Welcome to HST 2017

The 18th Annual IEEE Symposium on Technologies for Homeland Security (HST ‘18, will be held 23-24

October 2018, in the greater Boston area.  This symposium brings together innovators from leading

academic, industry, businesses, Homeland Security Centers of Excellence, and government agencies to

provide a forum to discuss ideas, concepts, and experimental results.

 

Produced by IEEE with technical support from IEEE Boston Section, and IEEE-USA, and with organizational

support from MIT Lincoln Laboratory, and Raytheon, this year’s event will once again showcase selected

technical papers and posters highlighting emerging technologies in:

Humanitarian Assistance & Disaster Relief

Biometrics & Forensics

Land/Maritime Borders & Critical Infrastructure Protection

Cyber Security

DIGITAL ABSTRACT BOOK

Welcome Message from the Conference Chair

On behalf of the Boston Section of the IEEE, it is my pleasure to welcome you to the seventeenth Symposium on Homeland Security Technologies.  The Steering Committee has assembled a very relevant program that will provide important insights to the current state of the art and recent advances addressing many homeland security concerns.  As the homeland security landscape evolves, the topics in this conference will continue to change and adapt across the wide range of important areas.  With this year’s conference, we continue to receive robust participation from researchers working to protect our homeland against land or maritime border threats, to defend our critical infrastructure, to strengthen our biometrics and forensics capabilities, and to mitigate cyber security threats.  Additionally, we are pleased to introduce a new track devoted to Humanitarian Assistance and Disaster Relief. Thanks to the efforts of the organizing committee, track chairs, and members of the technical committee, the assembled topics and speakers cover a highly relevant range of material that make this conference a unique forum that will bring together government, industry, and academia to share ideas on topics that are highly relevant and important to Homeland Security. I also wish to acknowledge the substantial efforts of the IEEE and in particular, the IEEE Boston Section office in making this event a reality.  I look forward to meeting everyone at the conference in October. Sincerely, James M. Flavin Associate Division Head, Homeland Protection and Air Traffic Control Division MIT Lincoln Laboratory Biography:  James M. Flavin is Associate Head of the Homeland Protection and Air Traffic Control Division at MIT Lincoln Laboratory. In this role, he shares responsibility for research, development, evaluation, and technology transfer for surveillance technology and decision support system architectures spanning air traffic control efficiency, airport surface safety, aircraft collision avoidance, homeland security, and homeland air defense. Prior to this position, he was Leader of the Surveillance Systems Group at MIT Lincoln Laboratory, which focuses on research and development of radar, signal processing, and decision-support systems for homeland protection and air transportation system. From 1998 to 2001, he was a member of the Air and Missile Defense Technology Division, working on a Radar Open Systems Architecture (ROSA) for the Kwajalein Modernization and Remoting (KMAR) program. In this role, he served a two- year tour at the U.S. Army base in the Kwajalein Atoll, first as a radar integration leader and then as the radar section leader.   Prior to joining Lincoln Laboratory, Mr. Flavin was at AT&T Bell Laboratories, where he worked on the design of adaptive Echo Canceller systems. He holds an MSEE from the University of Michigan at Ann Arbor and a BSEE from Northeastern University.

Welcome Message from the Technical Program Co-Chairs

On behalf of the Boston Section of the IEEE and the entire HST 2018 technical committee, we want to introduce the exciting program we have to offer. In this, the seventeenth year of the Symposium on Homeland Security Technologies, we continue to introduce evolutionary changes we hope will build on and improve the quality of an already strong conference. One of the unusual and valuable aspects of HST is how it brings together users, researchers, and members of the business and industrial communities and we realize that it is critical to maintain this rare, interdisciplinary blend.  Attendees from many backgrounds come to HST to learn about the state of the art and recent advances in homeland security technologies. Some attendees come to deepen their understanding of their own field, and some come to gain breadth. Some come to learn about national priorities and future directions. Once again, this year’s program offers something for everyone. As with previous HST symposiums, there are four highly selective technical tracks whose content is based on critical peer-reviews. In particular, each submission was reviewed and critiqued by members of our technical committee, who were chosen as experts from industry, federally funded research laboratories, and universities across the globe. This year, we are excited to introduce a new, highly topical track focused on developments in Humanitarian Assistance and Disaster Relief.  Several “best papers” have been selected by track and for the overall conference from among the many quality submissions. Finally, we would like to express our appreciation to the track chairs: Land/Maritime Borders & Critical Infrastructure Protection: John Aldridge, MIT Lincoln Laboratory;  Lance Fiondella, University of Massachusetts and Rich Moro, Raytheon; Biometrics & Forensics: Eric Schwoebel, MIT Lincoln Laboratory and Bengt Borgstrom, MIT Lincoln Laboratory; Humanitarian Assistance & Disaster Relief:  Mischa Shattuck, MIT Lincoln Laboratory and Matt Daggett, MIT Lincoln Laboratory; Cyber Security: Hong Liu, UMass Dartmouth; Firas Glaiel, Raytheon; Thomas Edgar, Pacific Northwest National Laboratory. In summary, we expect and hope that you will find that this year’s program is of the highest quality. We look forward to meeting everyone at the conference. Sincerely, Gerald R. Larocque, Ph.D., P.E. MIT Lincoln Laboratory Anthony Serino Raytheon

Organizing Committee

Track Chairs

General Chairs: Melissa Choi, MIT Lincoln Laboratory James Flavin, MIT Lincoln Laboratory Deputy Chair: Fausto Molinet, Matrix Internationale Technical Chairs: Gerald Larocque, MIT Lincoln Laboratory Anthony Serino, Raytheon Local Arrangements Chair: Bob Alongi, IEEE Boston Marketing Chair: Jessica Kelly, Raytheon Publications Chair: Adam Norige, MIT Lincoln Laboratory Sponsorships/Exhibits Chair: Fausto Molinet, Matrix Internationale Special Advisor to the Chair: Lennart Long, EMC Consultant Registration Chair: Karen Safina, IEEE Boston Web Site / Paper Submission Liaison  Kathleen Ballos, Ballos Associates
Land/Maritime Borders & Critical Infrastructure Protection John Aldridge, MIT Lincoln Laboratory Lance Fiondella, UMass Dartmouth Rich Moro, Raytheon Cyber Security Hong Liu, UMass Dartmouth Firas Glaiel, Raytheon Thomas Edgar, Pacific Northwest National Laboratory Biometrics & Forensics Bengt Borgstrom, MIT Lincoln Laboratory Eric Schwoebel, MIT Lincoln Laboratory James L. Wayman, San Jose State University Humanitarian Assistance & Disaster Relief Mischa Shattuck, MIT Lincoln Laboratory Matt Daggett, MIT Lincoln Laboratory  

Plenary Speakers

Paul McHale

Member Pennsylvania House of Representatives (1982~1991) Member of Congress (1993~1999) Assistant Secretary of Defense (2003~2009)

Erin Coughlan de Perez

Manager of the climate science team at the Red Cross / Red Crescent Climate Centre and an adjunct associate research scientist at Columbia University.
Thank you to our Sponsors!
Technical Co-Sponsors
Organizational Sponsors
October 23, 2018
7:00 AM

Registration

8:00 - 9:30 AM
9:30 - 9:40 AM

Welcome to HST

Melissa Choi (MIT Lincoln Laboratory) James Flavin (MIT LIncoln Laboratory) 9:40 - 10:30 AM

Plenary Session - Salon A

Erin Coughlan de Perez, Manager of the climate science team at the Red Cross / Red Crescent Climate Centre: adjunct associate research scientist at Columbia University 10:30 - 10:45 AM

Technical Program Overview / Best Paper Awards

Gerald Larocque (MIT Lincoln Laboratory) Anthony Serino (Raytheon) 10:45 - 11:00 AM

Break

11:00 - 12:30 PM
12:30 - 1:20 PM

Lunch - Salons C & D

1:20 - 2:50 PM
2:50 - 3:20 PM

Break - Eden Vale Foyer

3:20 - 5:20 PM
5:20 PM

Adjourn

6:00 PM

Welcome Reception, Exhibits and Poster Session Presentations - Grand Foyer

Cyber Security Session 1: Cyber-Physical System Security 1 Salon B
On the Feasibility of Generating Deception Environments for Industrial Control Systems Vincent Urias (SNL); William M. Stout (Sandia National Laboratories)*; Brian Van Leeuwen (SNL) The cyber threat landscape is a constantly morphing surface; the need for cyber defenders to develop and create proactive threat intelligence is on the rise, especially on critical infrastructure environments. It is commonly voiced that Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS) are vulnerable to the same classes of threats as other networked computer systems. However, cyber defense in operational ICS is difficult, often introducing unacceptable risks of disruption to critical physical processes. This is exacerbated by the notion that hardware used in ICS is often expensive, making full-scale mock-up systems for testing and/or cyber defense impractical. New paradigms in cyber security have focused heavily on using deception to not only protect assets, but also gather insight into adversary motives and tools. Much of the work that we see in today’s literature is focused on creating deception environments for traditional IT enterprise networks; however, leveraging our prior work in the domain, we explore the opportunities, challenges and feasibility of doing deception in ICS networks. The Economics of Critical Infrastructure Controls Systems' Cyber Security James E Lerums (Purdue University)* This paper studies some of the economic concepts constraining the acceleration of the necessary cybersecurity improvements for critical infrastructure industrial control systems.  Industrial control systems are used in several critical infrastructure sectors to include energy, transportation, manufacturing, and water utilities.  Critical infrastructures support public health and life safety, economic vitality, national defense, and overarching societal well-being.  Significant damage or disruptions to a critical infrastructure could result in potentially catastrophic and cascading consequences.   Outcomes of this study are the identification of the economic constraints on improving cybersecurity for a state’s critical infrastructure control systems.  This paper recommends that accelerating cyber-security improvements will require addressing economic constraints that will require policy/regulatory and bid specification changes as well as initiating cyber cooperative efforts between the state’s smaller critical infrastructure companies.
Humanitarian Assistance & Disaster Relief (HADR) 1:  Welcome and Introduction to Future of HADR Technology Salon E
Responder Priorities for Technology Advancement Michelle Royal (FirstLink Research and Analytics)* The purpose of Project Responder is to identify, validate, and prioritize capability needs for emergency response to critical incidents. This paper summarizes the findings of Project Responder 5 (PR5), the fifth iteration in this series of studies. The timing of the PR5 effort is notable because the threat environment continues to change, requiring capabilities to address a wide spectrum of threats and hazards. Researchers examined 20 recent natural disasters and man-made incidents to identify the capability needs that are shared across emergency response disciplines. The results of the PR5 effort include capability needs identified by emergency responders who participated in the nation’s recent large-scale incidents and validated by groups of responders across the United States. Each need reflects a capability that responders believe necessary to safely, efficiently, and effectively address large-scale incidents in the future. Periodic reexamination of capability needs is essential to ensure that emergency responders have the appropriate protection, equipment, systems, technologies, and apparatus required to carry out their missions safely, efficiently, and effectively. Use of Computer Simulation Modeling to Reduce the Consequences of an Active Shooter Event in a Large Event Venue Patrick R Glass (Purdue Homeland Security Institute)*; Swarnalakshmi  Iyer (Purdue University); Kristina  Lister- Gruesbeck (Purdue University); Nathan Schulz (Purdue University); Eric Dietz (Purdue University ) Active shooter incidents are a growing concern within the United States.  When means of mitigating the risk associated with threats and vulnerabilities are no longer viable, one must look to mitigate the consequences of an active shooter.  This paper explored the means of mitigating the risk of a single active shooter incident within a large event venue increasing the number of armed off duty law enforcement officers available to respond to the incident.  By running a computer simulation model of a stadium with 4,000 fans, the research group increased the number of armed off duty law enforcement officers and ran the simulation with a single active shooter.  The research group then counted the number of fans shoot and graphed the results.  The results showed a negative logarithmic relationship between the number of fans shot and the number of off duty law enforcement officers available.  The logarithmic graph reached its base of 3 casualties at 38 law enforcement officers, or 0.7% of the total fan population.    In a stadium with a seating capacity of 18,000, security would require 120-180 armed off-duty law enforcement officers to adequately mitigate the consequences of a single active shooter.
Land/Maritime Borders & Critical Infrastructure Protection  Session 1: Vessels & Cargo Salon F
Binding the Physical and Cyber Worlds: A Blockchain Approach for Cargo Supply Chain Security Enhancement Lei Xu (University of Houston)*; Lin Chen (University of Houston); Zhimin  Gao (University of Houston); Yanling Chang (Texas A&M University);  Eleftherios  Iakovou (Texas A&M University); Weidong Shi (University of Houston) Maritime transportation plays a critical role for the U.S. and global economies, and has evolved into a complex system that involves a plethora of supply chain stakeholders spread around the globe. The inherent complexity brings huge security challenges including cargo loss and high burdens in cargo inspection against illicit activities and potential terrorist attacks. The emerging blockchain technology provides a promising tool to build a unified maritime cargo tracking system critical for cargo security. However, most existing efforts focus on transportation data itself, while ignoring how to bind the physical cargo movements and information managed by the system consistently. This can severely undermine the effectiveness of securing cargo transportation. To fulfill this gap, we propose a binding scheme leveraging a novel digital identity management mechanism. The digital identity management mechanism maps the best practice in the physical world to the cyber world and can be seamlessly integrated with a blockchain-based cargo management system. Case Study: Challenges in Homeland Security Operations in Argentina and Role of Emerging Technologies Pramud Rawat (Data Analysis and Simulation Services)* After several decades of political crises and turmoil, Argentina is now making a serious effort to join the community of nations in which human rights are respected and a safe environment is provided to citizens wishing to lead peaceful and productive lives. The government is starting this journey at a time when the country is facing an acute economic crisis and its options are severely limited by that fact.   Fortunately, in Argentina, terrorism is not as major a problem as it is in the US. Violent protests inside the country and acts of terrorism by agents from abroad do occur but they do not have the ferocity that events of 9/11 had in the US. Its border control problems, however, are almost a mirror image of those that keep the Customs and Border Protection Agency (CBP) in the US in a state of constant alert. Its sparsely populated northern border with Bolivia and Paraguay is mostly unmonitored. Clandestine shipments of cocaine from Colombia, Peru, and Bolivia, and marijuana from Paraguay, come over ground, by small aircraft, or by boats on the Parana River. Poor Peruvians, Bolivians, and Paraguayans arrive, often without proper documents, to earn money that they can send home. Simultaneously, human traffickers bring youngsters by force to use them in slave labor, prostitution rings, or in drug traffic. Stolen cars, precursor chemicals for labs that produce cocaine and marijuana, laundered money, and stolen cars travel in the opposite direction. Gangs run the illicit trade within Argentina operating with impunity by bribing or killing the local police, judiciary, and elected officials. Imprisonment does not diminish the power of bosses to orchestrate the actions by their gang members in port cities.    The modest goal of this paper is to conduct a brief survey of the services that the emerging technologies can perform as force multipliers. They are parts of the technological ecosystem that is coming with 5G, ushering in the 4th industrial revolution.   Since Argentina’s homeland security problems are not entirely unique, the paper may be of interest to readers outside Argentina. Maritime Border Security using Sensors, Processing, and Platforms to Detect Dark Vessels Ross S Eaton (Charles River Analytics)*; Stan German (Charles River Analytics); Arjuna Balasuriya (Charles River Analytics) Maritime security is critical to national prosperity, but with a large area to be secured and limited resources available, our current maritime situational awareness is not sufficient to secure our borders. This challenge is compounded by the fact that many bad actors intentionally avoid using transponders to obscure their location and actions for nefarious purposes. New solutions are required to detect these “dark” vessels in the expansive maritime domain and thereby enable increased maritime situational awareness and security. In this paper, we present a concept for increased maritime situational awareness, specifically designed to secure our borders against dark vessels using a novel combination of existing technologies. Our concept is Sensors and Platforms for Unmanned Detection of Dark Ships (SPUDDS), which consists of our intelligent ship detection and classification software integrated onboard our autonomous long-duration sensor buoy, which provides long-range passive detection of nonemitting dark vessels for maritime situational awareness.
Biometrics & Forensics Session 1 Salon G
Operational Tradeoffs in the 2018 Department of Homeland Security  Science and Technology Directorate Biometric Technology Rally Jacob Hasselgren (The Maryland Test Facilty)*; John J. Howard (The Maryland Test Facility); Yevgeniv Sirotin (The Maryland Test Facility); Andrew Blanchard (The Maryland Test Facility); Arun Vermury (DHS S&T) The 2018 Biometric Technology Rally was an evaluation, sponsored by the U.S. Department of Homeland Security (DHS), Science and Technology (S&T) Directorate, that challenged industry to provide face or face/iris systems capable of unmanned, traveler identification in a high-throughput security environment. Eleven selected systems were installed at the Maryland Test Facility (MdTF), a DHS S&T affiliated biometrics testing laboratory, and evaluated using a sample of 363 naıve human subjects recruited from the general public. The performance of each system was examined based on measured throughput (efficiency), matching capability (effectiveness), and user satisfaction.  This research documents the operational tradeoffs between these three measures of system performance. Specifically, we perform two tradeoff analyses: efficiency versus effectiveness and satisfaction versus both efficiency and effectiveness. These tradeoff analyses allow us to determine how and if these three performance measures are related in the various kinds of biometric systems we tested. For example, are higher throughput systems also more effective? Do people prefer systems that are faster or more effective? Our results show there is no clear relationship between how quickly a system can process a user and how well it can identify the user. Furthermore, there was also no significant relationship observed between how quickly a system can process a user and how satisfied the user is with the system.  However, there was a strong relationship between how well a system identifies a user and how satisfied the user is with the system. These outcomes suggest that some systems could benefit by leveraging additional collection time to collect a higher quality image. Users did not tend to prefer faster systems but did prefer a system they thought was working as intended. Finally, these results also show that in regards to public acceptance, systems designers should focus on correctly identifying larger populations of users rather than how quickly a given user can be processed. Digital Witness: Remote Methods for Volunteering Digital Evidence on Mobile Devices Nigel Campbell (Georgia Tech Research Institute); Trevor J Goodyear (Georgia Tech Research Institute); Winston Messer (Georgia Tech Research Institute); Evan Stuart (Georgia Tech Research Institute)*; James Fairbanks (Georgia Tech Research Institute) Law enforcement requires methods of digital evidence collection from victim or witness devices in a minimally invasive manner. Victims and witnesses are often concerned with minimizing the exposure of data on their phone to authorities. In this paper we describe a system for the secure submission of digital evidence and a micro-service for creating and monitoring chain of custody. These tools minimize device data exposure, encourage cooperation from victims and witnesses, and enforce accountability with regards to handling digital evidence. Blockchain-enhanced Identities for Secure Interaction Dipto Chakravarty (Exostar, LLC); Tushar Deshpande (Stony Brook University)* Securing identities in online communities like Facebook and Google requires thinking beyond mobility and cloud as federation methods can be gamed. While use of adaptive authentication and biometrics on mobile devices has become the norm, its security can be bolstered lot more with a distributed ledger like blockchain. This paper presents an augmented security model based on the blockchain distributed ledger, depicting how blockchain can help us build decentralized identity ecosystem.

Cyber Security 2:

Machine Learning - Applications for Cyber Security

Salon B

MEADE: Towards a Malicious Email Attachment Detection Engine Ethan M Rudd (Sophos PLC)*; Richard Harang (Sophos PLC); Joshua Saxe (Sophos PLC) Email attachments are a growing delivery vector formal ware.While machine learning (ML) has been successfully applied to portable executable (PE) malware detection, we ask, can we extend static ML approaches to detect malware across common email attachment file types, e.g., office documents and Zip archives? To this end, we collected a dataset of over 5 million malicious/benign Microsoft Office documents along with a smaller data set, which we use to provide more realistic estimates of thresholds for false positive rates on in-the-wild data. We also collected a dataset of approximately 500k malicious/benign Zip archives on which we performed a separate evaluation. We analyzed predictive performance using 70/30 train/test time splits, evaluating feature and classifier types that have been applied successfully in commercial PE anti malware products and R&D contexts. Using deep neural networks and gradient boosted decision trees, we are able to obtain ROC curveswith > 0.99 AUCon both office document and Zip archive datasets. Discussion of deployment viability in various anti malware contexts is provided. Active Deep Learning Attacks under Strict Rate Limitations for Online API Calls Yi Shi (Intelligent Automation, Inc.)*; Yalin Sagduyu (Intelligent Automation, Inc.); Kemal Davaslioglu (Intelligent Automation Inc.); Jason Li (Intelligent Automation, Inc.) Machine learning has been applied to a broad range of applications and some of them are available online as application programming interfaces (APIs) with either free (trial) or paid subscriptions. In this paper, we study adversarial machine learning in the form of back-box attacks on online classifier APIs. We start with a deep learning based exploratory (inference) attack, which aims to build a classifier that can provide similar classification results (labels) as the target classifier. To minimize the difference between the labels returned by the inferred classifier and the target classifier, we show that the deep learning based exploratory attack requires a large number of labeled training data samples. These labels can be collected by calling the online API, but usually there is some strict rate limitation on the number of allowed API calls. To mitigate the impact of limited training data, we develop an active learning approach that first builds a classifier based on a small number of API calls and uses this classifier to select samples to further collect their labels. Then, a new classifier is built using more training data samples. This updating process can be repeated multiple times. We show that this active learning approach can build an adversarial classifier with a small statistical difference from the target classifier using only a limited number of training data samples. We further consider evasion and causative (poisoning) attacks based on the inferred classifier that is built by the exploratory attack. Evasion attack determines samples that the target classifier is likely to misclassify, whereas causative attack provides erroneous training data samples to reduce the reliability of the re-trained classifier. The success of these attacks show that adversarial machine learning emerges as a feasible threat in the realistic case with limited training data. NNIDS: Neural Network based Intrusion Detection System Hassan Hadi Latheeth Al-Maksousy (Old Dominion University)*; Michele C. Weigle (Old Dominion University); Cong Wang (Old Dominion University) Malware detection is an important problem. We propose an efficient real-time system to detect and classify malware based on network behavior using deep neural networks. We show that the splitting of the system into two neural networks, detection and analysis, is the key to increasing accuracy. Therefore, this approach allows for the construction of a real-time monitoring system with very low CPU usage. Finally, we provide a comparison analysis of four machine learning classifiers for this task.
Humanitarian Assistance & Disaster Relief (HADR) 2: Future of HADR Technology Salon E
Technologies to Support Victims of Sexual Assault Lance Fiondella (University of Massachusetts Dartmouth)*; Christian Ellis (University of Massachusetts Dartmouth ) Sexual assault is pervasive on college and university campuses in the United States. Individuals and organizations have undertaken various efforts in response to this issue, including the development of mobile applications to promote campus and community safety. However, many of these apps charge a fee or are closed source, restricting the ability to regularly improve them. To address these limitations, this paper presents a free and open source mobile application to provide students with information on community services for victims of sexual assault and basic education. Professional developers are welcome to contribute and mentor students. A web-based data interface that will allow other schools to submit similar information is under development. The present project seeks to grow a diverse community that can effectively channel technology in order to promote campus and community safety at home and abroad Global Shared Resilience: Using 21st Century Technology for Today’s Disasters Peter l O’Dell (Swan Island Networks)* New and emerging technologies can help minimize or avoid loss of life, property damages and economic impacts in ways that would have been previously impossible during disaster response. In this paper, we will focus on identifying what technology is available today, and those rapidly evolving . We’ll look at endpoint technology as well as back-office platforms that will make a difference to responders and impacted populations. We will also brainstorm some combinations of existing and future technology that may seem far-fetched at first glance; but could become real as exponential growth in advancement allows for hard-to-imagine innovation to become tomorrow’s solutions.
Land/Maritime Borders & Critical Infrastructure Protection 2: Explosives Salon F
Static Object Wi-Fi Imaging and Classifier Paul C. Proffitt (UMass Dartmouth)*; Honggang Wang (Univ of Massachusetts Dartmouth) Today we have a large array of imaging methods being visible light imaging, thermal imaging, night-vision imaging, but we need imaging in other cases such as smoke-filled areas, crowded areas, or where privacy is an issue. To see static objects in this arena, this research introduces Wi-Fi static object imaging and classification with low cost. It will allow detection of dangerous chest mounted explosives or weapons on buses and subways where expensive detection systems are not desired. However, this involves many challenges. The images created will be barely identifiable due to the low resolution of Wi-Fi, but the images need to be classified (identified). There are two major portions to this research. The first is the signal processing portion, where images are created, and the second is the image classification portion. In the signal processing portion, images will be created by using Wi-Fi signals transmitted and received on Ettus Universal Software Radio Peripheral (USRP) hardware and directional antennas. These USRP’s are interfaced to GNU Radio for which the researchers have developed specialized routines to implement this portion of the research. In the image classification phase, the images created are very blob-like with different reflective intensities. These images need some form of intelligence to classify them, and the system needs to improve its classification over time. AI neural networks are employed and developed to work on the images. As a result of this research, dangerous objects can be Wi-Fi imaged, detected, and classified. Technical Review and Optimization of Walk-Through Metal Detector Processes Anthony Hustedt (Purdue University )*; Colby Craig (Purdue University ); Eric Dietz (Purdue University ) The growing concern of terrorist violence in western countries has placed an emphasis on the critical nature of effective security practices. It is imperative to identify vulnerabilities, and close security gaps before they can be exploited by extremists. As such we desired to develop a technical testing process to validate the effectiveness of security practices and policies for large sports venues. This study of methodology, technical performance, and implementation of walk-through metal detectors screening processes sought to pinpoint weaknesses in existing measures. Though a series of laboratory testing, field testing, and site observations - performance degradation and detection failure was determined to be induced by one of three aspects; Setup – interference and synchronization between units, Settings – incorrect or inappropriate for conditions, and Operators – ineffective training and procedures. By identifying these anomalies and discrepancies security personnel are able to eliminate or reduce vulnerabilities and calculate a more accurate risk assessments for assets, personnel, and patrons.
Cyber Security 3: Applications Security Salon B
Establishing Independent Audit Mechanisms for Database Management Systems Alexander Rasin (DePaul University)*; James M Wagner (DePaul University); Karen Heart (DePaul University); Jonathan Grier (Grier Forensics) The pervasive use of databases for the storage of critical and sensitive information in many organizations has led to an increase in the rate at which databases are exploited in computer crimes. While there are several techniques and tools available for database forensic analysis, such tools usually assume an apriori database preparation, such as relying on tamper-detection software to already be in place and the use of detailed logging. Further, such tools are built-in and thus can be compromised or corrupted along with the database itself. In practice, investigators need forensic and security audit tools that work on poorly configured systems and make no assumptions about the extent of damage or malicious hacking in a database. In this paper, we present our database forensics methods, which are capable of examining database content from a storage (disk or RAM) image without using any log or file system metadata. We describe how these methods can be used to detect security breaches in an untrusted environment where the security threat arose from a privileged user (or someone who has obtained such privileges). Finally, we argue that a comprehensive and independent audit framework is necessary in order to detect and counteract threats in an environment where the security breach originates from an administrator (either at database or operating system level). Towards a Content-based Defense against Text DDoS in 9-1-1 Emergency Systems Bal Krishna Bal (University of Houston)*; Weidong Shi (University of Houston); Stephen Huang (University of Houston); Omprakash Gnawali (University of Houston) Text messaging is getting increasingly popular among all generations because it is built into the cellphone carried by people all the time. People, including those with speech and hearing disabilities, are starting to use text messages in place of voice 9-1-1 calls to call for help during emergencies and many 9-1-1 centers are starting to support text messaging. Since text messages take less bandwidth, it is more likely to be available in a major disaster than voice calls. Text messages are also useful in emergency situation such as a child hiding in a closet during a home invasion. On the other hand, text message system is also subject to abuse by hackers. In a recent attack, a teenager was able to send voice calls from a large number of smartphones to 9-1-1 call centers. That same Distributed Denial of Services (DDoS) attack can happen to text messages. While it does not fall under the policy of the call centers to filter out the incoming messages, it would be useful to do some preliminary analyses of the text messages and based on the result of those analyses determine the priority order for processing thereby helping human operators to efficiently manage the messages. In this work, we design and implement several new Natural Language Processing (NLP) techniques to analyze the contents of the incoming text messages to an emergency call center to provide insights about potential spam or DDoS attacks to 9-1- 1 centers. Our preliminary results show that the task of automatically analyzing the text to determine if a text is part of an attack can be done with reasonable accuracy.
Humanitarian Assistance & Disaster Relief (HADR) 3: Situational Awareness Salon E
Building robust risk management as a method of situational awareness at the local level Jennifer L Schneider (RIT)*; Carol Romanowski ( Rochester Institute of Technology); Sumita Mishra (Rochester Institute of Technology); Rajendra K Raj (Rochester Institute of Technology); Sarah A Dobie (Rochester Institute of Technology) Management of risk at the community level continues to be challenging despite the creation of frameworks to support the management of various typologies of risk. As the scope and form of emergent risk evolves, our situational awareness tools and methodologies must also change to identify risks and possible impacts, events, and opportunities for mitigation. This paper examines the major risk frameworks applicable to community systems, and how they may be combined with historical and real-time data to provide a richer awareness of the existing operational environment during potential and actual calamities. The paper concludes with an examination of our opportunities to advance holistic risk management through the application of systems standards. Outreach to Define a Public Safety Communications Model For Broadband Cellular Video Andrew Weinert (MIT Lincoln Laboratory)*; Chris Budny (MIT Lincoln Laboratory ) Video applications and analytics are routinely projected as a stressing and significant service of the Nationwide Public Safety Broadband Network. As part of a NIST PSCR funded effort, the New Jersey Office of Homeland Security and Preparedness and MIT Lincoln Laboratory have been developing a body worn camera dataset that will be made publicly available, along with identifying and recommending a set of feasible potential video analytics that can be built using the dataset or others. The development of this dataset was informed by outreach and feedback from the public safety community. We overview the outreach process and proposed capabilities that could be developed with a video dataset tailored for public safety. Cross-referencing social media and public surveillance camera data for disaster response Chittayong Surakitbanharn (Stanford University)*; Calvin Yau (Purdue University); Guizhen Wang (Purdue University); Aniesh Chawla (Purdue University); Yinuo Pan (Purdue University); Zhaoya Sun (Purdue University); Sam Yellin (Purdue Univeristy); David Ebe Physical media (like surveillance cameras) and social media (like Instagram and Twitter) may both be useful in attaining on-the-ground information during an emergency or disaster situation. However, the intersection and reliability of both surveillance cameras and social media during a natural disaster are not fully understood. To address this gap, we tested whether social media is of utility when physical surveillance cameras went off-line during Hurricane Irma in 2017. Specifically, we collected and compared geo-tagged Instagram and Twitter posts in the state of Florida during times and in areas where public surveillance cameras went off-line. We report social media content and frequency and content to determine the utility for emergency managers or first responders during a natural disaster.

Land/Maritime Borders & Critical Infrastructure Protection 3:

Automated Data Processing

Salon F

Automatic Frame-Cut Detection for Self-Diagnostics of Video Surveillance Systems Arash Samani (Tufts University)*; Karen Panetta (Tufts University); Sos Agaian (USA); Wendy Wan (Tufts University) There are thousands of hours of digital video recorded everyday by surveillance cameras, dashboard cameras, police body cameras, that are often used as court evidence. These video recordings could have been edited before being archived and there is no easy way to know if they have been tampered with unless visually and carefully examined.  A jump-cut could also be the result of faulty camera sensor, processing software failure, or transmission error. With the vast application span of security and surveillance cameras from banks, airports, borders, ports of entry, high value government properties such as embassies, it is important to have video security or surveillance system capable of self- diagnostics.  In this research, we propose an automatic method that can examine video recordings and detect frame- cuts without any human intervention. Our algorithm could assist law enforcement, department of justice, department of home land security, customs and border protection, and other government agencies to examine thousands of hours of video recordings quickly and autonomously and produce the list of possible framecuts with their timestamps. Human Detection in Infrared Imagery using Gradient and Texture Features and Superpixel Segmentation Theus H Aspiras (University of Dayton); Vijayan K Asari (University of Dayton)*; Hussin k Ragb (University of Dayton) Many human detection algorithms are able to detect humans in various environmental conditions with high accuracy, but they lack the ability to give the exact region of where the human is located (usual detections as a bounding box.  The proposed algorithm utilizes a two-stage approach for human detection: gradient and texture features and super- pixel segmentation.  The first stage is a high accuracy human detection algorithm that uses gradient information through the Histogram of Oriented Gradients and texture information through the center-symmetric local binary pattern.  Various binning strategies help keep the inherent structure embedded in the features, which provide enough information for robust detection of the humans in the scene.  The second stage is the SLIC super-pixel segmentation algorithm to find the actual regions of the person that are not background information.  The bounding box is assumed to have surrounding background information with foreground information as the human.  The second stage characterizes the background information surrounding the human and deletes and super-pixel information that contains background information, which then groups the remaining foreground information into a convex hull representation.  The algorithm is shown to create a better representation of the human detection for analysis of scenes as compared to normal detection strategies. Extracting Dialed Telephone Numbers from Unstructured Audio Steven Presser (Presser Surveillance Solutions and Technology)*; Michael Walsh (Presser Surveillance Solutions and Technologies) presented is a novel method (the Call Contents AutomaticDifferentiator(CCAD))forextractingdialedtelephone numbers from unstructured audio without capturing audio content – including other dialed information. This technology fills a critical law enforcement need to determine the ultimate destinationofacall,evenwhenthecallisroutedthroughmultiple redirectors. The basic methodology involves examining the timing between digits, as well as the volume of audio segments between digits. Despite its simplicity, this method was able to isolate and extract dialed telephone numbers with accuracy greater than 99% in the expected scenario and greater than 98% in worst-case scenarios. If expanded to work in real-world scenarios, CCAD could serve as a new and clearly-legal source of information for local, state and national law enforcement, as well as operating in national security cases.
Biometrics & Forensics 3  Salon G
OcularNet: Deep Patch-based Ocular Biometric Recognition Sai Narsi Reddy Donthi Reddy (University of Missouri - Kansas City)*; Ajita Rattani (University of Missouri - Kansas City); Prof. Reza Derakhshani (University of Missouri-Kansas City) Deep learning played a major role in many recent advancements in mobile ocular biometrics. However, many of the experiments are conducted on models which are large in the number of parameters and are inefficient to deploy on mobile devices. In this paper we propose OcularNet, a convolutions neural network(CNN) model, using patches from the eye images. In OcularNet model, we extract six registered overlapping patches from the ocular and periocular region and train a small convolutions neural network(CNN) for each patch named PatchCNN to extract feature descriptors. As the proposed method is a patch-based technique, one can extract features based on the availability of the region in the eye image. We compare verification performance of the proposed OcularNet which has 1.5M parameters with the popular ResNet-50 model which has 23.4M parameters. On popular large-scale mobile VISOB dataset, the proposed OcularNet model not only outperformed ResNet-50 with at least 11% GMR at 1−4 FMR in subject independent verification setting but also has 15.6X less number of parameters. Further, experimental evaluations were performed on UBIRIS-I, UBIRIS-II, and CROSS-EYED datasets to evaluate the performance of OcularNet over ResNet50 Multi-biometric Convolutional Neural Networks for Mobile User Authentication Ajita Rattani (University of Missouri - Kansas City)*; Sai Narsi Reddy Donthi Reddy (University of Missouri - Kansas City); Prof. Reza Derakhshani (University of Missouri-Kansas City) Existing literature has established that multibiometric systems, which consolidate information from multiple biometric sources, can significantly enhance the performance by overcoming limitations such as non-universality, noisy sensor data and large intra-class variations. Several fixed and learning-based fusion methods exist to combine multibiometric information for personal verification. The aim of this paper is to develop convolutional neural networks (CNN) architectures for fusion of biometric information from multiple sources. The advantage of CNN-based multibiometric fusion include (a) the ability to perform early, intermediate and late fusion, and (b) the fusion architecture itself can be learned during network training. Experimental investigations on large scale VISOB dataset prove the efficacy of the multibiometric CNNs over conventional fusion methods.

Cyber Security 4:

Threat & Attack Modeling

Salon B

A Method of Threat Analysis for Cyber-Physical System using Vulnerability Databases Yusuke Mishina (National Institute of Advanced Industrial Science and Technology)*; Kazuo Takaragi (AIST); Katsuyuki Umezawa (Shonan Institute of Technology) Safety and security are major issues for cyber-physical systems. We propose a threat analysis method effective for the design stage of a safety-critical cyber-physical system, utilizing the fact that similar systems tend to have co-occurrence in the way of their chain in vulnerability. We first utilize a vulnerability database to express known cyber-attack cases on the Fault TreeAttack Tree (FT-AT). Second, the method uses FT-AT as a kind of teacher data for similar system threat analysis and uses it to find new attacks in similar systems. This makes it possible to efficiently support system design that tries to implement safety and security. The usefulness of the approach is demonstrated by example applications to previously reported attacks on Tesla and Cherokee. Forecasting Cyberattacks as Time Series with Different Aggregation Granularity Gordon Werner (RIT)*; Ahmet Okutan (Rochester Institute of Technology); Shanchieh Yang (RIT); Katie McConky (RIT) Cyber defense can no longer be limited to intrusion detection methods. These systems require malicious activity to enter an internal network before an attack can be detected. Having advanced, predictive knowledge of future attacks allow a potential victim to heighten security and possibly prevent any malicious traffic from breaching the network. This paper investigates the use of Auto-Regressive Integrated Moving Average (ARIMA) models and Bayesian Networks (BN) to predict future cyber attack occurrences and intensities against two target entities.  In addition to incident count forecasting,  categorical and binary occurrence metrics are proposed to better represent volume forecasts to a victim.  Different measurement periods are used in time series construction to better model the temporal patterns unique to each attack type and target configuration, seeing over 86\% improvement over baseline forecasts. Using ground truth aggregated over different measurement periods as signals, a BN is trained and tested for each attack type and the obtained results provided further evidence to support the findings from ARIMA.  This work highlights the complexity of cyber attack occurrences; each subset has unique characteristics and is influenced by a number of potential external factors. Secure Software by Design Shimon Rothschild (Doctoral student Uni. of Texas at Arlington)* Based on the calculated cost of a lost record, Yahoo, who “lost” 3 billion records, would be in debt for 450 BILLION DOLLARS. What drives organizations to seek better methods to protect data? The cost of losing data can be high, and it will get higher. Large organizations are able to withstand the malware onslaught, small and mid-size companies have 50-50 chance of remaining in business. To reduce the damage caused by malware, organizations are investing in technology and research. Current research in supervised machine learning is promising. Small and mid-sized companies do not have security professionals to maintain and monitor them. Another area of research is “Honeypots” and “Red Flags”. These techniques may work in espionage, but “white hat testers” demonstrate that these traps are recognized and avoided. Organizations guilty of a data breach, even with clear evidence of negligence are seldom prosecuted. It is very rare that civil or criminal charges are brought against those negligent of reasonable efforts.  Can the current environment change? New technologies will eventually be available for small and mid-sized organizations. Laws are changing to make senior management culpable for negligence in protecting sensitive data. Organizations need another way to protect against a data breach.  An alternate, and easier strategy for fighting malware is to write software more difficult to hack. This research is identifying how current software practices, lessons learned from malware software, and a novel method to identify critical code, can reduce successful malware attacks. The objective of the research is to search for and identify critical sections in code that should be modified for reducing vulnerabilities. The critical application logic is identified and alternate designs are implemented making it more difficult for the malware author to locate and modify. This research examines easy processes to learn and apply. The work is applicable for all organization, but the existing focus is on helping small and mid-sized organizations. A goal is to reduce the complexity in designing more secure software. The primary considerations are that there are only small additional burdens on software designers and that management sees business value for supporting and requiring more secure software. Because small and mid-sized organizations are more tightly integrated into the supply chain, it the in the interest of large organization, government agencies and the public that these small and mid-sized organizations create more secure software. With an increasing shortage of cyber security professionals, the short-term alternative is to better train software developers for designing more secure software.
Humanitarian Assistance & Disaster Relief (HADR) 4: First Responders & Impacted Communities Salon E
Providing first responders with real-time status of cellular networks during a disaster Clark Hochgraf (Rochester Institute of Technology)*; Joseph Nygate (RIT); Miguel Bazdresch (Rochester Institute of Technology); Mark J Indelicato (RIT); William Johnson (RIT); Romel  Espinosa Reyes (Ministry of Telecommunications and Information ) Existing systems for reporting cellular outages do not provide adequate geographical granularity and do not provide a real-time view of the state of the communication network. This work presents a system for real-time measurement of both coverage and quality of service via crowdsourced measurements from consumer and first responder phones. Baseline coverage and quality of service data is collected prior to a major disaster. During a major disaster, real-time data is compared to baseline to identify areas of congestion or outages. Such information can be used by incident commanders to more effectively deploy resources during major disasters. Furthermore, such system state information can be used to support automatic deployment of temporary cellular network base stations, such as on drones. Learnings of the Complete Power Grid Destruction in Puerto Rico by Hurricane Maria Melvin  Lugo-Alvarez (University of Puerto Rico at Mayaguez); Guillermo Lopez-Cardalda (University of Puerto Rico at Mayaguez); Sergio Mendez-Santacruz (University of Puerto Rico at Mayaguez); Eduardo Ortiz (University of Puerto Rico-Mayaguez)*; Erick Apo This paper discusses of all the consequences and effects after the loss of electrical systems caused by hurricane Maria on the island of Puerto Rico. Puerto Rico is in the Caribbean and is very susceptible to catastrophes due to natural events which cause different social effects in the population. In this article, the major affected areas will be mentioned, from the water and communications systems to health and the economy in Puerto Rico after Hurricane Maria. We will mention the fragility of the country's infrastructure and possible measures to reestablish these services in the most expeditious manner. The disasters caused by the hurricane on the island can be likened to the damage generated by a terrorist attack, which can give us an indication of how to act after a catastrophe.
Land/Maritime Borders & Critical Infrastructure Protection 4: Screening Salon F
Estimating the Location of a Nuclear Source in a Three-Dimensional Environment Exhibiting Non- Homogeneous Attenuation Upasana Bhattacharyya (Clemson University)*; Carl Baum (Clemson University) The problem of locating the source of radioactive emissions using a network of sensors is considered. Estimating the three-dimensional location of a nuclear source is especially difficultinenvironmentsinwhichnosensorcanbeplacedinclose proximity to the source. In this paper, a multi-stage estimation algorithm is proposed and applied to a Poisson process model for radiation received at sensors that is not only proportional to the inverse square of the distance between the source and the sensor but also accounts for the effects of homogeneous and non-homogeneous attenuation. The algorithm is able to accurately estimate the location of a nuclear source in an urban environment despite the presence of concrete walls and other radiation absorbers whose locations are unknown to the sensor network. Rapid low-cost detection of persons concealed in containers, compartments and trucks Franklin Felber (Starmark, Inc.)* The only sensor capable of non-intrusively and harmlessly detecting even stationary persons through the steel walls of cargo containers, truck bodies, and train cars has been developed and demonstrated.  This paper presents the design and performance of a breadboard model of an active acoustic sensor based on a patent-pending impact transducer and matched resonant receiver. Extended intruder detection to counter advanced underwater threats in ports and harbors Franklin Felber (Starmark, Inc.)* Hardware and systems concepts have been developed to significantly reduce response times for countering underwater threats to U. S. military and government assets and shoreline facilities.  This paper presents a conceptual design of a networked multistatic sonar system of proliferated ultralow-cost active acoustic beacons based on Starmark’s demonstrated patent-pending high-power, low-voltage impact transmitters.
Biometrics & Forensics 4: Salon G
Person Re-identification Using Overhead View Fisheye Lens Cameras Arko Barman (University of Houston)*; Wencheng Wu (University of Rochester); Robert Loce (Datto Inc.); Aaron Burry (MKS Instruments) Person Re-identification has been a widely explored topic in automated video-based surveillance. Nonetheless, the substantial body of work in this area deals only with upright images of persons captured using rectilinear lenses. However, for surveillance applications, it is often preferable to use fisheye lenses to expand the field of view. Person re-identification using fisheye lenses is an uncharted territory with potential applications in image and video-based surveillance. In this paper, we explore various techniques by which we can use images and videos captured by fisheye lenses for person re-identification using conventional algorithms developed for rectilinear images. We discuss the application of foreground extraction and propose a framework for orientation normalization for use in fisheye images. We also introduce a novel radial co-location search to improve the accuracy of person re-identification using fisheye lenses. User Re-Identification Using Clothing Information for Smartphones Duc Huy Hoang Nguyen (University of Missouri, Kansas City)*; Raghunath Puttagunta (University of Missouri, Kansas City); Zhu Li (University of Missouri, Kansas City); Prof. Reza Derakhshani (University of Missouri-Kansas City) With the expected of 2.5 billion people using smartphone by 2019, mobile biometric is a crucial field providing convenient and secure access for users. As most of the security systems only require single authentication, an intruder can gain access after the initial login stage. Human re-identification in mobile device is the task of continuously authenticating the person after initial login. In this paper, we investigate using clothing information for subject re- identification in mobile device. To this aim, we employed two approaches to extract shallow and deep clothing features, followed by a linear support vector machine (SVM) to distinguish genuine from impostors. Each method achieved promising results, with equal error rates below 0.05. Further, a fusion of handcrafted shallow features and datadriven deep features at, feature and score levels, provided 0.034 and 0.032 at EER, confirming the viability of the proposed method for accurate short-term re-identification for mobile use cases. Keystroke Dynamics Based Authentication Using GFM Shantaram Vasikarla (California State University-Northridge)* This paper presents a novel method for keystroke dynamics based authentication by utilising Generalised Fuzzy Model (GFM), which is a combination of Mamdani-Larsen and Takagi-Sugeno fuzzy models. We make use of Gaussian Mixture Model (GMM) and GFM for modelling using the individual keystroke measurement types and combinations of measurement types of the keystroke dynamics. To validate GFM on keystroke dynamics in the real-world situation, it is tested on CMU dataset and the performance of this model is superior to that of GMM.

Cyber Security 5:

Attack Detection

Salon B

A Systems Approach To Indicators Of Compromise  Utilizing Graph Theory Chuck Easttom (CEC-Security LLC)* It is common to record indicators of compromise (IoC) in order to describe a particular breach and to attempt to attribute a breach to a specific threat actor. However, many network security breaches actually involve multiple diverse modalities using a variety of attack vectors. Measuring and recording IoC’s in isolation does not provide an accurate view of the actual incident, and thus does not facilitate attribution. A system’s approach that describes the entire intrusion as an IoC would be more effective. Graph theory has been utilized to model complex systems of varying types and this provides a mathematical tool for modeling systems indicators of compromise. This current paper describes the applications of graph theory to creating systems-based indicators of compromise. A complete methodology is presented for developing systems IoC’s that fully describe a complex network intrusion. Enabling Hardware Trojan Detection and Prevention through Emulation Alfred Crouch (Amida Technology Solutions)*; Eve Hunter (Amida Technology Solutions); Peter Levin (Amida Technology Solutions) Hardware Trojans, implantable at a myriad of points within the supply chain, are difficult to detect and identify. By emulating systems on programmable hardware, the authors have created a tool from which to create and evaluate Trojan attack signatures and therefore enable better Trojan detection (for in-service systems) and prevention (for in- design systems).
Humanitarian Assistance & Disaster Relief (HADR) 5: Critical Infrastructure Salon E
Seismic Cloaking Protection from Earthquakes Rob Haupt (MIT Lincoln Laboratory)*; Vladimir Liberman (MIT Lincoln Laboratory); Mordechai Rothschild (MIT Lincoln Laboratory); Charles G. Doll, Jr. (MIT Lincoln Laboratory) Each year, large ground motions from earthquakes cause infrastructure damage and loss of life worldwide.  Here we present a novel concept that redirects and attenuates hazardous seismic waves using an engineered seismic-muffler acting as a cloaking device.  The device employs vertically-oriented, sloping opposing boreholes or trenches to form muffler walls and is designed to: 1) reflect and divert large amplitude surface waves as a barrier, while 2) dissipating body and converted waves traveling from depth upward into the muffler duct.  Seismic wave propagation models suggest that a seismic muffler can effectively reduce broadband ground motion directly above the muffler.  3D simulations are also compared for validation with experimental data obtained from bench-scale blocks containing machined bore hole arrays and trenches.  Computer models are then scaled to an earth-sized model.  Results suggest a devastating seismic energy magnitude 7.0ME earthquake can be reduced to less damaging magnitudes experienced in the muffler vicinity, 4.5- ME (surface wave) and 5.7- ME (upgoing coupling into the muffler).  Our findings imply that seismic-muffler structures significantly reduce the impact of the peak ground velocity of dangerous surface waves, while, seismic transmission upward through the muffler base at depth has marginal effects.   Evaluation of Datacasting and LTE Integration for Public Safety and First Responder Applications Daniel P Syed (JHU/APL)*; John Contestabile (JHU APL); Cuong Luu (DHS); Morgan Gaither (JHU/APL) The Department of Homeland Security (DHS) Science and Technology (S&T) Directorate has sponsored a series of tests and data collection opportunities, designed and executed by the Johns Hopkins University Applied Physics Laboratory (JHU/APL), of integrated public safety architectures leveraging a pilot data casting system developed by the vendor SpectraRep. Data casting leverages licensed bandwidth to embed secure data (including video) within digital TV transmission to provide an efficient means of targeted one-to-many communications with first responders and public safety officers over a wide area. Because it makes use of Public Television’s robust infrastructure, data casting can reliably broadcast information during emergencies; however, because it is unidirectional, it is more effective as an element within a larger cellular based architecture. The objectives of these tests were to validate the ability of integrated architectures to provide a resilient data driven communications capability to first responders. Multiparameter Outstation Agents for Cyber-Physical Electrical Grid Security and Restoration Marissa Morales-Rodriguez (Oak Ridge National Laboratory)*; Emma Stewart (Lawrence Livermore National Laboratory); Peter Fuhr (Oak Ridge National Laboratory) This paper describes the development and deployment of cyberaware sensors to monitor the electrical grid and aid with disaster relief. These cyberaware sensors, outstation agents, provide information of multiple parameters simultaneously acting like a black box. The sensors embedded in the outstation agents and the communication architectures are described. These outstation agents are deployed around electrical substations in stationary and mobile platforms. The data collected from the outstation agents is sent to the utility control center providing information of the current status of the electrical grid. In the event of a disaster, the outstation agents make available information on the state of the grid, failures, and resources available to create an effective restoration pathway.

Land/Maritime Borders and Critical Infrastructure Protection 5:

Automated Data Processing

Salon F

Integrative Analytics for Detecting and Disrupting Transnational Interdependent Criminal Smuggling, Money, and Money-Laundering Networks Ashwin Bahulkar (Rensselaer Polytechnic Institute); Orkun Baycik (Rensselaer Polytechnic Institute); Thomas Sharkey (Rensselaer Polytechnic Institute)*; Yeming Shen (Rensselaer Polytechnic Institute); Boleslaw Szymanski (Rensselaer Polytechnic Institute); In this paper, we describe a framework that integrates descriptive, predictive, and prescriptive analytics that aids detecting and disrupting a transnational criminal organization (TCO) operating as interdependent contraband smuggling, money, and money laundering networks. This type of TCO will smuggle contraband across the U.S. border, generate revenues from illegal sales within the U.S., and then use the money laundering network to send the money out of the U.S. Law enforcement may have partial information about the underlying social network of the TCO but this may be missing important, intentionally hidden connections between the criminals. The proposed framework predicts the missing links in the social network data and then algorithms are applied to the augmented data to detect the communities of the TCO. Each community serves a different role in the TCO and thus are necessary in modeling the operations of the organization. Once the communities are identified, we prescribe actions that allocate resources to disrupt the TCO operations optimally in terms of law enforcement criteria. Comparisons of Adaptive Automation Conditions for Single-Operator Multiple-Agent Control Systems Sabin Park (Draper Laboratory)* Autonomous systems provide tangible benefits in the field of human-computer interaction (HCI) by reallocating work from human operators to suitable machine substitutes. However, improper implementations of autonomy in HCI systems have led to dire consequences. As such, the expansion of autonomy in research and industry must be matched by solutions that properly balance the interaction between human and machine. Early human-computer teams relied on multiple human operators working with one or just a few complex machines. With the growth of technology and improved autonomy, however, this trend has gradually reversed in that multiple complex machines are now supervised and operated by individual human controllers. Past research suggests that simply increasing autonomy fails to address the imbalance between human and machine within a cooperative mission scenario. Instead, adaptive automation has been demonstrated to be a viable solution in balancing the degree of autonomy between human and machine. Previous studies have verified the existence of relationships between levels of autonomy, human cognition, and system performance. In the context of single-operator multiple-agent scenarios, adaptive systems allow the levels of automation to dynamically adapt to the needs of both the human and the machine. This research explores various methods of invoking adaptive automation that aims to balance the level of automation between the human and machine within a simulated multitasking scenario. As such, a military-inspired simulation was designed and implemented to compare the effects of different adaptation mechanisms on objective task performance and operator cognitive workload. Comparisons of four adaptation conditions support the use of adaptive automation as opposed to random or adaptable automation mechanisms for maintaining overall mission performance requirements. Results indicate increased operator utilization and situation awareness over time with decreased subjective workload scores in the adaptive conditions compared to the adaptable and random automation conditions. Can a Student Outperform a Teacher? Deep Learning-based Named Entity Recognition using Automatic Labeling of the Global Terrorism Database ilhwan kim (Intuidex Inc.)*; William  Pottenger (Rutgers University); Vincent Behe (Intuidex Inc.) In this paper, we propose a deep learning-based named entity recognition system (DL-NER) for the counterterrorism domain. In addition, we propose a training method where an existing rule-based system is used to label terrorism incident datasets such as the Global Terrorism Database (GTD) and the Worldwide Incident Tracking System (WITS), and the resulting labeled datasets are used to train DL-NER. We report improved performance of DL-NER in comparison to the rulebased system that was used to label the training datasets for DL-NER. We also observed better performance of DL-NER than Stanford NER when DL-NER was trained using CoNLL03 and GTD datasets labeled by Stanford NER. Thus we conclude that an existing rule-based NER system may be used to work around the issue of the high knowledge engineering cost of developing sufficient training data for deep learning approaches to NER.
Cyber Security 6: Physical System Security 2 Salon B
Analysis of Adversarial Learning of Reactor State Yeni Li (Purdue University)*; Hany Abdel-Khalik (Purdue University); Elisa Bertino (Purdue University, USA) With the recent successful attack attempts against the digital control systems of critical infrastructures, there is a need to develop new defense strategies that take into account two important realities: state-sponsored attackers can rely on a number of techniques including espionage, social engineering, and brute force techniques, etc. to gain access to the raw data used to control system behavior; and attackers can falsify operational data in manners that do not trigger conventional outlier/anomaly detection techniques in order to remain undetected, which is referred to as false data injection attacks. This paper explores the use of model-based techniques which have been recently promoted as potential approach for identifying data injection attacks. Specifically, we explore whether attackers can emulate the predictions of the models used by the defender. For demonstration, we employ a simplified point kinetics models with a number of unknown parameters and explore how inference techniques may be used to fully determine the dynamical behavior of the system. Results indicate that attackers can emulate the model predictions with high accuracy, indicating that the brute force application of model-based defenses is not effective and must be supplemented by other defense measures. Cracking a Continuous Flow Reactor: A Vulnerability Assessment for Chemical Additive Manufacturing Devices Sean M Futch (Johns Hopkins University)*; Joseph Kosturko (Johns Hopkins University); Eric Schlieber (Johns Hopkins University); Seth Nielson (Johns Hopkins University) The proliferation of additive manufacturing devices such as 3D-printers and chemical Continuous Flow Reactors (CFR) have commoditized the creation of complex physical and liquid products. CFR machines are computer controlled pumps and mixers designed to synthesize industrial and medical chemical compounds. Similar to many new digital products, CFRs often lack standard forms of access control and are vulnerable to physical and network-based attacks. This paper reviews the common attack vectors and vulnerabilities associated with Supervisory Control and Data Acquisition (SCADA) systems and uses these lessons to inform an initial analysis and security test of the Cole-Parmer Masterflex CFR. Using standard penetration testing techniques, we show that the Masterflex CFR is susceptible to multiple types of remote and local attack including query flooding, malformed ping attacks, and firmware retrieval via an “Evil Maid Attack”. These attacks are trivial to perform and can potentially harm the device, nearby operators, or the users of manufactured products via cyber- physical attack. We believe that these findings in the Cole-Parmer Masterflex are indicative of similar vulnerabilities in other CFR models. Trust as a Service: Building and Managing Trust in the Internet of Things Ling Liu (Georgia Institute of Technology); Dr. Margaret Loper (Georgia Tech Research Institute)* Trust is an abstract, multi-faceted and subjective concept. It is difficult to define trust and identify the elements that establish trust. At the same time, trust is regarded as an essential pillar for our digital economy, our cyber infrastructure and the success of Internet of Things (IoT). In this paper, we review the definition of trust from multi-disciplinary perspectives to illustrate the nature and concept of trust. We integrate the diverse perspectives, and categorize them based on how trust is established, leveraged and maintained in the real world. We further investigate the elements that are pertinent to the formation of trust and to the foundations for provisioning Trust as a Service. We conclude the paper with a summary and a discussion on future research on trust building and management in IoT.
Humanitarian Assistance & Disaster Relief (HADR) 6: Salon E
Visualization and Communication Tool for Emergency Response J. Gelernter (Rutgers University); N. Maheshwari (Lab for Spatial Informatics IIIT Hyderabad); A. Sussman (Emerging Technology Services for the City of Alexandria) The current procedure for assessing emergency situational awareness in the USA requires Police,  Paramedic and Fire First Responders to go on site. This observation is termed “size up”. It is effective, but not efficient. Using advanced information and communication for size-up would save Responders time and allow them to begin actual response faster--possibly saving lives. The commercial software that exists for sizeup is not in wide use. We have developed a software application called an Indoor-Outdoor Viewer for size-up for emergencies so that Responders can get information about the incident before they arrive at the site. It is an easy-to-use Viewer that shows building surroundings and their interiors, and allows Responders to mark the map to organize their approach. It will be compatible with real-time emergency data streams.

Land/Maritime Borders & Critical Infrastructure Protection

Session 6: Unmanned Aircraft Systems I

Salon F

SWATT: Synchronized Wide-area sensing and Autonomous Target Tracking Ervin Teng (Carnegie Mellon University)*; Ceferino Gabriel Ramirez (Carnegie Mellon University); Bob Iannucci (Carnegie Mellon University) Monitoring large land areas is a human-intensive process. Sensor networks offer the promise of automation. Modernsensornetworksalonetypicallyonlyaddresstheproblem of event detection; they do not not address having to analyze what is detected. Furthermore, despite advances in low-power, long-range embedded sensing as well as high-power, high-fidelity camera or UAS sensing, no one type of sensing system alone can be low-cost, widely deployed, and high-fidelity. We propose a hybrid network of low-power and high-power sensors that, together, offer wide-area coverage. We couple these with a mechanism for online machine learning, allowing the the network to react to events autonomously. We design, deploy and evaluate a proof-of-concept system that is able to detect, learn about and track a vehicle in real time based on this combination of multi-modal sensing and machine learning. UAV Passive Acoustic Detection Alexander Sedunov (Stevens Institute of Technology)*; Hady Salloum (Stevens Institute of Technology MSC); Alexander Sutin (Stevens Institute of Technology MSC); Nikolay Sedunov (Stevens Institute of Technology); Sergey Tsyuryupa (Stevens Institute of Tech) The proliferation of low-cost consumer Unmanned Aerial Vehicles (UAV) has enabled their potential nefarious use or negligent misuse, including intrusion into airspace used by emergency services or civilian aircraft, unauthorized surveillance, and delivery of harmful payloads. Passive acoustic sensors may permit the creation of low-cost means of detecting and localizing the unwanted UAV traffic. Experiments were conducted to characterize the emitted noise of UAVs of various sizes in an anechoic chamber while airborne and demonstrate the processing required to detect and find the direction toward the sound. An array of microphones arranged in two circular tiers, each with a radius of 1 meter, separated by 1.6 meters vertically was used for data collection in the tests at a local airport. Algorithms based on Generalized Cross-Correlation (GCC) were applied for direction finding including fusing time difference of arrival and steered power response with phase transform (SRPPHAT). Detection distances of 294 m for the smallest UAS tested were demonstrated. An algorithm for tracking moving sources using microphones separated by about 19 meters was demonstrated, addressing the decorrelation due to the Differential Doppler effect. Long-term Testing of Acoustic System for Tracking Low-flying Aircraft Alexander Sedunov (Stevens Institute of Technology)*; Hady Salloum (Stevens Institute of Technology MSC); Alexander Sutin (Stevens Institute of Technology MSC); Nikolay Sedunov (Stevens Institute of Technology) Stevens Institute of Technology conducted a longterm test of an acoustic system designed to track low-flying small aircraft in remote locations.  The system consists of 4 nodes located between 1 and 4 km apart in a mountainous terrain. Each node is comprised of a pyramid-shaped volumetric cluster of 5 microphones, an embedded computer, and a pan-tilt-zoom camera steered to detected targets in real time. A communication device was used to transfer data to a centralized location. Each node estimates the direction of arrival toward the sound sources and sends it along to a central processing computer. The central computer combines the data from all nodes to generate tracks and classify targets. The duration and the scale of the deployment allowed to identify and solve many problems, including the effects of propagation delays between nodes on cooperative localization and tracking, the seasonal changes in environmental noise, persistent and transient noise sources, and the diversity of targets of opportunity and their signatures. The propagation delay effects led to the development of separate trackers for review of target trajectories and for immediate action such as automatically steering the camera.

Land/Maritime Borders & Critical Infrastructure Protection

Session 9: Surveillance and Communications

Salon G

iGroup Learning and iDetect for Dynamic Anomaly Detection with Applications in Maritime Threat Detection Chencheng Cai (Rutgers University); Rong Chen (Rutgers University); Alexander Liu (Rutgers University); Fred S Roberts (Rutgers University)*; Minge Xie (Rutgers University) The maritime transportation system is critical to the US and world economy. This paper reports on two novel statistical tools, iGroup learning for individualized grouping and baseline distribution formation, and iDetect for subsequent individualized detection of anomalous deviations from the baseline distribution. These statistical methods are being developed, tested, and implemented in the context of maritime threat detection, but can be easily applied in other areas. In the maritime domain, the tools aim to provide early warnings of anomalies and assessments of resulting risk for vessels being monitored. The paper presents some preliminary results about these tools and specifically reports on a case study aimed at finding anomalous behavior for vessels approaching a port. Sighted Cable Cut Same Michael W David (National Intelligence University)* The concept of communications prioritization has long existed, but ongoing developments in Information Technology require continuous updating on how to adequately apply communication prioritization.  The development of communications technology usually undergoes stages.  First scientists strive to develop the new communications method - simply establishing the means to use the communications reliably.  Then, thoughts of security and of prioritizing communications arise as the technical methods become established and wide spread.  This pattern was demonstrated with the development of both written and radio communications, and today’s usage of submarine cables follows suit.  The development of the global Internet and the fiber optic submarine cable network has become ubiquitous and critically important to both the U.S. government and modern society – but the follow-on issues of communications security and prioritization need further development.    To address potential U.S. communications priority, we examine four elements (A) the strategic importance of communications prioritization as a deterrence and mitigation to adversary threats, (B) the context of critical government traffic relative to noncritical traffic, (C) the technical feasibility of communications prioritization, and (D) the legal authorizations required for communications prioritization.

Humanitarian Assistance & Disaster Relief (HADR) 7:

Chemical, Biological, Radiological, Nuclear and Explosives (CBRNE)

Salon E

Modeling and Simulation (M&S) and Test and Evaluation (T&E) of Radiation Detectors for CWMD Missions Richard Chiffelle (Applied Research Associates, Inc.); William Ford (Applied Research Associates, Inc.); Tyler Browning (Applied Research Associates, Inc.); Andy O Li (Applied Research Associates, Inc.)*; Lyndon Wrighten (Defense Threat Reduction Agency) The Defense Threat Reduction Agency (DTRA) has a test and evaluation (T&E) program intended to inform Department of Defense (DoD) and other government operators about the performance of radiation detectors. For the last 10 years, Applied Research Associates, Inc. (ARA), DTRA’s test agent, provided T&E services by planning, executing, and reporting on annual radiation detector test campaigns. The specific structure of the test campaign depends on DTRA and end-user requirements, but the test process had been refined to use a general format that examines the technical performance and the usability of the detectors as they relate to realworld operations.  Recently, modeling and simulation (M&S) tools have been introduced into the T&E program to aid in test planning and anomaly reporting. In this paper, we describe the DTRA radiation detector T&E process and the status of M&S tools incorporation.     Unmanned Aircraft Applications in Radiological Surveys John R Peterson (Virginia Tech)*; Brian Cesar-Tondreau (Virginia Tech); Haseeb Chaudhry (Virginia Tech); Kevin B Kochersberger (Virginia Tech); John Bird (Virginia Tech); Morgan McLean (Remote Sensing Laboratory); Wojciech Czaja (University of Maryland) Unmanned vehicles, equipped with radiation detection sensors, can serve as a valuable aid to personnel responding radiological incidents.  The use of tele-operated ground vehicles, avoids human exposure to hazardous environments, which in addition to radioactive contamination, might present other risks to personnel. Autonomous unmanned vehicles using algorithms for radioisotope classification, source localization, and efficient exploration allow these vehicles to conduct surveys with reduced human supervision allowing teams to address larger areas in less time. This work presents a system for autonomous radiation search employing several different algorithms and test results of this system in a field experiment conducted at Savanah River National Laboratory. Performance of National Security and Emergency Preparedness Services During Hazards of National Significance Denise Masi (Noblis)*; Brittany Biagi (Noblis); Nassissie Fekadu (Noblis); David Garbin (Noblis); Steven Gordon (Noblis); Muhammad Hussain (Noblis); David White (Noblis); Richard Kaczmarek (Noblis); Robert Dew (Noblis) Disasters can cause extraordinary public demand for communications services. Services supporting National Security and Emergency Preparedness (NS/EP) and public safety personnel must perform with minimal degradation during such events. This is provided by priority treatment mechanisms developed by carriers for the Department of Homeland Security’s (DHS) Office of Emergency Communications (OEC). DHS OEC uses modeling and simulation analyses to predict the ability of NS/EP users to communicate during network congestion, and also to understand service performance anticipated for these users during events such as the National Planning Scenarios [1]. This paper describes simulation analyses used to identify projected congestion in Fourth Generation (4G) Long-term Evolution (LTE) networks and the ability of NS/EP users to communicate during these significant events. Analysis results indicate certain priority treatments over the LTE air interface can greatly improve the call completion probability for priority calls in these scenarios, depending on the configuration of these mechanisms. Depending on the type of disaster event, certain entities in the Evolved Packet Core (EPC) network can also become congested. This analysis was performed to direct efforts for future priority mechanism development, as well as providing guidance for recommended configurations for current priority mechanisms.

Land/Maritime Borders & Critical Infrastructure Protection 7:

Unmanned Aircraft

Salon F

Persistent, Robust, Effective Surveillance using Small Unmanned Aerial Systems (PRESS) William Watson (BAE Systems); David Couto (BAE Systems); Jonatthon Sussman-Forte* (BAE Systems) Defending an area of interest, whether land, sea or air, against a myriad of intruders, e.g. unmanned systems (air, sea and land), poses a serious set of challenges to an already stressed border protection system. Enemy sophistication and commercially available technologies allow the migration of intrusion systems to move to areas where weaknesses are detected. Our response must be equally adept at moving to the areas as intrusion events ebb and flow over regions. Additionally these border protection systems must be cost effective and adaptable to changing environments. In this case, we propose a fleet of low-cost, autonomous, small Unmanned Aerial Systems (sUAS) with the ability to be transported to current hotspots of activity, launched in swarms, persistent for hours to days, provide real-time feedback for man-on-the- loop operations, and be retrievable for reuse at a later time. We note that the targets of interest are able to operate in two distinct modes: RF active and RF passive. In the RF active mode the target is typically communicating with an operator in a rather continuous fashion. In the RF passive mode the target is flying via internal navigation to a specific location. Our approach is to equip the sUASs with inexpensive yet effective electronics to perform cooperative geolocation and tracking of both types of targets, i.e. RF active and passive, using Time Difference of Arrival (TDOA), Frequency Difference of Arrival (FDOA) and Frequency-Rate Difference of Arrival (FRDOA) techniques. Providing the track information to the command center allowing them to decide actions to be taken. Towards Automated Post-Disaster Damage Assessment of Critical Infrastructure with Small Unmanned Aircraft Systems Zhong Mao (Northeastern University)*; Jiahao Wu (northeastern university); Yujie Yan (Northeastern university); Jerome Hajjar (Northeastern university); Taskin Padir (Northeastern University) Maintaining secure and resilient critical infrastructure including assets, systems, and networks such as roads, pipelines, bridges and railroads is a matter of homeland security.  This paper proposes an efficient and fast infrastructure inspection method by using autonomous small Unmanned Aircraft System (sUAS) to document damage after extreme events such as hurricanes, tornadoes, or earthquakes. Our research team has been selected to participate in the 2017 National Infrastructure Protection Plan (NIPP) Security and Resilience Challenge organized by the Department of Homeland Security’s Office of Infrastructure Protection and the National Institute for Hometown Security. We propose to use a sUAS equipped with visual sensors, such as Lidar and cameras, as a post-disaster data collection, detection and assessment system. Point cloud data collected is used for 3D structure modeling, forming the basis of the automated damage assessment.  Existing damage in structures are then detected and quantified using proposed damage detection methods, including surface normal based method for detecting damage with small deformation and graph-based method for detecting damage that occur with large deformation. This method provides new capabilities for automated damage analysis with sUAS as a key enabling technology for documenting damage in critical infrastructure to facilitate the post-disaster inspection and recovery of critical infrastructures. U-WaVe: Unmanned Water Vehicle for Costal Surveillance and Search and Rescue Larissa N Del Rosario (minds2CREATE); Jomar Ramirez (minds2CREATE); Eduardo Ortiz (University of Puerto Rico- Mayaguez)*; Melvin  Lugo-Alvarez (University of Puerto Rico at Mayaguez) This paper presents the use of unmanned water vehicle for educational purpose.  An unmanned water vehicle (UWV) prototype has been designed, manufactured and programmed with the intention of being cost-effective and environmentally friendly. Following the development of a successful prototype the next. The UWV will be created with applications in homeland security, defense, natural disaster assessment, among others.

Cyber Security 8:

Secure Authentication

Salon B

A Robust Double-Blind Secure High Capacity Watermarking and Information Hiding Scheme For Authentication and Tampering Recovery Via the Wavelet and Arnold Transforms Swapnil Chaughule (CMINDS/UMASS Lowell); Dalila B. Megherbi (CMINDS center /ECE,  UMASS Lowell)* In many communication applications, which involve exchange of digital information of high value, there is a need for secure exchange and authentication of digital information. In this paper and for that particular reason, we are proposing a novel double blind image information hiding technique for recovery and authentication of digital information without requiring knowledge and existence of  both the authentication watermark image and the carrier image at a receiving end. We show here how a watermark image information for authentication is embedded in a given carrier. This makes the proposed scheme independent of the carrier image and the watermark image, which can be arbitrary.  Here we utilize the properties of the Discrete Wavelet Transform (domain) and Arnold’s Transform algorithm to implement the proposed algorithm. Our proposed technique shows that (a) additional information is not required for the integrity check of the hidden digital information, (b) recovery of the hidden information from cropping and other attacks, (c) improved security is achieved  by making extraction of the hidden information inter dependent on the watermarked image, (d) the scheme has high capacity and allows embedding of gray-scale (versus binary) images of same size as a carrier image.  The proposed scheme provides localization and recovery towards tampering such as blurring, pixel tampering,  and so forth. Effect of JPEG compression and encryption on the quality of the extracted hidden information is also shown.   Exploiting Spatial Signatures of Power ENF Signal for Measurement Source Authentication Yi Cui (University of Tennessee)*; Yilu Liu (University of Tennessee); Peter Fuhr (Oak Ridge National Laboratory); Marissa Morales-Rodriguez (Oak Ridge National Laboratory) Electric Network Frequency (ENF) signals are the signatures of power systems that are either directly recorded from the power outlets or extracted from multimedia recordings near the electrical activities. Variations of ENF signals collected at different locations possess local environmental characteristics, which can be used as a potential fingerprint for authenticating measurements’ source information. Within this paper is proposed a computational intelligence-based framework to recognize the source locations of power ENF signals within a distribution network in the US. To be more specific, a set of informative location-sensitive signatures from ENF measurements are initially extract with such measurements representative of local grid characteristics. Then these distinctive location-dependent signatures are further fed into a data mining algorithm yielding the “source-of-origin” of ENF measurements. Experimental results using ENF data at multiple intra-grid locations have validated the proposed methodology. Robustness-to-Noise Analysis of A Secure and High Capacity Full-gray-scale-Image Information Hiding Via A New DCT-Moments-Based Scheme Othmane Habouli (CMINDS/ECE UMASS Lowell); Dalila B. Megherbi (CMINDS center /ECE,  UMASS Lowell)* In recent years, attacks by hackers against digital images traveling in the internet have risen drastically. Noise is one of the most popular and effective attacks against digital images and signals, in general. In this paper, unlike the old classical watermarking way of embedding moments into moments, we introduce a new scheme that allows hiding  moments of a hidden image into intensities of a carrier image. This new scheme proves to be very resilient and effective against unpredicted noise, up to a certain level, applied by a foreign source. In this proposed scheme, we embed DCT moments of a hidden and watermark gray level images into the intensities of an arbitrary carrier image of the same size as of the hidden and watermark. A random noise, with different noise levels,  is applied to the produced watermarked image to analyze its effect on the extracted hidden image. To have a better feel of the new scheme robustness to noise, we compare it to a classical watermark scheme that is based on hiding DCT moments of the hidden image into DCT moments of the carrier. As we show here, the new scheme enables to recover a highly accurate hidden image compared to the classical scheme,  where most of the data is damaged or lost. We also analyze the effect of the block size on the accuracy of the hidden extracted information in the presence of noise. We show how a resulting optimum block size of 16x16 is found to work well for a large variety of images. Security-oriented DSA for Network Access Control in Cognitive Radio Networks Lei Li (University of Massachusetts Lowell); Chunxiao Chigan (University of Massachusetts Lowell)*; Shuai Yuan (University of Massachusetts Lowell) Observing both Dynamic Spectrum Allocation/Access (DSA) and Network Access Control (NAC) are indispensable for granting network access privilege to eligible Cognitive Radio Network (CRN) users, we propose a novel security-oriented DSA algorithm to provide communication confidentiality for NAC in CRNs with negligible network performance degradation. Moreover, with the integration of this security-oriented DSA into NAC framework, the implementation complexity of NAC system is reduced. This is because not only is the complex encryption/decryption in traditional NAC replaced with our DSA, but also can the usage of a management mechanism to coordinate operations between DSA and NAC in real-world CRN systems be avoided. As the result, a complete secure solution for NAC design is achieved as the security-oriented DSA is capable of providing confidential communication for both authentication messages and subsequent user data. The analysis shows our proposed cryptography based NAC framework is robust to varying communication environment. Simulations verify that the confidentiality achieved by security-oriented DSA induces negligible degradation on average throughput per user compared with existing DSA schemes.

Humanitarian Assistance & Disaster Relief (HADR) 8:

Chemical, Biological, Radiological, Nuclear and Explosives (CBRNE) 2

Salon E

Three-Dimensional Radiative Transfer for Hyperspectral Imaging Classification and Detection Steven Golowich (MIT Lincoln Laboratory)*; Ronald Lockwood (MIT Lincoln Laboratory); Michael Chrisp (Lincoln Laboratory, MIT); Dimitris Manolakis (MIT Lincoln Laboratory) Hyperspectral image exploitation algorithms typically require inputs of reflectance spectra, which must be retrieved from the observed radiance spectra. This retrieval process is very challenging under the complex illumination conditions typical of urban settings due the influence of three-dimensional structure in the form of shadows and reflections, which must be taken into account by the algorithms. In order to advance the state of the art on this problem, MIT Lincoln Laboratory recently conducted an airborne data collection experiment in a light urban environment that included hyperspectral, laser radar, and pan-chromatic modalities. A comprehensive ground truth data set was collected and extensive efforts were directed at sensor characterization to enable the development of hyperspectral exploitation algorithms. Additionally, the laboratory is developing an extremely compact but high performance imaging spectrometer that will be ideal for the data collections required by this new image processing paradigm.

Land/Maritime Borders & Critical Infrastructure Protection 8:

Resilience

Salon F

Applying Machine Learning in Managing Deployable Systems Joseph Nygate (RIT)*; Clark Hochgraf (Rochester Institute of Technology); Mark J Indelicato (RIT); William Johnson (RIT); Miguel Bazdresch (Rochester Institute of Technology); Romel  Espinosa Reyes (Ministry of Telecommunications and Information ) The Next Generation First Responders program, run by the Department of Homeland Security, is responsible for developing and applying technologies to assist emergency responders of the future. Deployable Systems (DS) are a key technology in this program as they are critical in providing coverage when the availability of wireless resources is impacted during major disasters, in locations experiencing congestion due to large-scale incidents, or in remote areas where complete coverage is not feasible.  The Public Safety Communications Research group that is conducting research into DS technology has described technology gaps in • Measuring, modeling and predicting network coverage • Allocating, prioritizing, and routing available bandwidth between different applications • Interworking DS from different vendors  • Determining the coverage and bandwidth DS can provide We will show how these gaps can be addressed by implementing two 3rd Generation Partnership Project (3GPP) specifications - Access Network Discovery and Selection Function (ANDSF) and Self-Organizing Networks (SON) across the wireless and DS networks using a common data repository. Moreover, we will show how Machine Learning algorithms can leverage this data to implement many additional use cases that will help emergency responders, and disaster response planners in developing and implementing effective and efficient disaster management strategies. Application Of A Defender-Attacker-Defender Model To The U.S. Air Transportation Network Karl H Thompson (University of Illinois at Urbana-Champaign)*; Huy Tran (University of Illinois at Urbana-Champaign) Modeling, assessing and improving infrastructural resilience has been of increasing importance to national security in recent years. The U.S. air transportation sector, spanning approximately 500 airports and heliports, and hundreds of thousands of routes is of notable significance among transportation modes. This paper develops and solves a tri-level defender-attackerdefender optimization model to plan the optimal defense and operation of the US air transportation network against an intelligent attack. The tri-level aspect of the program refers to the defender first using available defensive assets to secure the system's connections, the attacker next using available offensive assets to attack unsecured connections, and finally, the defender guiding system operation to minimize operational cost. Different disruption and defense scenarios are explored, as well as the resulting passenger rerouting operations in the aftermath of each disruption. Results show that through the application of an optimal configuration combining route protection and flight rerouting, the effects of worst-case attacks on the network can be largely mitigated. Aviation Transportation, Cyber Threats, and Network-of-Networks: Modeling Perspectives for Translating Theory to Practice Udit Bhatia (Northeastern University, Boston, MA)*; Samrat Chatterjee (Pacific Northwest National Laboratory); Auroop R. Ganguly (Northeastern University, Boston, MA); Jianxi Gao (Rensselaer Polytechnic Institute); Mahantesh Halappanavar (Pacific Northwest National Laboratory) Understanding aviation transportation infrastructure system behavior and coupling with communication networks is essential for securing and restoring functionality against cyber-enabled threats. While significant progress has been made in the past decade on developing infrastructure resilience theories based on network structure and operations, translating and generalizing them to real-world practice has often been challenging due to imperfect data and inapplicability of modeling assumptions. These typically include: 1) stylized network structures without uncertainty, 2) node homogeneity, 3) static criticality measures, and 4) unrealistic cascade models originating from single points of failure. This paper presents the modeling perspectives and approaches that aim to address these theory-to-practice challenges using a well-grounded network-of-networks (NoN) construct. Real-world modeling challenges are identified and a network theory-guided conceptual NoN model is developed that may be operationalized with the U.S. national airspace system airport network and Federal Aviation Administration (FAA) communication network as an application domain.

Poster Session

Tuesday, October 23 - 6:00 PM

Grand Foyer

Cyber Security Land/Maritime Borders & Critical Infrastructure Protection Humanitarian Assistance & Disaster Relief (HADR)
Cybersecurity Technology Transfer to Practice: Creating a Network of Support Resources Angela Jordan (University of South Alabama); Alec Yasinsac (University of South Alabama)* NSF has recently made it a priority to increase the near term impact of its funded research, particularly in the area of cybersecurity. In that light, NSF funded two workshops focused on identifying challenges, barriers, and solutions that can increase Technology Transfer to Practice (TTP) for cybersecurity research. The most pressing need consistently identified by PIs who committed to transferring their research results to use is creation of an NSF ecosystem for TTP that incorporated incentives for taking research beyond the laboratory and that provides resources that are readily accessible by PIs. This ecosystem view acknowledges that a diverse set of practices and insights are critical to successful TTP and that programs instructing PIs as to how best to determine when they should access that ecosystem are needed.  In this poster, we will describe elements of the proposed NSF TTP ecosystem, will present the case for TTP, and will describe the new approach that NSF SATC takes toward TTP perspective proposals. Network Phenotyping for Network Traffic Classification and Anomaly Detection Minhui Zou (Chongqing University)*; Chengliang Wang (Chongqing University); Fangyu Li (University of Georgia); WenZhan Song (University of Georgia) This paper proposes a network phenotyping mechanism based on network resource usage analysis for network traffic classification and anomaly detection. The network phenotyping may use different metrics in the cyber-physical systems (CPS), including resource and network usage monitoring, physical state estimation. The set of devices will collectively decide a holistic view of the entire system through advanced image analysis and machine learning methods. In this paper, we choose the network traffic pattern as a study case to demonstrate the effectiveness of the proposed method, while the methodology may similarly apply to classification and anomaly detection for other resource metrics. We extract and recognize the spatial and temporal communication patterns based on the network resource usage. The phenotype method is testified through four real world decentralized applications. With proper length of network resource usage, the overall recognition accuracy achieves as high as 99%. Sequentially, the recognition accuracy is used to detect the network traffic anomaly. We simulate the anomalous usage to be 10%, 20% and 30% of the normal network resource usage. The experiments show the proposed method is efficient in detecting each intensity of network resource usage anomaly. Understanding Multi-lingual Threat Intelligence for AI based Cyber-defense Systems Priyanka Ranade (UMBC)*; Sudip Mittal (University of Maryland Baltimore County); Anupam Joshi (UMBC); Karuna Joshi (UMBC) In this work, we propose a multilingual processing system that harnesses critical disparate cybersecurity data derived from various natural languages to address the international nature of cyber attacks and assist in defensive cyber operations. This system creates a representation for cybersecurity data present in the English and Russian languages. We investigate semantic representation of multiple languages with a cybersecurity corpus from Twitter1 about cybersecurity threats and vulnerabilities in two natural languages, English and Russian. Threat Analysis of the Security Credential Management System for Vehicular Communications Matthew D Furtado (UMASS Dartmouth)*; Robert Mushrall (Univ of Massachusetts Dartmouth); Hong Liu (Univ of Massachusetts Dartmouth) Vehicle-to-Vehicle (V2V) communication allows vehicles to exchange information to work cooperatively which promotes safety, mobility, and entertainment applications. The U.S. Department of Transportation (US-DOT) is mandating this technology to be equipped in all new vehicles in the U.S. by 2021. However, such a cooperative system opens new cybersecurity threats and vulnerabilities to consider. Broadcasted basic safety messages influence operations that require integrity assurance to prohibit unauthorized modification, guarantee the authenticity of the source, and safeguard sensitive data to uphold privacy. Vehicular Public Key Infrastructure (V-PKI) is a critical component to secure this prominent transportation technology. The Security Credential Management System (SCMS) is the leading candidate design for V-PKI that facilitates trusted communications by managing security certificates for authorized devices while protecting the privacy of vehicular users. This research focuses on identifying and analyzing threats to the proposed SCMS for its main use cases. Using the Microsoft Threat Modeling tool, this work identifies threats into six categories of the STRIDE threat classification model: Spoofing Identity, Tampering with Data, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. This tool recommends mitigation strategies to each threat, to which this research matches to current SCMS defense mechanics. This work ensures SCMS readiness as a vital V-PKI for vehicular networks
Using Discrete-Event Simulation to Increase the Efficiency of Point of Distribution Sites. Patrick R Glass (Purdue Homeland Security Institute)* A POD site is a location where chemoprophylaxis, antibiotics or other medical supplies can be rapidly distributed to a large population who may or may not have been exposed to a biological hazard (Ablah, Scanlon, Konda, Tinius, & Gebbie, 2010; Landesman, 2012).  The idea is that if ever there is an immediate threat to the health of a population from a biological hazard or other, the local, state, and federal public health agencies can activate protocols that will distribute stockpile items in a timely manner.  A POD site is one of the most expeditious means to do so.  The issue is that although a POD site is very expeditious, it also is very taxing on the community and its resources.  Landesman (2012) pointed out that in order to provide prophylaxis and antibiotics to a population of 10,000 within 72 hours, a POD site would require 50- 55 persons per shift, running round-the-clock in 12 hour shifts.  The POD site also would require at least 2,500 square feet of real estate in order to meet the demands of the population.  The scope of this research was to build a discrete- event computer simulation model for a POD site.  The purpose of this model was to simulate the process of a given number of patients moving through a POD site.  The independent variables for this model included the number of volunteers to operate the site.  The output of the model was the ratio of volunteers per station of the POD site: triage, registration, screening, and dispensing.  The dependent variable for the research was the total amount of time for the POD site to process the given number of patients. Machine Learning for Efficient Assessment and Prediction of Human Performance in Collaborative Learning Environments Pravin V Chopade (ACTNext ACT Inc)*; Saad Khan (ACTNext ACT Inc); David Edwards (ACTNext ACT Inc); Alina vonDavier (ACTNext ACT Inc) The objective of this work is to propose a machine learning-based methodology system architecture and algorithms to find patterns of learning, interaction, and relationship and effective assessment for a complex system involving massive data that could be obtained from a proposed collaborative learning environment (CLE). Collaborative learning may take place between dyads or larger team members to find solutions for realtime events or problems, and to discuss concepts or interactions during situational judgment tasks (SJT). Modeling a collaborative, networked system that involves multimodal data presents many challenges. This paper focuses on proposing a Machine Learning - (ML)-based system architecture to promote understanding of the behaviors, group dynamics, and interactions in the CLE. Our framework integrates techniques from computational psychometrics (CP) and deep learning models that include the utilization of convolutional neural networks (CNNs) for feature extraction, skill identification, and pattern recognition. Our framework also identifies the behavioral components at a micro level, and can help us model behaviors of a group involved in learning. The IEEE MOVE truck, a disaster response vehicle Joseph Diepenbrock (SIRF Consultants, LLC)* Many of us are familiar with the IEEE for its technical conferences, and development and publication of technical standards.  A far smaller number of us know that it’s also a humanitarian organization, with a motto of “Advancing Technology for Humanity.”  The IEEE has designed and built a disaster response vehicle called the MOVE (Mobile Outreach Vehicle) truck that is deployed as a Red Cross partner to provide emergency power and communications to areas affected by disasters.  These have included hurricanes, wildfires, flooding events, and others.   The objectives of the truck are twofold:  first, to provide power and communications in areas where those services have been disrupted by natural disasters and other emergencies.  Secondly, when not deployed for a disaster, to provide a platform for STEM (Science, Technology, Engineering, and Math) education events, and showcase how engineers use their skills to help humanity beyond just designing and building things. Cyber Handyman and Nursing for Humanitarian Services and Disaster Relief Srikanth Jonnada (University of North Texas); Ram Dantu (University of North Texas); Ishan Ranasinghe (University of North Texas)* Calamities cause immense damage to the lives and properties; emergency management and humanitarian support have always been a challenge in the disaster-hit areas due to deficiency of skilled workforce and increase in demand for available experts. Not all the volunteers have the required technical expertise to handle those situations, utilizing the services of the remotely located experts to enhance the skills of the volunteers can help them to handle the situations efficiently. The existing communication mechanisms do not have the capabilities required for collaborating people over physical tasks, which is crucial during the emergency situations. In this paper, we present two novel remote collaboration systems, CyberHandyman and Cyber-Nurse using which the less-trained and inexperienced aid workers can enhance their capabilities with the help from remote experts. These units will be deployed in the disaster sites, and the remote experts access and control the sensors on it to guide the aid workers or the victims. The efficiency of the collaboration over physical tasks, which is vital during emergency situations, depends on the complexity of the protocols utilized and the efficiency of the collaboration system. We also propose a methodology to evaluate the protocol complexity and efficiency of the system. Our experiments and results show that with our collaboration system a remote helper can successfully guide the workers in performing a physical task with minimum difficulty. Assessing the Casualty Rate Difference of Academic Environment Active Shooter Incidents by Unarmed Responses Jae Yong Lee (Purdue University)*; Eric Dietz (Purdue University ) The 1999 Columbine Massacre and the 2018 Stoneman Douglas High Shooting were inciting events that reminded the first responder and the general public the importance of mitigation strategies against active shooter incidents. The Department of Education’s Readiness and Emergency Management for Schools program recommends run, hide or fight (RHF) during active shooter incidents. The Run.Hide.Fight.®  was developed in 2012 to increase the survivability of unarmed individuals under the Ready Houston program. This paper compares the casualty rate difference among RHF, Evacuate, and Shelter-In-Place (Lockdown) during academic active shooter incidents by using agent-based modeling.
Aerial Border Surveillance for Search and Rescue Missions Using Eye Tracking Techniques Qianwen Wan (Tufts University)*; Aleksandra  Kaszowskab (Tufts University); Arash  Samani  (Tufts University); Karen Panetta (Tufts University); Sos Agaian (USA); Holly Taylor (Tufts University) Aerial border surveillance is a crucial activity, which can assure the security of the country boarder and aid in search and rescue missions. This paper offers a novel “handsfree” tool for aerial border surveillance, search and rescue missions using head-mounted eye tracking technology. The contributions of this work are: i) a gaze based aerial boarder surveillance object classification and recognition framework; ii) real-time object detection and identification system in nonscanned regions; iii) investigating the scan-path (fixation and non-scanned) provided by mobile eye tracker can help improve training professional search and rescue organizations or even artificial intelligence robots for searching and rescuing missions. The proposed system architecture is further demonstrated using a dataset of large- scale real-life head-mounted eye tracking data. Fair Authentic Acoustic Network Grouping Mark Lowney (University of Massachusetts Dartmouth); Hong Liu (Univ of Massachusetts Dartmouth)*; Eugene Chabot (Naval Undersea Warfare Center) This study examines authentication in the underwater acoustic networking scenario. Taking a nontraditional approach at meeting authenticity requirements, a scheme is proposed which includes not only intrusion prevention but also intrusion tolerance to some degree, called Fair Authentic Acoustic Network Grouping (FAANG). FAANG combines existing trust mechanisms with existing digital signature schemes to harness the most effective aspects of each. Existing work is outlined, as well as challenges that have been noted but not addressed in literature. Relevant scenarios are listed which render said networks vulnerable. The scheme is then detailed, analyzed, and evaluated for levels of security, usability, and resource consumption. Development of Dual energy container Inspection System for Harbor Security In KAERI Byeongno Lee (Korea Atomic Energy Research Institute)*; Hyoungki Cha (Korea Atomic Energy Research Institute); Moonsik Chae (Korea Atomic Energy Research Institute); kyoungmin Oh (Korea Atomic Energy Research Institute) The use of multiple energy X-rays can provide additional information as compared to a single energy X-ray for the security inspection of cargo such as containers. Using the 9/6 MeV dual energy X-ray and material discrimination algorithms, it is possible to distinguish between low-density (organic) and high-density (inorganic) materials through the intended color mapping.  The material discrimination algorithm can obtain the material information of the image used for screening by exploiting the characteristic that the energy-dependent attenuation coefficient is different even though the same material is used. Based on these technologies, we have developed a security inspection system for container cargo that consists of a radiation source, a detector array, fourcollimators, a moving stage, and an imaging system. The radiation source was developed based on a dual-energy radiofrequency (RF) electron linear-accelerator (LINAC) with a spot size of 0.9 mm, and a 5.5 MW S-band magnetron was used as a RF generator. The detector is composed of 43 modules in one array and 32 channels per module, and the moving stage is designed and manufactured to transport cargo of up to 70 tons in the horizontal direction of the radiation beam at an optimized speed of 300 mm per second. The imaging system controls the whole process of the security inspection system from the operation of equipment to the acquisition and discrimination of images. In this paper, we introduce the characteristics of the developed inspection system and explain the results obtained by ANSI N42.46, the international recommendation standard for a container scanner performance test. Technology for the Electric Transmission Grid – Critical Infrastructure Target and Homeland Security Opportunity John L Lauletta (Exacter, Inc.)*; Jose De Abreu-Garcia (University of Akron) The electric transmission network is the backbone of the nation’s energy grid and consists of more than 600,000 circuit miles of lines, 240,000 of which are considered high-voltage lines (230 Kilovolts and greater). Transmission lines crisscross the US and are accessible by design for maintenance. There are an estimated 4 million structures spaced 800 to 1,500 feet apart that support the electric transmission grid.  These structures are unmonitored infrastructure security risks.  Transmission structures fail from age, storms, ice loading and conductor damage.  These structures are increasing targets of vandalism and metal theft that leaves the structure in a weakened condition and more susceptible to failure.  Vandalism and attacks on the transmission grid have increased in recent years.  Examples of damage include cables attached to towers and strung across train tracks, structural metal and bolts being removed, gunshot damage and other structure ingress issues.  Electric grid failure and risk to the public can result. This paper discusses the development of IIoT transmission structure sensors that monitor damage and contamination of electrical insulators, changes in structural integrity, and vandalism and gunshot damage alerts.  The sensors are designed to form an edge computing neural network that continually evaluates structure condition and survival viability.  The structures become information nodes that alert owners of structural or electrical equipment deterioration and vandalism.  Machine learning algorithms evaluate transient conditions and weather impacts to limit false-positive reports and nuisance alerts.  The network design utilizes the structures as a security fence that monitors and reports on conditions and incidents that would have an impact on electric grid reliability and security risks.  Design of the non- contact, non-invasive sensors, case studies of deployment, and cost-effective grid condition assessment will be presented.

Cyber Security 7:

Testbeds/Training for Cyber Security

Salon B

Data-Driven Multi-Agent Email Generators Erik Stayton (MIT); Antonio Roque (MIT-LL)* We present a method for generating realistic-looking emails for multi-agent simulations, motivated by the needs of cyber ranges. Our approach uses a distributed model of email threads which represents communication graphs learned from an email corpus. This explainable model uses a template based generation system, also learned from an email corpus. Social network analysis measures are used to compare system generated with human-generated email data. This generation system enables more rapid implementation of novel scenarios unrelated to the original corpus. University and Government Uniting to Address Homeland CyberSecurity Issues Patricia A McQuaid (California Polytechnic State University, California Cybersecurity Institute)* The purpose of this paper is to share the ideas and experiences that California Polytechnic University (Cal Poly) has created to address high priority technology and cybersecurity gaps identified by the current work shortage of cyber professionals, as well as preparing the public sector to defend itself against critical infrastructure attacks as identified by the Department of Homeland Security (DHS). CyberTropolis: breaking the paradigm of cyber-ranges and testbeds Gary M Deckard (Indiana University)* This paper describes a unique United States (U.S.) Department of Defense (DoD) resource known as Cybertropolis at the Muscatatuck Urban Training Complex (MUTC) in Butlerville, Indiana. While Cybertropolis is recognized within DoD as a cybersecurity training range or cyber-range in DoD lexicon, it does not neatly fit into the doctrinal concept of a cyberrange. From an ontological perspective, it is better classified as a Cyber-electromagnetic (CEMA) range facility that bridges the realms of kinetic and non-kinetic activities. Cybertropolis can be visualized as the digital and electromagnetic layer of the highly realistic MUTC kinetic training environment. Since its inception, Cybertropolis has been host to many training and experimentation events with a wide variety of technologies. This paper will describe the ideas behind the Cybertropolis concept; current, developing, and future capabilities; and the future vision for the range. This paper will also delve into where this facility fits into the evolving landscape of DoD cyber-ranges and will include some lessons- learned from the evolving field of cyber training within DoD.