发布求助
文献互助 智能选刊 最新文献

Proceedings of the 18th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
CACS: A Cloud Privacy-Preserving Attribute Management System CACS:云隐私保护属性管理系统
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605022
Aivo Kalu, Burak Can Kus, Peeter Laud, Kin Long Leung, Nikita Snetkov, Jelizaveta Vakarjuk
{"title":"CACS: A Cloud Privacy-Preserving Attribute Management System","authors":"Aivo Kalu, Burak Can Kus, Peeter Laud, Kin Long Leung, Nikita Snetkov, Jelizaveta Vakarjuk","doi":"10.1145/3600160.3605022","DOIUrl":"https://doi.org/10.1145/3600160.3605022","url":null,"abstract":"We present Centralized Attribute Collection Service (CACS), a system for storing credentials in the cloud, with satisfying privacy properties for users, and additional assurances for relying parties. The system deploys privacy-enhancing technologies to protect users’ identities and credentials presented to relying parties. At the same time, the system can vouch for the trustfulness of issuers to relying parties. The system also allows users to obtain the access logs for their credentials, enabling them to compare them against their usage. The presentation of credentials to relying parties follows the standard protocols of Mobile Driving Licence (mDL, ISO 18013-5).","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126583175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
k-Anonymity on Metagenomic Features in Microbiome Databases 微生物组数据库中宏基因组特征的k-匿名性
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600178
Rudolf Mayer, Alicja Karlowicz, Markus Hittmeir
{"title":"k-Anonymity on Metagenomic Features in Microbiome Databases","authors":"Rudolf Mayer, Alicja Karlowicz, Markus Hittmeir","doi":"10.1145/3600160.3600178","DOIUrl":"https://doi.org/10.1145/3600160.3600178","url":null,"abstract":"The human microbiome is increasingly subject to extensive research, due to its relations to health, diet, exercise and illness. While ever more microbiome data is gathered and stored, recent works have demonstrated the threat of individual re-identification based on matching samples taken at different points in time, by matching metagenomic features extracted from microbiome readings. The individual and temporal stability of the microbiome varies for different body sites and is particularly pronounced for readings from the gastrointestinal tract. To meet the resulting need for privacy-protecting solutions, we adapt the well-known concept of k-anonymity and make it suitable for application to microbiome datasets. In particular, our approach for establishing k-anonymity is based on micro-aggregation.Our evaluation uses ten datasets containing samples of gut microbiomes, and analyzes the decreased privacy risk on the anonymised dataset as well as the incurred information loss. The analysis demonstrates the suitability of our approach for the protection of sensitive microbiome data.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128154224","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Survey on Digital Twins: from concepts to applications 数字孪生研究:从概念到应用
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605070
Jessica B. Heluany, V. Gkioulos
{"title":"Survey on Digital Twins: from concepts to applications","authors":"Jessica B. Heluany, V. Gkioulos","doi":"10.1145/3600160.3605070","DOIUrl":"https://doi.org/10.1145/3600160.3605070","url":null,"abstract":"This study provides a systematic literature review on surveys across the topic of digital twins. The aim is to understand what have been the use cases, modelling and simulation tools/techniques, and how security is being addressed. To answer these research questions, a rigorous methodology consisting of seven steps was followed. The analysis shows that there is a misconception regarding the digital twin concept that may be leading to its misuse. Moreover, it was found that security is not a top priority, but is often mentioned as a challenge. Besides the lack of standardization, the amount of academic papers published and industrial solutions offered is increasing, showing that the consensus is not a limiting factor and the concept is gaining popularity over the years and being applied in an increasing number of sectors, mainly on manufacturing, energy, aerospace and automotive.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130635681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards Obfuscation of Programmable Logic Controllers 可编程逻辑控制器的混淆研究
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605081
V. Cozza, Mila Dalla Preda, Marco Lucchese, Massimo Merro, Nicola Zannone
{"title":"Towards Obfuscation of Programmable Logic Controllers","authors":"V. Cozza, Mila Dalla Preda, Marco Lucchese, Massimo Merro, Nicola Zannone","doi":"10.1145/3600160.3605081","DOIUrl":"https://doi.org/10.1145/3600160.3605081","url":null,"abstract":"Recently published scan data on Shodan shows how 105K Industrial Control Systems (ICSs) around the world are directly accessible from the Internet. In particular, highly sensitive components, such as Programmable Logic Controllers (PLCs), are potentially accessible to attackers who can implement several kinds of attacks. On the other hand, to accomplish non-trivial cyber-physical attacks the attacker must possess a sufficient degree of process comprehension on the physical processes within the target ICS. In this paper, we explore the feasibility of designing obfuscation strategies to prevent the attacker from comprehending the behavior of the physical process within an ICS by accessing PLC memory registers. We propose two generic obfuscation strategies for PLC memories, involving memory registers, PLC code, and simulated physical processes controlled by the obfuscated PLCs. We then measure the effectiveness of the proposed obfuscation strategies in terms of potency, resilience, and cost on a non-trivial case study.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130816644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Parameterizing poisoning attacks in federated learning-based intrusion detection 基于联邦学习的入侵检测中的参数化中毒攻击
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605090
Mohamed Amine Merzouk, F. Cuppens, Nora Boulahia-Cuppens, Reda Yaich
{"title":"Parameterizing poisoning attacks in federated learning-based intrusion detection","authors":"Mohamed Amine Merzouk, F. Cuppens, Nora Boulahia-Cuppens, Reda Yaich","doi":"10.1145/3600160.3605090","DOIUrl":"https://doi.org/10.1145/3600160.3605090","url":null,"abstract":"Federated learning is a promising research direction in network intrusion detection. It enables collaborative training of machine learning models without revealing sensitive data. However, the lack of transparency in federated learning creates a security threat. Since the server cannot ensure the clients’ reliability by analyzing their data, malicious clients have the opportunity to insert a backdoor in the model and activate it to evade detection. To maximize their chances of success, adversaries must fine-tune the attack parameters. Here we evaluate the impact of four attack parameters on the effectiveness, stealthiness, consistency, and timing of data poisoning attacks. Our results show that each parameter is decisive for the success of poisoning attacks, provided they are carefully adjusted to avoid damaging the model’s accuracy or the data’s consistency. Our findings serve as guidelines for the security evaluation of federated learning systems and insights for defense strategies. Our experiments are carried out on the UNSW-NB15 dataset, and their implementation is available in a public code repository.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131370460","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Practical Attack on the TLSH Similarity Digest Scheme 对TLSH相似摘要方案的实际攻击
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600173
Gábor Fuchs, Roland Nagy, L. Buttyán
{"title":"A Practical Attack on the TLSH Similarity Digest Scheme","authors":"Gábor Fuchs, Roland Nagy, L. Buttyán","doi":"10.1145/3600160.3600173","DOIUrl":"https://doi.org/10.1145/3600160.3600173","url":null,"abstract":"Similarity digest schemes are used in various applications (e.g., digital forensics, spam filtering, malware clustering, and malware detection), which require them to be resistant to attacks aiming at generating semantically similar inputs that have very different similarity digest values. In this paper, we show that TLSH, a widely used similarity digest function, is not sufficiently robust against such attacks. More specifically, we propose an automated method for modifying executable files (binaries), such that the modified binary has the exact same functionality as the original one, it also remains syntactically similar to the original one, yet, the TLSH difference score between the original and the modified binaries becomes high. We evaluate our method on a large data set containing malware binaries, and we also show that it can be used effectively to generate adversarial samples that evade detection by SIMBIoTA, a recently proposed similarity-based malware detection approach.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131657795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automated ICS template for STRIDE Microsoft Threat Modeling Tool 自动化ICS模板跨步微软威胁建模工具
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605068
Mike Da Silva, Maxime Puys, Pierre-Henri Thevenon, Stéphane Mocanu, Nelson Nkawa
{"title":"Automated ICS template for STRIDE Microsoft Threat Modeling Tool","authors":"Mike Da Silva, Maxime Puys, Pierre-Henri Thevenon, Stéphane Mocanu, Nelson Nkawa","doi":"10.1145/3600160.3605068","DOIUrl":"https://doi.org/10.1145/3600160.3605068","url":null,"abstract":"Industrial Control Systems (ICS) are specific systems that combine information technology (IT) and operational technology (OT). Due to their interconnection and remote accessibility, they become a target for cyberattacks. As a result of their complexity and heterogeneity in terms of devices and communication protocols, specific security controls and risk analysis methods need to be developed. In particular, in order to reduce the effort of deployment of risk analysis on such complex systems, automated methods need to be provided. This paper deals with automation of the risk identification process for ICS using the STRIDE threat modeling framework. We extend the well-known STRIDE modeling tool, namely Microsoft Threat Modeling Tool (MTMT), with an incremental template dedicated to ICS and provide additional tools to automate the analysis using specific vulnerability extraction from Internet CVE databases.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115305226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Graph-Based Android Malware Detection and Categorization through BERT Transformer 基于BERT Transformer的基于图的Android恶意软件检测与分类
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605057
A. Saracino, Marco Simoni
{"title":"Graph-Based Android Malware Detection and Categorization through BERT Transformer","authors":"A. Saracino, Marco Simoni","doi":"10.1145/3600160.3605057","DOIUrl":"https://doi.org/10.1145/3600160.3605057","url":null,"abstract":"In this paper, we propose a novel approach to Android malware analysis and categorization that leverages the power of BERT (Bidirectional Encoder Representations from Transformers) to classify API call sequences generated from Android API Call Graph. By utilizing the API Call Graph, our approach captures the intricate relationships and dependencies between API calls, enabling a deeper understanding of the behavior exhibited by Android malware. Our results show that our approach achieves high accuracy in classifying API call sequences as malicious or benign and the method provides a promising solution also for categorizing Android malware and can help mitigate the risks posed by malicious Android applications.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121284045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Modern NetFlow network dataset with labeled attacks and detection methods 带有标记攻击和检测方法的现代NetFlow网络数据集
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605094
Mikołaj Komisarek, M. Pawlicki, Tomi Simic, David Kavcnik, R. Kozik, M. Choraś
{"title":"Modern NetFlow network dataset with labeled attacks and detection methods","authors":"Mikołaj Komisarek, M. Pawlicki, Tomi Simic, David Kavcnik, R. Kozik, M. Choraś","doi":"10.1145/3600160.3605094","DOIUrl":"https://doi.org/10.1145/3600160.3605094","url":null,"abstract":"Network Intrusion Detection Systems are an important part of cyber-defensive inventory. Currently, Machine-Learning-Based Network Intrusion Detection Systems are being researched as an effective security measure. This paper introduces a novel NetFlow-based dataset geared for the training of machine-learning-based detection systems. The dataset incorporates common cyberattacks such as Denial-of-Service, Port Scanning, and brute-force attacks, which represent significant threats to network security. The efficacy of the dataset is evaluated with the use of four machine learning algorithms, with the detection metrics reported. The dataset is an attempt to fill the vacuum for current, realistic datasets in cybersecurity research. The traffic was collected in a real network in the BTC complex in Ljubljana. The dataset can significantly contribute to enhancing the effectiveness of machine learning-based Network Intrusion Detection Systems.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127293619","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Securing the Flow: Security and Privacy Tools for Flow-based Programming 保护流:基于流的编程的安全和隐私工具
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605089
Thodoris Ioannidis, Vaios Bolgouras, C. Xenakis, Ilias Politis
{"title":"Securing the Flow: Security and Privacy Tools for Flow-based Programming","authors":"Thodoris Ioannidis, Vaios Bolgouras, C. Xenakis, Ilias Politis","doi":"10.1145/3600160.3605089","DOIUrl":"https://doi.org/10.1145/3600160.3605089","url":null,"abstract":"This paper presents a comprehensive collection of reusable artifacts for addressing security and privacy issues in the context of flow-based programming in Function-as-a-Service (FaaS) environments. With the rapid adoption of FaaS platforms, it becomes important to guarantee the security and privacy of applications. The presented artifacts incorporate a wide variety of nodes and techniques into the popular Node-RED architecture. They intend to improve the security and privacy of applications by addressing critical aspects such as secure data flow management, code authenticity and validation, access control mechanisms, and runtime monitoring and anomaly detection. Using these artifacts, developers can construct more robust and resilient applications in FaaS environments while mitigating potential security and privacy risks.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121800398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信