Dato' Dr. Haji Amirudin Bin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia
Bio:
Dato' Ts. Dr. Haji Amirudin Abdul Wahab ("Dato' Dr. Amir") is currently the Chief Executive Officer (CEO) of CyberSecurity Malaysia, the agency that monitors e-sovereignty of the country. He has more than 25 years of ICT working experience in the telecom and IT sector in the Government as well as in the semi-government and private sectors.
During Dato' Ts. Dr. Amir's leadership as CEO, Cybersecurity Malaysia (CSM) managed to contribute to Malaysia's achievement in attaining top 10 ranking in the world, at International Telecom Union (ITU) Global Cyber Security Index studies and became first Malaysian to chair World Trustmark Alliance (2014-2015). Besides that, during his leadership, CSM was awarded as Best Cyber Security Innovation Award 2015 recipient by FireEye Malaysia and won Champion Prizes at the World Summit of the Information Society (WSIS) for 2 consecutive years (2016 & 2017). He was also selected to receive an ASEAN Award as the Outstanding Chief Information/Security Officer in conjunction with the 10th ASEAN CIO| CSO Summit and Awards 2014 held in Ho Chi Minh City, Vietnam on 2 December 2014. On 2nd May 2018, he has been registered in Malaysia Board of Technologist as Professional Technologist which has allowed him to use abbreviation "Ts" before his name.
During his leadership, Dato' Ts. Dr. Amir also spearheaded various national and international Cyber security platforms such as serving as the cyber security co-chair in the Cybersecurity working Group for Council for Security Cooperation in the Asia Pacific (CSCAP) since 2015, as Permanent Secretariat to Organisation of Islamic Conference Computer Emergency Response Team (OIC- CERT) since 2013, Deputy Chair to Asia Pacific Computer Emergency Response Team (AP-CERT) for 2015 -2019. Dato' Ts. Dr. Amir is a Canadian-based POLCYB (The Society of The Policing of Cyberspace) Non-Executive Board of Directors for year 2015 to 2018. He served as an OIC Task Force Member on ICT and Cyber Security and a Fellow at Malaysian Institute of Management. He was also appointed as Vice-Chair of OIC Science and Technology Committee and Executive Committee Member of Annual Coordination Meeting of OIC Institutions (ACMOI) during the Thematic Committee on Science, Technology and Information Technology meeting which was held in conjunction with Annual Coordination Meeting of OIC Institutions on 7 December 2015 at Jeddah, Arab Saudi. He was also ratified by APEC ECSG on 27 February 2016 in Lima, Peru as an Expert Members for the 2nd APEC E-Commerce Business Alliance (ECBA) Expert Council (2016-2018) in which he was one of its Deputy Chairman. Dato' Ts. Dr. Amir was also appointed as Advisory Board Member of The Economist Intelligence Unit on Asia Smart City Program 2016.
Nationally, Dato' Ts. Dr. Amirudin is a currently the Chairman of National ICT Standard Committee (ISCG) since Mar 2010 till current. He is also a Chairman of Board of Governance Global Accredited Cyber Security Education or Global ACE Scheme for Malaysia Chapter and past Head of Secretariat to the National IT Council NITC chaired by YAB PM from 2010-2012. He is currently a Board Member of Technology Park Malaysia (TPM) IT Sdn Bhd since 2016 and also used to sit as a Board member to Malaysia Digital Economy Corporation (MDeC) and MyNIC Berhad during 2011-2012 period in addition to the past Computer Industry Association of Malaysia (PIKOM) Council or Board Member from 2014-2015.Dato' Ts. Dr. Amir holds a Doctor of Philosophy (PhD) from the School of Information Technology & Electrical Engineering (ITEE), University of Queensland, Australia. Dato' Ts. Dr Amir also holds two Master degrees, a Masters in Business Administration (MBA) from the University of Duqubue, Iowa, USA, a Masters in Information Technology from National University of Malaysia (UKM) and a Bachelor of Science Engineering in Electrical Engineering from the University of Michigan, Ann Arbor, USA.Academically, Dato' Ts Dr. Amir is an Adjunct Professor at the International Islamic University of Malaysia (UIAM), Universiti Kebangsaan Malaysia (UKM), Universiti Teknologi Petronas (UTP) and Universiti Utara Malaysia (UUM) and was one at Universiti Tenaga Nasional (UNITEN) Malaysia and currently also serves as a Board of Studies Member of the Universiti Teknologi Petronas (UTP), University Malaya (UM) and Universiti Putra Malaysia (UPM).
A calculated risk-taker with deep technical industry knowledge, Dato' Ts. Dr. Haji Amirudin had built a strong reputation for developing effective and unique strategies and incubating new models and designs. He maintains a well-deserved national and international reputation in his field where he had been invited as keynote speakers and panellist in various local and international conferences and featured regularly in the various local TV, Radio, newspapers, magazines and online medias. He was conferred the Dato 'Paduka Mahkota Perak (D.P.M.P) by His Royal Highness the Sultan of Perak, Sultan Nazrin Muizzuddin Shah, who brought him the title Dato' on 5 November 2016.
Talk Abstract:
Internet penetration has surpassed 55% global population mark. This number indicates that more than 4.5 billion of people has access to the internet. While this exhibits that the world is highly connected, has better access to information and networking, it acts as an occasion for criminal to embark their illicit activities and make use of technology especially internet to broaden their potential victims globally and grow their profits. As the world is embracing emerging technologies such as 4th Industrial Revolution, Internet of Things, Artificial Intelligence and many more, the numbers of threats are significantly growing and cyber attacks are becoming daily news. Ransomware attacks and data breaches are among top cyber incidents dominating global concerns while at the same time, numbers of cyber security professionals are still low. A research done by CyberSecurity Ventures shows that there are 3.5 million unfilled cybersecurity jobs by 2021, putting the world in risky environment. The presentation will explain how CyberSecurity Malaysia, a national cyber security technical agency prepares a holistic approach namely adaptive security at the national level to safeguard Malaysia's cyber space and continue making Malaysia as a cyber resilient nation.
Dr. Marc Dacier Full Professor, Digital Security Department Head EURECOM, France
Bio:
Past Professional Experience From 1989 until 1991, he worked at the University of Louvain, Belgium, as a researcher. From 1992 until 1994, he was a member of the dependability group, at LAAS-CNRS in Toulouse (France) working on his PhD thesis in the "Dependable Computing and Fault Tolerance" group on quantitative evaluation of operational computer security. In 1995, at Firstel, Paris, he worked on several security related projects as an external security consultant for France Telecom in Paris (France) and the French ministry of interior. From 1996 until 2002, he worked for IBM Research, in Zurich (Switzerland) as a Research Staff Member (RSM) and became the founding manager of the Global Security Analysis Lab (GSAL). He obtained an IBM Outstanding Technical Achievement Award for the contributions of his research to the business of IBM Global Services. In addition, the GSAL team pursued several projects in the intrusion detection domain that led to the creation of the new Tivoli Intrusion detection product, namely Tivoli Risk Manager, the very first-to-market SIEM platform. His team completed the technology transfer to Tivoli and kept providing new features, derived from their ongoing research, to the Tivoli development team during the following years. Similar technology transfer also happened successfully with the Managed Security Services group located in Sterling Forest (USA) in the context of their centralized intrusion detection alerts correlation offering for IBM customers. This fruitful collaboration led also to the completion of the PhD thesis of Dominique Alessandri and Klaus Julisch, from IBM Zurich Research. From 2002 until 2008, he worked as a professor at Eurecom, Sophia Antipolis (France) within the Corporate Communications Department. During that period, he taught the lectures on networking and operational network security. He also was very successful in obtaining funding for several European and French projects and grew his team accordingly. From 2008 until 2014, he worked for Symantec Research Labs, and managed several groups in France, Ireland and in the United States. His teams constituted the Collaborative Advanced Research Department (CARD) within Symantec Research Labs (SRL). CARD focused on innovation and development of next-generation technologies. In addition to internal advancements, Dr. Dacier's teams collaborated on joint projects with external government agencies, universities and businesses on mostly long-term projects. The technical domains involved include network security (honeypots, BGP, etc.), cyber security intelligence extraction, natural language processing, automated machine translation, big data analytics and critical infrastructure protection. In that role, he spent two years in California (USA), from August 2011 until July 2013. While in the USA, he was instrumental in restructuring Symantec Research Labs as a whole and in defining and putting in place a Research Development Life Cycle to better select, implement and transfer, to the business units, the results of long-term research projects in order to have bigger impact on the company. This work led to the consolidation of Symantec Research Labs into a single organization as opposed to the externally vs. internally funded teams that were composing SRL before. He also worked during 6 months on a major growth plan for Symantec Research to move from 35 people to 300. His plan included the definition of new labs, of new processes to align with business units, of new organizational methods. All relevant VPs and the CEO approved the plan but the forced departure of the CEO and the following restructuring of the company aborted its implementation. He came back to France in August 2013 to focus on the European teams in this new, global, organization he had contributed to define while in the USA. From 2014 until 2017, he worked for the Qatar Computing Research Institute (QCRI / HBKU) in Doha, Qatar, as director of the cybersecurity research group that he was hired to create from the ground up. The initial plan was to have 50 members in that group but drop in the oil price together with the Saudi blockade eventually reduced QCRI's ambitions. Its mission was to carry out applied and impactful research. His role, besides the scientific leadership, included hiring the needed scientists and engineers, increasing the visibility of the team, defining and implementing a long-term research vision and strategy, strengthening the relationship with the local stakeholders and improving international collaborations with key players in the world. When he left, he had built a very strong team of 19 members, 11 scientists and 8 software engineers working along three major research axes: i) threat identification, analysis and mitigation, ii) cyber intelligence and iii) critical infrastructures security. A number of local and international collaborations have been established under his guidance, notably with Texas A&M, Qatar University, CMU-Q, British Columbia University (Canada), the University of Michigan and the University of Illinois at Urbana Champaign (USA), the Institute of Software Application Technology, Guanzhou and the Academy of Science (China). Results of some of the projects have led to numerous publications in top tier conferences but also to the creation of prototypes to be tested by local stakeholders such as Qatar Airways, Ooredoo, Kahramaa, Qatar Petroleum, etc. Future collaborations were being discussed, notably with Siemens in the context of securing the Qatari water mega reservoirs project. Since October 2017, he is back at Eurecom as a full professor and, since July 2018, as the acting department head of the digital security group. On top of his research and teaching activities, he is in charge of all industrial partners (BMW, IABG, Orange, Monaco Telecom, SAP, Symantec) composing the private Eurecom Group of Economic Interest. In that role, he also has frequent contacts with Eurecom academics partners (Aalto Univ. [Finland], Chalmers Univ. of Tech [Sweden], CTU [Czechia], IMT [France], NTNU [Norway], Politecnico di Torino [Italy], TUM [Germany]) Teaching Experience Since 1997, while working for IBM research, he has ben giving as an invited researcher, an intrusion detection seminar at the University of Louvain (UCL, Belgium), Namur (FUNDP, Belgium) and Liège (ULG, Belgium) and at the ENSEEIHT in Toulouse (France). In 2002, he has received the title of invited professor at UCL and adjunct professor at ULG where he kept teaching until the 2011-2012 academic year. He was a professor at Eurecom within the Corporate Communications Department at Eurecom from July 2002 until March 2008. He taught networking and operational network security related lectures. Until August 2014, he remained an adjunct professor at Eurecom and kept teaching a 42 hours lecture there, while being employed by Symantec. He also has kept supervising semester projects as well as internships of Eurecom students from 2008 until 2014 and was the main advisor for several PhDs students. In 2016, he helped in creating the Master of Cybersecurity at the newly founded Hamad Bin Khalifa University (HBKU) in Doha, Qatar. Among other things, he defined and taught, with members of his team, the networking and computing security lecture (42 hours). Since 2018, he teaches a hands-on course on networking (42 hours) as well as the "secure applications" lecture at Eurecom (21 hours). Major research interest Computing security, in its broader acceptance, represents his major research interest. He made seminal significant contributions in the area of quantitative evaluation of operational security, intrusion detection, events correlation, security intelligence extraction, honeypots, BGP hijacking analysis. He also supervised work being carried out in his teams in the area of quality assessment of automatically translated text, natural language processing techniques, pre and post editing for noisy text translation, big data analytics algorithms. Throughout his career, he paid attention to maintain a good balance between the formalization and validation phases of the research cycle. He always considered that a sound, rigorous and repeatable experimental validation phase is a prerequisite to obtain trustworthy and meaningful results. This is why, to promote the pursue of a sound scientific approach for cyber security, he created the Worldwide Intelligence Network Environment (WINE) at Symantec and made it available to external researchers from academia in order to enable them to run reproducible experiments on real world, representative, security event data feeds. Visibility, membership, committee He has cofounded in 1998, with Kathleen Jackson from the Los Alamos National Lab, the symposium on «Recent Advances on Intrusion Detection» (RAID), now considered to be one of the main conferences in this area and, since then, renamed "Research on Intrusions, Attacks and Defenses". He has chaired its steering committee for 20 years. He was PC co-chair of RAID 2016 and is PC chair for its 20th edition in 2017. He also was the co-director, with Brian Randell from the University of Newcastle, of the MAFTIA European Project. He has been the technical coordinator of the European funded WOMBAT project. His team at Symantec was involved in a number of externally funded projects in Europe (CRISALIS, VIS-SENSE, BIGFOOT, ACCEPT, ConfidentMT) as well as in the United States (MINESTRONE, MEERKATS, NICE).nual income of £1.2 Million at the Cyber Technology Institute.
Talk Abstract:
It is well known that malware spreading over the Internet aim at transforming vulnerable devices into bots that can be misused by attackers. These armies of bots constitute what is common called "botnets" and they are given tasks (such as spamming, ddosing, etc..) to do through a "command and control" infrastructure (C2C). Identifying and neutralizing these C2C has been the subject of an arms race between white and black hats for years. In this talk, we will briefly explain how C2C works and how they have been (and still are being) detected. We will then present some very strange results obtained when studying BGP announcements over a period of several years. BGP is the de facto standard for Internet routing. BGP hijacks attacks seem to be happening routinely without anyone complaining about it. We will present the reasons why this could be happening and explore the possibility that this might be the symptoms of the activity of a brand new generation of C2C not discussed so far, an extremely stealthy and sophisticated one. This still remains an open conjecture though that would require some more research to reach a positive, or negative, conclusion.
Dr. Abdallah Khreishah Associate Professor of Electrical & Computer Engineering
Bio:
Abdallah Khreishah received his Ph.D and M.S. degrees in Electrical and Computer Engineering from Purdue University in 2010 and 2006, respectively. Prior to that, he received his B.S. degree with honors from Jordan University of Science & Technology in 2004. During the last year of his Ph.D, he worked with NEESCOM. In Fall 2012, he joined the Electrical and Computer Engineering department of NJIT as an Assistant Professor and promoted to Associate Professor in 2017. His research spans the areas of network security, machine learning, wireless networks, visible-light communication, vehicular networks, and cloud & edge computing. His research projects are funded by the National Science Foundation of USA, New Jersey Department of Transportation, and the UAE Research Foundation. He is currently serving as an associate editor for several International Journals. He served as the TPC chair for WASA 2017, IEEE SNAMS 2014, IEEE SDS -2014, BDSN-2015, BSDN 2015, IOTSMS-2105. He has also served on the TPC committee of several international conferences such as IEEE Infocom. He is a senior member of IEEE and the chair of the IEEE EMBS North Jersey chapter.
Talk Abstract:
Towards computationally efficient adversarial training defense against adversarial examples attacks to neural networks classifiers Due to their descent performance in approximating different latent distributions from data, Neural Network (NN) classifiers gain wide adoption in different complex tasks, including natural language processing, computer vision and cyber security. However, the underlying assumption of attack free operating environment has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Recently, considerable efforts have been made to develop defenses against adversarial examples, however, existing approaches are still far from providing effective defenses to mitigate this continuously evolving problem. Some of the existing defense approaches rely on training with existing adversarial examples, and hence are inefficient in training and in mitigating new types of adversarial examples. While, many others utilize randomness to defend adversarial examples but are shown to be impractical or inefficient. In this talk, we introduce the concept of adversarial examples and review several state-of-the-art approaches to generate these attacks and defend against them. We show that these methods lack the ability to dynamically control the trade-off between classifying original and adversarial examples and also require too much computation to generate iterative adversarial examples during training. After that we present our recent adversarial training methods in making the defense more practical. In the first method we propose a GAN based defense against adversarial examples, dubbed GanDef. GanDef is designed based on adversarial training combined with feature learning. As a GAN model, GanDef is realized based on a classifier and a discriminator which form a minimax game that can dynamically change the sensitivity of adversarial examples by modifying a threshold on the fly to achieve a dynamic trade-off between classifying original and adversarial examples. In the second method, we propose a GAN based zero-knowledge adversarial training defense, dubbed ZK-GanDef. Compared to the state-of-the-art zero knowledge defenses, ZK-GanDef applies a more flexible regularization on prediction logits by using the discriminator. This results in the highest test accuracy in classifying different white-box adversarial examples when compared to state-of-the-art zero knowledge defenses. To further reduce the computation, our third approach is a single-step adversarial training method that can efficiently mitigate adversarial examples with low training overhead. This new approach flattens iterative adversarial examples into single-step adversarial examples in multiple consecutive training epochs. At the end of the talk we will also discuss several future directions and research opportunities in this emerging field of research.