时间:2014 年 6 月 20 日(周五)上午 9:30-11:30地点:软件楼 IBM 会议室 A主讲人:Ninghui Li Department of Computer Science, Purdue University联系人:韩伟力(wlhan@fudan.edu.cn, 13918394494)Abstract:In this talk, we will discuss several pieces of research work from our group that involves analyzing security-related data. We also aim to use these as examples to illustrate some challenges and methods for data-driven security research.The first piece aims at developing techniques that can summarize the risk information from the list of permissions an Android App requests so that it can be more effectively communicated to the users. We identify three desiderata for an effective risk scoring scheme, and propose to use probabilistic generative models for risk scoring schemes. We consider several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models, and experimentally evaluate them. The second piece aims at developing and studying probabilistic password models, which are useful for research into understanding what makes users choose more (or less) secure passwords, and for constructing password strength meters and password cracking utilities. Such a model assigns a probability value to each string. We conduct a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, Markov models, when done correctly, perform significantly better than the state-of-the-art password model used in recent research.The third piece aims at developing techniques that can identify malicious insiders from access logs. We explore different ways to extract features as well as machine learning algorithms to use these features.Biography:Ninghui Li is a Professor of Computer Science at Purdue University. His research interests are in security and privacy. He has published over 100 referred papers in these areas. Prof. Li is currently Vice Chair of ACM Special Interest Group on Security, Audit and Control (SIGSAC), and Program Chair of 2014 ACM Conference on Computer and Communications Security (CCS). He is on the editorial boards of IEEE Transactions on Dependable and Secure Computing (TDSC) and Journal of Computer Security, and on the steering committees of ACM Symposium on Information, Computer and Communications Security (ASIACCS) and ACM Symposium on Access Control Models and Technologies (SACMAT).Prof. Li received a Bachelor's degree from the University of Science and Technology of China in 1993 and a Ph.D.in Computer Science from New York University in 2000. Before joining the faculty of Purdue in 2003, he was a Research Associate at Stanford University Computer Science Department for 3 years.
