ENG: Electrical and Computer Engineering: Scholarly Papers
Permanent URI for this collection
Browse
Recent Submissions
Item Multi-protocol IoT network reconnaissance(IEEE, 2022-10-03) Gvozdenovic, Stefan; Becker, Johannes Karl; Mikulskis, John; Starobinski, DavidNetwork reconnaissance is a core security functionality, which can be used to detect hidden unauthorized devices or to identify missing devices. Currently, there is a lack of network reconnaissance tools capable of discovering Internet of Things (IoT) devices across multiple protocols. To bridge this gap, we introduce IoT-Scan, an extensible IoT network reconnaissance tool. IoT - Scan is based on software-defined radio (SDR) technology, which allows for a flexible implementation of radio protocols. We propose passive, active, multi-channel, and multi-protocol scanning algorithms to speed up the discovery of devices with IoT-Scan. We implement the scanning algorithms and compare their performance with four popular IoT protocols: Zigbee, Bluetooth LE, Z-Wave, and LoRa. Through experiments with dozens of IoT devices, we demonstrate that our implementation experiences minimal packet losses, and achieves performance near a theoretical benchmark.Item Uncovering product vulnerabilities with threat knowledge graphs(IEEE, 2022-10) Shi, Zhenpeng; Matyunin, Nikolay; Graffi, Kalman; Starobinski, DavidThreat modeling and security assessment rely on public information on products, vulnerabilities and weaknesses. So far, databases in these categories have rarely been analyzed in combination. Yet, doing so could help predict unreported vulnerabilities and identify common threat patterns. In this paper, we propose a methodology for producing and optimizing a knowledge graph that aggregates knowledge from common threat databases (CPE, CVE, and CWE). We apply the threat knowledge graph to predict associations between threat databases, specifically between products and vulnerabilities. We evaluate the prediction performance based on historical data, using precision, recall, and F1-score metrics. We demonstrate the ability of the threat knowledge graph to uncover many associations that are currently unknown but will be revealed in the future.Item Optimizing freshness in IoT scansBecker, Johannes Karl; Starobinski, DavidMotivated by IoT security monitoring applications, we consider the problem of a wireless monitor that must implement a multi-channel scanning policy to minimize the Age of Information (AoI) of received information. We model this problem as a Markov Decision Process (MDP). To address the curse of dimensionality, we propose various scanning policies of low computational complexity. We compare the performance of these policies against the optimal one in small instances, and further simulate them using time-series data obtained from real IoT device communication traces. We show that a policy, coined Greedy Expected Area (GEA), performs well in many scenarios.Item A general security approach for soft-information decoding against smart bursty jammers(IEEE, 2022-12-04) Ercan, Furkan; Galligan, Kevin; Duffy, Ken R.; Medard, Muriel; Starobinski, David; Yazicigil, Rabia TugceMalicious attacks such as jamming can cause significant disruption or complete denial of service (DoS) to wireless communication protocols. Moreover, jamming devices are getting smarter, making them difficult to detect. Forward error correction, which adds redundancy to data, is commonly deployed to protect communications against the deleterious effects of channel noise. Soft-information error correction decoders obtain reliability information from the receiver to inform their decoding, but in the presence of a jammer such information is misleading and results in degraded error correction performance. As decoders assume noise occurs independently to each bit, a bursty jammer will lead to greater degradation in performance than a non-bursty one. Here we establish, however, that such temporal dependencies can aid inferences on which bits have been subjected to jamming, thus enabling counter-measures. In particular, we introduce a pre-decoding processing step that updates log-likelihood ratio (LLR) reliability information to reflect inferences in the presence of a jammer, enabling improved decoding performance for any soft detection decoder. The proposed method requires no alteration to the decoding algorithm. Simulation results show that the method correctly infers a significant proportion of jamming in any received frame. Results with one particular decoding algorithm, the recently introduced ORBGRAND, show that the proposed method reduces the block-error rate (BLER) by an order of magnitude for a selection of codes, and prevents complete DoS at the receiver.Item Empirical comparison of block relay protocols(Institute of Electrical and Electronics Engineers (IEEE), 2022-12) Imtiaz, Muhammad Anas; Starobinski, David; Trachtenberg, AriBlock relay protocols play a key role in the performance and security of public blockchains. As a result, several such protocols have been deployed in the context of Bitcoin and its variants (e.g., legacy, compact block relay and Graphene) in an attempt to reduce bandwidth utilization. However, the relative performance of these protocols in realistic networking conditions (e.g., with nodes churning - joining and leaving the network) is still not known. This paper aims to fill this key knowledge gap using an experimental testbed of twelve full nodes connected to the Bitcoin Cash blockchain. With the aid of novel logging tools, we contrast the performance of these three protocols, in realistic scenarios, with respect to communication, delay, and block decoding success. Our main findings are that Graphene generally performs the best when nodes remain connected, boasting an average propagation delay of 190 ms (i.e., 29% lower than compact block and 80% lower than the legacy protocol). However, when nodes churn at a high rate, compact blocks may perform better. Through a careful temporal analysis, we identify some root causes of the protocol inefficiencies, together with potential mitigation. We have made our measurement framework and experimental logs publicly available to the broader research community.Item Towards general-purpose neural network computing(IEEE COMPUTER SOC, 2015-10) Eldridge, S.; Waterland, A.; Seltzer, M.; Appavoo, Jonathan; Joshi, AjayItem EbbRT: a framework for building per-application library operating systems(USENIX Association, 2016-12) Krieger, O.; Keeton, Kimberly; Roscoe, TimothyGeneral purpose operating systems sacrifice per-application performance in order to preserve generality. On the other hand, substantial effort is required to customize or construct an operating system to meet the needs of an application. This paper describes the design and implementation of the Elastic Building Block Runtime (EbbRT), a framework for building per-application library operating systems. EbbRT reduces the effort required to construct and maintain library operating systems without hindering the degree of specialization required for high performance. We combine several techniques in order to achieve this, including a distributed OS architecture, a low-overhead component model, a lightweight event-driven runtime, and many language level primitives. EbbRT is able to simultaneously enable performance specialization, support for a broad range of applications, and ease the burden of systems development. An EbbRT prototype demonstrates the degree of customization made possible by our framework approach. In an evaluation of memcached, EbbRT and is able to attain 2:08 higher throughput than Linux. The node.js runtime, ported to EbbRT, demonstrates the broad applicability and ease of development enabled by our approachItem Buildout and integration of an automated high-throughput CLIA laboratory for SARS-CoV-2 testing on a large urban campus(Elsevier BV, 2022-10) Landaverde, Lena; McIntyre, David; Robson, James; Fu, Dany; Ortiz, Luis; Chen, Rita; Oliveira, Samuel MD; Fan, Andy; Barrett, Amy; Burgay, Stephen P.; Choate, S.; Corbett, David; Doucette-Stamm, Lynn; Gonzales, Kevin; Hamer, Davidson H.; Huang, Lilly; Huval, Shari; Knight, Christopher; Landa, Carrie; Lindquist, Diane; Lockard, Kelly; Macdowell, Trevor L.; Mauro, Elizabeth; McGinty, Colleen; Miller, Candice; Monahan, Maura; Moore, Randall; Platt, Judy; Rolles, Lloyd; Roy, Jeffrey; Schroeder, Tracey; Tolan, Dean R.; Zaia, Ann; Brown, Robert A.; Waters, Gloria; Densmore, Douglas; Klapperich, Catherine M.In 2019, the first cases of SARS-CoV-2 were detected in Wuhan, China, and by early 2020 the first cases were identified in the United States. SARS-CoV-2 infections increased in the US causing many states to implement stay-at-home orders and additional safety precautions to mitigate potential outbreaks. As policies changed throughout the pandemic and restrictions lifted, there was an increase in demand for COVID-19 testing which was costly, difficult to obtain, or had long turn-around times. Some academic institutions, including Boston University (BU), created an on-campus COVID-19 screening protocol as part of a plan for the safe return of students, faculty, and staff to campus with the option for in-person classes. At BU, we put together an automated high-throughput clinical testing laboratory with the capacity to run 45,000 individual tests weekly by Fall of 2020, with a purpose-built clinical testing laboratory, a multiplexed reverse transcription PCR (RT-qPCR) test, robotic instrumentation, and trained staff. There were many challenges including supply chain issues for personal protective equipment and testing materials in addition to equipment that were in high demand. The BU Clinical Testing Laboratory (CTL) was operational at the start of Fall 2020 and performed over 1 million SARS-CoV-2 PCR tests during the 2020-2021 academic year.Item Feels bad man: dissecting automated hateful meme detection through the lens of Facebook’s challenge(2022-06-06) Jennifer, Catherine; Tahmasbi, Fatemeh; Blackburn, Jeremy; Stringhini, Gianluca; Zannettou, Savvas; De Cristofaro, EmilianoItem The gospel according to Q: understanding the QAnon conspiracy from the perspective of canonical information(2022-06-06) Aliapoulios, Maxwell; Papasavva, Antonis; Ballard, Cameron; De Cristofaro, Emiliano; Stringhini, Gianluca; Zannettou, Savvas; Blackburn, JeremyItem A large-scale temporal measurement of Android malicious apps: persistence, migration, and lessons learned(2022-08-08) Vervier, Pierre-Antoine; Shen, Yun; Stringhini, GianlucaItem "It is just a flu": assessing the effect of watch history on YouTube's pseudoscientific video recommendations(2022-06-07) Papadamou, Konstantinos; Zannettou, Savvas; Blackburn, Jeremy; De Cristofaro, Emiliano; Stringhini, Gianluca; Sirivianos, MichaelItem TrollMagnifier: detecting state-sponsored troll accounts on Reddit(IEEE, 2022-05) Saeed, Mohammad Hammas; Ali, Shiza; Blackburn, Jeremy; Cristofaro, Emiliano De; Zannettou, Savvas; Stringhini, GianlucaItem Slapping cats, bopping heads, and Oreo shakes: understanding indicators of virality in TikTok short videos(ACM, 2022-06-26) Ling, Chen; Blackburn, Jeremy; De Cristofaro, Emiliano; Stringhini, GianlucaItem Finding MNEMON: reviving memories of node embeddings(ACM, 2022-11-07) Shen, Yun; Han, Yufei; Zhang, Zhikun; Chen, Min; Yu, Ting; Backes, Michael; Zhang, Yang; Stringhini, GianlucaItem Why so toxic?: Measuring and triggering toxic behavior in open-domain chatbots(ACM, 2022-11-07) Si, Wai Man; Backes, Michael; Blackburn, Jeremy; De Cristofaro, Emiliano; Stringhini, Gianluca; Zannettou, Savvas; Zhang, YangItem Cerberus: exploring federated prediction of security events(ACM, 2022-11-07) Naseri, Mohammad; Han, Yufei; Mariconti, Enrico; Shen, Yun; Stringhini, Gianluca; De Cristofaro, EmilianoItem Non-polar opposites: analyzing the relationship between echo chambers and hostile intergroup interactions on Reddit(2022) Efstratiou, Alexandros; Blackburn, Jeremy; Caulfield, Tristan; Stringhini, Gianluca; Zannettou, Savvas; De Cristofaro, EmilianoItem FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules(2023) Angelakopoulos, Ioannis; Stringhini, Gianluca; Egele, ManuelItem Lambretta: learning to rank for Twitter soft moderation(2023) Paudel, Pujan; Blackburn, Jeremy; De Cristofaro, Emiliano; Zannettou, Savvas; Stringhini, Gianluca