Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Karlskrona, Sweden, October 24-25, 2018 http://www.eisic.org EISIC 20182011
European Intelligence & Security Informatics ConferenceThe Premier European Conference on Counterterrorism and Criminology
Academic Sponsors
Technical co-sponsorship
Conference Organizer and Sponsor
Conference
Program
EISIC 2018
2
EISIC 2018 – Table of Contents
3
Conference Secretariat Conference registration takes place at theConference Secretariat located at the lobby of theConference Center of Blekinge Institute ofTechnology,duringthefollowingdaysandhours:
Wednesday 9:00–16:п0 Thursday 8:30–16:30
Theregistrationfeeincludes:§ One lunch and two coffee breaks per
conferenceday§ One ticket for the Conference Dinner
held on Wednesday 24th of October,2018attheNavalMuseum.
§ Conference bag with the conferenceprogram,proceedings,conferencegifts,etc.
Table of Contents ConferenceSecretariat 3
EISIC2018ConferenceOrganization 4
EISIC2018ProgramCommittee 5
MessagefromtheGeneralChairs 7
MessagefromtheProgramChair 8
EISIC2018ProgramataGlance 9
EISIC2018KeynoteSpeeches 10
EISIC2018DetailedProgram 13
EISIC2018Abstracts 15
ConferenceVenue 22
InformationforPresenters&Policies 25
EISIC 2018 – Conference Organization
4
HonoraryGeneralChair
PanagiotisKarampelas,
HellenicAirForceAcademy,Greece
GeneralChairs
MartinBoldt,
BlekingeInstituteofTechnology,Sweden
AntonBorg,
BlekingeInstituteofTechnology,Sweden
ProgramChair
JoelBrynielsson,
KTHRoyalInstituteofTechnology,Sweden
AdvisoryBoard
LisaKaati,
FOISwedishDefenceResearchAgency,Sweden
MargitPohl,
TUWien,Austria
EmelieNilsson,
DanishNationalPolice,Denmark
Yanfang(Fanny)Ye,
WestVirginiaUniversity,USA
ThirimachosBourlai,
WestVirginiaUniversity,USA
IoannaLekea,
HellenicAirForceAcademy,Greece
LocalArrangementChair
FredrikErlandsson,
BlekingeInstituteofTechnology,Sweden
EISIC 2018 – Program Committee
5
MohdHelmyAbdWahabUniversitiTunHusseinOnnMalaysia,Malaysia
MohamedFaouziAtigUppsalaUniversity,Sweden
IgorBernikUniversityofMaribor,Slovenia
HervéBorrionUniversityCollegeLondon,UnitedKingdom
ThirimachosBourlaiWestVirginiaUniversity,USA
EgonL.vandenBroekUtrechtUniversity,Netherlands
AntwanD.ClarkJohnsHopkinsUniversity,USA
ShamalFailyBournemouthUniversity,UnitedKingdom
UlrikFrankeRISESICSSwedishInstituteofComputerScience,Sweden
MarianelaGarcíaLozanoFOISwedishDefenceResearchAgency,Sweden
ShravanGarlapatiVirginiaTech,USA
BénédicteGoujonThalesResearch&Technology,France
GuntherP.GrasemannFraunhoferIOSB,Germany
RichardGöbelHofUniversity,Germany
MohammadHammoudehManchesterMetropolitanUniversity,UnitedKingdom
LiangxiuHanManchesterMetropolitanUniversity,UnitedKingdom
ChrisHankinImperialCollegeLondon,UnitedKingdom
JohandeHeerThalesResearch&Technology,Netherlands
ThomasJ.HoltMichiganStateUniversity,USA
NilsJensenOstfaliaUniversityofAppliedSciences,Germany
BorkaJermanBlažičJožefStefanInstitute,Slovenia
FredrikJohanssonFOISwedishDefenceResearchAgency,Sweden
PanagiotisKarampelasHellenicAirForceAcademy,Greece
SergiiKavunKharkivUniversityofTechnology,Ukraine
JeroenKeppensKing’sCollegeLondon,UnitedKingdom
LatifurKhanUniversityofTexasatDallas,USA
EISIC 2018 – Program Committee
6
StewartJamesKowalskiNorwegianUniversityofScienceandTechnology,Norway
IoannaLekeaHellenicAirForceAcademy,Greece
RichardMayPacificNorthwestNationalLaboratory,USA
LucaMazzolaLucerneUniversityofAppliedSciencesandArts,Switzerland
AntonisMouhtaropoulosUniversityofWarwick,UnitedKingdom
RasmusPetersenSoftwareImprovementGroup,Denmark
JakubPiskorskiEuropeanCommissionJointResearchCentre,Italy
MargitPohlTUWien,Austria
GalinaRogovaStateUniversityofNewYorkatBuffalo,USA
VirgilijusSakalauskasVilniusUniversity,Lithuania
GünterSchumacherEuropeanCommissionJointResearchCentre,Italy
JohanSigholmHarvardUniversity,USA
GerardoI.SimariUniversidadNacionaldelSur,Argentina
YannisStamatiouUniversityofPatras,Greece
JerzySurmaWarsawSchoolofEconomics,Poland
MuhammadAdnanTariqKTHRoyalInstituteofTechnology,Sweden
TheodoraTsikrikaInformationTechnologiesInstitute,CERTH,Greece
StefanVargaKTHRoyalInstituteofTechnology,Sweden
LeonWangNationalUniversityofKaohsiung,Taiwan
UffeKockWiilUniversityofSouthernDenmark,Denmark
YanfangYeWestVirginiaUniversity,USA
DanielZengUniversityofArizona,USA
YuchenZhouPaloAltoNetworks,USA
EISIC 2018 – Message from the General Chairs
7
Wearehappy towelcomeyouand theEuropean IntelligenceandSecurity InformaticsConference
(EISIC) to Karlskrona, Sweden. In the last decade EISIC has grown to be the premier European
conference on counterterrorism and criminology. The conference series has combined intriguing
technicalprogramswithgoodorganization.ForEISIC2018weaimtomaintainthehighstandard,and
wehopethatyouwillenjoytheconference.
Karlskrona is Sweden’s only baroque city, founded in 1680 when the Royal Swedish Navy was
relocated from the Stockholm area.We hope that you will enjoy this beautiful city.We are also
proud to present our distinguished keynote speakers: Professor Dieter Gollmann (Hamburg
University of Technology andNanyang Technological University) and Dr. VidyaNarayanan (Oxford
InternetInstituteatOxfordUniversity).Inadditiontothesetwodistinguishedspeakers,wewillalso
enjoy presentations by two invited speakers: Mr. Mikael Lagström (TrueSec) and Sergeant Major
FreddyWidecrantz(NavalWarfareCentre,SwedishArmedForces).
TheconferencedinnerwilltakeplaceattheNavalMuseuminKarlskrona,whichisalsothelocation
ofthesocialevent.ForthoseofyouwhohavethetimetodiscoverKarlskronaonyourown,thereare
many possibilities. In particular, we recommend paying a visit to the central square which is the
largestsquareinScandinavia.Further,centralKarlskronastillcontainsmanyofthebaroquebuildings
fromitsfounding,aswellasabeautifularchipelago.
Organizingaconferencerequiresmuchworkandsupportfrommanypeopleandorganizations.We
wouldliketothankallthosewhohavebeeninvolvedintheorganizationofEISIC2018.Inparticular,
wearegratefulforthehardworkdonebytheprogramchairJoelBrynielsson.Wearealsogratefulto
PanagiotisKarampelas forhis continuoussupport tokeep thewebsiteupdated,FredrikErlandsson
forhelpinguswith the localarrangements,aswellasLenaMarminge,Camilla JohanssonandEva-
Lotta Runesson for their help with the conference budget and other economy-related tasks. We
wouldalsoliketothankBlekingeInstituteofTechnologyandtheITdepartmentforhostingus.
AswenowinauguratetheeighthEISICmeeting,wewishtowelcomeyoutoKarlskronaandwehope
thatyouwillenjoyEISIC2018andyourstayinSweden.
MartinBoldt,BlekingeInstituteofTechnology,SwedenAntonBorg,BlekingeInstituteofTechnology,Sweden
EISIC 2018 – Message from the Program Chair
8
IntelligenceandSecurityInformatics(ISI)isaninterdisciplinaryfieldofresearchthatfocusesonthedevelopment,
use, and evaluation of advanced information technologies, including methodologies, models and algorithms,
systems,andtools,for local,national,andinternationalsecurityrelatedapplications.Overthepastdecade,the
EuropeanISIresearchcommunityhasmaturedanddeliveredanimpressivearrayofresearchresultsthatareboth
technicallyinnovativeandpracticallyrelevant.
Academic conferences have been an importantmechanism for building and strengthening the ISI community.
Theseconferenceshaveprovidedstimulatingforumsforgatheringpeoplefrompreviouslydisparatecommunities
including those from academia, government, and industry. Participants have included academic researchers
(especially in the fieldsof information technologies, computer science, public policy, and social andbehavioral
studies), lawenforcementandintelligenceexperts,aswellas informationtechnologycompanyrepresentatives,
industryconsultants,andpractitionerswithintherelevantfields.
The2018EuropeanIntelligenceandSecurityInformaticsConference(EISIC2018)istheeighthEISICmeetingtobe
organized by the European ISI community. During 2011–2017 the EISIC meetings have been held annually in
Athens,Greece;Odense,Denmark;Uppsala,Sweden;TheHague,theNetherlands;Manchester,UnitedKingdom;
Uppsala, Sweden; and Athens, Greece. EISIC 2018 is organized by Blekinge Institute of Technology, and is
scientificallysponsoredbytheRoyalInstituteofTechnology,SwedenandtheSwedishDefenceResearchAgency,
andhasalsoreceivedtechnicalco-sponsorshipfromtheIEEEComputerSocietyanditsTechnicalCommitteeon
IntelligentInformatics(IEEECSTCII).Wewouldliketoexpressoursinceregratitudetothesesponsors.
EISIC2018received31submissionsintotal,andaccepted36%ofthesubmittedregularpapers.Forcomparison,
EISIC2011 received111 submissionsandaccepted27%of thepapers,EISIC2012 received70 submissionsand
accepted40%ofthepapers,EISIC2013received87submissionsandaccepted31%ofthepapers,IEEEJISIC2014
received98submissionsandaccepted28%ofthepapers,EISIC2015received78submissionsandaccepted35%
ofthepapers,EISIC2016received64submissionsandaccepted24%ofthepapers,andEISIC2017received51
submissionsandaccepted31%ofthepapers.
The two-day conference program includes presentations by prominent keynote speakers, paper presentation
sessions,andapostersession.Weareverypleasedwiththetechnicalqualityoftheacceptedsubmissions,and
wouldliketoexpressoursinceregratitudetoallauthorsforcontributingtheirwork.
Todistinguishbetweenthesubmittedpapersandguidetheacceptancedecisions,allpapershavebeencarefully
readandanalyzedbyat least three independentexperts.Representingall thedifferent flavorsof thebroad ISI
fieldandcomingfrom19differentcountries,the49programcommitteemembersgenerouslyprovided96high-
quality review reports.Wearemost grateful to theprogramcommitteemembers for their time spent sharing
theirvaluableexpertisewiththepaperauthors.
JoelBrynielsson,KTHRoyalInstituteofTechnology,Sweden
EISIC 2018 – Program at a Glance
9
Wednesday,October24,201809:00-10:00 Registration/Coffee10:00-10:30 WelcomeSession
GeneralChairs/ViceChancellor/ProgramChair10:30-11:30 Keynote:IoTSecurity–ViewedfromtheApplicationLayer Room:J1620
Speaker:Prof.DieterGollmann
11:30-12:30 Lunch RestaurantinJbuilding12:30-14:00 SessionI Room:J162014:00-14:30 Coffeebreak OutsideroomJ161014:30-16:00 SessionII Room:J162016:00-16:10 Shortbreak16:10-16:п0 InvitedSpeech:TheNavalBase,aworldheritageofinformationcollection
threatsRoom:J1620
Speaker:SgtMajFreddyWidecrantz
18:00-21:30 SocialEvent&ConferenceDinner:NavalMuseum
Thursday,October25,201808:30-09:00 Registration09:00-10:00 Keynote:ComputationalPropagandaandMisinformationCampaignsduring
ImportantEventsinPublicLifeRoom:J1620
Speaker:Dr.VidyaNarayanan10:00-10:15 ShortBreak10:15-12:00 SessionIII Room:J162012:00-13:00 LunchBreak RestaurantinJbuilding13:00-13:45 InvitedSpeech:Hands-oninsightsfromthe"Cloudhopper”incidentthathit
companiesworldwidein2017Room:J1620
Speaker:MikaelLagström13:45-14:00 Shortbreak14:00-15:40 SessionIV Room:J162015:40-15:50 ClosingSession Room:J162015:50-16:30 Coffee OutsideroomJ1610
EISIC 2018 – Keynote Speeches
10
Prof.DieterGollmannHamburgUniversityofTechnology,GermanyNanyangTechnologicalUniversity,Singapore10:30-11:30 Wednesday,24October2018 Room:J1620 Chair:MartinBoldt
"IoT Security – Viewed from the Application Layer"
Abstract
Ifonedoesnotgetbeyondthe“I”in“IoT”,IoTsecuritymightappearjustaspecificinternetworkingsecurity
challenge.Networkandcommunicationsecurityarewellestablishedareas.IoTcanthenservethepurpose
ofre-sellingoldideasinanewdisguise,beitasproducts,researchproposals,orresearchpapers.Thistalk
will take a closer look at the “T” and discuss some of the security challenges that arise when things are
influencedbyandinfluencethephysicalenvironmentaroundthem.
Bio
Professor Dieter Gollmann received his Dipl.-Ing. in Engineering Mathematics (1979) and Dr.tech. (1984)
fromtheUniversityof Linz,Austria in theDepartment forSystemScience.Heearned theDr.habil. at the
UniversityofKarlsruhe,Germany,wherehewasawardedthe‘venialegendi’forComputerSciencein1991.
HewasaLecturerinComputerScienceatRoyalHolloway,UniversityofLondon,andrejoinedRoyalHolloway
laterin1990,wherehewasthefirstCourseDirectoroftheMScinInformationSecurity.He’sstillgivingguest
lectures inRoyalHolloway.He joinedMicrosoftResearch inCambridge in1998.Then in2003,hetookthe
chair for Security in Distributed Applications at Hamburg University of Technology, Germany. He has
contributedtonationalandEuropeanprojectsintheareasofdependablecommunicationsandcomputing.
EISIC 2018 – Keynote Speeches
11
Dr.VidyaNarayananOxfordInternetInstituteatOxfordUniversity09:00-10:00 Thursday,25October2018 Room:J1620 Chair:LisaKaati
"Computational Propaganda and Misinformation Campaigns during
Important Events in Public Life"
Abstract
Socialmedia provides a platform for active public participation in political discourse.However, recentlywe
havewitnessedattempts to influencevoterpreferencesusingmisinformation campaignsusing socialmedia
platformsbothbydomestic and foreignactors.Wehavealso seen coordinatedefforts to seeddivisionand
polarizationinsocietiesbyamplifyingspecificissuesonsocialmediaplatformsthroughtheuseofautomation.
Further, some of these techniques are used by authoritarian regimes to intimidate activist groups and
suppressdissent.Itisinthiscontext,thattheComputationalPropagandaprojectanalysesdatacollectedfrom
theseplatformsandmapstheamountofpolarizingand junknewscontent thataudiencegroupshavebeen
exposed to. This talk will describe in detail, some of our research efforts and findings related to recent
electionsinSwedenandLatinAmericancountries.
Bio
Vidyaworksasaresearcher intheOxfordInternetInstituteatOxfordUniversity,whereshemainlyworks in
the Computational Propaganda Project. She has several years of experience working as a researcher in
ArtificialIntelligence,withgroupsatbothuniversitiesandincommercialenvironments.Herresearchinterests,
lieintheinterfacebetweentechnology,ethicsandpolicy,andsheisprimarilyengagedindevelopingsystems
that use technology for the greater goodof society. She completedher PhD inComputer Science from the
University of Southampton, building adaptive techniques for automated negotiations. Prior to this, she
completed her M.S., in Industrial Engineering from Pennsylvania State University, working on problems in
decentralized decision making, specifically in the defense logistics domain. Her basic background is in
Mathematics,whichshestudiedattheMasterslevelattheIndianInstituteofTechnology,Madras,andasan
undergraduateattheUniversityofMadras.ShehasalsoworkedasascientificcoordinatoratBAESystemsand
asasoftwareengineeratTechMahindra.
EISIC 2018 – Keynote Speeches
12
SergeantMajorFreddyWidecrantzNavalWarfareCentre,Sweden16:00-16:30 Wednesday,24October2018 Room:J1620 Chair:AntonBorg
"The Naval Base, a world heritage of information collection threats"
Abstract
Ashortbriefaboutthechallengeswithhavinganavalbase,awarfarecenterandashipyard inthesame
geographicalareainahigh-techweaponindustrydevelopingcountry.
Bio
SergeantMajorWidecrantzhasbeenworkingwithintheintelligencebranchforsometenyears.Hehasalso
beenworkingwithsecurityservice insupportof theSwedishsubmarinesystems.Todayhe isdeveloping
the method of intelligence support for Swedish maritime commanders at the level from task unit and
higher.Thedevelopmentincludesaspectsregardinginformationflows,trainingofpersonneltocomputer
systemsthatservesthepurpose.
MikaelLagströmTrueSec,Stockholm,Sweden13:00-13:45 Thursday,25October2018 Room:J1620 Chair:AntonBorg
"Hands-on insights from the "Cloud hopper” incident that hit
companies worldwide in 2017"
Abstract
The Cloudhopper operation were exposed in 2017, being a systematic hacking operation with an
extensive web of global victims overmany years. Listen to the insights from one of themany forensic
investigations, and learn once again that no-one can be truly trusted, not even the large international
well-known vendors – when it comes to being in the spotlight of an attack – and potential cover-up
operation.
Bio
Mikael Lagström has several years of experience from IT, Telecom and Cybersecurity on management
level, successfully building up global security services organizations.Mikaelworks at TrueSec,which is a
highly regarded company that focuses on cyber-security, IT infrastructure, and secure development.
TrueSecholdsa keyposition in theSwedishmarketandhavea strong reputation internationallydue to
worldwidesecurity-relatedassignments.
EISIC 2018 – Detailed Program
13
Wednesday,October24,201809:00-10:00 Registration/Coffee10:00-10:30 Opening:WelcomeSession
GeneralChairs/Vicechancellor/ProgramChair10:30-11:30 Keynote:IoTSecurity–ViewedfromtheApplicationLayer
Speaker:Prof.DieterGollmann,J1620,Chair:MartinBoldt11:30-12:30 Lunch12:30-14:00 SessionI
Room
J162
0
Chair:GuntherGrasemann
OnWashTradeDetectioninEnergyMarketsUmidAkhmedov
DigitalTransformationinBorderChecks:MappingBorderGuardTraininginAutomatedProcessesLauraSalmela,SirraToivonen,MinnaKulju,MariYlikauppila
TowardsMobileContactless4-FingerprintAuthenticationforBorderControlAxelWeissenfeld,AndreasZoufal,ChristophWeiss,BernhardStrobl,GustavoFernándezDomínguez
AHeuristicMethodforIdentifyingScamAdsonCraigslistHamadAlsaleh,LinaZhou
14:00-14:30 CoffeeBreak
14:30-16:00 SessionII
Room
J162
0
Chair:JoelBrynielsson
TimeofDayAnomalyDetectionMatthewPrice-Williams,MelissaTurcotte,NickHeard
OpticalCovertChannelfromAir-GappedNetworksviaRemoteOrchestrationofRouter/SwitchLEDsMordechaiGuri
AnalysisandEvaluationofAntivirusEnginesinDetectingAndroidMalware:ADataAnalyticsApproachIgnacioMartín,JoséAlbertoHernández,SergiodelosSantos,AntonioGuzmán
16:00-16:10 ShortBreak
16:10-16:40 InvitedSpeech:TheNavalBase,aworldheritageofinformationcollectionthreatsSpeaker:FreddyWidecrantz,J1620,Chair:AntonBorg
18:00-21:30 SocialEvent&ConferenceDinner:NavalMuseum
EISIC 2018 – Detailed Program
14
Thursday,October25,201808:30-09:00 Registration09:00-10:00 Keynote:ComputationalPropagandaandMisinformationCampaignsduringImportantEventsinPublicLife
Speaker:Dr.VidyaNarayanan,J1620,Chair:LisaKaati10:00-10:15 ShortBreak10:15-12:00 SessionIΙΙ
Room
J162
0
Chair:MordechaiGuri
PolicingtheCyberThreat:ExploringtheThreatfromCyberCrimeandtheAbilityofLocalLawEnforcementtoRespondMatthewHull,ThaddeusEze,LeeSpeakman
HarmonizingCriminalLawProvisionsonMoneyLaundering–ALitmusTestofEuropeanIntegrationTatuHyttinen,SailaHeinikoski
ConceptualisingCyberSecurityInformationSharing:AStakeholderSurveyAdamZibak,AndrewSimpsonGenericObjectandMotionAnalyticsforAcceleratingVideoAnalysiswithinVICTORIADavidSchreiber,MartinBoyer,ElisabethBroneder,AndreasOpitzandStephanVeigl
12:00-13:00 Lunch13:00-13:45 InvitedSpeech:Hands-oninsightsfromthe"Cloudhopper”incidentthathitcompaniesworldwidein2017
Speaker:MikaelLagström,J1620,Chair:AntonBorg13:45-14:00 ShortBreak14:00-15:40 SessionIV
Room
J162
0
Chair: GerhardBackfriedOnlineMonitoringofLargeEventsJohanFernquistandLisaKaati
NowYouSeeMe:IdentifyingDuplicateNetworkPersonasSeanSuehr,ChrysafisVogiatzisMulti-expertEstimationsofBurglars’RiskExposureandLevelofPre-crimePreparationUsingCodedCrimeSceneData:WorkinProgressMartinBoldt,VeselkaBoeva,AntonBorgInferringDemographicdataofMarginalizedUsersinTwitterwithComputerVisionAPIsPanosKostakos,AbhinayPandya,OlgaKyriakouli,MouradOussalah
15:40-15:50 ClosingSession15:50-16:30 Coffee
EISIC 2018 – Abstracts
15
SessionI
12:30-14:00 Wednesday,October24,2018 Room:J1620Chair:GuntherGrasemann
PaperI Short
OnWashTradeDetectioninEnergyMarketsUmidAkhmedovAwashtradeinenergymarketsreferstoenteringintoarrangementsforthesaleorpurchaseofafinancialorphysicalinstrument,arelatedspotcommoditycontract,oranauctionedproductbasedonemissionallowances,where there is no change in beneficial interests ormarket risk orwhere beneficial interest ormarket risk istransferredbetweenpartieswhoareactinginconcertorcollusion.Marketabusescenariossuchaswashtradecompromisetheefficiencyandintegrityofenergymarkets.Theresearchofabusivetradingbehaviorinfinancialmarketsiswellaheadofpeersinenergymarkets.Effectivesolutionsformonitoringabusivescenariossuchaswashtradeinenergymarketsareyettobedeveloped.Thispaperdescribesapracticalimplementationexampleofdetectingwashtradebehaviorinenergymarketsusingsimpletechniques.Aneasilyreusablemethodisthenproposed to detect the potential wash trade activities involved in an instrument by first detecting tradesresulting innooverall change inmarket risk and then further identifying the collusivebehaviorbetween thecounterparties.TheproposedmethodistestedandevaluatedonenergyinstrumentsorderdatasetsfromtheTrayport tradingplatform.We find that theproposedapproachcaneffectivelydetectall primarywash tradeindicatorsacrossenergyinstruments.
PaperII Short
DigitalTransformationinBorderChecks:MappingBorderGuardTraininginAutomatedProcessesLauraSalmela,SirraToivonen,MinnaKulju,MariYlikauppilaAutomated border control represents one area in the digital transformation of border control. It is graduallybecoming a commonplace particularly at air borders,where the concept of self-service has had the strongestbusinesscasealsoinotherstepsofthepassenger’sjourney,suchascheck-inorbaggagedrop.Besidesprovidingameans to enhance efficiency and security in passenger clearing processes, the new technology significantlyreshapes currentways of conducting border checks fromemployeeperspective. Successful implementationofautomated border check technologies thus demands border organizations to equip their workforce with newskills and remodel existing ones. This paper presents a preliminary analysis on current technology training ofborderguardsandassessesitseffectsonhowthenewtechnologyisreceivedamongemployeesatthefrontline.TheresultsarebasedonfieldstudiesconductedinfiveEUmemberstates.ThestudylooselyappliesaTechnologyTrainingModelthatextendstraditionalTechnologyAcceptanceModelbyincorporatingtrainingasanadditionalvariabletoexplainemployeeintentiontousenewtechnology.
PaperIII Short
TowardsMobileContactless4-FingerprintAuthenticationforBorderControlAxelWeissenfeld,AndreasZoufal,ChristophWeiss,BernhardStrobl,GustavoFernándezDomínguezInthelastyearstheimportanceofbiometricauthenticationinbordercontrolproceduresincreasedinawaythatbiometricshavebecomethecoreofmostbordermanagementsystems.Currentcommercialproductsformobileborder control have not satisfactorily solved both the demand for increasing security checks and the userrequirementsdrivenbysecuritypersonnelsuchasborderguardsyet.Duetotheirflexibility,portabledevicesarecommonlydesiredduringthecontrolprocess.Thispaperpresentson-goingworkofanadvancedmobiledeviceforbordercontrolfocusingonusabilityandintegratingnewtechnologiestoenvisionnext-generationofmobiledevices.Thedevice isbasedontheMobilePassdevice [13]butsignificantly improved.Akeytechnologyof thenewdeviceisacontactless4-fingerprintauthenticationinsteadofonlyoneinexistingsolutions.Resultsbasedonrealdatashowstheadvantagesof4-fingerprintversus1-fingerprintauthentication.
EISIC 2018 – Abstracts
16
PaperIV Short
AHeuristicMethodforIdentifyingScamAdsonCraigslistHamadAlsaleh,LinaZhouCraigslist isapopularonlinecustomer-to-customermarketplace,whichhasattractedmillionsofconsumers fortradingandpurchasingsecondhanditems.Becauseofthehighfinancialreturnthatsellerscouldgainfromusingthissiteandtheanonymityoptionthatthewebsiteprovidestoitsusers,Craigslistishighlysubjecttofraudulentactivities.TheprimaryobjectiveofthisstudyistodetectscamadsonCraigslist.Basedontherelatedliteratureandourobservationsofadscollectedfromtheplatform,wedevelopaheuristicmethodforidentifyingscamads.Weevaluatetheproposedheuristicsbyconductinganexperimentandperformingadditionaldataanalysesusingrealdata.Theresultsprovidepreliminaryevidenceforefficacyoftheheuristicsdevelopedinthisstudy.
EISIC 2018 – Abstracts
17
SessionII
14:30-16:00 Wednesday,October24,2018 Room:J1620 Chair:JoelBrynielsson
PaperI Full
TimeofDayAnomalyDetectionMatthewPrice-Williams,MelissaTurcotte,NickHeardAnomaly detection systems have been shown to performwell in detecting compromised user credentialswithinan enterprise computer network. Most existing approaches have focused on modelling activitiesthat usersperformwithin the network but not the time atwhich users are active. This article presents anapproach for identifying compromised user credentials based on modelling their time of day or diurnalpatterns. Anomalous behaviour in this respect would correspond to a use r working during hours thatdeviate from their normal historical behaviour. The methodology is demonstrated using authenticationdata from Los Alamos NationalLaboratory’senterprisecomputernetwork.
PaperII Full
OpticalCovertChannelfromAir-GappedNetworksviaRemoteOrchestrationofRouter/SwitchLEDsMordechaiGuriAir-gappednetworksareseparatedfromtheInternetduetothesensitiveinformationtheystore. It isshownthatattackerscanusethestatusLEDsofroutersandswitchestoexfiltratedataoptically.However,thecurrentmethodsrequirethecompromiseofthenetworkdevice(e.g.,router)byinfectingitsfirmware.Inthispaperweshowhowattackerscancovertlyleaksensitivedatafromair-gappednetworksviatherowofstatusLEDsonnon-compromisednetworkingequipmentsuchasLANswitchesandrouters.Weintroducenewtypesofattackcalledhost-levelattack,inwhichamaliciouscoderuninahostconnectedtothenetworkcanindirectlycontroltheLEDs,withoutrequiringacodeexecutionwithintheLANswitchorrouter.Wepresentaversionofthehost-levelattackthatdoesn'trequirespecialprivileges(e.g.,rootoradmin)andisalsoeffectivewhen running fromwithin a VirtualMachine (VM), despite the network isolation.We provide the technicalbackgroundandimplementationdetailsanddiscusssetofpreventivecountermeasures.
PaperIII Full
AnalysisandEvaluationofAntivirusEnginesinDetectingAndroidMalware:ADataAnalyticsApproachIgnacioMartín,JoséAlbertoHernández,SergiodelosSantos,AntonioGuzmánGiventhehighpopularityofAndroiddevices,theamountofmalwareapplicationsinAndroidmarketshasbeengrowingatafastpaceinthepastfewyears.However,theconceptofmalwareissomethingvaguesinceitoftenoccurs that AntiVirus engines flag an application asmalwarewhile others do not, having no real consensusbetween different engines. With the help of data analytics applied to more than 80 thousand malwareapplications, thiswork further investigatesontherelationshipsbetweendifferentAntiVirusengines,showingthat some of them are highly correlated while others behave totally uncorrelated from others. Finally, wepropose a new metric based on Latent Variable Models to identify which engines are more powerful inidentifyingtruemalwareapplications
EISIC 2018 – Abstracts
18
SessionIII
10:15-12:00 Thursday,October25,2018 Room:J1620 Chair:MordechaiGuri
PaperI Full
PolicingtheCyberThreat:ExploringtheThreatfromCyberCrimeandtheAbilityofLocalLawEnforcementtoRespondMatthewHull,ThaddeusEze,LeeSpeakmanThe landscape in which UK policing operates today is a dynamic one, and growing threats such as theproliferationof cyber crime are increasing thedemandonpolice resources. The response to cyber crimebynational and regional law enforcement agencies has been robust, with significant investment in mitigatingagainst, and tackling cyber threats. However, at a local level, police forces have to deal with an unknowndemand,whilsttryingtocometotermswithnewcrimetypes,terminologyandcriminaltechniqueswhicharefarfromtraditional.ThispaperlookstoidentifythedemandfromcybercrimeinonepoliceforceintheUnitedKingdom, andwhether there is consistency in the recordingof crime.Aswell as this, it looks to understandwhethertheforcecandealwithcybercrimefromthepointofviewofthePoliceOfficersandPoliceStaffintheorganisation.
PaperII Full
HarmonizingCriminalLawProvisionsonMoneyLaundering–ALitmusTestofEuropeanIntegrationTatuHyttinen,SailaHeinikoskiThis article discusses the harmonization of penal provisions concerning money laundering in the EuropeanUnion (EU), in particular, the recent Commission proposal for a Directive on tacklingmoney laundering bycriminal law (COM(2016) 826 final). Theperspective is both legal andpolitical, pointingout to thedifferentlegalsolutionsintheEuropeanUnionandanalyzingthedevelopmentfromaEuropeanintegrationperspective,particularlyintermsofaso-calledspill-overprocess,wherebyintegrationinonefieldleadstointegrationinadjacent fields.Weput forward twomainarguments in thisarticle: (1)Weargue that inorder for the spill-over to succeed in a field crucial for national sovereignty such as criminal law, spill-over needs to becomplemented with securitization and policy laundering, the latter referring to the phenomenon wherebyissues are agreed at an international non- binding arena in order to later introduce these “internationalstandards”intobindinglegislation.(2)Wearguethatharmonizationinthemoneylaunderingcontextprovidesan example of a successful spill-over enhanced by policy laundering and securitization; tackling moneylaunderingostensiblyrequiresspillingoverEuropeanintegrationalsointhefieldofcriminallaw,acoreissueofnational sovereignty. A testament to this is the fact that European countries have even harmonized theircriminalization of self-laundering, although punishable self- laundering has been previously consideredcontrarytothegeneraldoctrinesandprinciplesofcriminal lawinmanycountries.Acase inpoint isFinland,the only country bound by the proposed directivewhere parties to the crime are not punished formoneylaundering, except in rare cases and there is no case law for self-laundering (Section 11 Chapter 32 of theCriminalCodeofFinland).
PaperIII Full
ConceptualisingCyberSecurityInformationSharing:AStakeholderSurveyAdamZibak,AndrewSimpsonDespitethegrowingcallsforcybersecurityinformationsharingandtheincreasinguseoftheterm,consensuswithregardstotheterm’sdefinitionislacking.Further,thereisadegreeofinconsistencybetweendifferentstakeholderswhenitcomestodistinguishingbetweenthevariousformsofinformationsharing.Inthispaperwe review the different definitions of cyber security information sharing with a view to untangling thedifferentformsofsharing.Inaddition,wereviewwhichtypesofsharingstakeholdersperceiveasmoreusefulandaremorewillingtoengagein.Areviewofboththeacademicandgreyliteratureandastakeholderonlinesurvey are used to compile data.We then analyse the data to develop amore nuanced understanding ofcyber security information sharing, outlining key categories of sharing, before setting the scene for futureresearch.
EISIC 2018 – Abstracts
19
PaperIV Poster
GenericObjectandMotionAnalyticsforAcceleratingVideoAnalysiswithinVICTORIADavidSchreiber,MartinBoyer,ElisabethBroneder,AndreasOpitz,StephanVeiglVideo recordings have become a major resource for legal investigations after crimes and terrorist acts.However, currently no mature video investigation tools are available and trusted by LEAs. The projectVICTORIA (Video analysis for Investigation of Criminal and TerrORist Activities) [1] addresses this need andaimstodeliveraVideoAnalysisPlatform(VAP) thatwillacceleratevideoanalysis tasksbya factorof15 to100. We describe concept and work in progress done by AIT GmbH within the project, focusing on thedevelopment of a state-of-the-art tool for generic object detection and tracking in videos. We develop adetection,classificationandtrackingtool,basedonDeepNeuralNetworks(DNNs),trainedonalargenumberofobjectclasses,andoptimizedfor theprojectcontext.Tracking isextendedtothemulti-classmulti-targetcase.ThegenericobjectandmotionanalyticsisintegratedinanovelframeworkdevelopedbyAIT,denotedasConnectedVision.
EISIC 2018 – Abstracts
20
SessionIV
14:00-15:40 Thursday,October25,2018 Room:J1620 Chair:GerhardBackfried
PaperI Full
OnlineMonitoringofLargeEventsJohanFernquistandLisaKaatiInthispaper,wedescribeanapproachthatcanbeusedtomonitoractivityonlinethatconcernslargeevents.We propose six different tasks that can be used separately or in combination. The different tasks includeanalyzingmessagesfromvariousactors,understandingtheimpactofmessagestoreceivers,studyingonlinediscussions, analyzing hate and threats directed towards people and threats towards the execution of thelargeeventandfinallyifthereareanyongoinginfluentialoperationsdirectedtowardsthegeneralpublic.
To illustrate how the approach can be used, we provide some examples of the different steps whenmonitoringonlineenvironmentsafewmonthsbeforetheSwedishgeneralelectionin2018.
PaperII Full
NowYouSeeMe:IdentifyingDuplicateNetworkPersonasSeanSuehr,ChrysafisVogiatzisThis work provides a decision-making framework at the intersection of social network analysis and lawenforcement intelligencewith thegoalof identifyingpersonsof interest ina socialnetwork.Criminal socialnetworks are complex due to the limited and imperfect information available.Moreover, the participatingentitiestendtomisrepresentthemselvesinordertostayhiddenandcovert.Inthiswork,weproposeanewinteger programming formulation to assist in the identification of entities who are prone to misrepresentthemselves in a social network. Our insight is that such personas will form large subgraphs of restricteddiameterthatareconnectedtootherentitieswhodonotcommunicatedirectlyorwithinashortnumberofintermediates. We formally define the problem and derive its computational complexity. Additionally, weprovideanintegerprogrammingformulationtosolveitexactlywiththeuseofacommercialsolver.Wethenshow how our framework behaves on the Krebs 9/11 network. Our approach is able to identify what arebelieved to be two distinct clusters of criminals participating in two separate subplots: the multiple flighthijackingonSeptember11;aswellasaplotagainsttheU.S.embassyinParisintheyear2001.
PaperIII Short
Multi-expertEstimationsofBurglars’RiskExposureandLevelofPre-crimePreparationUsingCodedCrimeSceneData:WorkinProgressMartinBoldt,VeselkaBoeva,AntonBorgLawenforcementagenciesstrivetolinkcrimesperpetratedbythesameoffendersintocrimeseriesinordertoimprove investigation efficiency. Such crime linkage can be done using both physical traces (e.g., DNAorfingerprints) or “soft evidence” in the form of offenders’ modus operandi (MO), i.e. their behaviorsduringcrimes.However,physicaltracesareonlypresentforafractionofcrimes,unlikebehavioralevidence.This work-in-progress paper presents a method for aggregating multiple criminal profilers’ ratings ofoffenders’behavioralcharacteristics based on feature-rich crime scene descriptions. Themethod calculatesconsensus ratings from individual experts’ ratings, which then are used as a basis for classificationalgorithms. The classification algorithms can automatically generalize offenders’ behavioral characteristicsfromcuesinthecrimescenedata.Models trained on the consensus rating are evaluated against modelstrained on individual profiler’s ratings. Thus,whether theconsensusmodel shows improvedperformanceoverindividualmodels.
EISIC 2018 – Abstracts
21
PaperIV Short
InferringDemographicdataofMarginalizedUsersinTwitterwithComputerVisionAPIsPanosKostakos,AbhinayPandya,OlgaKyriakouli,MouradOussalahInferring demographic intelligence from unlabeled socialmedia data is an actively growing area of research,challengedbylowavailabilityofgroundtruthannotatedtrainingcorpora.High-accuracyapproachesforlabelingdemographictraitsofsocialmediausersemployvariousheuristicsthatdonotscaleupandoftendiscountnon-Englishtextsandmarginalizedusers.First,wepresentaframeworkforinferringthedemographicattributesofTwitterusersfromtheirprofilepictures(avatars)usingtheMicrosoftAzureFaceAPI.Second,wemeasuretheinter-rater agreement between annotations made using our framework against two pre-labeled samples ofTwitter users (N1=1163; N2=659) whose age labels were manually annotated. Our results indicate that thestrengthoftheinter-rateragreement(Gwet’sAC1=0.89;0.90)betweenthegoldstandardandourapproachis‘verygood’forlabellingtheagegroupofusers.ThepaperprovidesausecaseofComputerVisionforenablingthedevelopmentof largecross-sectional labeleddatasets,andfurtheradvancesnovelsolutions inthefieldofdemographicinferencefromshortsocialmediatexts.
EISIC 2018 – Conference Venue
Blekinge Institute of Technology (BTH), Karlskrona, Sweden
Conference venue address: Campus Gräsvik, 371 79 Karlskrona
EISIC 2018 is hosted by Blekinge Institute of Technology (BTH) in Karlskrona, Sweden. BTH is a small
instituteof technologywitha clear focusonapplied ICT, strategic sustainability, and innovation. Ithasa
strong research and education environment in software engineering and emerging environments in
innovativeproductdevelopmentanddatascience.
Karlskrona,founded1680duringthereignofCharlesXI,hostsSweden'sonlyremainingnavalbaseandthe
headquartersoftheSwedishCoastGuard.ItisthecapitalofBlekingecounty.Thecityispositionedatthe
southeastcornerofSwedenwithexcellentconnectionsacrosstheBalticSea.
ThemainreceptionisinhouseAonthemap,andtheconferencewillbeheldinhouseJ.
22
EISIC 2018 – Conference Venue
23
Getting to the Campus
Thereisaregularbusthatleavesfromthebusstation(nexttothetrain-station).Busno.1leavestowards
campusfromthisstop(every7minutes).ThelocalbusesarerunbyBlekingetrafikenandyoucangetanup
todatetimetableontheirwebsite:www.blekingetrafiken.se
A trip fromKungsplan to campus takes8minutes and costs 30 SEK (no cashaccepted, credit/debit card
only). Driving (6minutes) or walking (30minutes). See themap below for detailed directions from the
centralstationtothecampus.
EISIC 2018 – Conference Venue
24
Getting to the Naval Museum
TheMarinmuseumiswithinwalkingdistancefromthecitycenter,locatedintheeasternmostpartsofthe
city center. Bus no. 1 from BTH has two stops along Drottninggatan which are within about 5minutes
walkingdistance,thestopDrottninggatanandthestopSparre.
EISIC 2018 – Information for Presenters & Policies
25
Information for Presenters
Full papers are allocated approximately 30minuteswhile Short papers 20minutes including a question-
and-answerperiodafter thepresentation.TheSessionChair introduces the speakersandmoderates the
question-and-answerperiod.Abasicaudio-visual installation(speakers,projectionscreen,dataprojector)
willbeavailableintheroom.Pleaseinformthelocalareachairpriortothestartoftheconferenceifyou
don’thaveyourownlaptopduringyourpresentation.
Poster Session
PosterswillbehostedintheFoyerduringthecoffeebreaks.Maximumheightofthepostercanbe140cm
andmaximumwidth104cm.
Photographs
PhotographsareallowedinsideandoutsidetheconferencecomplexandintheareaofBlekingeInstituteof
Technology.
Smoking Policy
Smoking isnotpermitted insidetheareasoftheconference.Smokerscanbeaccommodatedoutsidethe
conferencecomplex.
Mobile Phone Policy
As a courtesy to speakers and attendees please refrain from using mobile phones during the keynote
speechesandpresentations.Setyourmobilephonesilentmodebeforeenteringa sessionand leave the
sessionifyoureceiveacall.
WiFi
FreeWiFiwillbeavailabletoconferenceparticipantsintheconferencecomplexusingacodethatwillbe
providedatthetimeoftheregistrationandwillbeavailableforallthedaysoftheconference.
EISIC 2018
26
EISIC 2018
27
EISIC 2018 – October 24-25, Karlskrona, Sweden
European Intelligence and Security Informatics Conference
(EISIC) 2018
October 24-25, 2018,
Blekinge Institute of Technology, Karlskrona, Sweden
http://www.eisic.org
The Premier European Conference on Counterterrorism and Criminology
Designed by Panagiotis Karampelas, EISIC 2018