skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: A Forensically Sound Method of Identifying Downloaders and Uploaders in Freenet
The creation and distribution of child sexual abuse materials (CSAM) involves a continuing violation of the victims? privacy beyond the original harms they document. A large volume of these materials is distributed via the Freenet anonymity network: in our observations, nearly one third of requests on Freenet were for known CSAM. In this paper, we propose and evaluate a novel approach for investigating these violations of exploited children's privacy. Our forensic method distinguishes whether or not a neighboring peer is the actual uploader or downloader of a file or merely a relayer. Our method requires analysis of the traffic sent to a single, passive node only. We evaluate our method extensively. Our in situ measurements of actual CSAM requests show an FPR of 0.002 ± 0.003 for identifying downloaders. And we show an FPR of 0.009 ± 0.018, a precision of 1.00 ± 0.01, and a TPR of 0.44 ± 0.01 for identifying uploaders based on in situ tests. Further, we derive expressions for the FPR and Power of our hypothesis test; perform simulations of single and concurrent downloaders; and characterize the Freenet network to inform parameter selection. We were participants in several United States Federal Court cases in which the use of our method was uniformly upheld.  more » « less
Award ID(s):
1816851
PAR ID:
10281425
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
Page Range / eLocation ID:
1497 to 1512
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, 15th International Conference for Internet Technology and Secured Transactions (ICITST))
    null (Ed.)
    Network intrusion detection systems (NIDSs) play an essential role in the defense of computer networks by identifying a computer networks' unauthorized access and investigating potential security breaches. Traditional NIDSs encounters difficulties to combat newly created sophisticated and unpredictable security attacks. Hence, there is an increasing need for automatic intrusion detection solution that can detect malicious activities more accurately and prevent high false alarm rates (FPR). In this paper, we propose a novel network intrusion detection framework using a deep neural network based on the pretrained VGG-16 architecture. The framework, TL-NID (Transfer Learning for Network Intrusion Detection), is a two-step process where features are extracted in the first step, using VGG-16 pre-trained on ImageNet dataset and in the 2 nd step a deep neural network is applied to the extracted features for classification. We applied TL-NID on NSL-KDD, a benchmark dataset for network intrusion, to evaluate the performance of the proposed framework. The experimental results show that our proposed method can effectively learn from the NSL-KDD dataset with producing a realistic performance in terms of accuracy, precision, recall, and false alarm. This study also aims to motivate security researchers to exploit different state-of-the-art pre-trained models for network intrusion detection problems through valuable knowledge transfer. 
    more » « less
  2. ; ; ; (, Free and Open Communications on the Internet (FOCI))
    Virtual Private Networks (VPNs) are increasingly being used to protect online users’ privacy and security. However, there is an ongoing arms race between censors that aim to detect and block VPN usage, and VPN providers that aim to obfuscate their services from these censors. In this paper, we explore the feasibility of a simple, protocol-agnostic VPN detection technique based on identifying encapsulated TCP behaviors in UDP-based tunnels. We derive heuristics to distinguish TCP-over-UDP VPN traffic from plain UDP traffic using RFC-defined TCP behaviors. Our evaluations on realworld traffic show that this technique can achieve a false positive rate (FPR) of 0.11%, an order of magnitude lower than existing machine learning-based VPN detection methods. We suggest defenses to evade our detection technique and encourage VPN providers to proactively defend against such attacks. 
    more » « less
  3. ; ; ; ; ; ; ; ; ; ; et al (, ArXivorg)
    We present SNIascore, a deep-learning based method for spectroscopic classification of thermonuclear supernovae (SNe Ia) based on very low-resolution (R ∼100) data. The goal of SNIascore is fully automated classification of SNe Ia with a very low false-positive rate (FPR) so that human intervention can be greatly reduced in large-scale SN classification efforts, such as that undertaken by the public Zwicky Transient Facility (ZTF) Bright Transient Survey (BTS). We utilize a recurrent neural network (RNN) architecture with a combination of bidirectional long short-term memory and gated recurrent unit layers. SNIascore achieves a <0.6% FPR while classifying up to 90% of the low-resolution SN Ia spectra obtained by the BTS. SNIascore simultaneously performs binary classification and predicts the redshifts of secure SNe Ia via regression (with a typical uncertainty of <0.005 in the range from z=0.01 to z=0.12). For the magnitude-limited ZTF BTS survey (≈70% SNe Ia), deploying SNIascore reduces the amount of spectra in need of human classification or confirmation by ≈60%. Furthermore, SNIascore allows SN Ia classifications to be automatically announced in real-time to the public immediately following a finished observation during the night. 
    more » « less
  4. ; ; (, Journal of the Optical Society of America B)
    We show that the temporal analog of a Fabry–Perot resonator (FPR) can be realized by using two moving temporal boundaries, formed by intense pump pulses inside a dispersive medium (such as an optical fiber). We analyze such FPRs using a transfer-matrix method, similar to that used for spatial structures containing multiple thin films. We consider a temporal slab formed using a single square-shape pump pulse and find that the resonance of such an FPR has transmission peaks whose quality ( Q ) factors decrease rapidly with an increasing velocity difference between the pump and probe pulses. We propose an improved design by using two pump pulses. We apply our transfer-matrix method to this design and show considerable improvement in the Q factors of various peaks. We also show that such FPRs can be realized in practice by using two short pump pulses that propagate as solitons inside a fiber. We verified the results of the transfer-matrix method by directly solving the pulse propagation equation with the split-step Fourier method. 
    more » « less
  5. ; ; (, International Conference on Security and Privacy in New Computing Environments)
    null (Ed.)
    An increasing number of people are sharing information through text messages, emails, and social media without proper privacy checks. In many situations, this could lead to serious privacy threats. This paper presents a methodology for providing extra safety precautions without being intrusive to users. We have developed and evaluated a model to help users take control of their shared information by automatically identifying text (i.e., a sentence or a transcribed utterance) that might contain personal or private disclosures. We apply off-the-shelf natural language processing tools to derive linguistic features such as part-of-speech, syntactic dependencies, and entity relations. From these features, we model and train a multichannel convolutional neural network as a classifier to identify short texts that have personal, private disclosures. We show how our model can notify users if a piece of text discloses personal or private information, and evaluate our approach in a binary classification task with 93% accuracy on our own labeled dataset, and 86% on a dataset of ground truth. Unlike document classification tasks in the area of natural language processing, our framework is developed keeping the sentence level context into consideration. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email