Md. Monowar Anjum

Md. Monowar Anjum, Shahrear Iqbal, Benoit Hamelin

We present ANUBIS, a highly effective machine learning-based APT detection system. Our design philosophy for ANUBIS involves two principal components. Firstly, we intend ANUBIS to be effectively utilized by cyber-response teams. Therefore, prediction explainability is one of the main focuses of ANUBIS design. Secondly, ANUBIS uses system provenance graphs to capture causality and thereby achieve high detection performance. At the core of the predictive capability of ANUBIS, there is a Bayesian Neural Network that can tell how confident it is in its predictions. We evaluate ANUBIS against a recent APT dataset (DARPA OpTC) and show that ANUBIS can detect malicious activity akin to APT campaigns with high accuracy. Moreover, ANUBIS learns about high-level patterns that allow it to explain its predictions to threat analysts. The high predictive performance with explainable attack story reconstruction makes ANUBIS an effective tool to use for enterprise cyber defense.

Wentao Li, Jiayi Tong, Md. Monowar Anjum et al.

Objectives: This paper develops two algorithms to achieve federated generalized linear mixed effect models (GLMM), and compares the developed model's outcomes with each other, as well as that from the standard R package (`lme4'). Methods: The log-likelihood function of GLMM is approximated by two numerical methods (Laplace approximation and Gaussian Hermite approximation), which supports federated decomposition of GLMM to bring computation to data. Results: Our developed method can handle GLMM to accommodate hierarchical data with multiple non-independent levels of observations in a federated setting. The experiment results demonstrate comparable (Laplace) and superior (Gaussian-Hermite) performances with simulated and real-world data. Conclusion: We developed and compared federated GLMMs with different approximations, which can support researchers in analyzing biomedical data to accommodate mixed effects and address non-independence due to hierarchical structures (i.e., institutes, region, country, etc.).

Md. Monowar Anjum, Shahrear Iqbal, Benoit Hamelin

Maintaining security and privacy in real-world enterprise networks is becoming more and more challenging. Cyber actors are increasingly employing previously unreported and state-of-the-art techniques to break into corporate networks. To develop novel and effective methods to thwart these sophisticated cyberattacks, we need datasets that reflect real-world enterprise scenarios to a high degree of accuracy. However, precious few such datasets are publicly available. Researchers still predominantly use the decade-old KDD datasets, however, studies showed that these datasets do not adequately reflect modern attacks like Advanced Persistent Threats(APT). In this work, we analyze the usefulness of the recently introduced DARPA Operationally Transparent Cyber (OpTC) dataset in this regard. We describe the content of the dataset in detail and present a qualitative analysis. We show that the OpTC dataset is an excellent candidate for advanced cyber threat detection research while also highlighting its limitations. Additionally, we propose several research directions where this dataset can be useful.

Md. Monowar Anjum, Noman Mohammed

During pandemics, health officials usually recommend access monitoring and regulation protocols/systems in places that are major activity centres. As organizations adhere to those recommendations, they often fail to implement proper privacy requirements to prevent privacy loss of the users of those protocols or systems. This is a very timely issue as health authorities across the world are increasingly putting these regulations in place to mitigate the spread of the current pandemic. A number of solutions have been proposed to mitigate these privacy issues existing in current models of contact tracing or access regulations systems. However, a prevalent pattern among these solutions are they mainly focus on protecting users privacy from server side and involve Bluetooth based ephemeral identifier exchange between users. Another pattern is all the current solutions try to solve the problem in city-wide or nation-wide level. In this paper, we propose a system, PAARS, which approaches the privacy issues in access monitoring/regulation systems from a micro level. We solve the privacy issues in access monitoring/regulation systems without any exchange of any ephemeral identifiers between users. Moreover, our proposed system provides privacy on both server side and the user side by using secure hashing and differential privacy mechanism.