Anomaly detection differs from ordinary supervised classification in that typically, during the training phase, the learning algorithm only observes “normal” examples -- and yet is expected to detect “anomalous” ones if they appear during the testing phase. This presents, first and foremost, a philosophical problem, typical of the unsupervised setting: What’s to stop a learner from trivially labeling every single instance as “normal”? Nevertheless, this problem setting is of considerable importance in real-life problems, and I am regularly faced with its various manifestations in the course of consulting companies such as Deutsche Telekom, EMC, Paypal and IBM.
Now, more than ever, cyber security is also about the verification and identification of individuals for physical or cyber access control, and in this quest, biometrics has become a primary tool. As a scientific and technological field dedicated to measuring human characteristics, the security that biometrics provides always juggle between robustness, reliability, portability, and affordability. Research directions in this field in the department lies at the intersection of computational sciences, neuroscience, and computer vision in order to optimize all these aspects of biometrics simultaneously towards a foolproof, portable, and affordable methods for individual verification and identification in cyber systems.
Since the mid-20th century computing power has grown exponentially. We all feel the advantages in our daily lives, but the drawback is that we are becoming much more dependent on computers. In the early days functionality was considered more important than security and therefore many of the systems are vulnerable to cyber attacks.
Computer security research address this issue from all levels: Hardware (e.g., Spectre, and Raw Hammer); Software (e.g., secure develpoment); Privacy (e.g., homomorphic encryption and other solutions) and more.
A cryptocurrency is a form of digital money that does not require a central authority (such as a
bank). Modern cryptocurrencies (most notably Bitcoin) are based on the pioneering work of
Satoshi Nakamoto. Nakamoto designed protocols that allow to achieve consensus on the state
of the blockchain which is a public decentralized ledger that records all the transactions in the
system.
Since Bitcoin was launched in 2009 by Nakamoto, cryptocurrencies have accumulated a market
capacity of several hundred billion dollars and attracted massive attention from governments,
industry and academy. Nevertheless, cryptocurrencies are far from being a common and standard means of payment and there are many obstacles that must be overcome to reach this goal.
Research directions in this domain include enhancing the scalability and efficiency of
cryptocurrencies as well as improving their security against various types of attacks.
Cryptography and privacy are central areas of research in cyber security. Cryptography aims to protect
parties from attackers that attempt to eavesdrop to their communication or modify it. Cutting-edge
research in cryptography is also devoted to more advanced features such as secure multiparty
computation that allows parties to jointly compute a function of their inputs while making sure their
inputs remain private.
With the proliferation of information technologies and big data analytics, preserving privacy is an
increasingly challenging task. One of the main goals of research in data privacy is to protect an
individual's personally identifiable information in large databases that contain sensitive information
(such as medical records), while preserving the utility of this data (for purposes such as medical
research). The main formal mathematical framework developed for this purpose is differential privacy,
which is a very active area of research and is also in the initial stages of deployment in practice.
Data security is part of the computer security or cyber security area. It deals with protecting data
in databases and in the cloud. We develop cryptography based techniques to protect such data
while enforcing different access control policies. The field also includes the topic of protecting
the cloud from malware penetration and the topic of security and privacy in Social networks.
Visual content, images or videos, dominates our world not only because it is rich (after all, "a picture is worth a thousand words") but because often we tend to believe that "seeing is believing". This approach has been at the basis of statutory procedures also, allowing images to serve as admissible evidence, as long as they are original. But with sophisticated image editing tools such as Photoshop and computer vision techniques such as image inpaintings and augmented reality, seeing is no longer believing and visual content can definitely quality as "fake news". Image forensics attempts to study how to tackle such frauds and in particular, how one can authenticate digital images and other visual content.
Cryptography is the science of dealing with adversaries in computational settings. Many
times, it turns lemons (intractable computational problems) to lemonade (useful
cryptographic protocols, such as encryption schemes). Quantum computing dramatically
changes the landscape of cryptography for two distinct reasons: the cryptographic protocols are not secure since the underlying intractable problem becomes tractable for
quantum computers; and some tasks that cannot be achieved classically can be
achieved using quantum computers due to quantum effects, such as unconditionally
secure encryption scheme (Quantum Key-Distribution), and unforgeable quantum
money.
Complex networks in general, and social and technological networks in particular, have
become the focus of intense research, mainly due to the widespread availability of data
resulting from on-line social networks (OSNs) and other Internet applications. These
networks are often characterized by a hierarchical structure, heavy tail degrees
distribution, and the small-world property, meaning that the mean distance between pairs
of nodes is small relative to the network's size.
Complex network analysis tools, such as community detection and link analysis
algorithms, are used by a wide range of applications. In our cyber security research, we
develop and apply tools for complex networks analysis in order to detect malicious
entities, such as files, machines, accounts or Internet domains, based on the patterns of
their interactions.
The issue of trust is part of the general cyber security area. It involves technical issues like
trusting the authentication process, or trusting a third party for performing secure computations.
It also includes social and privacy issues like evaluating the reputation of people profiles or
posts in a social network.
Recently we conducted research in using reputation models for detecting malicious internet domains.