Výskumník Ústavu informatiky SAV
Peter Krammer graduated from the Faculty of Electrical Engineering and Information Technology, Slovak University of Technology in Bratislava, and is currently Researcher at the Institute of Informatics of the Slovak Academy of Sciences. His research interests include data mining and machine learning. He is (co-)author of several scientic papers and has participated in international and national research projects.
Presentation: Detection of potentially dangerous activities from logs of mobile devices using machine learning techniques
Malicious behavior detection in mobile devices log domain. When everyone owns, and uses mobile devices such as smartphones and/or tablets, the demand of cybersecurity and situational awareness is pushing towards. This involved work was a part of the six-month pilot research done for IBM Slovakia. The interest was if it is possible to detect malicious behaviors of mobile devices based on collected logs of mobile devices. Raw data – logs from mobile devices belongs to human-generated data class, which are not so “Big” as machine-generated data. Data mining using ML techniques in this domain involved through following obstacles: 1) Collected raw logs are extremely noisy for the specific detection purpose. The logs contain a lot of information about continuous monitoring processes such us timing (clocks, alarms, calendars), positions, accelerators, display setting and adapting, network and power monitoring, scanning processes, etc. 2) Low occurrences of malicious behaviors – malware related activities, which caused imbalanced classes of data used for supervised ML; 3) Feature extraction for data with evolving characteristics i.e. number of applications on mobile devices is changed based on users’ demands without any limitations; 4) Privacy preserving data mining of personal sensitive information; 5) DM process required thorough Data Understanding in collaboration with domain experts, Data Preparation (especially EDA) and Feature Engineering. ML technique applied in this case was supervised binary classification with incremental learning (SVM, logistic regression, neuron networks). The obtained results were highly satisfied to distinguish malicious behavior from the normal one.
Predstavenie možností riadenia informačnej bezpečnosti v rôznom prostredí webových a mobilných aplikácií, ale aj monitoringu a riešenia bezpečnostných incidentov. Tomáš Mičo/ESET/ GDPR – legislative changes in EU data protection Jakub Berthoty & Paul Džačko/Dagital Legal, s.r.o./Impact of GDPR on organisation’s enterprise architecture Peter Krammer/výskumník Ústavu informatiky SAV v Bratislave/Detection of potentially dangerous activities from logs […]