Wednesday 24.08.2022 Detailed

Time (UTC +2)
HS 01
SR 03
SR 04
SR 05
SR 08
08:30 - 17:30
Organizers available
08:45 - 10:00
ARES Keynote
Delphine Reinhardt
HS 01

Usable Privacy: Retrospective and Challenges ahead

Delphine Reinhardt (University of Göttingen, Germany)

Abstract: Since the introduction of the GDPR  and the resulting cookie banners, providing or not our consent to data collection has become a recurrent activity that requests attention and time for each visited website.  While consent is an important instrument to protect our privacy, its implementation is a source of annoyance for most website visitors due to its lack of usability. As a result, they may choose the easiest way and click on the most attractive button without a second thought, thus voiding the original intention beyond an informed consent. To avoid such effects for which the users are not to blame, different usable privacy solutions have been proposed in the past. In this keynote, we will consider the different steps beyond consent in which the users can be involved and detail selected examples. Based on them, we will identify future research directions and discuss challenges that we will need to solve in the next years as a community.

10:00 - 10:30
Coffee Break
10:30 - 12:00
ARES II
Privacy
Session Chair:
Delphine Reinhardt (University of Göttingen, Germany)

SoK: How private is Bitcoin? Classification and Evaluation of Bitcoin Privacy Techniques

Simin Ghesmati (SBA Research, Austria), Walid Fdhila (SBA Research, Austria) and Edgar Weippl (University of Vienna and SBA Research, Austria)

Towards Verifiable Differentially-Private Polling

Gonzalo Munilla Garrido (SEBIS, Technical University of Munich, Germany), Johannes Sedlmeir (Fraunhofer FIT, Branch Business and Information Systems Engineering, Germany) and Matthias Babel (FIM Research Center, University of Bayreuth, Germany)

Automatic online quantification and prioritization of data protection risks

Sascha Sven Zmiewski (University of Duisburg-Essen, Germany), Jan Laufer (University of Duisburg-Essen, Germany) and Zoltán Ádám Mann (University of Amsterdam, The Netherlands)

Reviewing review platforms: a privacy perspective

Kevin De Boeck, Jenno Verdonck, Michiel Willocx, Jorn Lapon and Vincent Naessens (imec-DistriNet, Belgium)

CD-MAKE I
Explainable AI I
Session Chair:
Randy G. Goebel (University of Alberta, Canada)

Explain to Not Forget: Defending Against Catastrophic Forgetting with XAI

Sami Ede (Fraunhofer Heinrich Hertz Institute, Germany), Serop Baghdadlian (Fraunhofer Heinrich Hertz Institute, Germany), Leander Weber (Fraunhofer Heinrich Hertz Institute, Germany), An Nguyen (Friedrich Alexander-Universität Erlangen-Nürnberg, Germany), Dario Zanca (Friedrich Alexander-Universität Erlangen-Nürnberg, Germany), Wojciech Samek (Fraunhofer Heinrich Hertz Institute, Technische Universität Berlin, BIFOLD – Berlin Institute for the Foundations of Learning and Data, Germany) and Sebastian Lapuschkin (Fraunhofer Heinrich Hertz Institute, Germany)

Approximation of SHAP values for Randomized Tree Ensembles

Markus Loecher (Berlin School of Economics and Law, Germany), Dingyi Lai (Dept. of Statistics, Humboldt University, Germany), Wu Qi (Dept. of Statistics, Humboldt University, Germany)

Color shadows (part I): exploratory usability evaluation of activation maps in radiological machine learning

Federico Cabitza (Universit´a degli Studi di Milano-Bicocca, IRCCS Istituto Galeazzi Milano, Italy), Andrea Campagner (Universit´a degli Studi di Milano-Bicocca, Italy), Lorenzo Famiglini (Universit´a degli Studi di Milano-Bicocca, Italy), Enrico Gallazzi (Istituto Ortopedico Gaetano Pini — ASST Pini-CTO, Italy) and Giovanni Andrea La Maida (Istituto Ortopedico Gaetano Pini — ASST Pini-CTO, Italy)

Effects of Fairness and Explanation on Trust in Ethical AI

Alessa Angerschmid (Human-Centered AI Lab, University of Natural Resources and Life Sciences Vienna, Austria), Kevin Theuermann (Graz University of Technology, Austria), Andreas Holzinger (Human-Centered AI Lab, University of Natural Resources and Life Sciences Vienna, Austria), Fang Chen (Human-Centered AI Lab, University of Technology Sydney, Australia), Jianlong Zhou (Human-Centered AI Lab, University of Technology Sydney, Australia)

ENS III
Session Chair:
Edgardo Montes de Oca (Montimage, France)

Analysis and prediction of web proxies misbehavior

Zahra Nezhadian, Enrico Branca, and Natalia Stakhanova (University of Saskatchewan, Canada)

Analyzing RRC Replay Attack and Securing Base Station with Practical Method

Seongmin Park (Korea Internet & Security Agency, South Korea), Ilsun You (Kookmin University, South Korea), Hoonyong Park (Soonchunhyang University, South Korea) and Dowon Kim (Korea Internet & Security Agency, South Korea)

Sim2Testbed Transfer: NDN Performance Evaluation

Enkeleda Bardhi (Sapienza University of Rome, Italy), Mauro Conti (University of Padua, Italy), Riccardo Lazzeretti (Sapienza University of Rome, Italy), Eleonora Losiouk (University of Padua, Italy) and Ahmed Taffal (Sapienza University of Rome, Italy)

Performance Evaluation of DTLS Implementations on RIOT OS for Internet of Things Applications

Karol Rzepka, Przemysław Szary, Krzysztof Cabaj and Wojciech Mazurczyk (Warsaw University of Technology, Poland)

CUING I
Session Chair:
Prof. Wojciech Mazurczyk (Warsaw University of Technology, Poland & FernUniversitaet in Hagen, Germany)

Describing Steganography Hiding Methods with a Unified Taxonomy

Steffen Wendzel (Scientific Director Center of Technology & Transfer and Professor, Hochschule Worms Lecturer, University of Hagen)

Abstract: Steganography embraces several hiding techniques which spawn across multiple domains, such as digital media steganography, text steganography, cyber-physical systems steganography, network steganography (network covert channels), and filesystem steganography. However, the related terminology is not unified among the different domains. To cope with this, an attempt has been made in 2015 with the introduction of the so-called “hiding patterns”. Hiding patterns allow to describe hiding techniques in a more abstract manner. Despite significant enhancements, the main limitation of the original taxonomy is that it only considers the case of network steganography. The 2015-taxonomy was optimized over the years but a major revision (presented at ARES’ CUING’21) has paved the path towards a taxonomy that covers all steganography domains.

This keynote introduces the concept of hiding patterns and reviews the development of the methodology. It will also present a major revision of the patterns-taxonomy, which was developed by a consortium with members from several countries (HS Worms (Germany), CNR (Italy), WUT (Poland), Univ. Goce Delcev (North Macedonia), University of Magdeburg (Germany), and TH Brandenburg (Germany)). The new version of the taxonomy will be made publicly available in mid-August, here.

A novel, refined dataset for real-time Network Intrusion Detection

Mikołaj Komisarek (ITTI Sp. z o.o. and Bydgoszcz University of Science and Technology, Poland), Marek Pawlicki (ITTI Sp. z o.o. and Bydgoszcz University of Science and Technology, Poland), Maria-Elena Mihailescu (University Politehnica of Bucharest, Romania), Darius Mihai (University Politehnica of Bucharest, Romania), Mihai Carabas, Rafał Kozik (ITTI Sp. z o.o. and Bydgoszcz University of Science and Technology, Poland) and Michał Choraś (FernUniversität in Hagen and Bydgoszcz University of Science and Technology, Poland)

CSA I
Session Chair:
Salvador Llopis Sanchez (Universitat Politecnica de Valencia, Spain)

Horizon scanning and strategic knowledge management for future military operations

Dr. Joachim Klerx, Austrian Insititute of Technology, Austria

Abstract: Actionable information and strategic knowledge have always created competitive advantages in war situations. However, the digital revolution of the last decades has been proven to be a game changer in the strategic knowledge management for future military operations. Digital innovations did change processes, technologies and capabilities in conflict scenarios and is continuing to do so. This is obvious for operative intelligence, surveillance and reconnaissance (ISR) but is not so obvious for the strategic knowledge management for future military operations.

In this talk, results from long-term monitoring of military cyber research and AI horizon scanning with intelligent agents are presented. After presenting a short introduction into the methodical approach, this talk will summarize the horizon scanning results for future military AI solutions, including some corresponding future threat scenarios, innovations and trends. Finally, the impacts on cyber situational awareness and future security policy perspectives are discussed.

VALKYRIES: Harmonization and Pre-Standardization of Technology, Training and Tactical Coordinated Operations for First Responders on EU MCI

Yantsislav Yanakiev (Bulgarian Defence Institute, Bulgaria), Marta Irene García Cid (Indra, Spain), Jorge Maestre Vidal (Indra, Spain), Nikolai Stoianov (Bulgarian Defence Institute, Bulgaria) and Marco Antonio Sotelo Monge (Indra, Spain)

Disruptive Quantum Safe Technologies

Marta Irene Garcia Cid (Indra, UPM, Spain), Jorge Álvaro González (Indra, Spain), Diego Del Río Gómez (Indra, Spain) and Laura Ortíz Martín (Indra, UPM, Spain)

12:00 - 13:00
Lunch Break
13:00 - 14:30
ARES III
Cloud Security And Web Privacy
Session Chair:
Fabio Massacci (University of Trento, Vrije Universiteit Amsterdam, The Netherlands)

SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices

Priyanka Billawa (Hamburg University of Technology, Germany), Anusha Bambhore Tukaram (Hamburg University of Technology, Germany), Nicolás E. Díaz Ferreyra (Hamburg University of Technology, Germany), Jan-Philipp Steghöfer (Chalmers University of Technology, University of Gothenburg, Sweden), Riccardo Scandariato (Hamburg University of Technology, Germany) and Georg Simhandl (University of Vienna, Austria)

Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing

Angeliki Aktypi (Department of Computer Science, University of Oxford, United Kingdom), Dimitris Karnikis (Aarno Labs, United States), Nikos Vasilakis (Massachusetts Institute of Technology, United States) and Kasper Rasmussen (Department of Computer Science, University of Oxford, United Kingdom)

Assessing discrepancies between network traffic and privacy policies of public sector web services

Timi Heino, Robin Carlsson, Sampsa Rauti and Ville Leppänen (University of Turku, Finland)

Cookie Disclaimers: Impact of Design and Users’ Attitude

Benjamin Maximilian Berens (Karlsruhe Institut of Technology, Germany), Heike Dietmann (Karlsruhe Institut of Technology, Germany), Chiara Krisam (Karlsruhe Institut of Technology, Germany), Oksana Kulyk (IT University of Copenhagen, Denmark) and Melanie Volkamer (Karlsruhe Institut of Technology, Germany))

CD-MAKE II
Explainable AI II
Session Chair:
Wojciech Samek (Fraunhofer Heinrich Hertz Institute, Germany)

Towards Refined Classifications driven by SHAP explanations

Yusuf Arslan (SnT – University of Luxembourg, Luxembourg), Bertrand Lebichot (SnT – University of Luxembourg, Luxembourg), Kevin Allix (SnT – University of Luxembourg, Luxembourg), Lisa Veiber (SnT – University of Luxembourg, Luxembourg), Clément Lefebvre (BGL BNP Paribas, Luxembourg), Andrey Boytsov (BGL BNP Paribas, Luxembourg), Anne Goujon (BGL BNP Paribas, Luxembourg), Tegawendé F. Bissyandé (SnT – University of Luxembourg, Luxembourg) and Jacques Klein (SnT – University of Luxembourg, Luxembourg)

Global Interpretable Calibration Index, a New Metric to Estimate Machine Learning Models’ Calibration

Federico Cabitza (Dipartimento di Informatica, Sistemistica e Comunicazione, University of
Milano-Bicocca, IRCCS Istituto Ortopedico Galeazzi, Italy), Andrea Campagner (Dipartimento di Informatica, Sistemistica e Comunicazione, University of Milano-Bicocca, Italy) and Lorenzo Famiglini (Dipartimento di Informatica, Sistemistica e Comunicazione, University of Milano-Bicocca, Italy)

The ROC Diagonal is not Layperson’s Chance: a New Baseline Shows the Useful Area

André M. Carrington (Department of Radiology, Radiation Oncology and Medical Physics, Faculty of Medicine, University of Ottawa and the Ottawa Hospital, Canada), Paul W. Fieguth (Department of Systems Design Engineering, University of Waterloo, Canada), Franz Mayr (Faculty of Engineering, Universidad ORT Uruguay, Uruguay), Nick D. James (Software Solutions, Systems Integration and Architecture, The Ottawa Hospital, Canada), Andreas Holzinger (University of Natural Resources and Life Sciences Vienna, Austria), John W. Pickering (Christchurch Heart Institute, Department of Medicine, University of Otago, New Zealand) and Richard I. Aviv (Department of Radiology, Radiation Oncology and Medical Physics, Faculty of Medicine, University of Ottawa and the Ottawa Hospital, Canada)

Debiasing MDI Feature Importance and SHAP values in Tree Ensembles

Markus Loecher (Berlin School of Economics and Law, Germany)

ENS IV
Session Chair:
Prof. Ilsun You (Kookmin University, South Korea)

We cannot trust in you: a study about the dissonance among anti-malware engines

Davide Cocca (Yoroi srl, Italy), Antonio Pirozzi (Universita’ Degli Studi Del Sannio, Italy) and Aaron Visaggio (Universita’ Degli Studi Del Sannio, Italy)

FileUploadChecker: Detecting and Sanitizing Malicious File Uploads in Web Applications at the Request Level

Pascal Wichmann (Universität Hamburg, Security in Distributed Systems, Germany), Alexander Groddeck (Universität Hamburg, Germany) and Hannes Federrath (Universität Hamburg, Security in Distributed Systems, Germany)

Joint Security-vs-QoS Framework: Optimizing the Selection of Intrusion Detection Mechanisms in 5G networks

Arash Bozorgchenani (Lancaster University, United Kingdom), Charilaos C. Zarakovitis (National Centre for Scientific Research “Demokritos”, Greece), Su Fong Chien (MIMOS Berhad, Malaysia), Heng Siong Lim (Multimedia University, Malaysia), Qiang Ni (Lancaster University, United Kingdom), Antonios Gouglidis (Lancaster University, United Kingdom) and Wissam Mallouli (Montimage EURL, France)

The Owner, the Provider and the Subcontractors : How to Handle Accountability and Liability Management for 5G End to End Service

Chrystel Gaber (Orange, France), Ghada Arfaoui (Orange, France), Yannick Carlinet (Orange, France), Nancy Perrot (Orange, France), Laurent Valleyre (Orange, France), Marc Lacoste (Orange, France), Jean-Philippe Wary (Orange, France), Yacine Anser (Orange,CNAM, France), Rafal Artych (Orange Polska, Poland), Aleksandra Podlasek (Orange Polska, Poland), Edgardo Montesdeoca (Montimage, France), Vinh Hoa La (Montimage, France), Vincent Lefebvre (TAGES, France), Gürkan Gür (Zurich Univeristy of Applied Sciences, Switzerland)

CUING II
Session Chair:
Prof. Angelo Consoli (Scuola universitaria professionale della Svizzera italiana (SUPSI), Switzerland)

UNCOVER: Development of an efficient steganalysis framework for uncovering hidden data in digital media

Vaila Leask (Royal Military Academy, Belgium), Rémi Cogranne (Université de Technologie Troyes, France), Dirk Borghys (Royal Military Academy, Belgium) and Helena Bruyninckx (Royal Military Academy, Belgium)

Revealing MageCart-like Threats in Favicons via Artificial Intelligence

Massimo Guarascio (CNR, ICAR, Italy), Marco Zuppelli (CNR, IMATI, Italy), Nunziato Cassavia (CNR, ICAR, Italy), Luca Caviglione (CNR, IMATI, Italy) and Giuseppe Manco (CNR, ICAR, Italy)

Detection of Malicious Images in Production-Quality Scenarios with the SIMARGL Toolkit

Luca Caviglione (CNR, Italy), Martin Grabowski (Netzfactor GmbH, Germany), Kai Gutberlet (Netzfactor GmbH, Germany), Adrian Marzecki (Orange Polska, Poland), Marco Zuppelli (CNR, Italy), Andreas Schaffhauser (FernUniversität in Hagen, Germany) and Wojciech Mazurczyk (Warsaw University of Technology, Poland)

Web Page Harvesting for Automatized Large-scale Digital Images Anomaly Detection

Marcin Kowalczyk, Agnieszka Malanowska, Wojciech Mazurczyk and Krzysztof Cabaj (Warsaw University of Technology, Poland)

CSA II
Session Chair:
Jorge Maestre Vidal (Indra, Spain)

A Quantitative Analysis of Offensive Cyber Operation (OCO) Automation Tools

Samuel Zurowski (University of New Haven, United States), George Lord (University of New Haven, United States) and Ibrahim Baggili (University of New Haven, Louisiana State University, United States)

Panel: Recent advances in Cyber Situational Awareness

Invited speakers & workshop chairs

14:30 - 15:00
Coffee Break
15:00 - 16:30
ARES IV
Web Security
Session Chair:
Nils Gruschka (University of Oslo, Norway)

Web Cryptography API: Prevalence and Possible Developer Mistakes

Pascal Wichmann, Maximilian Blochberger and Hannes Federrath (University of Hamburg, Germany)

Dating Phish: An Analysis of the Life Cycles of Phishing Attacks and Campaigns

Vincent Drury, Luisa Lux and Ulrike Meyer (RWTH Aachen University, Germany)

Web Bot Detection Evasion Using Deep Reinforcement Learning

Christos Iliou (Information Technologies Institute, CERTH, Greece and BU-CERT, Bournemouth University, United Kingdom), Theodoros Kostoulas (Department of Information and Communication Systems Engineering, University of the Aegean, Greece), Theodora Tsikrika (Information Technologies Institute, CERTH, Greece), Vasilios Katos (Bournemouth University, United Kingdom), Stefanos Vrochidis (Information Technologies Institute, CERTH, Greece) and Ioannis Kompatsiaris (Information Technologies Institute, CERTH, Greece)

Rumor and clickbait detection by combining information divergence measures and deep learning techniques

Christian Oliva (ITEFI-CSIC and UAM, Spain), Ignacio Palacio-Marín (UAM, Spain), Luis F. Lago-Fernández (UAM, Spain) and David Arroyo (ITEFI-CSIC, Spain)

CD-MAKE III
Privacy, Identification and Prediction
Session Chair:
Mathias Fischer (University of Hamburg, Germany)

Identifying Fraud Rings Using Domain Aware Weighted Community Detection

Shaik Masihullah, Meghana Negi, Jose Matthew, and Jairaj Sathyanarayana (Swiggy, Bangalore, India)

Capabilities, limitations and challenges of style transfer with CycleGANs: a study on automatic ring design generation

Tomas Cabezon Pedroso (Carnegie Mellon University, United States), Javier Del Ser (TECNALIA, Basque Research & Technology Alliance (BRTA), University of the Basque Country (UPV/EHU), Spain) and Natalia Díaz-Rodríguez (Department of Computer Sciences and Artificial Intelligence, Andalusian Research Institute in Data Science and Computational Intelligence (DaSCI), CITIC, University of Granada, Spain)

Semantic Causal Abstraction for Event Prediction

Sasha Strelnikoff, Aruna Jammalamadaka and Tsai-Ching Lu (Information Systems and Sciences Laboratory, HRL Laboratories, LLC, United States)

WSDF
Session Chair:
Virginia Franqueira (University of Kent, UK)

Coming Back to the Backlog: Can Digital Investigations Catch Up?

Dr. Andrew Marrington (Zayed University, United Arab Emirates)

Abstract: Digital evidence is crucial in a wide variety of criminal investigations and prosecutions. The digital footprint of everyday life and the proximity of smartphones and other digital devices to physical crime scenes means that the relevance of digital evidence is by no means confined to cybercrime cases. As a result, law enforcement agencies around the world have huge backlogs of digital evidence awaiting extraction and examination. In the UK alone, the collective backlog is at least 21,000 digital devices (smartphones, computers, tablets, etc), contributing to significant delays in investigations and prosecutions.

For two decades, digital forensics research has been grappling with this backlog in a variety of ways. Researchers have proposed faster methodologies and tools, more automation of the process of examination and analysis, triage techniques to make better use of examinter time, and more. Nevertheless, the problem of large backlogs persists. This keynote considers the causes of the backlog problem, and discusses how the digital forensics community can try to address it in the years ahead.

Forensic analysis of Tor in Windows environment: A case study
Vaia-Maria Angeli, Ahmad Atamli and Erisa Karafili (School of Electronics and Computer Science, University of Southampton, United Kingdom)

WSL2 Forensics: Detection, Analysis & Revirtualization

Philipp Boigner (St. Pölten University of Applied Sciences, Austria) and Robert Luh (St. Pölten University of Applied Sciences and University of Vienna, Austria)

Fast and Blind Detection of Rate-Distortion-Preserving Video Watermarks

Hannes Mareen (IDLab, Ghent University – imec, Belgium), Glenn Van Wallendael (IDLab, Ghent University – imec, Belgium), Peter Lambert (IDLab, Ghent University – imec, Belgium) and Fouad Khelifi (Department of Computer and Information Sciences, Northumbria University, United Kingdom)

 

CUING III
Session Chair:
Dr. Peter Kieseberg (St. Pölten University of Applied Sciences, Austria)

Network Steganography Through Redundancy in Higher-Radix Floating-Point Representations

Carina Heßeling, Jörg Keller and Sebastian Litzinger (FernuUniversitaet Hagen, Germany)

Using Telegram as a carrier for image steganography: Analysing Telegrams API limits

Niklas Bunzel (Fraunhofer SIT, ATHENE, Germany), Tobias Chen (TU Darmstadt, Germany) and Martin Steinebach (Fraunhofer SIT, ATHENE, Germany)

Challenging Channels: Encrypted Covert Channels within Challenge-Response Authentication

Tobias Schmidbauer (FernUniversität in Hagen, Germany), Jörg Keller (FernUniversität in Hagen, Germany) and Steffen Wendzel (Hochschule Worms and FernUniversität in Hagen, Germany)

Improving Performance of Machine Learning based Detection of Network Steganography in Industrial Control Systems

Tom Neubert (Brandenburg University of Applied Sciences, Germany), Antonio José Caballero Morcillo (Universitat Politècnica de València, Spain) and Claus Vielhauer (Brandenburg University of Applied Sciences, Germany)

IWSECC
Session Chair:
Antonio Muñoz (University of Malaga, Spain)

GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments
Ioannis Kalderemidis (University of Piraeus, Greece), Aristeidis Farao (University of Piraeus, Greece), Panagiotis Bountakas (University of Piraeus, Greece), Sakshyam Panda (University of Greenwich, United Kingdom), Christos Xenakis (University of Piraeus, Greece)

Revisiting a Privacy-Preserving Location-based Service Protocol using Edge Computing
Santosh Kumar Upadhyaya and Srinivas Vivek (International Institute of Information Technology, Bangalore, India)

A Revisit of Attestable Nodes for Networked Applications
Mathias Schüpany and Martin Pirker (St.Pölten University of Applied Sciences, Austria)

16:30 - 16:45
Short Coffee Break
16:45 - 17:30
CD-MAKE Keynote
R.G. Goebel
HS 01

Explanation as an essential component of machine-mediated acquisition of knowledge for predictive models

R.G. Goebel (University of Alberta and XAI-Lab in Edmonton, Alberta, Canada)

Abstract: The successful application of machine learning (ML) methods becomes increasingly dependent on their interpretability or explainability. Designing explainable ML systems is instrumental to ensuring transparency of automated decision-making that targets humans. The explainability of ML methods is also an essential ingredient for trustworthy artificial intelligence. A key challenge in ensuring explainability is its dependence on the specific human user (“explainee”).
The users of machine learning methods might have vastly different background knowledge about machine learning principles. One user might have a university degree in machine learning or related fields, while another user might have never received formal training in high-school mathematics. We measure explainability via the conditional entropy of predictions, given some user signal. This user signal might be obtained from user surveys or biophysical measurements.
We propose explainable empirical risk minimization (EERM) principle of learning a hypothesis that optimally balances between the subjective explainability and risk.
The EERM principle is flexible and can be combined with arbitrary machine learning models. We present several practical implementations of EERM for linear models and decision trees. Numerical experiments demonstrate the application of EERM to detecting the use of inappropriate language on social media.

19:00 - 20:30
Sightseeing Tour Schönbrunn Castle