Zhiyuan Chen
Professor and Chair
Information Systems Department
UMBC
12 noon–1pm
Friday, December 6, 2024
Remotely via WebEx: https://umbc.webex.com/meet/sherman
Abstract:
Intrusion detection systems increasingly use machine learning methods, which require large volumes of data to be
effective. Sharing such data sets will benefit the research community and industry. One obstacle to sharing such data is
data privacy because network trace data or server log data often contains sensitive information, such as IP addresses. Even
if IP addresses are encrypted, adversaries may still inject packets with unique patterns (e.g., with a certain packet sizes)
such that they can use these packets to infer encrypted information. Another challenge arises when multiple intrusion
detection systems from multiple organizations need to correlate their detected alerts to identify a larger threat, but the
information they exchange may contain sensitive information such as network topology and traffic. This talk covers two
approaches to address this problem. First, we propose a data anonymization approach that de-identifies network trace data.
Compared to existing approaches, this approach provides stronger privacy protection and is robust to injection attacks.
Second, we propose two privacy-preserving distributed alert correlation methods, one using additive secret sharing and
the other using differential privacy. We also investigate tradeoffs between these two methods.
About the Speaker:
Dr. Zhiyuan Chen is a Professor in the Department of Information Systems at UMBC. He received a BS and a MS from
Fudan University, China, and a PhD in Computer Science from Cornell University. His research covers the areas of data
science, big data, privacy preserving data mining and data management, data exploration and navigation, and semantic-
based search and data integration using semantic networks, adversarial learning and its applications in cybersecurity. He
has published extensively in these areas and has received funding from NSF, Department of Energy, IBM, Office of Naval
Research, MITRE, and Department of Education.
Host:
Alan T. Sherman, sherman@umbc.edu
Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.
The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.
Upcoming CDL meetings:
January 13-17, SFS Winter Research Study
Biweekly CDL meetings will resume in spring 2025.