Static Analysis for Web Service Security – Techniques and Tools for a Secure Development @ IEEE HST


Presented at IEEE HST 2015


Static Analysis for Web Service Security – Techniques and Tools for a Secure Development Life Cycle

Adnan Masood, Nova Southeastern University; Jim Java, Nova Southeastern University



Finding Interesting Outliers - A Belief Network based Approach @ IEEE SoutheastCon 2015


Presented in the IEEE SoutheastCon 2015




Finding Interesting Outliers - A Belief Network based Approach


Abstract: Outliers are deviations from the usual trends of data; to discover interestingness among outliers i.e. finding anomalies which are of real-interest for subject matter experts is an active area of research in data mining and maching learning community. Due to its subjective nature, the definition of what amounts to ’interesting’ varies between domains and subject matter experts. In this research, we explore the quantification for measures of interestingness, using Bayesian Belief Networks as background knowledge. Mining outliers may help discover potential anomalies and fraudulent activities. Meaningful outliers can be retrieved and analyzed by using domain knowledge. Domain knowledge (or background knowledge) is represented using probabilistic graphical models such as Bayesian belief networks. Bayesian networks are graph-based representation used to model and encode mutual relationships between entities. Due to their probabilistic graphical nature, Belief Networks are an ideal way to capture the sensitivity, causal inference, uncertainty and background knowledge in real world data sets. Bayesian Networks effectively present the causal relationships between different entities (nodes) using conditional probability. This probabilistic relationship shows the degree of belief between entities. A quantitative measure which computes changes in this degree of belief acts as a sensitivity measure. In this research paper we provide an overview of interestingness measures, their use to measure sensitivity in belief networks and review the earlier work on so-called Interestingness Filtering Engine. Building upon these foundation, we introduce our algorithm IBOX - Interestingness based Bayesian Outlier eXplainer, which provides progressive improvement in the performance and sensitivity scoring of the earlier works. IBOX provides an iterative model to use multiple interestingness measures resulting in better performance and improved sensitivity analysis. The approach quantitatively validates probabilistic interestingness measures as an effective sensitivity analysis technique in rare class mining.

Topic Category: Data Mining and Machine Learning



Announcing NL-ESB - A Negative Latency Enterprise Service Bus

Download Paper - NL-ESB - A Negative Latency Enterprise Service Bus



Monads by David Crockford

The monadic curse is that once someone learns what monads are and how to use them, they lose the ability to explain it to other people.

Excellent lecture. Transcript and Monads for Humans


Microservices by Martin Fowler @ Goto Conference

An interesting portrayal of Microservices by Martin Fowler.


The term "Microservice Architecture" has sprung up over the last few years to describe a particular way of designing software applications as suites of independently deployable services. While there is no precise definition of this architectural style, there are certain common characteristics around organization around business capability, automated deployment, intelligence in the endpoints, and decentralized control of languages and data.


State of the IoT Security

In a recent podcast by Scott Hanselman and Erica Stanley, an Internet of Things (IoT) primer, the guest mentioned how security is being treated as an afterthought for most things IoT. This is unfortunately true in various areas of software development; but especially with the unprecedented growth of IoT, this lax in providing security standards will fast become a safety and security dilemma.

To borrow the variety, velocity and volume analogy of Big Data, IoT is also subject to a very large variety of devices, supporting different velocities (performance capacities) and volumes (large number of devices, meshes etc). Protection of data in these devices and providing privacy of is definitely the key challenges in the IoT. It is also bad for business since lax security measures will cause decreased adoption impacting the success of the IoT and hinder overall development.

Following are some of the relevant links and papers which provide overview, analysis and taxonomy of security and privacy challenges in IoT.


References and Further Reading


Norse - IPViking Live - honeypots for visualization

Systems and methods for dynamic protection from electronic attacks - US Patent 8726379 B1

Systems and methods for gathering, classifying, and evaluating real time security intelligence data concerning security threats presented by an IP address, and reporting in real time the degree and character of such security threats.



Penetration Testing techniques in Web Applications - Infographic

Penetration Testing techniques in web applications by Dimitris Mandilaras, Nikolaos Tsalis is an succinct info-graphic review of different security frameworks / methodologies including OWASP, PTES, ISSAF, NIST, OSSTM and PTF.

A short poster can be downloaded from here.



Functional Humor -I don't even see the loops anymore I just see map, foldl, filter



Selection of 2014 F# / Functional Programming Resources

Go to Top