The recent advancements in the computation and communication technologies have boosted the development of futuristic applications in different domains such as connected and autonomous cars, IoT, healthcare, finance, and smart infrastructure. Emerging trends in smart security solutions are the true enablers for widespread and secure adaptation of these smart applications. This widespread use of smart applications also widens the threat vector, and this workshop will bring together a group of experts with an interest in emerging security solutions for critical applications in various domains related to everyday life.
This workshop also aims to merge cross-disciplinary, innovative ideas from industry and academic research for comprehensive security and privacy assessment of critical applications in different domains. The submitted research will examine new and innovative smart applications that are enabled by the latest research and business trends. Also, various challenges related to security and privacy, will be addressed, and controversial issues in services and applications will be targeted.
Ubiquitous computing, context awareness, baseline behavior modeling, mobility and above all security are the core requirements for all critical applications. The workshop will highlight the recent developments in this evolving area from the perspective of design, computation, service, privacy and security. This workshop aims to bring together industrial and academic research to cover security and privacy aspects of critical applications in different domains such as online and mobile banking, public safety and disaster response, automotive and transportation, IoT, and smart infrastructure. Furthermore, this workshop will also highlight the recent developments in the security of such applications in the afore-mentioned domains. It will provide a platform for exchanging new ideas and research collaboration. The topics of interest for the workshop are following, but not limited to:
- Insider threat and behavior modelling in mission critical applications
- User behavior and contextual security
- Emerging techniques for automotive (connected and autonomous cars) security
- Machine and Deep learning-based security techniques for critical applications
- Blockchain-based security in critical applications
- Internet of Things security through emerging techniques including, but not limited to, blockchain, machine learning, deep learning
- Security issues in finance and banking and solutions through emerging techniques
- Application Programming Interface (API) security for critical applications
- Communication and network security for critical applications using blockchain and machine/deep learning
- Authentication and identity management in smart applications
- Standardization activities for securing smart and critical applications
Paper Submission Deadline: July 26, 2021
Acceptance Notification: August 21, 2021
Camera-ready Paper Submission: September 5, 2021
Prospective authors are invited to submit original technical papers up to 5 pages of length, using the EDAS link https://edas.info/newPaper.phpxxxxxxx. All submitted papers have to follow the IEEE conference paper template that can be downloaded from http://www.ieee.org/conferences_events/conferences/publishing/templates.html.
Fatima Hussain, PhD
Manager, Event Management and Analytics (Global Cyber Security), Royal Bank of Canada, Toronto, Canada
Adjunct Professor, Ryerson University, Toronto, Canada
Dr. Fatima is working as a Manager Event Management and Analytics in “Behaviour Analytics and Insider Threat” team, Global Cyber Security, Royal Bank of Canada (RBC), Toronto, Canada. She is responsible for employee risk profiling and detection of insider threats, by establishing baseline behaviours. She applies cutting edge analytical tools and techniques to detect the malicious insiders and mitigate the potential risk to the organisation.
She is also an Adjunct Professor at Ryerson University; Toronto and her role includes the supervision of graduate research projects. Dr Hussain’s background includes a number of distinguished professorships at Ryerson University and University of Guelph, where she has been awarded for her research, teaching and course development accomplishments within Wireless Telecommunication, Internet of Things, Cyber Security, Insider Threat, API Security and Machine Learning. She is a prolific author with various books, conference and journal publications to her credit. Dr Hussain has delivered many technical talks in the realm of Internet of Things and API Security, in top research/ industrial venues; such as IEEE PIMRC, IEEE-Toronto research forum, RBC International Expo, IEEE FIT etc. Dr. Hussain holds Doctorate and Master of Science degrees in Electrical & Computer Engineering, from Ryerson University, Toronto. Upon graduation she joined the Network-Centric Applied Research Team (N-CART) as a postdoctoral fellow where she worked on various NSERC-funded projects in the realm of the Internet of Things.
Rasheed Hussain, PhD
Director, Institute of Information Security and Cyber-Physical Systems,
Director, Networks and Blockchain Lab,
Innopolis University, Innopolis, Russia
Rasheed Hussain is Associate Professor and Director of the Institute of Information Security and Cyber-Physical Systems at Innopolis University, Innopolis, Russia. He is also Director of the Networks and Blockchain Laboratory at the same university. Furthermore, he is ACM Distinguished speaker where he delivered a number of invited talks in Canada, Australia, South Korea, and Pakistan. He closely collaborates with industry and conducts security-related research on the real-world problems from the industry with students. He has authored and co-authored a number of publications in top tier journals and conferences on security and privacy-related issues in mobile and ad hoc networks. He is currently collaborating with a number of researchers and universities around the globe. As an expert in applied cryptography and network security, he has contributed a lot to the research community in his capacity. In addition to that, he also actively contributes to the research community in the capacity of associate editors in various journals, technical communities, committees and as a reviewer for major journals and conferences. Furthermore, he is also a certified trainer for university lecturers and professors and people from industry for instructional skills development.
Amit Kumar Tiwari,
Director, Behavior Analytics and Insider Threats, Data Protection,
Royal Bank of Canada, Toronto, Canada
Amit Kumar Tiwari is leading behavioral analytics services and methods for insider threat and data protection at RBC. His background in Analytics has enabled services in several key areas within Cyber Security, Fraud, Identity, AML etc. He is focused on value driven analytics as a means of achieving security, protection and privacy. He specialized in Big Data systems with MSc in computing Science from Simon Fraser University.
Syed Ali Hassan, PhD
Associate Professor, National University of Science and Technology (NUST), Pakistan
Syed Ali Hassan received his Ph.D. in Electrical Engineering from Georgia Institute of Technology, Atlanta, USA in 2011. He received his MS Mathematics from Georgia Tech 2011 and MS Electrical Engineering from University of Stuttgart, Germany, in 2007. He was awarded BE Electrical Engineering (highest honors) from National University of Sciences Technology (NUST), Pakistan, in 2004. His broader area of research is signal processing for communications. Currently, he is working as an Assistant Professor at the School of Engineering and Computer Science (SEECS), NUST, where he is heading the Information Processing and Transmissions (IPT) research group, which focuses on various aspects of theoretical communications. Prior to joining SEECS, he worked as a research associate at Cisco Systems Inc., CA, USA. Dr. Hassan is a senior member of IEEE and IEEE Communications society, author/co-author of more than 100 papers and a reviewer for many IEEE journals transactions. He has organized special sessions at IEEE IWCMC 2015, CROWNCOM 2015, PIRMC 2017, ISWCS 2016 etc and has chaired several sessions in international conferences and served as a TPC member for IEEE Globecom 2014, IEEE PIMRC 2013-2017, IEEE VTC 2013- 2017, WCSP 2014, MILCOM 2014-17, IWCMC 2013-2017 among others.
Tadashi Matsumo, Japan Advance Institute of Science and Technology, Japan
Des McLernon, University of Leeds, UK
Keivan Navaie, Lancaster University, UK
Aamir Mehmood, Mid Sweden University, Sweden.
Ali Imran, Oklahoma University, USA
Sajid Saleem, University of Jeddah, KSA
Muhammad Zeeshan Shakir, University of West of Scotland, UK
Shahid Mumtaz, Institute of Telecommunications, Portugal
Adnan Kiyani, National University of Sciences and Technology (NUST), Pakistan
Mehdi Bennis, CWC, University of Oulu, Finland
Khalid Qaraqe, TAMUQ, Qatar
Xiliang Luo, ShanghaiTech University, China
Hesham ElSawy, King Abdullah University of Science and Technology, Saudi Arabia
Chrysostomos Chrysostomour, Frederick University, Cyprus
Himal A. Suraweera, University of Peradeniya, Sri Lanka
Nandana Rajethava, CWC, University of Oulu, Finland
Yonghui Li, University of Sydeny, Australia
Zihuai Lin, University of Sydney, Australia
Suneth Namal Karunarathna, University of Peradeniya, Sri Lanka
Chandika Wavagedara, University of Moratuwa, Sri Lanka
Head of Technology Transformation Office in Royal Bank of Canada (RBC), Toronto, Canada
Title: Chaos Engineering in Support of Mission Critical Systems
Software solutions are complex systems with so many moving parts interacting in unforeseeable ways that it is impossible to predict the result with confidence. No industry is immune from failures. However, solid engineering practices can shorten the failure duration, streamline the responses to failures, minimize the impact, and increase resiliency. Following Engineering principles, we have a better chance of building more fault-tolerant, resilient, and reliable systems. Chaos Engineering was born to specifically addresses the needs of operating a complex system; systems that are non-linear, which makes them unpredictable, and in turn, leads to undesirable outcomes.
Salah Sharieh is the Head of Technology Transformation Office in RBC and is accountable for activating Technology Transformation Office and support the executive leadership team of T&O to achieve superior business performance through the effective execution of T&O’s strategy.
Prior to that, he led the API delivery and operations. In the last 25 years, Salah delivered high-profile solutions and provided vision and leadership to several industries, including financial, telecommunication, and high tech, as well as mentored professionals and students.
He has more than 40 peer-reviewed publications and contributed to several books. Salah is an Adjunct Professor and a member of the Yeats School of Graduate Studies at Ryerson University.
In 2019 Salah was named Tech Titans, Canada's Tech Titans: Top 19 of 2019
Title: A Multi-faceted Approach to User Behaviour Analytics in the Context of Threat Detection
The advent of machine learning and AI has come at a critical time in cybersecurity, as the threat landscape expands exponentially, and threat actors employ increasingly sophisticated techniques to obfuscate a myriad of malicious behaviour embedded in swathes of logs capturing processes, authentication, network flows, firewall activity etc.
Traditional SIEM solutions are ill-equipped to capture the nuanced behaviour that occurs in this complex ecosystem. Data driven approaches however, allow teams to estimate the joint probability distribution of normal behaviour, and weed out malicious activity. This behavioural based approach is particularly critical in the context of compromised credentials, where the deviation of a user’s behaviour from their past actions or their peers actions can often be the only indication of an insider threat.
In this tutorial, two ML driven approaches are presented for User Behaviour Analytics for finding insider threats: a self-supervised approach using tabular data and a graph-based approach, generated from the same tabular data. In this tutorial, freely available data (https://csr.lanl.gov/data/cyber1/) from Los Alamos labs is utilized, that tracks real word behavior of over 12K users, on 17K machines for 58 days. The efficacy of the toy models will be tested by using real red-team data from the same dataset.
It’s preferred if attendees have some fundamental ML knowledge, (e.g. binary classification, Page rank), specially attendees from a deeper cyber technical background.
No prior installs required by attendees (notebook can be accessible via browser).
Format and Sequence of tutorial:
Moderator and Introduction: Meghna Verma, Product Manager in Behavioural Analytics, RBC.
Self supervised UBA Discussion: Cathal Smyth, Director, JSOC Analytics, RBC
Graph-based UBA Discussion: Nariman Mammadli, Senior Manager, Cyber AI architect, RBC
Cathal Smyth, PhD, CISSP
Director, JSOC Analytics, Royal Bank of Canada
Dr. Cathal Smyth is the Director of the Analytics team within the Joint Security Operation Centre. JSOC Analytics is a team of experienced data scientists that build state of the art solutions to address challenges in the cybersecurity and financial crime space.He has lead projects delivering ML solutions in critical areas such as Identity and Access Management, User Behaviour Analytics and cyber hygiene. Prior to joining the JSOC, Cathal was a machine learning researcher, both at Borealis AI and RBC Innovation, where he focused on the intersection of ML and cybersecurity, including host-based IDS, fraud detection and the security of AI models. Dr. Smyth earned his PhD in Physics from the University of Toronto, and was a Postdoctoral fellow at the Fields Institute, focusing on Big Data. He holds multiple patents in the area of Cyber-ML and has presented his work at conferences such as Blackhat.
Senior Manager, Cyber AI architect, Royal Bank of Canada
Nariman is a senior manager in the JSOC. JSOC Analytics is a team of experienced data scientists that build state of the art solutions to address challenges in the cybersecurity and financial crime space. He has designed and led the development of ML solutions to tackle cyber, financial security challenges as well as insider threat in the context of user behaviour analytics. Nariman earned his MSc in Artificial Intelligence from Imperial College London, UK and his BSc in Computer Engineering from University of Toronto. He holds multiple patents in the area of Cyber-ML.
Product Product Manager in Behavioural Analytics, Royal Bank of Canada
Meghna Verma is currently working as Product Manager in Behavioural Analytics at RBC.
She has graduated from Queen’s University with Masters of Management in Artificial intelligence and holds a bachelor degree in Chemical Engineering. She has been closely working with data science and analytics to fulfill business requirements.