Семинар № 4/14
28 апреля 2014 г.

Итоговый доклад по научной стажировке
"Multilingual associative experiment on cyber security"

IT-security training is a major challenge for big companies. They have to educate international staff that speaks different languages and comes from different cultures. Multilingual IT-security training is one approach to do this. Based on Artificial Intelligence Markup Language (AIML), we developed a chatbot that can give rudimentary training on three topics: passwords, privacy and secure browsing.
The challenges we faced were manifold. First, we had to teach the bot to recognize related terms such as ''information security'' and ''IT security''. Second, we had to translate these associations to English, Russian and other languages such as Spanish and Mongolian. For this we conducted associative experiments online.

The research process, tasks, challenges and solutions will be presented by Iwan Gulenko on Monday. Iwan recently finished his Master in Computer Science. He was funded by the German government to conduct research about security behavior in different cultures settings. For this he spent three months at the Polytechnic Institute of New York and is now finishing his three months at Bauman’s State Technical University in Moscow.

Семинар № 3/14
14 апреля 2014 г.

В запросно-ответных системах, основанных на извлечении ответа из документов, полнота поиска релевантных документов играет важную роль. Для ее увеличения применяются различные техники преобразования запроса. В исследовании представлена когнитивная модель, выполняющая поиск релевантных запросу термов. Модель строится на основе ассоциативной сети и когнитивных единиц, персонифицируя предобработку запроса с ее выполнением на стороне пользователя.

Семинар № 2/14
3 марта 2014 г.

We present three short case studies how theories and methods from psychology were applied to improve security behaviour:
(1) Social against social engineering: Concept and development of a Facebook application to raise security and risk awareness
A method to mitigate the risks of social engineering in the era of social networks is very much needed. For instance, friend requests on Facebook are often accepted blindly, thus granting unknown people access to profile details. These problems fuel requirements for an application, which is developed in this study that raise awareness of security issues in Facebook using the strength of social networks -- the circle of friends.
(2) Improving passwords: Application of emotions theory
Weak passwords are a prevalent security behaviour problem. Recent breaches of databases show the low quality of passwords still chosen by users. Previous work on information systems security (ISS) behaviour focuses either on cognitive theories, such as the Theory of Planned Behaviour, or on negative motivational incentives, such as Deterrence Theory. We question the effectiveness of these approaches, and instead we apply positive emotional incentives to security behaviour and teach people how to form strong but still memorable passphrases.
(3) Towards a multilingual framework to estimate IT security behaviour through word associations tests.
Free word associations tests are part of evidence-based treatment methodology in psychoanalysis. It enables to find out about the mental map of a person about a specific topic. We have launched the associative experiment in the field of it-security one month ago.  We will discuss how we used thesauri and Serelex  to compile a draft for the it-security stimulus list, difficulties with translation to Russian, first experiment and first results.

Семинар № 1/14
17 февраля 2014 г.

Артем Шумилов
МГТУ имени
Н.Э. Баумана
(ИУ-5, 6-ой курс)

Using 3D Animated Hand Gestures to Create a New Type of CAPTCHA

Website owners and administrators have to deal with the problem of spam every day. The intentions of spammers are to post advertisements, get access to private information, create links to improve search engine rankings of their own websites or something like that. In order to achieve those goals spammers have to send a lot of messages, so they usually use computer programs to do so. To protect their websites from spam webmasters use CAPTCHA – special tests created to tell computers and humans apart.
Although CAPTCHA does not guarantee absolute protection against spam, nevertheless, the use of sophisticated enough for automatic recognition CAPTCHA can stop spammers, as most programs of automatic recognition (spam bots) after one or more failed attempts to pass the test tries to find other sites with weaker spam protection.
This presentation focuses on one of the most difficult for automatic recognition type of CAPTCHA using three-dimensional animated images hand gestures.

Web Services Defense from DDoS via Provided Interfaces Controlling

Distributed Denial of Service (DDoS) attacks recently performed showed that the threat of overloading web service resources is still active. Nowadays, hackers prefer to use cleverer approach of loading not only the network, but higher levels via understanding service structure and hitting into most vulnerable places. This work is an outcome of, yet not completed, research, into CEP based system for analyzing user site queries and prevention from attacking to them. We build software that allows to measure and control server page loading and identify and limit fake visitors. Novel limiting approach is offered. We knowingly excluded any screenshots, code samples, specific design principles to focus on main features and benefits.

Все видео
НОК CLAIM