Atelier SERENE-RISC de l'automne 2017

Ottawa (Ontario)
Mercredi le 25 octobre 2017 à 8:00 AM au jeudi le 26 octobre 2017 à 14:00 PM

Cet atelier est soutenu par:

 cansebp_colour.png (thumb - 300 x 300 free)


La Chaire de recherche du Canada en cybersécurité

et le Programme d'aide à la recherche industrielle (Centre national de recherches du Canada)

nrc-partner-logo_f.jpg (thumb - 300 x 300 free)


Wednesday - October 25th

8:00 – 8:45

Registration and continental breakfast

8:45 – 9:00

Welcome remarks

Laura Huey & Ashraf Matrawy
9:00 – 10:00

Keynote session

Nabil Seddigh

Machine learning - The panacea for cybersecurity threats? - Thoughts from the industry -

Cyber security threats continue to evolve in terms of their complexity, scope, and impact on society. New threats emerge continually. Whereas 30 years ago, such threats consisted primarily of viruses and worms, today, they include malware, phishing, ransomware, denial of service (DoS) and advanced persistent threats (APTs) among others. These cyber threats impact a spectrum of industries in society including the financial sector, healthcare, government, transportation, defense and energy among others.

Historically, cyber threats were discovered using automated scanning and matching of network traffic, applications and computer resources. This approach detected known examples of threats. On its own, it has proven insufficient to detect the new category of cyber threats including zero day attacks, rapidly evolving new threats, dormant/stealthy threats, encrypted threats and the general "unknown".

Advances in big data and computing horsepower have thrust machine learning into the forefront of approaches being utilized to address the new category of cyber threats. This talk presents insights into some of the advances of security practitioners in applying machine learning to the current cyber security landscape. It will also discuss challenges faced by real-world tools and analysts in applying machine learning to real-world networks, with a focus on the present and future.

About the speaker

Nabil Seddigh has been working in the cyber security and IT networking industry for 25 years. In 2003, Nabil co-founded Solana Networks and serves as its President. Since then, Nabil and the Solana team have worked diligently to develop a number of cyber security and network monitoring products and solutions for Enterprise Networks, Service Providers and a number of Canadian Federal government departments. This includes the SmartFlow cyber security product which leverages anomaly detection and machine learning algorithms to pinpoint hard-to-detect cyber threats.

Nabil completed his undergraduate degree from the University of Waterloo and holds a M.Sc from Carleton University's Systems & Computer Engineering.  He is a co-inventor on 19 issued US patents.

10:00 – 10:45

Networking break and Research Showcase

10:45 – 12:00

Session 1 – Artificial Intelligence (AI) and Automated Security Evaluation

Jason Jaskolka

Formal Approaches for Automated Security Evaluation

Many of today’s most critical systems such as those found in the transportation, financial, medical, communications, and national defense domains are becoming more complex and interconnected. Because of this, there is an increasingly critical need for ensuring the security of these systems and the information that they use, store, and communicate, in the face of cyber-attacks and failures. In particular, the ability to automatically evaluate the security of such systems is in high demand. Security evaluation involves examining a system to determine its degree of compliance with standards and specifications by analyzing system designs, observing system behaviours, and/or attempting to penetrate the system using techniques available to potential adversaries.

Recently, formal (mathematically rigorous) methods and tools that are incorporated into system design processes have had increased success in capturing the evidence needed to prove important system security, safety, and reliability properties. These methods and tools provide systematic frameworks upon which automated security evaluation methodologies capable of verifying and validating system security properties can be developed.

In this talk, I will highlight current efforts in identifying and analyzing potential vulnerabilities to assess the security of complex systems, and we will discuss recent advances in formal approaches for automated security evaluation.

About the speaker

Dr. Jason Jaskolka is an Assistant Professor in the Department of Systems and Computer Engineering at Carleton University, Ottawa, ON, Canada. He received his Ph.D. in Software Engineering in 2015 from McMaster University, Hamilton, ON, Canada. His research interests include cybersecurity assurance and security-by-design, covert channel analysis, distributed multi-agent systems, and formal methods and algebraic approaches for software engineering. His current research aims to address critical issues in designing and implementing safe, secure, and reliable systems. He is working towards the development of methodologies for developing intrinsically secure and resilient software-dependent systems. Dr. Jaskolka is also currently working with the U.S. Department of Homeland Security and the Critical Infrastructure Resilience Institute on designing and developing critical infrastructure cybersecurity assessment methodologies and associated modeling and simulation environments.

Image by Sean McGrath Photography (
Joseph Mudge

Collaboration toward a knowledge engineering model for cyber risk assessment

Collaboration among cyber risk experts is important for a robust Canadian cybersecurity posture. Although data sharing agreements are an important way that organizations can collaborate toward improving cybersecurity, there are sometimes barriers to sharing cyber risk data that can be difficult to overcome. The sharing of insights and opinions among cybersecurity experts can also be valuable, and can often be shared more freely than data. If properly integrated, the aggregated opinions of cybersecurity experts should be able to provide actionable insights comparable to some of the output of data sharing agreements, and possibly also additional insights that could not be derived from data. Currently, cybersecurity expertise is shared using unstandardized and imprecise terminology, communication that is often one-way (i.e. reports), and with little clarity or consistency in the goals of shared expertise. These factors make it difficult to aggregate expert opinions in a reliable and meaningful way. At The Co-operators, I'm working toward building a knowledge engineering framework that can focus the collaboration of Canadian cybersecurity experts into a simple AI tool for evaluating organizational cyber risks. This expert-judgement-based cyber risk evaluation model will perform best by incorporating a high diversity of cybersecurity expertise, so I'm seeking many interested collaborators.

About the speaker

Dr. Mudge has been working as a data scientist in the Business Intelligence department of The Co-operators  General Insurance Company since 2015. He primarily conducts research related to the commercial insurance products offered by The Sovereign General Insurance Company (a subsidiary of The Co-operators Group), especially for their commercial cyber insurance program. Dr. Mudge has developed techniques for modelling the annual expected losses due to cyber events across a cyber insurance book of business. Cyber insurance product development is a strong priority for The Co-operators Group and methods for quantifying cybersecurity risks faced by cyber insurance clients using externally available information remains a key research focus for Dr. Mudge in 2018. Dr. Mudge has a PhD in Environmetrics and brings ecological systems and environmental risk assessment perspectives to his cybersecurity research. He is also an active supporter of the 'Open' movement, and is seeking to encourage open data, open source, and open innovation principles in the Canadian cybersecurity sector.

12:00 - 13:30

Networking Lunch

13:30 - 14:45

Session 2 – Machine Learning Use in Security

Adrian Taylor

Detecting anomalies on the automotive control bus with machine learning

Cars are vulnerable to hacking. While automotive cyber attacks are not yet a widespread threat, learning how to detect them will be an important part of future countermeasures. Attacks must be crafted for specific models, so attack detectors must also be specifically designed for every new car. Machine learning can simplify this design, by learning the normal behaviour of a car and detecting anomalies that could correspond to cyber attacks. However, predicting performance for these detectors is a difficult problem. By analyzing published attacks, a simulation model can generate enough attack signatures to give confidence in evaluating attack detection performance. This presentation gives an overview of the car hacking threat, how anomaly detection can counter that threat, and how to evaluate the performance of those detectors using attack simulation.

About the speaker

Adrian Taylor is a scientist at Defence Research and Development (DRDC) Canada. In his 17 years at DRDC, he has worked in electronic warfare, wargaming modelling and simulation, and most recently cyber defence, where his focus has been divided between enterprise cyber analytics and platform security and resilience.

Adrian received his BASc. from Queen's University (2000) in Math and Engineering, and his MASc. from Carleton University (2005) and PhD from the University of Ottawa (2017) in electrical engineering.

Pierre-Luc Vaudry

Feeding the Machine: Data Collection and Other Challenges of Machine Learning for Spam Detection

Spam detection software can use both handcrafted rules and machine learning techniques. At ZEROSPAM we are aiming at reducing the need to create or edit rules manually to adapt to constantly evolving email-borne threats. At the same time, the performance of our machine learning tools could be improved by supplementing their text input with existing rules and other metadata. This talk will address data collection, a key step in any applied machine learning project. We will present our approach to tackling the challenges posed by confidentiality and implementation in a live production environment. The performance metric definition will also be discussed especially considering the differing costs of discarded legitimate mail versus undetected spam. Real-life examples will be provided.

About the speaker

Pierre-Luc Vaudry holds degrees in both computer science and linguistics from Université de Montréal. His recently completed PhD thesis is in the field of natural language processing. He was hired as a researcher by ZEROSPAM in March 2017. His role is to investigate how to make best use of the latest developments in machine learning to improve their spam detection technology.

Natalija Vlajic

Detecting Application-Layer DDoS Bots using Machine Learning

Distributed Denial of Service (DDoS) attacks are recognized as one of the most damaging attacks on the Internet security today. Recent trends have shown that malicious web crawlers can be used to execute the so-called application-layer DDoS attacks, which are considered the stealthiest form of DDoS in the Internet. Our research has shown that unsupervised machine learning can be successfully utilized to obtain a better insight into the types and distribution of visitors to a Web-site based on their link-traversal behavior, and through that unsupervised machine learning can help in identifying outlier and malicious (i.e., DDoS-bot) visitors to the given Web-site. In this talk, we will discuss the main weaknesses of the existing application-layer anti-DDoS solutions as proposed in the research literature and in the industry, and we will describe our novel anti-DDoS system capable of detecting a broad range of application-layer DDoS attacks, both in static and dynamic web domains, through the use of advanced techniques of data mining.

About the speaker

Natalija Vlajic is an Associate Professor at the Lassonde School of Engineering, York University. The main areas of her research include: DDoS, Internet bots and botnets, network and application-layer security, IoT security, user privacy and anonymity, machine learning. She currently serves as an Associate Editor of IEEE Communication Magazine.

14:45 - 15:30

Networking break and Research Showcase

15:30 – 16:00


Session 3 - SERENE-RISC Reports
Benoît Dupont
16:00 – 16:45

Rapid Fire Talks

Two-minutes presentations from the Showcase participants
SMEs and graduate students
17:00 – 19:00

Networking Reception and Research Showcase

Thursday - October 26th

8:00 – 9:00

Registration and continental breakfast

9:00 – 10:15

Session 4 – What does policing need in the field of cybercrime research?

Ryan Duquette

Law Enforcement Challenges in investigating cybercrimes

Instances of cybercrime are now a daily occurrence and many of these attacks affect us all. The threat landscape is constantly changing and evolving and the threat actors are no longer “hackers” lurking in the shadows.  Cyber-attacks have been shown to cause mass disruption, widespread panic, and in some cases, have resulted in various telecommunications other critical infrastructure essential services going “off-line”.  Frequently, cyber-attacks result in subsequent crimes being committed such as identify theft or other fraudulent activity.  Many Law Enforcement agencies are not well equipped to deal with these types of cybercrimes and need to understand that dealing with these types of cyber threats in isolation is often not sufficient. Collaboration and public/private partnerships, as well as continued funding for research and training are just some of the ways that Law Enforcement agencies can overcome the various challenges to this ever-growing threat. 

About the speaker

Ryan Duquette is passionate about digital forensics and with helping keep others from being victimized. He's a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He took his zest for “focusing on the facts” from his days in Law Enforcement and founded Hexigent Consulting, a firm focusing on digital investigations, cyber security consulting services and litigation support. Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches. During his days in Law Enforcement, he conducted digital investigations on a variety of criminal cases including homicide, child pornography, fraud, missing persons, and sexual assault cases.  He is a Sessional Lecturer at the University of Toronto teaching digital forensics, and holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications. Ryan is a Director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.

Cameron Field

Filling the Gaps - Typological Research, Enhancing Cyber Safety and Data

Academics, scientists, private sector and public sector actors have long relied on sociodemographic data, marketing data and other typological clusters to set context, variables and other tools in their respective research efforts. Whether its cutting edge emergency medicine research or dated law enforcement research from the 1970s, sociodemographic factors and behavioural data have filled typological research to better enable more focused strategies and crime prevention methodologies.  In the emerging century it is clear the cyber world is changing our lives exponentially in comparison to previous times. When considering cyber enhancements over the past two decades it is abundantly clear both private sector and government actors need to work collaboratively not only operationally to combat cyber threats but in commissioning research. Evidence based research will be mission critical moving forward in this rapidly changing arena. Public and private sector agencies most look ahead to the world of Blockchain and crypto currencies and how we will "behave" in these new environments individually and as larger entities. An overarching question of "Can academic researchers keep pace with emerging technologies?" must resonate in these larger discussions.  

About the speaker

Field is the Manager of Strategic Initiatives for the Enterprise AML Office for BMO Financial Group. Prior to that he managed the Corporate Crimes and Investigative Training Teams of the Toronto Police Service. He chairs the Cyber Fraud Research Working Group of the Canadian Society of Evidence Based Policing and is the past Deputy Director. He is a former Vice President of the Canadian Association of Threat Assessment Professionals and sits on various boards and committees. Field has published articles on risk management in investigations and on fraud prevention in digital spaces. He is a frequent keynote speaker and panelist to both private and public sector audiences in such areas as cyber fraud and security, multi sector partnerships, consortium data usage and the enhancement of predictive analytics and data. He is interested in collaborating on research into AML/TF/KYC and cyber fraud prevention and multi layered fraud prevention strategies. He received a Bachelor of Applied Arts from the University of Guelph in Justice Studies and a Master of Science from the University of Leicester (UK) in Criminology. His graduate dissertation focused on the intersection of sociodemographic characteristics and fraud prevention in digital spaces using the routine activity theory with a cyber lens.

Hugh Stevenson

The use of cyberattack data in co-association discovery/organized crime

Summary of co-offender, co-association projects with input from cyberattack data/Hadoop technology.

About the speaker

Supt. Hugh Stevenson, Ed.D. is the Director of the Criminal Intelligence Service Ontario (CISO), responsible for the operation of the Provincial Bureau, Intelligence Analytics, CISO funded Joint Force Operations and Intelligence Undercover training for the province.

He is an experienced policing veteran with more than 30 years of service with Peel Regional Police Service and the Ontario Provincial Police.

Hugh is also a Professor and Lecturer at universities in the Toronto area where he teaches courses related to Criminal Profiling, violence and criminology, criminal Law, Ethics, and Victimology.

10:15 - 10:45

Networking break

10:45 - 12:00

Session 5 – Current efforts at filling gaps

Thomas J. Holt

Surveying the State of Research On Policing Cybercrime: Local to Transnational Gaps

This presentation will provide an overview of the current state of criminological scholarship on policing cybercrimes. The current body of knowledge regarding line officers' perceptions of cybercrime will be considered, as well as our knowledge of the specialized roles of forensic examiners. The limitations of this research will be considered, along with possible directions for future study, such as the views of detectives, chiefs of police, and federal/national agents. The benefits of this research agenda will be discussed for both practitioners and academics alike.

About the speaker

Thomas J. Holt is a professor in the School of Criminal Justice at Michigan State University. His research focuses on cybercrime, cyberterrorism, and policy responses to these phenomena. Dr. Holt's research has been published a range of journals including British Journal of Criminology, Criminology & Public Policy, and Terrorism & Political Violence. He is also the director of the International Interdisciplinary Research Consortium on Cybercrime, a global association of scholars focused on cybercrime and cybersecurity issues.  

Laura Huey

From Silos to Networks: The Role of Trusted Partners in Bridging Digital and other Divides

In this talk I will briefly outline the state of both policing more generally, and applied policing research in the field of cybersecurity more specifically, before moving to a discussion of some recent steps taken to begin the process of building new connections between researchers, police and private industry. In particular,

I will focus on the work of the Canadian Society of Evidence Based Policing as a mechanism for generating research and mobilizing knowledge. What we,

and groups like Serene-Risc are attempting to achieve, is a movement from silos to circuit. What such efforts reveal is that network based approaches to complex issues often provide greater flexibility and freedom, two vital ingredients for innovation. 

About the speaker

Laura Huey is Professor of Sociology (University of Western Ontario), the Director of the Canadian Society of Evidence Based Policing, a Senior Research Fellow with the Police Foundation, a member of the Board of SERENE-RISC (a NCE-funded cybercrime research consortium) and a Senior Researcher and University Representative for the Canadian Network for Research on Terrorism, Security and Society. She is also the London Police Service Research Fellow. She was also previously a member of the Canadian Council of Academies' Expert Panel on the Future of Canadian Policing.

Laura is the author of several studies on issues related to policing, victimization, terrorism and cyber-security. Her research has appeared in the British Journal of Sociology, the British Journal of Criminology, Sociological Review, Society & Mental Health, Theoretical Criminology, Criminology and Criminal Justice, the Journal of Interpersonal Violence and various other international journals. She is also an International Advisory Editor for Theoretical Criminology and on the editorial advisory boards of Policing: A Journal of Policy and Practice, the Cambridge Journal of Evidence Based Policing and the Canadian Journal of Criminology. 

Her current research focuses on the incorporation of evidence based policing into Canadian research and police training and education.

Mohammad Lari

Canadian Survey of Cyber Security and Cybercrime

With fast moving innovations in technology, cyber security threats and incidents continue to grow in number and sophistication. The need to measure, analyze, and better understand these incidents is imperative for businesses, policymakers, and other stakeholders to effectively manage the risks of cyber threats, vulnerabilities and incidents.

While high-profile cyber security incidents affecting large enterprises are frequently covered in the media, little is known of how cyber security risks affect the overall business population in Canada. 

This presentation discusses the ongoing work at Statistics Canada, which addresses this need for further information and analysis. Through the development of the Canadian Survey of Cyber Security and Cybercrime, Statistics Canada aims to establish a set of indicators in order to assess the cyber security practices of Canadian businesses and overall impact of cybercrime on the Canadian economy.

About the speaker

Mohammad Lari is an Economist with the Investment, Science, and Technology Division at Statistics Canada where he focuses primarily on developing indicators to measure the impact of cybercrime on Canadian businesses. He is also currently working with the OECD Working Party on Security and Privacy in the Digital Economy to develop a priority list of core indicators on digital security risk management and a questionnaire to collect comparable information and data across countries.  Mohammad holds an Honours Bachelor of Arts degree in Criminology and Political Science from York University and a Master of Public Administration from Queen’s University.


12:00 - 14:00

Networking Lunch