Professional Documents
Culture Documents
2
Cyber Related Productivity - Cybercrime Losses
10 % increase in digitisation
6.000.000.000 S$/year
(0.75% GDP)
Loses due to cybercrime: vs
5.000.000.000 S$/year
(0.64% GDP)
4
NTNU Department of Information Security &
Communication Technology
• Testimon Digital Forensics Group
• Norwegian Biometrics Laboratory (NBL)
• Norwegian Information Security Laboratory (NISlab)
• NTNU Applied Cryptography Laboratory (NaCl)
• NTNU Quantitative modelling of dependability and
performance (QAUM) Laboratory
• NTNU Intelligent Transportation Systems (ITS)
Laboratory
• Centre for Cyber and Information Security (CCIS)
5
Critical Infrastructure Security & Resilience
Risk Assessment
● Cyber security in
○ the oil and gas domain
○ The maritime industry, including autonomous ships
○ Internet of things
○ Internet of Energy
○ Secure Micro-Grids
7
New NTNU PhD Research (2017)
● Navigation System Security in Unmanned Autonomous Marine
Vessels
● Security of the Cyber Enabled Ship
● Understanding Resilience of Software-Defined Industrial Control
Networks
● Cybersecurity, Safety and Resilience of Smart Cities
● Post Quantum Cryptography
● Blockchain Analytics and Transactions Tracking
● Chatroom Security
● Gamification of Information Security Education and Training
● Modelling and Analyzing Attack-Defence Scenarios for Cyber
Ranges
● Information Security Economics
8
CCIS: Bridges Built Between.....
CCIS: Centre for Cyber and Information Security
InfoSEC
Management
Cyber
Defence
Cyber Security
of Critical
Infrastructure
e-Health,
COINS Wellbeing
Research School
of Information
Security
Norwegian
Biometrics
NTNU Digital Laboratory
Forensics
Group
9
NTNU Testimon Digital Forensics Group
Forensic Reliability in Machine Learning,
Pattern Recognition & Artificial Intelligence
10
NTNU Digital Forensics Group
Joint Research Projects
○ ARS Forensica - Computational Forensics for Large-Scale Fraud
Detection, Crime Investigation and Prevention
11
ArsForensica Research Project:
13
Some Topics of Interest
Cyberthreat Intelligence
14
Big Data Topics
Machine Learning for Digital Forensics
Expedited DF Examination and Analysis
15
Explosion of Digital Evidence in
Conventional Law Enforcement
??! !
??! !
?!
16 etc)
Many conventional cases (murder, robbery,
Big Data Scenarios in Law Enforcement
• Many conventional cases (murder, robbery, etc)
– Oslo Police District
• Many small data seizures can add up to
many TB of data stored as evidence
• Analysis for each case is not complex
– Prefer analysis interface directly with front line investigators
18
Panama Papers in Size Perspective
19
International statistics - numbers
Across the "Relativity universe", separate percentages are tracked for each grouping.
Assessing the percentages over the past five years reveals that approximately two thirds of
cases fall in the Normal group, approximately a quarter of cases in the Large group, and
around 8% in the Very Large group. These percentages have held fairly constant over the
past five years with the exception of the Ridiculous cases, which first appeared in 2013, and
now, while increasing, account for less than 1% of the overall case size make up
= 20 x Panama Papers!
21
DFaaS Platform for
Conventional Policing
22
Same DFaaS For Complex Cases?
23
Testimon Digital Forensics Group
Academic Staff (Gjøvik)
24
Testimon Adjunct Staff
25
Testimon DFG PhD Candidates
27
Adversarial Network Analysis
(PhD Candidate: Jan William Jensen)
Feasibility Study of Social Network Analysis on Loosely Structured Communication Networks, Jan William Johnsen and
Katrin Franke, Procedia Computer Science
28
Improve Approximate Search for Digital
Investigation and Intrusion Detection
(PhD Candidate: Kyle Porter)
• Improve precision
– Find more of what we want, without losing significant accuracy
– Good for beginning of investigation
29
NFA With Greater Flexibility in
Types of Errors
30
Constrained approximate search in Network IDS
(PhD Candidate: Ambika Shrestha Chitrakar)
31
Malware Classification Based on Analysis of Low-Level
H/W Activity
(PhD Candidate: Sergii Banin)
32
Topic Modelling Research
• Latent Dirichlet Allocation (LDA)
• Topic Modelling in Digital Forensics Investigations (DFI)
• Topic Modelling for Cyber-Threat Intelligence (CTI)
33
Dirichlet Allocation:
A Generative Model
34
Graphic Representation of
Document Generation
35
Co-Occurrence Matrix Representation of
Document Corpus
36
Matrix Analysis of
Document Corpus
37
Topic Modelling for DFI
(Enron Corpus)
From Eirik Lintho Bue . Probabilistic Topic Modeling for Document
Corpus Exploration in Digital Forensics.
38
Ten Topics Extracted From Enron Corpus
39
Topic 4: Author Participation Over Time
40
Topic 4: Author Participation Over Time
SN
SM
SL
SK
SJ
SH
SG
SF
SE
SD
SC
SB
SA
41
Adversarial Network Analysis
42
Topic Modelling for CTI
Hacker Forum Data
– Nulled.IO
– http://leakforums.net/thread-719337
– 3,495,596 posts
43
Nulled.IO Hacker Forum Data
(16,000 Posts)
44
Nulled.IO Hacker Forum Posts
45
Estimated Topics (16K Posts)
46
1000K Posts [Security Relevant Only]
Future Work:
DarkWeb Jihadi Forums
100002 11290 WALLAHI-laylatul Qadr is the 27th Night- Helping Everyone Out-
1283 Mu7aaribah Why do we tend to act the worst in this blessed month of
ramadhaan?
In the last 10 days of ramadhaan?Wallaahi we are so being tested here
by Allaah and some of you are just falling right into the trap. Subhan'AIIaah.
Please think, think, think and then act. 2006 1 O 17 2006-10-17 14:48:00.000
99629
48
Thank You!
Questions?
49