Raymond Borges Hink | West Virginia University (original) (raw)
Uploads
Papers by Raymond Borges Hink
2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE), 2016
Industrial control system (ICS) security has been a topic of research for several years now and t... more Industrial control system (ICS) security has been a topic of research for several years now and the growing interconnectedness with enterprise systems (ES) is exacerbating the existing issues. Research efforts, however, are impeded by the lack of data that integrate both types of systems. This paper presents an empirical analysis of malicious activities aimed at integrated ICS and ES environment using the dataset created and released by the SANS Institute. The contributions of our work include classification of the observed malicious activities according to several criteria, such as the number of steps (i.e., single-step vs. multi-step), targeted technology (i.e., ICS, ES or both), types of cyber-probes and cyberattacks (e.g., port scan, vulnerability scan, information disclosure, code injection, and SQL injection), and protocols used. In addition, we quantified the severity of the attacks' impact on systems. The main empirical findings include: (1) More sophisticated multi-step attacks which leveraged multiple vulnerabilities had higher success rate and led to more severe consequences than single-step attacks; (2) Most malicious cyber activities targeted the embedded servers running on ICS devices rather than the ICS protocols. Specifically, cyber activities based only on ICS protocols accounted for a mere 2% of the total malicious traffic. We conclude the paper with a description of a sample of cybersecurity controls that could have prevented or weakened most of the observed attacks.
2014 7th International Symposium on Resilient Control Systems (ISRCS), 2014
ABSTRACT Power system disturbances are inherently complex and can be attributed to a wide range o... more ABSTRACT Power system disturbances are inherently complex and can be attributed to a wide range of sources, including both natural and man-made events. Currently, the power system operators are heavily relied on to make decisions regarding the causes of experienced disturbances and the appropriate course of action as a response. In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system. To enable the human decision maker, we explore the viability of machine learning as a means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event. We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.
International Conference on Advanced Computer Theory and Engineering, 4th (ICACTE 2011)
Proceedings of the 8th International Conference on Predictive Models in Software Engineering, 2012
Background: Most software effort estimation research focuses on methods that produce the most acc... more Background: Most software effort estimation research focuses on methods that produce the most accurate models but very little focuses on methods of mapping those models to business needs. Aim: In our experience, once a manager knows a software effort estimate, their next question is how to change that estimate. We propose a combination of inference + visualization to let managers quickly discover the important changes to their project. Method: (1) We remove superfluous details from project data using dimensionality reduction, column reduction and feature reduction. (2) We visualize the reduced space of project data. In this reduced space, it is simple to see what project changes need to be taken, or avoided. Results: Standard software engineering effort estimation data sets in the PROMISE repository reduce to a handful of rows and just a few columns. Our experiments show that there is little information loss in this reduction: in 20 datasets from the PROMISE repository, we find that there is little performance difference between inference over all the data and inference over our reduced space. Conclusion: Managers can be offered a succinct representation of project data, within which it is simple to find critical the decisions that most impact project effort.
Background: Most software effort estimation research focuses on methods that produce the most acc... more Background: Most software effort estimation research focuses on methods that produce the most accurate models but very little focuses on methods of mapping those models to business needs. Aim: In our experience, once a manager knows a software effort estimate, their next question is how to change that estimate. We propose a combination of inference + visualization to let managers quickly discover the important changes to their project. Method: (1) We remove superfluous details from project data using dimensionality reduction, column reduction and feature reduction.
"There is a large amount of illegal content being replicated through peer-to-peer (P2P) networks... more "There is a large amount of illegal content being replicated through peer-to-peer
(P2P) networks where BitTorrent is dominant; therefore, a framework to profile
and police it is needed. The goal of this work is to explore the behavior of initial
seeds and highly active peers to develop techniques to correctly identify them.
We intend to establish a new methodology and software framework for profiling
BitTorrent peers. This involves three steps: crawling torrent indexers for
keywords in recently added torrents using Really Simple Syndication protocol
(RSS), querying torrent trackers for peer list data and verifying Internet Protocol
(IP) addresses from peer lists. We verify IPs using active monitoring methods.
Peer behavior is evaluated and modeled using bitfield message responses. We
also design a tool to profile worldwide file distribution by mapping IP-togeolocation
and linking to WHOIS server information in Google Earth."
cybertesis.urp.edu.pe, 2010
The graphical user interfaces of modern operating systems have been improving usability at a good... more The graphical user interfaces of modern operating systems have been improving usability at a good rate, but for blind users the progress has been a much slower rate if not declining. It is for this reason that the focus on accessibility should not be to interpret modern GUI's but to develop an application based on the visually impaired people's general heuristic interaction with software. To design a blind person's user interface based on their behavioral characteristics and provide them an independent and enjoyable environment. Using a user centered design working hand in hand with blind people; a basic blind user interface is to be implemented. This interface provides basic interaction but is used independently from installation to task completion. The process will integrate various open source projects that are available under GNU GPL and Open Source Initiative copyleft licenses, so the resulting design will fall under these licenses as well and be open source free software. Some of the applications that are used are: Non Visual Desktop Access, WebbIE web browser and accompanying apps, and Wikipedia and Project Gutenberg public domain free content. The application is currently in its pre-alpha stage and current user experience is being measured to improve usability and gain feedback for improvements.
2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE), 2016
Industrial control system (ICS) security has been a topic of research for several years now and t... more Industrial control system (ICS) security has been a topic of research for several years now and the growing interconnectedness with enterprise systems (ES) is exacerbating the existing issues. Research efforts, however, are impeded by the lack of data that integrate both types of systems. This paper presents an empirical analysis of malicious activities aimed at integrated ICS and ES environment using the dataset created and released by the SANS Institute. The contributions of our work include classification of the observed malicious activities according to several criteria, such as the number of steps (i.e., single-step vs. multi-step), targeted technology (i.e., ICS, ES or both), types of cyber-probes and cyberattacks (e.g., port scan, vulnerability scan, information disclosure, code injection, and SQL injection), and protocols used. In addition, we quantified the severity of the attacks' impact on systems. The main empirical findings include: (1) More sophisticated multi-step attacks which leveraged multiple vulnerabilities had higher success rate and led to more severe consequences than single-step attacks; (2) Most malicious cyber activities targeted the embedded servers running on ICS devices rather than the ICS protocols. Specifically, cyber activities based only on ICS protocols accounted for a mere 2% of the total malicious traffic. We conclude the paper with a description of a sample of cybersecurity controls that could have prevented or weakened most of the observed attacks.
2014 7th International Symposium on Resilient Control Systems (ISRCS), 2014
ABSTRACT Power system disturbances are inherently complex and can be attributed to a wide range o... more ABSTRACT Power system disturbances are inherently complex and can be attributed to a wide range of sources, including both natural and man-made events. Currently, the power system operators are heavily relied on to make decisions regarding the causes of experienced disturbances and the appropriate course of action as a response. In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system. To enable the human decision maker, we explore the viability of machine learning as a means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event. We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.
International Conference on Advanced Computer Theory and Engineering, 4th (ICACTE 2011)
Proceedings of the 8th International Conference on Predictive Models in Software Engineering, 2012
Background: Most software effort estimation research focuses on methods that produce the most acc... more Background: Most software effort estimation research focuses on methods that produce the most accurate models but very little focuses on methods of mapping those models to business needs. Aim: In our experience, once a manager knows a software effort estimate, their next question is how to change that estimate. We propose a combination of inference + visualization to let managers quickly discover the important changes to their project. Method: (1) We remove superfluous details from project data using dimensionality reduction, column reduction and feature reduction. (2) We visualize the reduced space of project data. In this reduced space, it is simple to see what project changes need to be taken, or avoided. Results: Standard software engineering effort estimation data sets in the PROMISE repository reduce to a handful of rows and just a few columns. Our experiments show that there is little information loss in this reduction: in 20 datasets from the PROMISE repository, we find that there is little performance difference between inference over all the data and inference over our reduced space. Conclusion: Managers can be offered a succinct representation of project data, within which it is simple to find critical the decisions that most impact project effort.
Background: Most software effort estimation research focuses on methods that produce the most acc... more Background: Most software effort estimation research focuses on methods that produce the most accurate models but very little focuses on methods of mapping those models to business needs. Aim: In our experience, once a manager knows a software effort estimate, their next question is how to change that estimate. We propose a combination of inference + visualization to let managers quickly discover the important changes to their project. Method: (1) We remove superfluous details from project data using dimensionality reduction, column reduction and feature reduction.
"There is a large amount of illegal content being replicated through peer-to-peer (P2P) networks... more "There is a large amount of illegal content being replicated through peer-to-peer
(P2P) networks where BitTorrent is dominant; therefore, a framework to profile
and police it is needed. The goal of this work is to explore the behavior of initial
seeds and highly active peers to develop techniques to correctly identify them.
We intend to establish a new methodology and software framework for profiling
BitTorrent peers. This involves three steps: crawling torrent indexers for
keywords in recently added torrents using Really Simple Syndication protocol
(RSS), querying torrent trackers for peer list data and verifying Internet Protocol
(IP) addresses from peer lists. We verify IPs using active monitoring methods.
Peer behavior is evaluated and modeled using bitfield message responses. We
also design a tool to profile worldwide file distribution by mapping IP-togeolocation
and linking to WHOIS server information in Google Earth."
cybertesis.urp.edu.pe, 2010
The graphical user interfaces of modern operating systems have been improving usability at a good... more The graphical user interfaces of modern operating systems have been improving usability at a good rate, but for blind users the progress has been a much slower rate if not declining. It is for this reason that the focus on accessibility should not be to interpret modern GUI's but to develop an application based on the visually impaired people's general heuristic interaction with software. To design a blind person's user interface based on their behavioral characteristics and provide them an independent and enjoyable environment. Using a user centered design working hand in hand with blind people; a basic blind user interface is to be implemented. This interface provides basic interaction but is used independently from installation to task completion. The process will integrate various open source projects that are available under GNU GPL and Open Source Initiative copyleft licenses, so the resulting design will fall under these licenses as well and be open source free software. Some of the applications that are used are: Non Visual Desktop Access, WebbIE web browser and accompanying apps, and Wikipedia and Project Gutenberg public domain free content. The application is currently in its pre-alpha stage and current user experience is being measured to improve usability and gain feedback for improvements.