SlideShare a Scribd company logo
1 of 36
On Sensors, Threats,
Responses and Challenges
Emil Lupu
Deputy-Director Petras IoT Research Hub
Director, Academic-Centre of Excellence in Cyber
Security Research Imperial College London
Exposing the physical world to
cyber threats
Protection agents or attack
vectors?
Less obvious paths to compromise
Policy-Based Systems
How to configure, personalise and
automate?
Vision Mobile IoT Megatrends 2016
Policy-Based Systems
Control
actions
Decisions
Managed
Objects
Monitor
Events
Manager
Agent
Events
Policies
(auth)
New functionality Policies
(oblig/ECAs)
Policy-Based Systems
RBAC
Ponder and Ponder2
http://ponder2.net
CHAPTER 5. APPLICATION OF THE LEARNING FRAM EWORK TO DATA
COLLECTED ON ANDROID
(a) T he Result View (b) T he IntegrityConstraints View
Figure 5.9: The Result and IntegrityConstraints view
5.5.1 A pplicat ion usage
We thought it would be a good idea to keep track of the user’s application usage. While this
sounds like it should be a simple task it, unfortunately, proved to be a little more complicated
than what we had originally thought. As a result, the Android SDK does not provide a way,
through its API, to detect the time at which an application is launched, for obvious security
Policy
Analysis
Policy Refinement
Goal: Protect troop location information from unauthorised disclosure
Who can access location information?
Granularity of the information location provided.
Protection of Information in communications system.
Policies regarding:
Policy Specification
In Natural Language
Subclasses (NLS)
In a Formal Language (FL)
System Side
Algorithms & Tools
User Side
Author NL policies
Convert NL policies to FL policies
Author FL policies
Convert FL policies to NL policies
Abstract Policy Models
Security Ontologies
Policy Transformation
Policy Synchronization
Goals, High Level Policies
In System Context
Concrete Policy Sets
Executable Policies
Information
Control Flow
Policy Ratification
Policy Authoring
Policy Ratification
Databases, XML Stores, Rule Engines, State
Machines, etc
Global Principles and Goals
Large Scale Analyses of NL and
FL Policies
Survey & Coding of Related
Practices
Policy Transformation
Policy Synchronization
Human Factors Based Design & Usability Studies
Policy Presentation
Processing & User Interaction
User Preferences
in a FL
User-Level
Paradigms for
Preferences
Preference Specification Tools
AC & Audit Policies
Data User Risk Choices &
Model Model Model Consent
Policy
Learning
Self-Managed Cells
Data Sharing
Agreement
Refinement
Analysis
Data centric security
Techniques for the entire policy
life-cycle
Policy Refinement
Goal: Protect troop location information from unauthorised disclosure
Who can access location information?
Granularity of the information location provided.
Protection of Information in communications system.
Policies regarding:
CHAPTER 5. APPLICATION OF THE LEARNING FRAM EWORK TO DATA
COLLECTED ON ANDROID
(a) T he Result View (b) T he IntegrityConstraints View
Figure 5.9: The Result and IntegrityConstraints view
5.5.1 A pplicat ion usage
We thought it would be a good idea to keep track of the user’s application usage. While this
sounds like it should be a simple task it, unfortunately, proved to be a little more complicated
than what we had originally thought. As a result, the Android SDK does not provide a way,
through its API, to detect the time at which an application is launched, for obvious security
reasons. To overcomethisproblem, wetakea di↵erent approach. TheAndroid Activity Manager
logs every application launch event by its package name. For example, com. andr oi d. camer a
suggests that the user is using a the phone’s camera.
Policy Learning
Policy
Specification
Policy Analysis
Policy Deployment
and Enforcement
… and the application areas
Network Management Body Area Networks Security for Sensors
Firewall Analysis and
Rule Generation
Mobile Ad-Hoc
Networks
coyote.c
CHAPTER 5. APPLICATION OF THE LEARNING FRAM EWORK T
COLLECTED ON ANDROID
(a) T he Result View (b) T he IntegrityCon
Figure 5.9: The Result and IntegrityConstraints view
5.5.1 A pplicat ion usage
We thought it would be a good idea to keep track of the user’s applicat
sounds like it should be a simple task it, unfortunately, proved to be a li
than what we had originally thought. As a result, the Android SDK do
through its API, to detect the time at which an application is launched
reasons. To overcomethisproblem, wetakea di↵erent approach. TheAnd
logs every application launch event by its package name. For example,
suggests that the user is using a the phone’s camera.
Therefore, to allow our application to detect application launch events a
use Java’s Runt i me class to execute the command l ogcat Act i vi t yMana
Android’s own console application that allows access to logs at run-time
I nput St r eamReader and continuously filter events as they arrive.
We put some thought into this to avoid duplicate entries. Like we have
Privacy
Policy Learning Example: Call
screening on Mobile
User Agent
Location
• Example: Under which circumstances
users accept calls on a mobile phone
• Traces of mobile phone usage including
CLID, location, nearby known devices.
CLID
CLID
• Learning: Find H such that B ⋃ H ⊨ E. Where
• B: background knowledge, H: hypotheses, E: positive and negative
examples
• Revision: Given U, find U’ Such that B ⋃ U’ ⊨ E and some minimality
criteria are met.
Learning new user behaviour rules…
At home
H H H
07:00
Call from
At location
Day 1 07:30
Context:
in_group(alice, home).
in_group(bob, home).
happens(gps(57,10),07:00).
at_location(home, W, N) ← Conditions,….
Examples:
not do(accept_call(alice), 07:00).
do(accept_call(bob), 07:30).
do(accept_call(bob), 11:00). }
New policy
do(accept_call(Call_Id, From), T ) ← T ≥ 07:30
Revising learnt rules incrementally
At home At homeAt Imperial
Near desktop
H C C H F CF H H
07:30
Call from
At location
Near device
Day 2
Context:
………..
do(accept_call(Call_Id, From), T ) ← T ≥ 07:30
Revised policy
do(accept_call(Call_Id, From), T ) ← T ≥ 07:30 ∧ in_group(From, college)
do(accept_call(Call_Id, From), T ) ← T ≥ 07:30 ∧ ¬holdsAt(location(Imperial)), T )
An experiment: the reality mining dataset
• modeh(accept(+date, +time, +contact, +volume, +vibrator, +battery_level, +screen_brightness, +headset, +screen_status, +light_level, +battery_charging)).
1
• modeb(=(+contact, #contact), [no_ground_constants, name(c)]). 200
• modeb(=(+volume, #volume), [no_ground_constants, name(vol)]). 20
• modeb(=(+vibrator, #vibrator), [no_ground_constants, name(vib)]). 20
• modeb(=(+battery_level, #battery_level), [no_ground_constants, name(bl)]).200
• modeb(=(+screen_brightness, #screen_brightness), [no_ground_constants, name(scb)]). 20
• modeb(=(+headset, #headset), [no_ground_constants, name(hs)]). 20
• modeb(=(+screen_status, #screen_status), [no_ground_constants, name(ss)]). 20
• modeb(=(+light_level, #light_level), [no_ground_constants, name(ll)]).
• modeb(=(+battery_charging, #battery_charging), [no_ground_constants, name(bc)]). 200
• modeb(weekday(+date)). 2(Positive, Negative)
• modeb(weekend(+date)). 2
• modeb(evening(+time)). 2
• modeb(morning(+time)). 2
• modeb(afternoon(+time)). 2
• modeb(in_call(+date, +time)). 2
• modeb(at(+date, +time, #cell)). 200
• modeb(nearDevice(+date, +time, #device)). 2000
• modeb(neighbourhood(+cell, #cell)). 200
• modeb(user_been_in(+date, +time, +cell)). 2
• modeb(user_is_active(+date, +time)). 2
• modeb(phone_charging(+date, +time)). 2
• modeb(phone_on(+date, +time)). 2
• modeb(user_is_using_app(+date, +time, #app)). 20
• modeb(time_before_h(+time, #hour), [no_ground_constants,name(before)]). 100
• modeb(time_after_h(+time, #hour), [no_ground_constants,name(after)]). 100
Input: Reality mining dataset – single users
Output: Rules able to predict when the user answers phone calls
Battery_level ~ 102
Contacts ~ 101
Devices ~ 103
Cells ~ 102
Date x Time ~ 103
Other options ~ 10
Cell tower
Bluetooth
devices
Activity
Coverage
Abstractions +
Domain
Knowledge
Calls
answer_call(…) IF condition1,1, …,
conditionmax_c,1
Around 5000
choices for
condition
Policy Learning
• Using Inductive Logic Programming we are able to reverse
engineer a set of rules from a set of multi-criteria decisions.
• Rules are efficient and can be used to explain decisions made.
• Rules can be manually amended and user familiarity with the
learnt rules can be preserved.
• This allows us to:
• Automate manual decisions.
• Replace legacy implementations with
configurable rule based components.
Detecting and Diagnosing Malicious
Data Injections in WSN
Towards Real-Time Systems
A building full of sensors
• Compromised sensors
can be used to inject
false values
• To elicit fake events
• To mask real ones
• To amplify and reduce
real ones.
• For short term or long
term effects.
• Given some redundancy between the information provided by
sensors can we detect injections?
• Can we distinguish from faults?
Consider physiological sensors
Masking attack outcome
• Wide variety of sensor network
topologies, deployments and signals.
• Different causes for anomalies:
transient failures, common mode
failures, malicious intervention
• Compromised sensors will collude.
• Attacks can vary in sophistication e.g.,
modify existing signals, synthesize
new ones, undermine genuine sensors
• Existing work is mostly:
• Bespoke to a sensor type or deployment
• Evaluated against trivial attacks
The problem is difficult because …
Fire alarms
monitoring
Volcano
monitoring
Medical
Sensors
Results
• Physiological sensors: detection and
characterisation (dc) up to 50% of compromised
sensors, maj. voting fails with any percentage
• Fire Alarms: dc up to 47%, maj. voting detects 7%
(0% FP), 13% (13% FP), no detection when >20%
but 27% FP.
• Monitoring Volcano Eruptions: dc up to 88%, maj.
voting up to 25% with (25% FP)
• Now looking at multiple simultaneous events
Multiple events: US Seismic Vibrations
Requirements:
• Identification of event-related trends
• Evaluation of overall measurements anomalousness (DETECTION)
• Identification of false trends (given by colluding sensors)
especially with multiple events (CHARACTERISATION)
• Analysis of anomalies root cause (DIAGNOSIS)
GENUINE
MALICIOUS
Detection Criterion: Cross Scale
Comparison
Small Genuine
Event
Large Genuine
Event
Low scale coefficients increase with High scale coefficients: measurements
increase/decrease faster in the presence of events
Seismic Vibrations Experiments
Elicited Elicited
Masked True Event Single Fault
Future Work and Lessons learnt
• Good results obtained on test data. We would like further
validation and extend to multi-mode correlations.
• We are designing new models to compute maximum
tolerance to compromised sensors given redundancy.
• Broad range of sophistication of the attacks possible.
Most research uses very simplistic models.
• How do we systematically test for sophisticated attacks?
• Can adversary poison data from which we learn?
Adversarial anomaly detection?
Dynamic Bayesian
Analysis of Attack Graphs
Attack Graph Modelling
• Attack Graphs model paths of compromise
from the network topology and
vulnerability analysis.
• Static Measures of Exposure e.g.,
• mean path to compromise of target objective.
• degree of exposure of sub-systems
Dynamic Analysis
• A Bayesian representation of the graph allows to represent
the combined effect of vulnerabilities to compromise a node
in the system.
• Dynamic inference enables us to calculate the combined
probability that an attacker can compromise a node
considering the attack graph and symptoms of compromise.
• We can then reason about:
• The possible next steps of an attack based on system vulnerability.
• Likely missing information (zero day) or failures in detection
• The effect of any remedial measure
• In enterprise networks graphs can be huge as often each
host can reach across the network to any other.
Results: Exact and approx. inference
Static Analysis Dynamic Analysis
Future Work and Lessons Learnt
• Can attack graphs be used to model compromise across
the physical space? Combined physical and digital?
Combined physical, digital and human?
• There are perhaps less problems of scalability in the
physical space (fewer adjacent nodes).
• In such cases inference can be applied at run-time to
analyse risk and determine most appropriate
countermeasures.
• Could also be able to measure time to compromise.
Retrofitting Security
What would we need to retrofit?
• Many embedded systems e.g.,
ICS have very long lifetimes.
• Protocols: proprietary, vary
from standard specification,
code/knowledge not available.
• Can we model the protocol
from observation? And
sometimes partial knowledge.
• Then insert additional
(protection) functions
Approaches
• Host-based
• Message format inference
• State machine inference
• Fuzzing
• Network-based
• Message format inference
• State machine inferences
Conclusions
• Rules can be learnt with ILP, allowing to combine the
advantages of rule-based systems, user involvement, and
auditable decisions.
• Compromised sensors can be used in more sophisticated ways
than currently considered. How do we systematically test for
such attacks?
• We need to develop models to jointly analyse and reason
about the physical, human and digital space and their inter-
dependencies. Several CS techniques may be applicable.
• We need to figure out ways in which to learn how legacy
systems operate in order to add security.
• The PETRAS IoT Hub brings together with 9 leading UK
academic institutions and around 60 public and private sector
partners around the general challenges of IoT security
• … Thank you !
If you have any questions please contact Emil Lupu:
e.c.lupu@imperial.ac.uk

More Related Content

What's hot

Anomaly Detection for Security
Anomaly Detection for SecurityAnomaly Detection for Security
Anomaly Detection for SecurityCody Rioux
 
Multisensor Fusion and Integration - pres
Multisensor Fusion and Integration - presMultisensor Fusion and Integration - pres
Multisensor Fusion and Integration - presPraneel Chand
 
SenSec: Mobile Application Security through Passive Sensing
SenSec: Mobile Application Security through Passive SensingSenSec: Mobile Application Security through Passive Sensing
SenSec: Mobile Application Security through Passive SensingJiang Zhu
 
IRJET- Hearing Loss Detection through Audiogram in Mobile Devices
IRJET-  	  Hearing Loss Detection through Audiogram in Mobile DevicesIRJET-  	  Hearing Loss Detection through Audiogram in Mobile Devices
IRJET- Hearing Loss Detection through Audiogram in Mobile DevicesIRJET Journal
 
CONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKS
CONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKSCONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKS
CONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKSpharmaindexing
 
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion  Detection and P...An Approach of Automatic Data Mining Algorithm for Intrusion  Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...IOSR Journals
 
Robust Malware Detection using Residual Attention Network
Robust Malware Detection using Residual Attention NetworkRobust Malware Detection using Residual Attention Network
Robust Malware Detection using Residual Attention NetworkShamika Ganesan
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationJose María Carazo Cepedano
 
High performance intrusion detection using modified k mean & naïve bayes
High performance intrusion detection using modified k mean & naïve bayesHigh performance intrusion detection using modified k mean & naïve bayes
High performance intrusion detection using modified k mean & naïve bayeseSAT Journals
 
KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...
KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...
KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...Jiang Zhu
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Jose Lopez
 
IRJET- Human Emotions Detection using Brain Wave Signals
IRJET- Human Emotions Detection using Brain Wave SignalsIRJET- Human Emotions Detection using Brain Wave Signals
IRJET- Human Emotions Detection using Brain Wave SignalsIRJET Journal
 

What's hot (15)

Anomaly Detection for Security
Anomaly Detection for SecurityAnomaly Detection for Security
Anomaly Detection for Security
 
Multisensor Fusion and Integration - pres
Multisensor Fusion and Integration - presMultisensor Fusion and Integration - pres
Multisensor Fusion and Integration - pres
 
Abb e guide3
Abb e guide3Abb e guide3
Abb e guide3
 
SenSec: Mobile Application Security through Passive Sensing
SenSec: Mobile Application Security through Passive SensingSenSec: Mobile Application Security through Passive Sensing
SenSec: Mobile Application Security through Passive Sensing
 
IRJET- Hearing Loss Detection through Audiogram in Mobile Devices
IRJET-  	  Hearing Loss Detection through Audiogram in Mobile DevicesIRJET-  	  Hearing Loss Detection through Audiogram in Mobile Devices
IRJET- Hearing Loss Detection through Audiogram in Mobile Devices
 
bianco final
bianco finalbianco final
bianco final
 
CONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKS
CONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKSCONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKS
CONTRADICTION COMMUNICATION RANGE OF SENSOR NETWORKS
 
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion  Detection and P...An Approach of Automatic Data Mining Algorithm for Intrusion  Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
 
Robust Malware Detection using Residual Attention Network
Robust Malware Detection using Residual Attention NetworkRobust Malware Detection using Residual Attention Network
Robust Malware Detection using Residual Attention Network
 
C0511318
C0511318C0511318
C0511318
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and Automation
 
High performance intrusion detection using modified k mean & naïve bayes
High performance intrusion detection using modified k mean & naïve bayesHigh performance intrusion detection using modified k mean & naïve bayes
High performance intrusion detection using modified k mean & naïve bayes
 
KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...
KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...
KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft ...
 
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
Is Using Off-the-shelf Antimalware Product to Secure Your Medical Device a Go...
 
IRJET- Human Emotions Detection using Brain Wave Signals
IRJET- Human Emotions Detection using Brain Wave SignalsIRJET- Human Emotions Detection using Brain Wave Signals
IRJET- Human Emotions Detection using Brain Wave Signals
 

Viewers also liked

First Cities To Future Cities - Tim Gardom (City Insights)
First Cities To Future Cities - Tim Gardom (City Insights)First Cities To Future Cities - Tim Gardom (City Insights)
First Cities To Future Cities - Tim Gardom (City Insights)Comit Projects Ltd
 
The acceleration of disruption: opportunities and threats for construction - ...
The acceleration of disruption: opportunities and threats for construction - ...The acceleration of disruption: opportunities and threats for construction - ...
The acceleration of disruption: opportunities and threats for construction - ...Comit Projects Ltd
 
Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016
Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016
Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016Comit Projects Ltd
 
Digitally Building Britain #COMIT2016
Digitally Building Britain #COMIT2016Digitally Building Britain #COMIT2016
Digitally Building Britain #COMIT2016Comit Projects Ltd
 
The 6 D's shaping the future of Work #COMIT2016
The 6 D's shaping the future of Work #COMIT2016The 6 D's shaping the future of Work #COMIT2016
The 6 D's shaping the future of Work #COMIT2016Comit Projects Ltd
 
Photogrammetry - Is there a business value to construction? #COMIT2016
Photogrammetry - Is there a business value to construction? #COMIT2016Photogrammetry - Is there a business value to construction? #COMIT2016
Photogrammetry - Is there a business value to construction? #COMIT2016Comit Projects Ltd
 
Experiences and lessons learnt from working collaboratively with an SME on a ...
Experiences and lessons learnt from working collaboratively with an SME on a ...Experiences and lessons learnt from working collaboratively with an SME on a ...
Experiences and lessons learnt from working collaboratively with an SME on a ...Comit Projects Ltd
 
The Impact of Digital Engineering – Tim Broyd (ICE) #COMIT2016
The Impact of Digital Engineering – Tim Broyd (ICE)  #COMIT2016The Impact of Digital Engineering – Tim Broyd (ICE)  #COMIT2016
The Impact of Digital Engineering – Tim Broyd (ICE) #COMIT2016Comit Projects Ltd
 
Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016
Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016
Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016Comit Projects Ltd
 
Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016
Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016
Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016Comit Projects Ltd
 
Safe Dig Packs improving utility safety #COMIT2016
Safe Dig Packs improving utility safety #COMIT2016Safe Dig Packs improving utility safety #COMIT2016
Safe Dig Packs improving utility safety #COMIT2016Comit Projects Ltd
 
Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...
Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...
Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...Comit Projects Ltd
 
A BIM-enabled collaborative platform in practice #COMIT2016
A BIM-enabled collaborative platform in practice #COMIT2016A BIM-enabled collaborative platform in practice #COMIT2016
A BIM-enabled collaborative platform in practice #COMIT2016Comit Projects Ltd
 

Viewers also liked (15)

First Cities To Future Cities - Tim Gardom (City Insights)
First Cities To Future Cities - Tim Gardom (City Insights)First Cities To Future Cities - Tim Gardom (City Insights)
First Cities To Future Cities - Tim Gardom (City Insights)
 
The acceleration of disruption: opportunities and threats for construction - ...
The acceleration of disruption: opportunities and threats for construction - ...The acceleration of disruption: opportunities and threats for construction - ...
The acceleration of disruption: opportunities and threats for construction - ...
 
Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016
Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016
Tools for the Future of the Digital Infrastructure Lifecycle - #COMIT2016
 
Digitally Building Britain #COMIT2016
Digitally Building Britain #COMIT2016Digitally Building Britain #COMIT2016
Digitally Building Britain #COMIT2016
 
The 6 D's shaping the future of Work #COMIT2016
The 6 D's shaping the future of Work #COMIT2016The 6 D's shaping the future of Work #COMIT2016
The 6 D's shaping the future of Work #COMIT2016
 
Photogrammetry - Is there a business value to construction? #COMIT2016
Photogrammetry - Is there a business value to construction? #COMIT2016Photogrammetry - Is there a business value to construction? #COMIT2016
Photogrammetry - Is there a business value to construction? #COMIT2016
 
Experiences and lessons learnt from working collaboratively with an SME on a ...
Experiences and lessons learnt from working collaboratively with an SME on a ...Experiences and lessons learnt from working collaboratively with an SME on a ...
Experiences and lessons learnt from working collaboratively with an SME on a ...
 
Process Pains - #COMIT2016
 Process Pains - #COMIT2016 Process Pains - #COMIT2016
Process Pains - #COMIT2016
 
Toys 4 techies #COMIT2016
Toys 4 techies #COMIT2016Toys 4 techies #COMIT2016
Toys 4 techies #COMIT2016
 
The Impact of Digital Engineering – Tim Broyd (ICE) #COMIT2016
The Impact of Digital Engineering – Tim Broyd (ICE)  #COMIT2016The Impact of Digital Engineering – Tim Broyd (ICE)  #COMIT2016
The Impact of Digital Engineering – Tim Broyd (ICE) #COMIT2016
 
Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016
Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016
Automated Drone Virtual Reality - Iain Miskimmin (COMIT) #COMIT2016
 
Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016
Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016
Visualisation for the AEC Sector: Past, Present and Tomorrow… #COMIT2016
 
Safe Dig Packs improving utility safety #COMIT2016
Safe Dig Packs improving utility safety #COMIT2016Safe Dig Packs improving utility safety #COMIT2016
Safe Dig Packs improving utility safety #COMIT2016
 
Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...
Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...
Ecological Analysis & Visualisation using GIS to Inform Planning for Large In...
 
A BIM-enabled collaborative platform in practice #COMIT2016
A BIM-enabled collaborative platform in practice #COMIT2016A BIM-enabled collaborative platform in practice #COMIT2016
A BIM-enabled collaborative platform in practice #COMIT2016
 

Similar to Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College London)

How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)Dinis Cruz
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
Cloud Based intrusion Detection System
Cloud Based intrusion Detection SystemCloud Based intrusion Detection System
Cloud Based intrusion Detection SystemIJMTST Journal
 
IRJET- Criminal Recognization in CCTV Surveillance Video
IRJET-  	  Criminal Recognization in CCTV Surveillance VideoIRJET-  	  Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance VideoIRJET Journal
 
Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017
Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017
Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017sandhibhide
 
smartwatch-user-identification
smartwatch-user-identificationsmartwatch-user-identification
smartwatch-user-identificationSebastian W. Cheah
 
Android Application For Decentralized Family Locator
Android Application For Decentralized Family LocatorAndroid Application For Decentralized Family Locator
Android Application For Decentralized Family LocatorIRJET Journal
 
IRJET- Object Detection and Recognition for Blind Assistance
IRJET- Object Detection and Recognition for Blind AssistanceIRJET- Object Detection and Recognition for Blind Assistance
IRJET- Object Detection and Recognition for Blind AssistanceIRJET Journal
 
DasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperDasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperMichael Murphy
 
IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...
IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...
IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...IRJET Journal
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Advance Intelligent Video Surveillance System Using OpenCV
Advance Intelligent Video Surveillance System Using OpenCVAdvance Intelligent Video Surveillance System Using OpenCV
Advance Intelligent Video Surveillance System Using OpenCVIRJET Journal
 
Securing Mobile Cloud Using Fingerprint Authentication
Securing Mobile Cloud Using Fingerprint AuthenticationSecuring Mobile Cloud Using Fingerprint Authentication
Securing Mobile Cloud Using Fingerprint AuthenticationApurva Kini
 
A practical look at how to build & run IoT business logic
A practical look at how to build & run IoT business logicA practical look at how to build & run IoT business logic
A practical look at how to build & run IoT business logicVeselin Pizurica
 
A check and alert service based on IoT
A check and alert service based on IoTA check and alert service based on IoT
A check and alert service based on IoT재진 장
 
IRJET- Prediction of Anomalous Activities in a Video
IRJET-  	  Prediction of Anomalous Activities in a VideoIRJET-  	  Prediction of Anomalous Activities in a Video
IRJET- Prediction of Anomalous Activities in a VideoIRJET Journal
 
Automated attendance system using Face recognition
Automated attendance system using Face recognitionAutomated attendance system using Face recognition
Automated attendance system using Face recognitionIRJET Journal
 
Realtime Face mask Detector using YoloV4
Realtime Face mask Detector using YoloV4Realtime Face mask Detector using YoloV4
Realtime Face mask Detector using YoloV4IRJET Journal
 
RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011Gerardo Pardo-Castellote
 

Similar to Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College London) (20)

How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
Cloud Based intrusion Detection System
Cloud Based intrusion Detection SystemCloud Based intrusion Detection System
Cloud Based intrusion Detection System
 
IRJET- Criminal Recognization in CCTV Surveillance Video
IRJET-  	  Criminal Recognization in CCTV Surveillance VideoIRJET-  	  Criminal Recognization in CCTV Surveillance Video
IRJET- Criminal Recognization in CCTV Surveillance Video
 
Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017
Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017
Optimizing connected system performance md&m-anaheim-sandhi bhide 02-07-2017
 
smartwatch-user-identification
smartwatch-user-identificationsmartwatch-user-identification
smartwatch-user-identification
 
Android Application For Decentralized Family Locator
Android Application For Decentralized Family LocatorAndroid Application For Decentralized Family Locator
Android Application For Decentralized Family Locator
 
IRJET- Object Detection and Recognition for Blind Assistance
IRJET- Object Detection and Recognition for Blind AssistanceIRJET- Object Detection and Recognition for Blind Assistance
IRJET- Object Detection and Recognition for Blind Assistance
 
DasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperDasGreenPerezMurphy_Paper
DasGreenPerezMurphy_Paper
 
IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...
IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...
IRJET - Dynamic and Privacy-Preserving Reputation Management for Block Chain-...
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Advance Intelligent Video Surveillance System Using OpenCV
Advance Intelligent Video Surveillance System Using OpenCVAdvance Intelligent Video Surveillance System Using OpenCV
Advance Intelligent Video Surveillance System Using OpenCV
 
Securing Mobile Cloud Using Fingerprint Authentication
Securing Mobile Cloud Using Fingerprint AuthenticationSecuring Mobile Cloud Using Fingerprint Authentication
Securing Mobile Cloud Using Fingerprint Authentication
 
A practical look at how to build & run IoT business logic
A practical look at how to build & run IoT business logicA practical look at how to build & run IoT business logic
A practical look at how to build & run IoT business logic
 
A check and alert service based on IoT
A check and alert service based on IoTA check and alert service based on IoT
A check and alert service based on IoT
 
IRJET- Prediction of Anomalous Activities in a Video
IRJET-  	  Prediction of Anomalous Activities in a VideoIRJET-  	  Prediction of Anomalous Activities in a Video
IRJET- Prediction of Anomalous Activities in a Video
 
Automated attendance system using Face recognition
Automated attendance system using Face recognitionAutomated attendance system using Face recognition
Automated attendance system using Face recognition
 
Realtime Face mask Detector using YoloV4
Realtime Face mask Detector using YoloV4Realtime Face mask Detector using YoloV4
Realtime Face mask Detector using YoloV4
 
PLN9 Surveillance
PLN9 SurveillancePLN9 Surveillance
PLN9 Surveillance
 
RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011
 

More from Comit Projects Ltd

COMIT Community Day at O2 - September 2019, Full Slidedeck
COMIT Community Day at O2 - September 2019, Full SlidedeckCOMIT Community Day at O2 - September 2019, Full Slidedeck
COMIT Community Day at O2 - September 2019, Full SlidedeckComit Projects Ltd
 
Success through Failure: The Paradox of Innovation
Success through Failure: The Paradox of InnovationSuccess through Failure: The Paradox of Innovation
Success through Failure: The Paradox of InnovationComit Projects Ltd
 
Design Engineer Construct for the World's Infrastructure #COMIT2019
Design Engineer Construct for the World's Infrastructure #COMIT2019Design Engineer Construct for the World's Infrastructure #COMIT2019
Design Engineer Construct for the World's Infrastructure #COMIT2019Comit Projects Ltd
 
KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019
KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019
KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019Comit Projects Ltd
 
Immersive Learning for Tunnelling and Highways #COMIT2019
Immersive Learning for Tunnelling and Highways #COMIT2019Immersive Learning for Tunnelling and Highways #COMIT2019
Immersive Learning for Tunnelling and Highways #COMIT2019Comit Projects Ltd
 
Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...
Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...
Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...Comit Projects Ltd
 
Tiger (AO4) AWP Implementation #COMIT2019
Tiger (AO4) AWP Implementation #COMIT2019Tiger (AO4) AWP Implementation #COMIT2019
Tiger (AO4) AWP Implementation #COMIT2019Comit Projects Ltd
 
The use of Asset Management and BIM to Generate Information Requirements #COM...
The use of Asset Management and BIM to Generate Information Requirements #COM...The use of Asset Management and BIM to Generate Information Requirements #COM...
The use of Asset Management and BIM to Generate Information Requirements #COM...Comit Projects Ltd
 
It's all a Matter of Educating #COMIT2019
It's all a Matter of Educating #COMIT2019It's all a Matter of Educating #COMIT2019
It's all a Matter of Educating #COMIT2019Comit Projects Ltd
 
Greater Efficiency in Design for Project Delivery #COMIT2019
Greater Efficiency in Design for Project Delivery #COMIT2019Greater Efficiency in Design for Project Delivery #COMIT2019
Greater Efficiency in Design for Project Delivery #COMIT2019Comit Projects Ltd
 
Automated Construction - Why manufacturing is the future of the sector #COMIT...
Automated Construction - Why manufacturing is the future of the sector #COMIT...Automated Construction - Why manufacturing is the future of the sector #COMIT...
Automated Construction - Why manufacturing is the future of the sector #COMIT...Comit Projects Ltd
 
A Digital Future for the Infrastructure Industry #COMIT2019
A Digital Future for the Infrastructure Industry #COMIT2019A Digital Future for the Infrastructure Industry #COMIT2019
A Digital Future for the Infrastructure Industry #COMIT2019Comit Projects Ltd
 
Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...
Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...
Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...Comit Projects Ltd
 
Cross Functional working defines our future #COMIT2019
Cross Functional working defines our future #COMIT2019Cross Functional working defines our future #COMIT2019
Cross Functional working defines our future #COMIT2019Comit Projects Ltd
 
New technologies & techniques in remote surveying #COMIT2019
New technologies & techniques in remote surveying #COMIT2019New technologies & techniques in remote surveying #COMIT2019
New technologies & techniques in remote surveying #COMIT2019Comit Projects Ltd
 
Kings Scholar Pond - The Bridge in a Bottle #COMIT2019
Kings Scholar Pond - The Bridge in a Bottle #COMIT2019Kings Scholar Pond - The Bridge in a Bottle #COMIT2019
Kings Scholar Pond - The Bridge in a Bottle #COMIT2019Comit Projects Ltd
 
Making the Most of the Construction Tech Funding Boom #COMIT2019
Making the Most of the Construction Tech Funding Boom #COMIT2019Making the Most of the Construction Tech Funding Boom #COMIT2019
Making the Most of the Construction Tech Funding Boom #COMIT2019Comit Projects Ltd
 
Using drones to survey our past, HS2 London #COMIT2019
Using drones to survey our past, HS2 London #COMIT2019Using drones to survey our past, HS2 London #COMIT2019
Using drones to survey our past, HS2 London #COMIT2019Comit Projects Ltd
 
Digital Contracts - The Emperor's New Clothes? #COMIT2019
Digital Contracts - The Emperor's New Clothes? #COMIT2019Digital Contracts - The Emperor's New Clothes? #COMIT2019
Digital Contracts - The Emperor's New Clothes? #COMIT2019Comit Projects Ltd
 

More from Comit Projects Ltd (20)

COMIT Community Day at O2 - September 2019, Full Slidedeck
COMIT Community Day at O2 - September 2019, Full SlidedeckCOMIT Community Day at O2 - September 2019, Full Slidedeck
COMIT Community Day at O2 - September 2019, Full Slidedeck
 
Success through Failure: The Paradox of Innovation
Success through Failure: The Paradox of InnovationSuccess through Failure: The Paradox of Innovation
Success through Failure: The Paradox of Innovation
 
Waste to Wealth #COMIT2019
Waste to Wealth #COMIT2019Waste to Wealth #COMIT2019
Waste to Wealth #COMIT2019
 
Design Engineer Construct for the World's Infrastructure #COMIT2019
Design Engineer Construct for the World's Infrastructure #COMIT2019Design Engineer Construct for the World's Infrastructure #COMIT2019
Design Engineer Construct for the World's Infrastructure #COMIT2019
 
KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019
KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019
KISS: The Key to Igniting Digital Change Among Field Workers #COMIT2019
 
Immersive Learning for Tunnelling and Highways #COMIT2019
Immersive Learning for Tunnelling and Highways #COMIT2019Immersive Learning for Tunnelling and Highways #COMIT2019
Immersive Learning for Tunnelling and Highways #COMIT2019
 
Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...
Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...
Integrated Nuclear Digital Environment -Optimising the Lifecycle of Nuclear P...
 
Tiger (AO4) AWP Implementation #COMIT2019
Tiger (AO4) AWP Implementation #COMIT2019Tiger (AO4) AWP Implementation #COMIT2019
Tiger (AO4) AWP Implementation #COMIT2019
 
The use of Asset Management and BIM to Generate Information Requirements #COM...
The use of Asset Management and BIM to Generate Information Requirements #COM...The use of Asset Management and BIM to Generate Information Requirements #COM...
The use of Asset Management and BIM to Generate Information Requirements #COM...
 
It's all a Matter of Educating #COMIT2019
It's all a Matter of Educating #COMIT2019It's all a Matter of Educating #COMIT2019
It's all a Matter of Educating #COMIT2019
 
Greater Efficiency in Design for Project Delivery #COMIT2019
Greater Efficiency in Design for Project Delivery #COMIT2019Greater Efficiency in Design for Project Delivery #COMIT2019
Greater Efficiency in Design for Project Delivery #COMIT2019
 
Automated Construction - Why manufacturing is the future of the sector #COMIT...
Automated Construction - Why manufacturing is the future of the sector #COMIT...Automated Construction - Why manufacturing is the future of the sector #COMIT...
Automated Construction - Why manufacturing is the future of the sector #COMIT...
 
A Digital Future for the Infrastructure Industry #COMIT2019
A Digital Future for the Infrastructure Industry #COMIT2019A Digital Future for the Infrastructure Industry #COMIT2019
A Digital Future for the Infrastructure Industry #COMIT2019
 
Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...
Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...
Wizardry - Creating Magical Changes in the full lifecycle of Infrastructure #...
 
Cross Functional working defines our future #COMIT2019
Cross Functional working defines our future #COMIT2019Cross Functional working defines our future #COMIT2019
Cross Functional working defines our future #COMIT2019
 
New technologies & techniques in remote surveying #COMIT2019
New technologies & techniques in remote surveying #COMIT2019New technologies & techniques in remote surveying #COMIT2019
New technologies & techniques in remote surveying #COMIT2019
 
Kings Scholar Pond - The Bridge in a Bottle #COMIT2019
Kings Scholar Pond - The Bridge in a Bottle #COMIT2019Kings Scholar Pond - The Bridge in a Bottle #COMIT2019
Kings Scholar Pond - The Bridge in a Bottle #COMIT2019
 
Making the Most of the Construction Tech Funding Boom #COMIT2019
Making the Most of the Construction Tech Funding Boom #COMIT2019Making the Most of the Construction Tech Funding Boom #COMIT2019
Making the Most of the Construction Tech Funding Boom #COMIT2019
 
Using drones to survey our past, HS2 London #COMIT2019
Using drones to survey our past, HS2 London #COMIT2019Using drones to survey our past, HS2 London #COMIT2019
Using drones to survey our past, HS2 London #COMIT2019
 
Digital Contracts - The Emperor's New Clothes? #COMIT2019
Digital Contracts - The Emperor's New Clothes? #COMIT2019Digital Contracts - The Emperor's New Clothes? #COMIT2019
Digital Contracts - The Emperor's New Clothes? #COMIT2019
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College London)

  • 1. On Sensors, Threats, Responses and Challenges Emil Lupu Deputy-Director Petras IoT Research Hub Director, Academic-Centre of Excellence in Cyber Security Research Imperial College London
  • 2.
  • 3. Exposing the physical world to cyber threats
  • 4. Protection agents or attack vectors?
  • 5. Less obvious paths to compromise
  • 7. How to configure, personalise and automate? Vision Mobile IoT Megatrends 2016
  • 8. Policy-Based Systems Control actions Decisions Managed Objects Monitor Events Manager Agent Events Policies (auth) New functionality Policies (oblig/ECAs) Policy-Based Systems RBAC Ponder and Ponder2 http://ponder2.net CHAPTER 5. APPLICATION OF THE LEARNING FRAM EWORK TO DATA COLLECTED ON ANDROID (a) T he Result View (b) T he IntegrityConstraints View Figure 5.9: The Result and IntegrityConstraints view 5.5.1 A pplicat ion usage We thought it would be a good idea to keep track of the user’s application usage. While this sounds like it should be a simple task it, unfortunately, proved to be a little more complicated than what we had originally thought. As a result, the Android SDK does not provide a way, through its API, to detect the time at which an application is launched, for obvious security Policy Analysis Policy Refinement Goal: Protect troop location information from unauthorised disclosure Who can access location information? Granularity of the information location provided. Protection of Information in communications system. Policies regarding: Policy Specification In Natural Language Subclasses (NLS) In a Formal Language (FL) System Side Algorithms & Tools User Side Author NL policies Convert NL policies to FL policies Author FL policies Convert FL policies to NL policies Abstract Policy Models Security Ontologies Policy Transformation Policy Synchronization Goals, High Level Policies In System Context Concrete Policy Sets Executable Policies Information Control Flow Policy Ratification Policy Authoring Policy Ratification Databases, XML Stores, Rule Engines, State Machines, etc Global Principles and Goals Large Scale Analyses of NL and FL Policies Survey & Coding of Related Practices Policy Transformation Policy Synchronization Human Factors Based Design & Usability Studies Policy Presentation Processing & User Interaction User Preferences in a FL User-Level Paradigms for Preferences Preference Specification Tools AC & Audit Policies Data User Risk Choices & Model Model Model Consent Policy Learning Self-Managed Cells Data Sharing Agreement Refinement Analysis Data centric security
  • 9. Techniques for the entire policy life-cycle Policy Refinement Goal: Protect troop location information from unauthorised disclosure Who can access location information? Granularity of the information location provided. Protection of Information in communications system. Policies regarding: CHAPTER 5. APPLICATION OF THE LEARNING FRAM EWORK TO DATA COLLECTED ON ANDROID (a) T he Result View (b) T he IntegrityConstraints View Figure 5.9: The Result and IntegrityConstraints view 5.5.1 A pplicat ion usage We thought it would be a good idea to keep track of the user’s application usage. While this sounds like it should be a simple task it, unfortunately, proved to be a little more complicated than what we had originally thought. As a result, the Android SDK does not provide a way, through its API, to detect the time at which an application is launched, for obvious security reasons. To overcomethisproblem, wetakea di↵erent approach. TheAndroid Activity Manager logs every application launch event by its package name. For example, com. andr oi d. camer a suggests that the user is using a the phone’s camera. Policy Learning Policy Specification Policy Analysis Policy Deployment and Enforcement
  • 10. … and the application areas Network Management Body Area Networks Security for Sensors Firewall Analysis and Rule Generation Mobile Ad-Hoc Networks coyote.c CHAPTER 5. APPLICATION OF THE LEARNING FRAM EWORK T COLLECTED ON ANDROID (a) T he Result View (b) T he IntegrityCon Figure 5.9: The Result and IntegrityConstraints view 5.5.1 A pplicat ion usage We thought it would be a good idea to keep track of the user’s applicat sounds like it should be a simple task it, unfortunately, proved to be a li than what we had originally thought. As a result, the Android SDK do through its API, to detect the time at which an application is launched reasons. To overcomethisproblem, wetakea di↵erent approach. TheAnd logs every application launch event by its package name. For example, suggests that the user is using a the phone’s camera. Therefore, to allow our application to detect application launch events a use Java’s Runt i me class to execute the command l ogcat Act i vi t yMana Android’s own console application that allows access to logs at run-time I nput St r eamReader and continuously filter events as they arrive. We put some thought into this to avoid duplicate entries. Like we have Privacy
  • 11. Policy Learning Example: Call screening on Mobile User Agent Location • Example: Under which circumstances users accept calls on a mobile phone • Traces of mobile phone usage including CLID, location, nearby known devices. CLID CLID • Learning: Find H such that B ⋃ H ⊨ E. Where • B: background knowledge, H: hypotheses, E: positive and negative examples • Revision: Given U, find U’ Such that B ⋃ U’ ⊨ E and some minimality criteria are met.
  • 12. Learning new user behaviour rules… At home H H H 07:00 Call from At location Day 1 07:30 Context: in_group(alice, home). in_group(bob, home). happens(gps(57,10),07:00). at_location(home, W, N) ← Conditions,…. Examples: not do(accept_call(alice), 07:00). do(accept_call(bob), 07:30). do(accept_call(bob), 11:00). } New policy do(accept_call(Call_Id, From), T ) ← T ≥ 07:30
  • 13. Revising learnt rules incrementally At home At homeAt Imperial Near desktop H C C H F CF H H 07:30 Call from At location Near device Day 2 Context: ……….. do(accept_call(Call_Id, From), T ) ← T ≥ 07:30 Revised policy do(accept_call(Call_Id, From), T ) ← T ≥ 07:30 ∧ in_group(From, college) do(accept_call(Call_Id, From), T ) ← T ≥ 07:30 ∧ ¬holdsAt(location(Imperial)), T )
  • 14. An experiment: the reality mining dataset • modeh(accept(+date, +time, +contact, +volume, +vibrator, +battery_level, +screen_brightness, +headset, +screen_status, +light_level, +battery_charging)). 1 • modeb(=(+contact, #contact), [no_ground_constants, name(c)]). 200 • modeb(=(+volume, #volume), [no_ground_constants, name(vol)]). 20 • modeb(=(+vibrator, #vibrator), [no_ground_constants, name(vib)]). 20 • modeb(=(+battery_level, #battery_level), [no_ground_constants, name(bl)]).200 • modeb(=(+screen_brightness, #screen_brightness), [no_ground_constants, name(scb)]). 20 • modeb(=(+headset, #headset), [no_ground_constants, name(hs)]). 20 • modeb(=(+screen_status, #screen_status), [no_ground_constants, name(ss)]). 20 • modeb(=(+light_level, #light_level), [no_ground_constants, name(ll)]). • modeb(=(+battery_charging, #battery_charging), [no_ground_constants, name(bc)]). 200 • modeb(weekday(+date)). 2(Positive, Negative) • modeb(weekend(+date)). 2 • modeb(evening(+time)). 2 • modeb(morning(+time)). 2 • modeb(afternoon(+time)). 2 • modeb(in_call(+date, +time)). 2 • modeb(at(+date, +time, #cell)). 200 • modeb(nearDevice(+date, +time, #device)). 2000 • modeb(neighbourhood(+cell, #cell)). 200 • modeb(user_been_in(+date, +time, +cell)). 2 • modeb(user_is_active(+date, +time)). 2 • modeb(phone_charging(+date, +time)). 2 • modeb(phone_on(+date, +time)). 2 • modeb(user_is_using_app(+date, +time, #app)). 20 • modeb(time_before_h(+time, #hour), [no_ground_constants,name(before)]). 100 • modeb(time_after_h(+time, #hour), [no_ground_constants,name(after)]). 100 Input: Reality mining dataset – single users Output: Rules able to predict when the user answers phone calls Battery_level ~ 102 Contacts ~ 101 Devices ~ 103 Cells ~ 102 Date x Time ~ 103 Other options ~ 10 Cell tower Bluetooth devices Activity Coverage Abstractions + Domain Knowledge Calls answer_call(…) IF condition1,1, …, conditionmax_c,1 Around 5000 choices for condition
  • 15. Policy Learning • Using Inductive Logic Programming we are able to reverse engineer a set of rules from a set of multi-criteria decisions. • Rules are efficient and can be used to explain decisions made. • Rules can be manually amended and user familiarity with the learnt rules can be preserved. • This allows us to: • Automate manual decisions. • Replace legacy implementations with configurable rule based components.
  • 16. Detecting and Diagnosing Malicious Data Injections in WSN
  • 18. A building full of sensors • Compromised sensors can be used to inject false values • To elicit fake events • To mask real ones • To amplify and reduce real ones. • For short term or long term effects. • Given some redundancy between the information provided by sensors can we detect injections? • Can we distinguish from faults?
  • 21. • Wide variety of sensor network topologies, deployments and signals. • Different causes for anomalies: transient failures, common mode failures, malicious intervention • Compromised sensors will collude. • Attacks can vary in sophistication e.g., modify existing signals, synthesize new ones, undermine genuine sensors • Existing work is mostly: • Bespoke to a sensor type or deployment • Evaluated against trivial attacks The problem is difficult because … Fire alarms monitoring Volcano monitoring Medical Sensors
  • 22. Results • Physiological sensors: detection and characterisation (dc) up to 50% of compromised sensors, maj. voting fails with any percentage • Fire Alarms: dc up to 47%, maj. voting detects 7% (0% FP), 13% (13% FP), no detection when >20% but 27% FP. • Monitoring Volcano Eruptions: dc up to 88%, maj. voting up to 25% with (25% FP) • Now looking at multiple simultaneous events
  • 23. Multiple events: US Seismic Vibrations Requirements: • Identification of event-related trends • Evaluation of overall measurements anomalousness (DETECTION) • Identification of false trends (given by colluding sensors) especially with multiple events (CHARACTERISATION) • Analysis of anomalies root cause (DIAGNOSIS) GENUINE MALICIOUS
  • 24. Detection Criterion: Cross Scale Comparison Small Genuine Event Large Genuine Event Low scale coefficients increase with High scale coefficients: measurements increase/decrease faster in the presence of events
  • 25. Seismic Vibrations Experiments Elicited Elicited Masked True Event Single Fault
  • 26. Future Work and Lessons learnt • Good results obtained on test data. We would like further validation and extend to multi-mode correlations. • We are designing new models to compute maximum tolerance to compromised sensors given redundancy. • Broad range of sophistication of the attacks possible. Most research uses very simplistic models. • How do we systematically test for sophisticated attacks? • Can adversary poison data from which we learn? Adversarial anomaly detection?
  • 28. Attack Graph Modelling • Attack Graphs model paths of compromise from the network topology and vulnerability analysis. • Static Measures of Exposure e.g., • mean path to compromise of target objective. • degree of exposure of sub-systems
  • 29. Dynamic Analysis • A Bayesian representation of the graph allows to represent the combined effect of vulnerabilities to compromise a node in the system. • Dynamic inference enables us to calculate the combined probability that an attacker can compromise a node considering the attack graph and symptoms of compromise. • We can then reason about: • The possible next steps of an attack based on system vulnerability. • Likely missing information (zero day) or failures in detection • The effect of any remedial measure • In enterprise networks graphs can be huge as often each host can reach across the network to any other.
  • 30. Results: Exact and approx. inference Static Analysis Dynamic Analysis
  • 31. Future Work and Lessons Learnt • Can attack graphs be used to model compromise across the physical space? Combined physical and digital? Combined physical, digital and human? • There are perhaps less problems of scalability in the physical space (fewer adjacent nodes). • In such cases inference can be applied at run-time to analyse risk and determine most appropriate countermeasures. • Could also be able to measure time to compromise.
  • 33. What would we need to retrofit? • Many embedded systems e.g., ICS have very long lifetimes. • Protocols: proprietary, vary from standard specification, code/knowledge not available. • Can we model the protocol from observation? And sometimes partial knowledge. • Then insert additional (protection) functions
  • 34. Approaches • Host-based • Message format inference • State machine inference • Fuzzing • Network-based • Message format inference • State machine inferences
  • 35. Conclusions • Rules can be learnt with ILP, allowing to combine the advantages of rule-based systems, user involvement, and auditable decisions. • Compromised sensors can be used in more sophisticated ways than currently considered. How do we systematically test for such attacks? • We need to develop models to jointly analyse and reason about the physical, human and digital space and their inter- dependencies. Several CS techniques may be applicable. • We need to figure out ways in which to learn how legacy systems operate in order to add security. • The PETRAS IoT Hub brings together with 9 leading UK academic institutions and around 60 public and private sector partners around the general challenges of IoT security
  • 36. • … Thank you ! If you have any questions please contact Emil Lupu: e.c.lupu@imperial.ac.uk

Editor's Notes

  1. Traces of mobile phone usage.
  2. This example has been run on a WSN for monitoring health parameters. The genuine data gives rise to alarms, but if 3 sensors are compromised the alarms are not triggered anymore. We want to detect that the measurements of the three compromises sensors have been maliciously injected
  3. This example has been run on a WSN for monitoring health parameters. The genuine data gives rise to alarms, but if 3 sensors are compromised the alarms are not triggered anymore. We want to detect that the measurements of the three compromises sensors have been maliciously injected