Browsing by Author "Chang, Eric"

Now showing 1 - 11 of 11

Defending against Peer-to-Peer Pollution Behaviors
(2018) Chang, Eric
"In this report, we present a survey and comparison of various models on defending against content pollution. We categorize the various schemes into some groups and discuss the application-level model performance of each group. At end of the report, we present some future aspects on defending against content pollution; moreover, some important and useful evaluation results are in the report."
Defending against Spam in Tagging Systems via Reputations
(2016) Chang, Eric
"Global Internet is witnessing a rapidly growing popularity of tagging services on the social networks, which enable people to share and tag different categories of resources. However, the current tagging systems face a serious problem -- tag spam. In this paper, we propose SpamLimit -- a novel social- enhanced reputation mechanism against spam in tagging systems. First, we propose a basic reputation mechanism that provides the personalized reputation estimates to each user in system. Our approach can impose severe and quick punishment to spammers but also provide an incentive to promote normal users sharing the correct tags. Because users can rank the tag search results with the reputation estimates of owners of resources, the results provided by spammers can be degraded to the end of search results. Then, we utilize friend relationships, the social nature of tagging systems, to enhance the basic reputation mechanism. Because the friends are all real-world acquaintances, these reliable companions can provide many referential experiences to users. This will help to improve both performance and convergence of SpamLimit. Finally, our experiment results illustrate that SpamLimit can effectively defend against tag spam and work better than the existing tag search models in tagging systems."
Detecting Deceptive and Malicious Voting Behaviors in Decentralized Systems
(2016) Chang, Eric
"Deceptive behaviors of peers in today’s decentralized systems have become a serious problem due to the anonymous and self-organization nature. In this paper, we propose Soc, a novel active challenge-response mechanism based on the notion that the one side of transaction with preponderant knowledge can detect whether the other side is telling a lie. In Soc, through introducing the friend-based scheme, each peer can establish own friend relationships quickly. With the secret information of friends, Soc can construct the asymmetrical information between peers. Our active challenge-response mechanism can help peers find the deceivers in system based on the asymmetrical information. Soc also provides the mechanism which can reduce the probability of impact brought by deceptive peers. Compared with existing reputation models, Soc is more robust to the problems of collusive deceivers and cold start. The evaluation results illustrate that Soc can effectively address the problem of deceptive peers."
General Attacks and Approaches in Cloud-Scale Networks
(2019) Chang, Eric; Chang, Eric
"We present a lot of potential attacks and defenses in cloud-scale networks have been proposed in recent years. This work presents an investigation that compares various models on defending against content pollution. We categorize the various schemes into some groups and discuss the application-level model performance of each group. Finally, we show some future aspects on defending against content pollution; moreover, some important and useful evaluation results are in the report."
Highlighting Vulnerabilities via Context-Aware Framework
(2017) Chang, Eric
It is known to be full of challenges to score vulnerabilities based on various security requirements in cloud services. Although there have been several systems for scoring vulnerabilities (e.g., CVSS), most of them are unable to be leveraged to score vulnerabilities in cloud services, because they fail to consider some important factors located in cloud such as business context (i.e., dependency relationships between services) and threat levels of the same vulnerability on various security requirements. This paper aims to propose a novel framework to qualify and rank the vulnerabilities based on their threat degrees in cloud service. Through inputting or constructing service dependency graph, our framework is able to generate the importance degree of each service and the ranking list of all the vulnerabilities in cloud service. Moreover, our framework can be adopted not only into various cloud infrastructures, but also different categories of algorithms according to concrete requirements. To evaluate our framework, we adopt AssetRank algorithm into the framework, and present the whole design of our work. Comprehensive experiments prove the effectiveness of our framework on qualifying and ranking vulnerabilities in cloud service.
How to Defend against Pollution Attacks in P2P Networks
(2018) Chang, Eric
"Pollution attacks in P2P networks become important and no existing work well solved this challenge. This paper presents an investigation that compares various models on defending against content pollution. We categorize the various schemes into some groups and discuss the application-level model performance of each group. At end of the report, we present some future aspects on defending against content pollution; moreover, some important and useful evaluation results are in the report."
Overcoming Risks in Hidden Dependencies within the Cloud
(2016) Chang, Eric
"In order to address reliability and availability of cloud services, redundancy-based techniques utilizing more than one cloud provider have been recently proposed. Unfortunately these approaches fail to recognize the effects related to common dependencies hidden by in- dependent redundant services, potentially invalidating these efforts. We propose a novel system to address this pitfall by recommending cloud consumers the most suit- able redundant services based on the consumers’ requirements. We call this system a cloud reliability recommender (CRR). At the heart of a CRR, we leverage fault tree analysis techniques to 1) discover hidden common dependencies in order to generate correlation matrices; 2) calculate the failure probabilities of alternative services; and, 3) enable cloud consumers to specify criteria to optimize their utility, recommending the most suitable services for them. In this paper, we describe the CRR, the aforementioned process, and discuss the challenges inherent to CRR design and practicality."
Pollution Attacks and Defense in Cloud-like Networks
(2018) Chang, Eric
"Various attacks and defenses in cloud-like systems have been proposed in recent years. This paper presents an investigation that compares various models on defending against content pollution. We categorize the various schemes into some groups and discuss the application-level model performance of each group. At end of the report, we present some future aspects on defending against content pollution; moreover, some important and useful evaluation results are in the report."
Secure and Usable Integrity Protection Model for Operating Systems
(2016) Chang, Eric
"Host compromise is one of the most serious security problems for operating systems today. Existing integrity protection models for operating systems are difficult to use; on the other hand, the most available integrity protection models only provide heuristic approaches without strong guarantees. This paper presents SecGuard, a secure and high-available integrity protection model for operating systems. To ensure the security of systems, SecGuard provides formal guarantees that operating systems are security under three threats: network-based threat, IPC communication threat, and contaminative file threat. On the other hand, we introduce some novel mechanisms to ensure high-available of the model. For instance, SecGuard leverages the information of the existing discretionary access control mechanism to initialize integrity labels for subjects and objects in the systems. Moreover, we describe the implementation of SecGuard for Linux using Linux Security Modules framework, and show it has low overhead and effectively achieve security and high-availability for operating systems."
Securing Peer-to-Peer Content Sharing Systems through Detecting Pollution Behaviors
(2017) Chang, Eric
Peer-to-Peer (P2P) content sharing systems have experienced an explosive growth, and now dominate large fractions of both the Internet users and traffic volume. However, due to the self-organization and self-maintenance nature of P2P overlay networks, these systems are vulnerable to the content pollution, where attackers aggressively inject a large quantity of polluted content into the systems. Such polluted content could largely reduce the availability of the original authentic content, thus enormously shattering genuine users' confidence in the P2P content sharing systems. In this report, we present a survey and comparison of various models on defending against content pollution. We categorize the various schemes into some groups and discuss the application-level model performance of each group. At end of the report, we present some future aspects on defending against content pollution; moreover, some important and useful evaluation results are in the report.
Towards A Framework for Detecting Tag Spam
(2017) Chang, Eric
"Tagging system is the killer application of Web2.0 services that can help users to share, tag and discover those interesting resources. In recent years, as tagging systems are gaining in popularity, many studies also indicated that tagging services are susceptible to tag spam: misleading tags that are generated in order to increase the popularity of some resources or simply to confuse users in the networks. In this report, we summarize both the representative tagging systems and the existing methods of defending against tag spam in the application. Through analyzing the existing tagging systems, we will propose the conclusions and future works at the end of the report."