Web vision 1991 DARPA Knowledge Sharing Effort 1996.

Semantic Web outlook and trends May The Past 24 Odd Years 1984 Lenat’s Cyc vision 1989 TBL’s Web vision 1991 DARPA Knowledge Sharing Effort 1996.

Similar presentations

Ads by Google