Do you have any recommendations in new papers today?

END OF UNIT TEST 2 Learning to Attack the Cyber attackers Can’t Happen Fast EnoughBy Alina Tugend Nov. 14, 2018 PITTSBURGH — In a technology lab full of graduate students huddled over laptops, Prof.Marios Savvides flipped through photos on a computer screen searching for one full of peoplewhose faces were barely recognizable to the human eye. “How about a riot?” Professor Savvides asked. He had just come upon an image of policeofficers wearing helmets and gas masks and rioters covering their mouths and noses withbandannas — all trying to shield themselves from the tear-gas- and smoke-filled air. Savvides was delighted. It was a perfect example of where, with the facial recognition skills ofartificial intelligence, “we can now recognize a face from very few pixels,” he said.The episode was unfolding at the Biometrics Center, part of the CyLab Security and PrivacyInstitute at Carnegie Mellon University. The center was created by Savvides, who is a widely recognized expert in biometrics — thescience of measuring and identifying people using facial and iris recognition systems. On anygiven day, the high-tech space is crowded with computers, robots, and other machines andpopulated with doctoral students working with him. CyLab, which includes the center, was founded in 2003 to expand the boundaries of technologyand protect people when that technology — or the people using it — poses a threat. Based in theuniversity’s 25,000-square-foot Collaborative Innovation Center, CyLab works in partnershipwith roughly 20 corporations — like Boeing, Microsoft and Facebook — and governmentagencies to do research and education in internet privacy and security. The subject has become one of the hottest areas of research and training in the United States thesedays as increasingly sophisticated hackers threaten not only personal computer security but alsothe operation of everything from banking systems to water purification plants to nuclear arsenals.While the threats mount, the number of people qualified to confront them is far too low, expertssay, and educational institutions and government agencies are scrambling to fill the gap. More than 300 researchers and graduate students are working or studying at CyLab this year,making it among the largest cybersecurity training centers in the world. It offers more than 50courses in security and privacy and has trained more than 75,000 people.Biometrics, the science of using hard-to-mask physical attributes — like facial characteristics,fingerprints, retinal scans and DNA — is just one specialty. CyLab is also engaged in broaderuses for A.I., cryptography, network security and an array of other cybersecurity skills. One of the first times Savvides and his group used his facial-recognition technology forsomething besides research was just after the 2015 Boston Marathon bombing. His lab took theblurry, low-resolution, surveillance image of the suspected bomber released by the F.B.I. and,using A.I. technology, reconstructed the image and sent it to the bureau. Savvides was also happy to demonstrate another gee-whiz technology — long-distance irisscanning. Rather than requiring that an eye be placed directly up to a scanner, the devicehe helped invent looks like a very large camera lens with a smaller one on top and wings ofinfrared lights on either side. It can identify people by their irises from as far as 40 feet away.Like fingerprints, each person’s iris is unique; it stays the same as we age, and unlikefingerprints, cannot be scratched or covered up in some way short of removing the eyealtogether. And fingerprints can’t be taken from a long distance. In a video he made, Savvides showed how it would be possible for police officers to identify thedriver of a car they’ve pulled over for a violation by capturing a detailed image of the iris as thedriver glances into the side mirror and comparing it to their database of irises. Then police would know whether the person was driving a stolen car, had a criminal record orwas on a terrorist list — and might be dangerous — before walking up to the car. It could also help speed up endless security lines at airports. Instead of a human agent takinga passport or a driver’s license and running it through a security check, the irises of travelerscould be quickly scanned. Some of the CyLab work is focused on the threats that most affect people in their dailylives: password security. Lujo Bauer, director of the university’s Cyber Autonomy ResearchCenter, within CyLab, said his research showed that to avoid being hacked, a computer user’spasswords had not only to be complex, but long. “A password that’s long and just slightlycomplex is stronger than a password that’s very complex but short,” said Mr. Bauer, an associateprofessor of computer science and electrical and computer engineering. Just changing a fewletters or adding numbers in a password already used does very little to stop hackers,who can easily try thousands of variations of a password in rapid succession, he said.As everyone has been told repeatedly, the worst thing to do is reuse passwords from differentaccounts. That may be how many people’s accounts have been hacked. Other research from CyLab has discovered that, contrary to common assumptions, older peopleare less likely to be a target of phishing than 18- to 25-year-olds, perhaps because youngerpeople are more likely to take risks, said Jason Hong, a professor at Carnegie Mellon’s Human-Computer Interaction Institute Much of cybersecurity is, as Kathleen Carley, a professor at Carnegie Mellon’s School ofComputer Science, put it, “employing computer techniques to better understand society andemploying our knowledge of society to better understand computer techniques.” Her work issocial cybersecurity — that is figuring out how to make social media “a free and open placewithout undue influence.” In other words, making sure social media is not strongly impacted bybiased and subjective forces. It’s a subject that has become a major societal issue with the suspected Russian hacking of the2016 election in the United States. Most people, she said, don’t realize the impact of bots, which are software applications thatrun automated tasks over the internet. The role of bots is to convince and direct individuals; itcould be for relatively innocuous or inoffensive reasons such as marketing, but increasingly botsare used by organizations or governments to run schemes or create discord on social media bycreating or amplifying an existing conversation, making it more dangerous and divisive. The bots exploit how human brains are wired. People hear something repeated over and over,seemingly from many sources, and it soon seems like the truth. “They are affecting the country’s values and beliefs,” she said.One example, which Professor Carley and her team discovered in 2015, was a bot used topersuade Syrians to go to a website to donate to charity. “We believe it was actually a moneylaunderingsite,” she said. In that case, the bots, or botnet, which are bots connected together and controlled as a group,were identified simply through human detection. But A.I. Researchers have now createdalgorithms to identify bots. The one Professor Carley and her team created is called bot-hunter.Although Carley and others are developing technological fixes, such as using A.I to doautomatic fact-checking, to identify bots and to identify posts with abusive language, shestressed that “the tools are in their infancy,” and technology alone won’t solve this problem. Shewent on to add that “Policymakers and the public have to be educated”. But technology can solve a lot, and that is why graduate students working with CyLab havehelped create a digital cybersecurity game for those over 13 years old called picoCTF, forCapture the Flag. In its fourth year, the competition attracted more than 27,000 students from around the worldthis time, usually working in teams. It is played over two weeks and involves increasinglycomplex challenges — requiring high-tech solutions — to capture the flag. Only participants inthe United States are eligible for the top prize — a visit to Carnegie Mellon and $5,000. But theprestige is high. And while fun, it is also a way to encourage young people to think about a profession they maynever have considered before. “There’s a dramatic shortage of people in cybersecurity,” said Martin Carlisle, a professor anddirector of academic affairs at Carnegie Mellon who oversees the contest. “And we know thevast majority of students have picked their major by the time they get to college.” So targeting middle- and high-school students, he said, is a way to get them excited about acareer in cybersecurity before they’re already in college. This year’s winner? Dos Pueblos High School in Goleta, Calif. It was the only team that solvedevery challenge, although thousands of teams also made significant inroads, he said. “This was one of the few competitions I could access as a high school student,” said CarolinaZarate, who entered the contest in Maryland and who is now a graduate student studyinginformation security at Carnegie Mellon. She helps develop problems for picoCTF and is also part of Carnegie Mellon’s competitivehacking team, which has won four out of the last six competitions at the Def Con conference,considered to be the Olympics of hacking competitions. For Ms. Zarate, the interest in cybersecurity was always there, but she said she hoped thechallenge got more people involved. “If you think how many new areas technology is touching — what if someone hacked selfdrivingcars or bitcoins?” she said. “I want my money and life to be safe.”

Do you have any recommendations in new papers today?

More Quizzes