BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Omid Setayeshfar

Omid Setayeshfar contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityMultiagent Systems

Trust snapshot

Quick read

Trust 13 - UnverifiedVerification L1Unclaimed author
2works
0followers
2topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

2 published item(s)

preprint2020arXiv

Active Deception using Factored Interactive POMDPs to Recognize Cyber Attacker's Intent

This paper presents an intelligent and adaptive agent that employs deception to recognize a cyber adversary's intent. Unlike previous approaches to cyber deception, which mainly focus on delaying or confusing the attackers, we focus on engaging with them to learn their intent. We model cyber deception as a sequential decision-making problem in a two-agent context. We introduce factored finitely nested interactive POMDPs (I-POMDPx) and use this framework to model the problem with multiple attacker types. Our approach models cyber attacks on a single honeypot host across multiple phases from the attacker's initial entry to reaching its adversarial objective. The defending I-POMDPx-based agent uses decoys to engage with the attacker at multiple phases to form increasingly accurate predictions of the attacker's behavior and intent. The use of I-POMDPs also enables us to model the adversary's mental state and investigate how deception affects their beliefs. Our experiments in both simulation and on a real host show that the I-POMDPx-based agent performs significantly better at intent recognition than commonly used deception strategies on honeypots.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

GrAALF:Supporting Graphical Analysis of Audit Logs for Forensics

System-level audit logs often play a critical role in computer forensics. They capture low-level interactions between programs and users in much detail, making them a rich source of insight and provenance on malicious user activity. However, using these logs to discover and understand malicious activities when a typical computer generates more than 2.5 million system events hourly is both compute and time-intensive. We introduce a graphical system called GrAALF for efficiently loading, storing, processing, querying, and displaying system events to support computer forensics. In comparison to other related systems such as AIQL [13] and SAQL [12], GrAALF offers the flexibility of multiple backend storage solutions, easy-to-use and intuitive querying of logs, and the ability to trace back longer sequences of system events in (near) real-time to help identify and isolate attacks. Equally important, both AIQL and SAQL are not available for public use, whereas GrAALF is open-source. GrAALF offers the choice of compactly storing the logs in main memory, in a relational database system, in a hybrid main memory-database system, and a graph-based database. We compare the responsiveness of each of these options, using multiple huge system-call log files. Next, in multiple real-world attack scenarios, we demonstrate the efficacy and usefulness of GrAALF in identifying the attack and discovering its provenance. Consequently, GrAALF offers a robust solution for analysis of audit logs to support computer forensics.

0 citations0 reviewsNo code linkedOpen access