Karlskrona, Sweden, October 24-25, 2018 ... · sessions, and a poster session. We are very pleased...

Karlskrona, Sweden, October 24-25, 2018 http://www.eisic.org EISIC 20182011

European Intelligence & Security Informatics ConferenceThe Premier European Conference on Counterterrorism and Criminology

Academic Sponsors

Technical co-sponsorship

Conference Organizer and Sponsor

Conference

Program

EISIC 2018

2

Martin

Typewritten Text

v1.09, 2018-10-19

Martin

Typewritten Text

Martin

Typewritten Text

Martin

Typewritten Text

Martin

Typewritten Text

Martin

Typewritten Text

Martin

Typewritten Text

EISIC 2018 – Table of Contents

3

Conference Secretariat Conference registration takes place at theConference Secretariat located at the lobby of theConference Center of Blekinge Institute ofTechnology,duringthefollowingdaysandhours:

Wednesday 9:00–16:п0 Thursday 8:30–16:30

Theregistrationfeeincludes:§ One lunch and two coffee breaks per

conferenceday§ One ticket for the Conference Dinner

held on Wednesday 24th of October,2018attheNavalMuseum.

§ Conference bag with the conferenceprogram,proceedings,conferencegifts,etc.

Table of Contents ConferenceSecretariat 3

EISIC2018ConferenceOrganization 4

EISIC2018ProgramCommittee 5

MessagefromtheGeneralChairs 7

MessagefromtheProgramChair 8

EISIC2018ProgramataGlance 9

EISIC2018KeynoteSpeeches 10

EISIC2018DetailedProgram 13

EISIC2018Abstracts 15

ConferenceVenue 22

InformationforPresenters&Policies 25

EISIC 2018 – Conference Organization

4

HonoraryGeneralChair

PanagiotisKarampelas,

HellenicAirForceAcademy,Greece

GeneralChairs

MartinBoldt,

BlekingeInstituteofTechnology,Sweden

AntonBorg,


ProgramChair

JoelBrynielsson,

KTHRoyalInstituteofTechnology,Sweden

AdvisoryBoard

LisaKaati,

FOISwedishDefenceResearchAgency,Sweden

MargitPohl,

TUWien,Austria

EmelieNilsson,

DanishNationalPolice,Denmark

Yanfang(Fanny)Ye,

WestVirginiaUniversity,USA

ThirimachosBourlai,

WestVirginiaUniversity,USA

IoannaLekea,

HellenicAirForceAcademy,Greece

LocalArrangementChair

FredrikErlandsson,


EISIC 2018 – Program Committee

5

MohdHelmyAbdWahabUniversitiTunHusseinOnnMalaysia,Malaysia

MohamedFaouziAtigUppsalaUniversity,Sweden

IgorBernikUniversityofMaribor,Slovenia

HervéBorrionUniversityCollegeLondon,UnitedKingdom

ThirimachosBourlaiWestVirginiaUniversity,USA

EgonL.vandenBroekUtrechtUniversity,Netherlands

AntwanD.ClarkJohnsHopkinsUniversity,USA

ShamalFailyBournemouthUniversity,UnitedKingdom

UlrikFrankeRISESICSSwedishInstituteofComputerScience,Sweden

MarianelaGarcíaLozanoFOISwedishDefenceResearchAgency,Sweden

ShravanGarlapatiVirginiaTech,USA

BénédicteGoujonThalesResearch&Technology,France

GuntherP.GrasemannFraunhoferIOSB,Germany

RichardGöbelHofUniversity,Germany

MohammadHammoudehManchesterMetropolitanUniversity,UnitedKingdom

LiangxiuHanManchesterMetropolitanUniversity,UnitedKingdom

ChrisHankinImperialCollegeLondon,UnitedKingdom

JohandeHeerThalesResearch&Technology,Netherlands

ThomasJ.HoltMichiganStateUniversity,USA

NilsJensenOstfaliaUniversityofAppliedSciences,Germany

BorkaJermanBlažičJožefStefanInstitute,Slovenia

FredrikJohanssonFOISwedishDefenceResearchAgency,Sweden

PanagiotisKarampelasHellenicAirForceAcademy,Greece

SergiiKavunKharkivUniversityofTechnology,Ukraine

JeroenKeppensKing’sCollegeLondon,UnitedKingdom

LatifurKhanUniversityofTexasatDallas,USA

EISIC 2018 – Program Committee

6

StewartJamesKowalskiNorwegianUniversityofScienceandTechnology,Norway

IoannaLekeaHellenicAirForceAcademy,Greece

RichardMayPacificNorthwestNationalLaboratory,USA

LucaMazzolaLucerneUniversityofAppliedSciencesandArts,Switzerland

AntonisMouhtaropoulosUniversityofWarwick,UnitedKingdom

RasmusPetersenSoftwareImprovementGroup,Denmark

JakubPiskorskiEuropeanCommissionJointResearchCentre,Italy

MargitPohlTUWien,Austria

GalinaRogovaStateUniversityofNewYorkatBuffalo,USA

VirgilijusSakalauskasVilniusUniversity,Lithuania

GünterSchumacherEuropeanCommissionJointResearchCentre,Italy

JohanSigholmHarvardUniversity,USA

GerardoI.SimariUniversidadNacionaldelSur,Argentina

YannisStamatiouUniversityofPatras,Greece

JerzySurmaWarsawSchoolofEconomics,Poland

MuhammadAdnanTariqKTHRoyalInstituteofTechnology,Sweden

TheodoraTsikrikaInformationTechnologiesInstitute,CERTH,Greece

StefanVargaKTHRoyalInstituteofTechnology,Sweden

LeonWangNationalUniversityofKaohsiung,Taiwan

UffeKockWiilUniversityofSouthernDenmark,Denmark

YanfangYeWestVirginiaUniversity,USA

DanielZengUniversityofArizona,USA

YuchenZhouPaloAltoNetworks,USA

EISIC 2018 – Message from the General Chairs

7

Wearehappy towelcomeyouand theEuropean IntelligenceandSecurity InformaticsConference

(EISIC) to Karlskrona, Sweden. In the last decade EISIC has grown to be the premier European

conference on counterterrorism and criminology. The conference series has combined intriguing

technicalprogramswithgoodorganization.ForEISIC2018weaimtomaintainthehighstandard,and

wehopethatyouwillenjoytheconference.

Karlskrona is Sweden’s only baroque city, founded in 1680 when the Royal Swedish Navy was

relocated from the Stockholm area.We hope that you will enjoy this beautiful city.We are also

proud to present our distinguished keynote speakers: Professor Dieter Gollmann (Hamburg

University of Technology andNanyang Technological University) and Dr. VidyaNarayanan (Oxford

InternetInstituteatOxfordUniversity).Inadditiontothesetwodistinguishedspeakers,wewillalso

enjoy presentations by two invited speakers: Mr. Mikael Lagström (TrueSec) and Sergeant Major

FreddyWidecrantz(NavalWarfareCentre,SwedishArmedForces).

TheconferencedinnerwilltakeplaceattheNavalMuseuminKarlskrona,whichisalsothelocation

ofthesocialevent.ForthoseofyouwhohavethetimetodiscoverKarlskronaonyourown,thereare

many possibilities. In particular, we recommend paying a visit to the central square which is the

largestsquareinScandinavia.Further,centralKarlskronastillcontainsmanyofthebaroquebuildings

fromitsfounding,aswellasabeautifularchipelago.

Organizingaconferencerequiresmuchworkandsupportfrommanypeopleandorganizations.We

wouldliketothankallthosewhohavebeeninvolvedintheorganizationofEISIC2018.Inparticular,

wearegratefulforthehardworkdonebytheprogramchairJoelBrynielsson.Wearealsogratefulto

PanagiotisKarampelas forhis continuoussupport tokeep thewebsiteupdated,FredrikErlandsson

forhelpinguswith the localarrangements,aswellasLenaMarminge,Camilla JohanssonandEva-

Lotta Runesson for their help with the conference budget and other economy-related tasks. We

wouldalsoliketothankBlekingeInstituteofTechnologyandtheITdepartmentforhostingus.

AswenowinauguratetheeighthEISICmeeting,wewishtowelcomeyoutoKarlskronaandwehope

thatyouwillenjoyEISIC2018andyourstayinSweden.

MartinBoldt,BlekingeInstituteofTechnology,SwedenAntonBorg,BlekingeInstituteofTechnology,Sweden

EISIC 2018 – Message from the Program Chair

8

IntelligenceandSecurityInformatics(ISI)isaninterdisciplinaryfieldofresearchthatfocusesonthedevelopment,

use, and evaluation of advanced information technologies, including methodologies, models and algorithms,

systems,andtools,for local,national,andinternationalsecurityrelatedapplications.Overthepastdecade,the

EuropeanISIresearchcommunityhasmaturedanddeliveredanimpressivearrayofresearchresultsthatareboth

technicallyinnovativeandpracticallyrelevant.

Academic conferences have been an importantmechanism for building and strengthening the ISI community.

Theseconferenceshaveprovidedstimulatingforumsforgatheringpeoplefrompreviouslydisparatecommunities

including those from academia, government, and industry. Participants have included academic researchers

(especially in the fieldsof information technologies, computer science, public policy, and social andbehavioral

studies), lawenforcementandintelligenceexperts,aswellas informationtechnologycompanyrepresentatives,

industryconsultants,andpractitionerswithintherelevantfields.

The2018EuropeanIntelligenceandSecurityInformaticsConference(EISIC2018)istheeighthEISICmeetingtobe

organized by the European ISI community. During 2011–2017 the EISIC meetings have been held annually in

Athens,Greece;Odense,Denmark;Uppsala,Sweden;TheHague,theNetherlands;Manchester,UnitedKingdom;

Uppsala, Sweden; and Athens, Greece. EISIC 2018 is organized by Blekinge Institute of Technology, and is

scientificallysponsoredbytheRoyalInstituteofTechnology,SwedenandtheSwedishDefenceResearchAgency,

andhasalsoreceivedtechnicalco-sponsorshipfromtheIEEEComputerSocietyanditsTechnicalCommitteeon

IntelligentInformatics(IEEECSTCII).Wewouldliketoexpressoursinceregratitudetothesesponsors.

EISIC2018received31submissionsintotal,andaccepted36%ofthesubmittedregularpapers.Forcomparison,

EISIC2011 received111 submissionsandaccepted27%of thepapers,EISIC2012 received70 submissionsand

accepted40%ofthepapers,EISIC2013received87submissionsandaccepted31%ofthepapers,IEEEJISIC2014

received98submissionsandaccepted28%ofthepapers,EISIC2015received78submissionsandaccepted35%

ofthepapers,EISIC2016received64submissionsandaccepted24%ofthepapers,andEISIC2017received51

submissionsandaccepted31%ofthepapers.

The two-day conference program includes presentations by prominent keynote speakers, paper presentation

sessions,andapostersession.Weareverypleasedwiththetechnicalqualityoftheacceptedsubmissions,and

wouldliketoexpressoursinceregratitudetoallauthorsforcontributingtheirwork.

Todistinguishbetweenthesubmittedpapersandguidetheacceptancedecisions,allpapershavebeencarefully

readandanalyzedbyat least three independentexperts.Representingall thedifferent flavorsof thebroad ISI

fieldandcomingfrom19differentcountries,the49programcommitteemembersgenerouslyprovided96high-

quality review reports.Wearemost grateful to theprogramcommitteemembers for their time spent sharing

theirvaluableexpertisewiththepaperauthors.

JoelBrynielsson,KTHRoyalInstituteofTechnology,Sweden

EISIC 2018 – Program at a Glance

9

Wednesday,October24,201809:00-10:00 Registration/Coffee10:00-10:30 WelcomeSession

GeneralChairs/ViceChancellor/ProgramChair10:30-11:30 Keynote:IoTSecurity–ViewedfromtheApplicationLayer Room:J1620

Speaker:Prof.DieterGollmann

11:30-12:30 Lunch RestaurantinJbuilding12:30-14:00 SessionI Room:J162014:00-14:30 Coffeebreak OutsideroomJ161014:30-16:00 SessionII Room:J162016:00-16:10 Shortbreak16:10-16:п0 InvitedSpeech:TheNavalBase,aworldheritageofinformationcollection

threatsRoom:J1620

Speaker:SgtMajFreddyWidecrantz

18:00-21:30 SocialEvent&ConferenceDinner:NavalMuseum

Thursday,October25,201808:30-09:00 Registration09:00-10:00 Keynote:ComputationalPropagandaandMisinformationCampaignsduring

ImportantEventsinPublicLifeRoom:J1620

Speaker:Dr.VidyaNarayanan10:00-10:15 ShortBreak10:15-12:00 SessionIII Room:J162012:00-13:00 LunchBreak RestaurantinJbuilding13:00-13:45 InvitedSpeech:Hands-oninsightsfromthe"Cloudhopper”incidentthathit

companiesworldwidein2017Room:J1620

Speaker:MikaelLagström13:45-14:00 Shortbreak14:00-15:40 SessionIV Room:J162015:40-15:50 ClosingSession Room:J162015:50-16:30 Coffee OutsideroomJ1610

EISIC 2018 – Keynote Speeches

10

Prof.DieterGollmannHamburgUniversityofTechnology,GermanyNanyangTechnologicalUniversity,Singapore10:30-11:30 Wednesday,24October2018 Room:J1620 Chair:MartinBoldt

"IoT Security – Viewed from the Application Layer"

Abstract

Ifonedoesnotgetbeyondthe“I”in“IoT”,IoTsecuritymightappearjustaspecificinternetworkingsecurity

challenge.Networkandcommunicationsecurityarewellestablishedareas.IoTcanthenservethepurpose

ofre-sellingoldideasinanewdisguise,beitasproducts,researchproposals,orresearchpapers.Thistalk

will take a closer look at the “T” and discuss some of the security challenges that arise when things are

influencedbyandinfluencethephysicalenvironmentaroundthem.

Bio

Professor Dieter Gollmann received his Dipl.-Ing. in Engineering Mathematics (1979) and Dr.tech. (1984)

fromtheUniversityof Linz,Austria in theDepartment forSystemScience.Heearned theDr.habil. at the

UniversityofKarlsruhe,Germany,wherehewasawardedthe‘venialegendi’forComputerSciencein1991.

HewasaLecturerinComputerScienceatRoyalHolloway,UniversityofLondon,andrejoinedRoyalHolloway

laterin1990,wherehewasthefirstCourseDirectoroftheMScinInformationSecurity.He’sstillgivingguest

lectures inRoyalHolloway.He joinedMicrosoftResearch inCambridge in1998.Then in2003,hetookthe

chair for Security in Distributed Applications at Hamburg University of Technology, Germany. He has

contributedtonationalandEuropeanprojectsintheareasofdependablecommunicationsandcomputing.


11

Dr.VidyaNarayananOxfordInternetInstituteatOxfordUniversity09:00-10:00 Thursday,25October2018 Room:J1620 Chair:LisaKaati

"Computational Propaganda and Misinformation Campaigns during

Important Events in Public Life"

Abstract

Socialmedia provides a platform for active public participation in political discourse.However, recentlywe

havewitnessedattempts to influencevoterpreferencesusingmisinformation campaignsusing socialmedia

platformsbothbydomestic and foreignactors.Wehavealso seen coordinatedefforts to seeddivisionand

polarizationinsocietiesbyamplifyingspecificissuesonsocialmediaplatformsthroughtheuseofautomation.

Further, some of these techniques are used by authoritarian regimes to intimidate activist groups and

suppressdissent.Itisinthiscontext,thattheComputationalPropagandaprojectanalysesdatacollectedfrom

theseplatformsandmapstheamountofpolarizingand junknewscontent thataudiencegroupshavebeen

exposed to. This talk will describe in detail, some of our research efforts and findings related to recent

electionsinSwedenandLatinAmericancountries.

Bio

Vidyaworksasaresearcher intheOxfordInternetInstituteatOxfordUniversity,whereshemainlyworks in

the Computational Propaganda Project. She has several years of experience working as a researcher in

ArtificialIntelligence,withgroupsatbothuniversitiesandincommercialenvironments.Herresearchinterests,

lieintheinterfacebetweentechnology,ethicsandpolicy,andsheisprimarilyengagedindevelopingsystems

that use technology for the greater goodof society. She completedher PhD inComputer Science from the

University of Southampton, building adaptive techniques for automated negotiations. Prior to this, she

completed her M.S., in Industrial Engineering from Pennsylvania State University, working on problems in

decentralized decision making, specifically in the defense logistics domain. Her basic background is in

Mathematics,whichshestudiedattheMasterslevelattheIndianInstituteofTechnology,Madras,andasan

undergraduateattheUniversityofMadras.ShehasalsoworkedasascientificcoordinatoratBAESystemsand

asasoftwareengineeratTechMahindra.


12

SergeantMajorFreddyWidecrantzNavalWarfareCentre,Sweden16:00-16:30 Wednesday,24October2018 Room:J1620 Chair:AntonBorg

"The Naval Base, a world heritage of information collection threats"

Abstract

Ashortbriefaboutthechallengeswithhavinganavalbase,awarfarecenterandashipyard inthesame

geographicalareainahigh-techweaponindustrydevelopingcountry.

Bio

SergeantMajorWidecrantzhasbeenworkingwithintheintelligencebranchforsometenyears.Hehasalso

beenworkingwithsecurityservice insupportof theSwedishsubmarinesystems.Todayhe isdeveloping

the method of intelligence support for Swedish maritime commanders at the level from task unit and

higher.Thedevelopmentincludesaspectsregardinginformationflows,trainingofpersonneltocomputer

systemsthatservesthepurpose.

MikaelLagströmTrueSec,Stockholm,Sweden13:00-13:45 Thursday,25October2018 Room:J1620 Chair:AntonBorg

"Hands-on insights from the "Cloud hopper” incident that hit

companies worldwide in 2017"

Abstract

The Cloudhopper operation were exposed in 2017, being a systematic hacking operation with an

extensive web of global victims overmany years. Listen to the insights from one of themany forensic

investigations, and learn once again that no-one can be truly trusted, not even the large international

well-known vendors – when it comes to being in the spotlight of an attack – and potential cover-up

operation.

Bio

Mikael Lagström has several years of experience from IT, Telecom and Cybersecurity on management

level, successfully building up global security services organizations.Mikaelworks at TrueSec,which is a

highly regarded company that focuses on cyber-security, IT infrastructure, and secure development.

TrueSecholdsa keyposition in theSwedishmarketandhavea strong reputation internationallydue to

worldwidesecurity-relatedassignments.

EISIC 2018 – Detailed Program

13

Wednesday,October24,201809:00-10:00 Registration/Coffee10:00-10:30 Opening:WelcomeSession

GeneralChairs/Vicechancellor/ProgramChair10:30-11:30 Keynote:IoTSecurity–ViewedfromtheApplicationLayer

Speaker:Prof.DieterGollmann,J1620,Chair:MartinBoldt11:30-12:30 Lunch12:30-14:00 SessionI

Room

J162

0

Chair:GuntherGrasemann

OnWashTradeDetectioninEnergyMarketsUmidAkhmedov

DigitalTransformationinBorderChecks:MappingBorderGuardTraininginAutomatedProcessesLauraSalmela,SirraToivonen,MinnaKulju,MariYlikauppila

TowardsMobileContactless4-FingerprintAuthenticationforBorderControlAxelWeissenfeld,AndreasZoufal,ChristophWeiss,BernhardStrobl,GustavoFernándezDomínguez

AHeuristicMethodforIdentifyingScamAdsonCraigslistHamadAlsaleh,LinaZhou

14:00-14:30 CoffeeBreak

14:30-16:00 SessionII

Room

J162

0

Chair:JoelBrynielsson

TimeofDayAnomalyDetectionMatthewPrice-Williams,MelissaTurcotte,NickHeard

OpticalCovertChannelfromAir-GappedNetworksviaRemoteOrchestrationofRouter/SwitchLEDsMordechaiGuri

AnalysisandEvaluationofAntivirusEnginesinDetectingAndroidMalware:ADataAnalyticsApproachIgnacioMartín,JoséAlbertoHernández,SergiodelosSantos,AntonioGuzmán

16:00-16:10 ShortBreak

16:10-16:40 InvitedSpeech:TheNavalBase,aworldheritageofinformationcollectionthreatsSpeaker:FreddyWidecrantz,J1620,Chair:AntonBorg

18:00-21:30 SocialEvent&ConferenceDinner:NavalMuseum

EISIC 2018 – Detailed Program

14

Thursday,October25,201808:30-09:00 Registration09:00-10:00 Keynote:ComputationalPropagandaandMisinformationCampaignsduringImportantEventsinPublicLife

Speaker:Dr.VidyaNarayanan,J1620,Chair:LisaKaati10:00-10:15 ShortBreak10:15-12:00 SessionIΙΙ

Room

J162

0

Chair:MordechaiGuri

PolicingtheCyberThreat:ExploringtheThreatfromCyberCrimeandtheAbilityofLocalLawEnforcementtoRespondMatthewHull,ThaddeusEze,LeeSpeakman

HarmonizingCriminalLawProvisionsonMoneyLaundering–ALitmusTestofEuropeanIntegrationTatuHyttinen,SailaHeinikoski

ConceptualisingCyberSecurityInformationSharing:AStakeholderSurveyAdamZibak,AndrewSimpsonGenericObjectandMotionAnalyticsforAcceleratingVideoAnalysiswithinVICTORIADavidSchreiber,MartinBoyer,ElisabethBroneder,AndreasOpitzandStephanVeigl

12:00-13:00 Lunch13:00-13:45 InvitedSpeech:Hands-oninsightsfromthe"Cloudhopper”incidentthathitcompaniesworldwidein2017

Speaker:MikaelLagström,J1620,Chair:AntonBorg13:45-14:00 ShortBreak14:00-15:40 SessionIV

Room

J162

0

Chair: GerhardBackfriedOnlineMonitoringofLargeEventsJohanFernquistandLisaKaati

NowYouSeeMe:IdentifyingDuplicateNetworkPersonasSeanSuehr,ChrysafisVogiatzisMulti-expertEstimationsofBurglars’RiskExposureandLevelofPre-crimePreparationUsingCodedCrimeSceneData:WorkinProgressMartinBoldt,VeselkaBoeva,AntonBorgInferringDemographicdataofMarginalizedUsersinTwitterwithComputerVisionAPIsPanosKostakos,AbhinayPandya,OlgaKyriakouli,MouradOussalah

15:40-15:50 ClosingSession15:50-16:30 Coffee

EISIC 2018 – Abstracts

15

SessionI

12:30-14:00 Wednesday,October24,2018 Room:J1620Chair:GuntherGrasemann

PaperI Short

OnWashTradeDetectioninEnergyMarketsUmidAkhmedovAwashtradeinenergymarketsreferstoenteringintoarrangementsforthesaleorpurchaseofafinancialorphysicalinstrument,arelatedspotcommoditycontract,oranauctionedproductbasedonemissionallowances,where there is no change in beneficial interests ormarket risk orwhere beneficial interest ormarket risk istransferredbetweenpartieswhoareactinginconcertorcollusion.Marketabusescenariossuchaswashtradecompromisetheefficiencyandintegrityofenergymarkets.Theresearchofabusivetradingbehaviorinfinancialmarketsiswellaheadofpeersinenergymarkets.Effectivesolutionsformonitoringabusivescenariossuchaswashtradeinenergymarketsareyettobedeveloped.Thispaperdescribesapracticalimplementationexampleofdetectingwashtradebehaviorinenergymarketsusingsimpletechniques.Aneasilyreusablemethodisthenproposed to detect the potential wash trade activities involved in an instrument by first detecting tradesresulting innooverall change inmarket risk and then further identifying the collusivebehaviorbetween thecounterparties.TheproposedmethodistestedandevaluatedonenergyinstrumentsorderdatasetsfromtheTrayport tradingplatform.We find that theproposedapproachcaneffectivelydetectall primarywash tradeindicatorsacrossenergyinstruments.

PaperII Short

DigitalTransformationinBorderChecks:MappingBorderGuardTraininginAutomatedProcessesLauraSalmela,SirraToivonen,MinnaKulju,MariYlikauppilaAutomated border control represents one area in the digital transformation of border control. It is graduallybecoming a commonplace particularly at air borders,where the concept of self-service has had the strongestbusinesscasealsoinotherstepsofthepassenger’sjourney,suchascheck-inorbaggagedrop.Besidesprovidingameans to enhance efficiency and security in passenger clearing processes, the new technology significantlyreshapes currentways of conducting border checks fromemployeeperspective. Successful implementationofautomated border check technologies thus demands border organizations to equip their workforce with newskills and remodel existing ones. This paper presents a preliminary analysis on current technology training ofborderguardsandassessesitseffectsonhowthenewtechnologyisreceivedamongemployeesatthefrontline.TheresultsarebasedonfieldstudiesconductedinfiveEUmemberstates.ThestudylooselyappliesaTechnologyTrainingModelthatextendstraditionalTechnologyAcceptanceModelbyincorporatingtrainingasanadditionalvariabletoexplainemployeeintentiontousenewtechnology.

PaperIII Short

TowardsMobileContactless4-FingerprintAuthenticationforBorderControlAxelWeissenfeld,AndreasZoufal,ChristophWeiss,BernhardStrobl,GustavoFernándezDomínguezInthelastyearstheimportanceofbiometricauthenticationinbordercontrolproceduresincreasedinawaythatbiometricshavebecomethecoreofmostbordermanagementsystems.Currentcommercialproductsformobileborder control have not satisfactorily solved both the demand for increasing security checks and the userrequirementsdrivenbysecuritypersonnelsuchasborderguardsyet.Duetotheirflexibility,portabledevicesarecommonlydesiredduringthecontrolprocess.Thispaperpresentson-goingworkofanadvancedmobiledeviceforbordercontrolfocusingonusabilityandintegratingnewtechnologiestoenvisionnext-generationofmobiledevices.Thedevice isbasedontheMobilePassdevice [13]butsignificantly improved.Akeytechnologyof thenewdeviceisacontactless4-fingerprintauthenticationinsteadofonlyoneinexistingsolutions.Resultsbasedonrealdatashowstheadvantagesof4-fingerprintversus1-fingerprintauthentication.


16

PaperIV Short

AHeuristicMethodforIdentifyingScamAdsonCraigslistHamadAlsaleh,LinaZhouCraigslist isapopularonlinecustomer-to-customermarketplace,whichhasattractedmillionsofconsumers fortradingandpurchasingsecondhanditems.Becauseofthehighfinancialreturnthatsellerscouldgainfromusingthissiteandtheanonymityoptionthatthewebsiteprovidestoitsusers,Craigslistishighlysubjecttofraudulentactivities.TheprimaryobjectiveofthisstudyistodetectscamadsonCraigslist.Basedontherelatedliteratureandourobservationsofadscollectedfromtheplatform,wedevelopaheuristicmethodforidentifyingscamads.Weevaluatetheproposedheuristicsbyconductinganexperimentandperformingadditionaldataanalysesusingrealdata.Theresultsprovidepreliminaryevidenceforefficacyoftheheuristicsdevelopedinthisstudy.


17

SessionII

14:30-16:00 Wednesday,October24,2018 Room:J1620 Chair:JoelBrynielsson

PaperI Full

TimeofDayAnomalyDetectionMatthewPrice-Williams,MelissaTurcotte,NickHeardAnomaly detection systems have been shown to performwell in detecting compromised user credentialswithinan enterprise computer network. Most existing approaches have focused on modelling activitiesthat usersperformwithin the network but not the time atwhich users are active. This article presents anapproach for identifying compromised user credentials based on modelling their time of day or diurnalpatterns. Anomalous behaviour in this respect would correspond to a use r working during hours thatdeviate from their normal historical behaviour. The methodology is demonstrated using authenticationdata from Los Alamos NationalLaboratory’senterprisecomputernetwork.

PaperII Full

OpticalCovertChannelfromAir-GappedNetworksviaRemoteOrchestrationofRouter/SwitchLEDsMordechaiGuriAir-gappednetworksareseparatedfromtheInternetduetothesensitiveinformationtheystore. It isshownthatattackerscanusethestatusLEDsofroutersandswitchestoexfiltratedataoptically.However,thecurrentmethodsrequirethecompromiseofthenetworkdevice(e.g.,router)byinfectingitsfirmware.Inthispaperweshowhowattackerscancovertlyleaksensitivedatafromair-gappednetworksviatherowofstatusLEDsonnon-compromisednetworkingequipmentsuchasLANswitchesandrouters.Weintroducenewtypesofattackcalledhost-levelattack,inwhichamaliciouscoderuninahostconnectedtothenetworkcanindirectlycontroltheLEDs,withoutrequiringacodeexecutionwithintheLANswitchorrouter.Wepresentaversionofthehost-levelattackthatdoesn'trequirespecialprivileges(e.g.,rootoradmin)andisalsoeffectivewhen running fromwithin a VirtualMachine (VM), despite the network isolation.We provide the technicalbackgroundandimplementationdetailsanddiscusssetofpreventivecountermeasures.

PaperIII Full

AnalysisandEvaluationofAntivirusEnginesinDetectingAndroidMalware:ADataAnalyticsApproachIgnacioMartín,JoséAlbertoHernández,SergiodelosSantos,AntonioGuzmánGiventhehighpopularityofAndroiddevices,theamountofmalwareapplicationsinAndroidmarketshasbeengrowingatafastpaceinthepastfewyears.However,theconceptofmalwareissomethingvaguesinceitoftenoccurs that AntiVirus engines flag an application asmalwarewhile others do not, having no real consensusbetween different engines. With the help of data analytics applied to more than 80 thousand malwareapplications, thiswork further investigatesontherelationshipsbetweendifferentAntiVirusengines,showingthat some of them are highly correlated while others behave totally uncorrelated from others. Finally, wepropose a new metric based on Latent Variable Models to identify which engines are more powerful inidentifyingtruemalwareapplications


18

SessionIII

10:15-12:00 Thursday,October25,2018 Room:J1620 Chair:MordechaiGuri

PaperI Full

PolicingtheCyberThreat:ExploringtheThreatfromCyberCrimeandtheAbilityofLocalLawEnforcementtoRespondMatthewHull,ThaddeusEze,LeeSpeakmanThe landscape in which UK policing operates today is a dynamic one, and growing threats such as theproliferationof cyber crime are increasing thedemandonpolice resources. The response to cyber crimebynational and regional law enforcement agencies has been robust, with significant investment in mitigatingagainst, and tackling cyber threats. However, at a local level, police forces have to deal with an unknowndemand,whilsttryingtocometotermswithnewcrimetypes,terminologyandcriminaltechniqueswhicharefarfromtraditional.ThispaperlookstoidentifythedemandfromcybercrimeinonepoliceforceintheUnitedKingdom, andwhether there is consistency in the recordingof crime.Aswell as this, it looks to understandwhethertheforcecandealwithcybercrimefromthepointofviewofthePoliceOfficersandPoliceStaffintheorganisation.

PaperII Full

HarmonizingCriminalLawProvisionsonMoneyLaundering–ALitmusTestofEuropeanIntegrationTatuHyttinen,SailaHeinikoskiThis article discusses the harmonization of penal provisions concerning money laundering in the EuropeanUnion (EU), in particular, the recent Commission proposal for a Directive on tacklingmoney laundering bycriminal law (COM(2016) 826 final). Theperspective is both legal andpolitical, pointingout to thedifferentlegalsolutionsintheEuropeanUnionandanalyzingthedevelopmentfromaEuropeanintegrationperspective,particularlyintermsofaso-calledspill-overprocess,wherebyintegrationinonefieldleadstointegrationinadjacent fields.Weput forward twomainarguments in thisarticle: (1)Weargue that inorder for the spill-over to succeed in a field crucial for national sovereignty such as criminal law, spill-over needs to becomplemented with securitization and policy laundering, the latter referring to the phenomenon wherebyissues are agreed at an international non- binding arena in order to later introduce these “internationalstandards”intobindinglegislation.(2)Wearguethatharmonizationinthemoneylaunderingcontextprovidesan example of a successful spill-over enhanced by policy laundering and securitization; tackling moneylaunderingostensiblyrequiresspillingoverEuropeanintegrationalsointhefieldofcriminallaw,acoreissueofnational sovereignty. A testament to this is the fact that European countries have even harmonized theircriminalization of self-laundering, although punishable self- laundering has been previously consideredcontrarytothegeneraldoctrinesandprinciplesofcriminal lawinmanycountries.Acase inpoint isFinland,the only country bound by the proposed directivewhere parties to the crime are not punished formoneylaundering, except in rare cases and there is no case law for self-laundering (Section 11 Chapter 32 of theCriminalCodeofFinland).

PaperIII Full

ConceptualisingCyberSecurityInformationSharing:AStakeholderSurveyAdamZibak,AndrewSimpsonDespitethegrowingcallsforcybersecurityinformationsharingandtheincreasinguseoftheterm,consensuswithregardstotheterm’sdefinitionislacking.Further,thereisadegreeofinconsistencybetweendifferentstakeholderswhenitcomestodistinguishingbetweenthevariousformsofinformationsharing.Inthispaperwe review the different definitions of cyber security information sharing with a view to untangling thedifferentformsofsharing.Inaddition,wereviewwhichtypesofsharingstakeholdersperceiveasmoreusefulandaremorewillingtoengagein.Areviewofboththeacademicandgreyliteratureandastakeholderonlinesurvey are used to compile data.We then analyse the data to develop amore nuanced understanding ofcyber security information sharing, outlining key categories of sharing, before setting the scene for futureresearch.


19

PaperIV Poster

GenericObjectandMotionAnalyticsforAcceleratingVideoAnalysiswithinVICTORIADavidSchreiber,MartinBoyer,ElisabethBroneder,AndreasOpitz,StephanVeiglVideo recordings have become a major resource for legal investigations after crimes and terrorist acts.However, currently no mature video investigation tools are available and trusted by LEAs. The projectVICTORIA (Video analysis for Investigation of Criminal and TerrORist Activities) [1] addresses this need andaimstodeliveraVideoAnalysisPlatform(VAP) thatwillacceleratevideoanalysis tasksbya factorof15 to100. We describe concept and work in progress done by AIT GmbH within the project, focusing on thedevelopment of a state-of-the-art tool for generic object detection and tracking in videos. We develop adetection,classificationandtrackingtool,basedonDeepNeuralNetworks(DNNs),trainedonalargenumberofobjectclasses,andoptimizedfor theprojectcontext.Tracking isextendedtothemulti-classmulti-targetcase.ThegenericobjectandmotionanalyticsisintegratedinanovelframeworkdevelopedbyAIT,denotedasConnectedVision.


20

SessionIV

14:00-15:40 Thursday,October25,2018 Room:J1620 Chair:GerhardBackfried

PaperI Full

OnlineMonitoringofLargeEventsJohanFernquistandLisaKaatiInthispaper,wedescribeanapproachthatcanbeusedtomonitoractivityonlinethatconcernslargeevents.We propose six different tasks that can be used separately or in combination. The different tasks includeanalyzingmessagesfromvariousactors,understandingtheimpactofmessagestoreceivers,studyingonlinediscussions, analyzing hate and threats directed towards people and threats towards the execution of thelargeeventandfinallyifthereareanyongoinginfluentialoperationsdirectedtowardsthegeneralpublic.

To illustrate how the approach can be used, we provide some examples of the different steps whenmonitoringonlineenvironmentsafewmonthsbeforetheSwedishgeneralelectionin2018.

PaperII Full

NowYouSeeMe:IdentifyingDuplicateNetworkPersonasSeanSuehr,ChrysafisVogiatzisThis work provides a decision-making framework at the intersection of social network analysis and lawenforcement intelligencewith thegoalof identifyingpersonsof interest ina socialnetwork.Criminal socialnetworks are complex due to the limited and imperfect information available.Moreover, the participatingentitiestendtomisrepresentthemselvesinordertostayhiddenandcovert.Inthiswork,weproposeanewinteger programming formulation to assist in the identification of entities who are prone to misrepresentthemselves in a social network. Our insight is that such personas will form large subgraphs of restricteddiameterthatareconnectedtootherentitieswhodonotcommunicatedirectlyorwithinashortnumberofintermediates. We formally define the problem and derive its computational complexity. Additionally, weprovideanintegerprogrammingformulationtosolveitexactlywiththeuseofacommercialsolver.Wethenshow how our framework behaves on the Krebs 9/11 network. Our approach is able to identify what arebelieved to be two distinct clusters of criminals participating in two separate subplots: the multiple flighthijackingonSeptember11;aswellasaplotagainsttheU.S.embassyinParisintheyear2001.

PaperIII Short

Multi-expertEstimationsofBurglars’RiskExposureandLevelofPre-crimePreparationUsingCodedCrimeSceneData:WorkinProgressMartinBoldt,VeselkaBoeva,AntonBorgLawenforcementagenciesstrivetolinkcrimesperpetratedbythesameoffendersintocrimeseriesinordertoimprove investigation efficiency. Such crime linkage can be done using both physical traces (e.g., DNAorfingerprints) or “soft evidence” in the form of offenders’ modus operandi (MO), i.e. their behaviorsduringcrimes.However,physicaltracesareonlypresentforafractionofcrimes,unlikebehavioralevidence.This work-in-progress paper presents a method for aggregating multiple criminal profilers’ ratings ofoffenders’behavioralcharacteristics based on feature-rich crime scene descriptions. Themethod calculatesconsensus ratings from individual experts’ ratings, which then are used as a basis for classificationalgorithms. The classification algorithms can automatically generalize offenders’ behavioral characteristicsfromcuesinthecrimescenedata.Models trained on the consensus rating are evaluated against modelstrained on individual profiler’s ratings. Thus,whether theconsensusmodel shows improvedperformanceoverindividualmodels.


21

PaperIV Short

InferringDemographicdataofMarginalizedUsersinTwitterwithComputerVisionAPIsPanosKostakos,AbhinayPandya,OlgaKyriakouli,MouradOussalahInferring demographic intelligence from unlabeled socialmedia data is an actively growing area of research,challengedbylowavailabilityofgroundtruthannotatedtrainingcorpora.High-accuracyapproachesforlabelingdemographictraitsofsocialmediausersemployvariousheuristicsthatdonotscaleupandoftendiscountnon-Englishtextsandmarginalizedusers.First,wepresentaframeworkforinferringthedemographicattributesofTwitterusersfromtheirprofilepictures(avatars)usingtheMicrosoftAzureFaceAPI.Second,wemeasuretheinter-rater agreement between annotations made using our framework against two pre-labeled samples ofTwitter users (N1=1163; N2=659) whose age labels were manually annotated. Our results indicate that thestrengthoftheinter-rateragreement(Gwet’sAC1=0.89;0.90)betweenthegoldstandardandourapproachis‘verygood’forlabellingtheagegroupofusers.ThepaperprovidesausecaseofComputerVisionforenablingthedevelopmentof largecross-sectional labeleddatasets,andfurtheradvancesnovelsolutions inthefieldofdemographicinferencefromshortsocialmediatexts.

EISIC 2018 – Conference Venue

Blekinge Institute of Technology (BTH), Karlskrona, Sweden

Conference venue address: Campus Gräsvik, 371 79 Karlskrona

EISIC 2018 is hosted by Blekinge Institute of Technology (BTH) in Karlskrona, Sweden. BTH is a small

instituteof technologywitha clear focusonapplied ICT, strategic sustainability, and innovation. Ithasa

strong research and education environment in software engineering and emerging environments in

innovativeproductdevelopmentanddatascience.

Karlskrona,founded1680duringthereignofCharlesXI,hostsSweden'sonlyremainingnavalbaseandthe

headquartersoftheSwedishCoastGuard.ItisthecapitalofBlekingecounty.Thecityispositionedatthe

southeastcornerofSwedenwithexcellentconnectionsacrosstheBalticSea.

ThemainreceptionisinhouseAonthemap,andtheconferencewillbeheldinhouseJ.

22


23

Getting to the Campus

Thereisaregularbusthatleavesfromthebusstation(nexttothetrain-station).Busno.1leavestowards

campusfromthisstop(every7minutes).ThelocalbusesarerunbyBlekingetrafikenandyoucangetanup

todatetimetableontheirwebsite:www.blekingetrafiken.se

A trip fromKungsplan to campus takes8minutes and costs 30 SEK (no cashaccepted, credit/debit card

only). Driving (6minutes) or walking (30minutes). See themap below for detailed directions from the

centralstationtothecampus.


24

Getting to the Naval Museum

TheMarinmuseumiswithinwalkingdistancefromthecitycenter,locatedintheeasternmostpartsofthe

city center. Bus no. 1 from BTH has two stops along Drottninggatan which are within about 5minutes

walkingdistance,thestopDrottninggatanandthestopSparre.

EISIC 2018 – Information for Presenters & Policies

25

Information for Presenters

Full papers are allocated approximately 30minuteswhile Short papers 20minutes including a question-

and-answerperiodafter thepresentation.TheSessionChair introduces the speakersandmoderates the

question-and-answerperiod.Abasicaudio-visual installation(speakers,projectionscreen,dataprojector)

willbeavailableintheroom.Pleaseinformthelocalareachairpriortothestartoftheconferenceifyou

don’thaveyourownlaptopduringyourpresentation.

Poster Session

PosterswillbehostedintheFoyerduringthecoffeebreaks.Maximumheightofthepostercanbe140cm

andmaximumwidth104cm.

Photographs

PhotographsareallowedinsideandoutsidetheconferencecomplexandintheareaofBlekingeInstituteof

Technology.

Smoking Policy

Smoking isnotpermitted insidetheareasoftheconference.Smokerscanbeaccommodatedoutsidethe

conferencecomplex.

Mobile Phone Policy

As a courtesy to speakers and attendees please refrain from using mobile phones during the keynote

speechesandpresentations.Setyourmobilephonesilentmodebeforeenteringa sessionand leave the

sessionifyoureceiveacall.

WiFi

FreeWiFiwillbeavailabletoconferenceparticipantsintheconferencecomplexusingacodethatwillbe

providedatthetimeoftheregistrationandwillbeavailableforallthedaysoftheconference.

EISIC 2018

26

EISIC 2018

27

EISIC 2018 – October 24-25, Karlskrona, Sweden

European Intelligence and Security Informatics Conference

(EISIC) 2018

October 24-25, 2018,

Blekinge Institute of Technology, Karlskrona, Sweden

http://www.eisic.org

The Premier European Conference on Counterterrorism and Criminology

Designed by Panagiotis Karampelas, EISIC 2018

Karlskrona, Sweden, October 24-25, 2018 ... · sessions, and a poster session. We are very pleased...

Documents

Transcript of Karlskrona, Sweden, October 24-25, 2018 ... · sessions, and a poster session. We are very pleased...