发布求助
文献互助 智能选刊 最新文献

2017 12th Asia Joint Conference on Information Security (AsiaJCIS)最新文献

筛选
英文 中文
Based on Standard Descriptors and Dynamic Key Features to Detect Malicious USB Storage Devices in APT 基于标准描述符和动态密钥特征的APT恶意USB存储设备检测
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.22
Hung-Chang Chang
{"title":"Based on Standard Descriptors and Dynamic Key Features to Detect Malicious USB Storage Devices in APT","authors":"Hung-Chang Chang","doi":"10.1109/AsiaJCIS.2017.22","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.22","url":null,"abstract":"Advanced persistent threats (APTs) are a type of attack that critically threaten a number of corporations. With advances in information technology, attack methods have evolved from social engineering and e-mail methods to simulated human interface device attacks, which have remained undetectable by intrusion detection systems. Teensy was initially designed as a hardware device for legitimate applications, but because it enables the control of computers through a simulated keyboard or mouse-style pointing device, certain parties have utilized it as a malicious APT device to control computers for illegitimate uses. This study proposed a method based on the characteristics of Universal Serial Bus (USB) standard descriptors and dynamic key characteristics to detect malicious USB devices. This method is capable of successfully detecting malicious USB devices and defending against malicious USB attacks.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124787500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
UnPhishMe: Phishing Attack Detection by Deceptive Login Simulation through an Android Mobile App UnPhishMe:基于Android移动应用欺骗登录模拟的网络钓鱼攻击检测
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.19
J. D. Ndibwile, Y. Kadobayashi, Doudou Fall
{"title":"UnPhishMe: Phishing Attack Detection by Deceptive Login Simulation through an Android Mobile App","authors":"J. D. Ndibwile, Y. Kadobayashi, Doudou Fall","doi":"10.1109/AsiaJCIS.2017.19","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.19","url":null,"abstract":"Phishing attacks have been increasing recently. Attackers use clever social engineering techniques to convince their victims into clicking a malware or deceptive login-based webpages. Most solutions for this particular problem focus more on helping desktop computer users than mobile device users. Mobile device users are more vulnerable than their desktop counterparts because they are online most of the time and they have device limitations such as smaller screen size and low computational power. This paper presents UnPhishMe, an effective mobile application prototype that takes advantage of a particular weakness of phishing sites: they accept any kind of input information for authentication. UnPhishMe enables a mobile device user to create fake login account, with fake login credentials, that mimics user login procedure every time the user opens a login webpage and generates an alert to her. UnPhishMe determines whether the current login page shifts to another webpage after an authentication attempt. It does so by monitoring hashcode changes of the URL when the page is loading, listens to HttpURLConnection status code, and then makes a decision on whether the website is fraudulent or not. We measured the effectiveness of UnPhishMe by conducting a user experiment on android platforms and tested its detection accuracy, memory and CPU performance. The results show that UnPhishMe uses a very small amount of computational power and it is effective in assisting users to identify phishing attacks with an accuracy of 96%.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133707556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
An Improved Model of Anomaly Detection Using Two-Level Classifier Ensemble 一种改进的两级分类器集成异常检测模型
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.9
Bayu Adhi Tama, A. Patil, K. Rhee
{"title":"An Improved Model of Anomaly Detection Using Two-Level Classifier Ensemble","authors":"Bayu Adhi Tama, A. Patil, K. Rhee","doi":"10.1109/AsiaJCIS.2017.9","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.9","url":null,"abstract":"Network infrastructures are in jeopardy of suffering nowadays since a number of attacks have been developed and grown up enormously. In order to get rid of such security threats, a defense mechanism is much sought-after. This paper proposes an improved model of intrusion detection by using two-level classifier ensemble. The proposed model is made up of a PSO-based feature selection technique and a two-level classifier ensemble which employs two ensemble learners, i.e. boosting and random subspace model (RSM). The experiment conducted on NSL-KDD dataset reveals that the proposed model outperforms previous detection models significantly in terms of accuracy and false alarm rate (FPR).","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127081830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Improvement of Privacy Preserved Rule-Based Risk Analysis via Secure Multi-Party Computation 基于安全多方计算的隐私保护规则风险分析改进
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.18
Soushirou Sakumoto, Akira Kanaoka
{"title":"Improvement of Privacy Preserved Rule-Based Risk Analysis via Secure Multi-Party Computation","authors":"Soushirou Sakumoto, Akira Kanaoka","doi":"10.1109/AsiaJCIS.2017.18","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.18","url":null,"abstract":"Currently, when companies conduct risk analysis of own networks and systems, it is common to outsource risk analysis to third-party experts. At that time, the company passes the information used for risk analysis including confidential information such as network configuration to third-party expert. It raises the risk of leakage and abuse of confidential information. Therefore, a method of risk analysis by using secure computation without passing confidential information of company has been proposed. Although Liu's method have firstly achieved secure risk analysis method using multiparty computation and attack tree analysis, it has several problems to be practical. In this paper, improvement of secure risk analysis method is proposed. It can dynamically reduce compilation time, enhance scale of target network and system without increasing execution time. Experimental work is carried out by prototype implementation. As a result, we achieved improved performance in compile time and enhance scale of target with equivalent performance on execution time.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"60 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114009872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Lightweight Malware Classification Method Based on Detection Results of Anti-Virus Software 基于杀毒软件检测结果的轻量级恶意软件分类方法
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.20
Younsu Lee, Sang-So Choi, Jangwon Choi, Jungsuk Song
{"title":"A Lightweight Malware Classification Method Based on Detection Results of Anti-Virus Software","authors":"Younsu Lee, Sang-So Choi, Jangwon Choi, Jungsuk Song","doi":"10.1109/AsiaJCIS.2017.20","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.20","url":null,"abstract":"With the development of cyber threats on the Internet, the number of malware, especially unknown malware, is also dramatically increasing. Since all of malware cannot be analyzed by analysts, it is very important to find out new malware that should be analyzed by them. In order to cope with this issue, the existing approaches focused on malware classification using static or dynamic analysis results of malware. However, the static and the dynamic analyses themselves are also too costly and not easy to build the isolated, secure and Internet-like analysis environments such as sandbox. In this paper, we propose a lightweight malware classification method based on detection results of anti-virus software. Since the proposed method can reduce the volume of malware that should be analyzed by analysts, it can be used as a preprocess for in-depth analysis of malware. The experimental showed that the proposed method succeeded in classification of 1,000 malware samples into 187 unique groups. This means that 81% of the original malware samples do not need to analyze by analysts.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115580679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Identifying Threat Patterns of Android Applications 识别Android应用程序的威胁模式
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.23
Chia-Mei Chen, G. Lai, Je-Ming Lin
{"title":"Identifying Threat Patterns of Android Applications","authors":"Chia-Mei Chen, G. Lai, Je-Ming Lin","doi":"10.1109/AsiaJCIS.2017.23","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.23","url":null,"abstract":"Mobile devices have become powerful and popular. Most internet applications or services are ported to mobile platforms. Confidential personal information such as credit card and password usually is stored in mobile devices for ubiquitous computing. Therefore, mobile devices become attack target due to financial gain. Mobile applications are published in various market places without or with little verification; hence malicious mobile applications can be deployed in the marketplaces without any difficulty.In this paper, we present a mobile malware detection approach by identifying the threat patterns. The proposed system analyzes the function invocation and the data flow to identify malicious behaviors in Android mobile devices. The experimental results show that the proposed method can efficiently detect malicious mobile applications including unknown malware.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122184385","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Performance Analysis of Some Batch Verification Methods of Digital Signatures 几种数字签名批量验证方法的性能分析
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.14
D. Guan, E. Zhuang, I. C. Chung, Yu-Shen Lin
{"title":"Performance Analysis of Some Batch Verification Methods of Digital Signatures","authors":"D. Guan, E. Zhuang, I. C. Chung, Yu-Shen Lin","doi":"10.1109/AsiaJCIS.2017.14","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.14","url":null,"abstract":"In this paper, we compare three methods in detecting invalid signatures in batch verification. The first method, randomly select test, randomly chooses a half of signatures to verify in a batch. The second method is the small exponent test which is widely used. The third method, randomly numbering test, is a simplified method of the matrix-detection algorithm. The randomly numbering test randomizes the order of the signatures and verifies the signatures in log k+1 batches where k is the number of signatures. We simulate each method and analyze the efficiency of the methods. As a result, randomly numbering test is more efficient than small exponent test when the number of signatures in a batch verification is large.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129662683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Practical Experiment of the HTTP-Based RAT Detection Method in Proxy Server Logs 基于http的代理服务器日志RAT检测方法的实验研究
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.13
M. Mimura, Yuhei Otsubo, Hidehiko Tanaka, Hidema Tanaka
{"title":"A Practical Experiment of the HTTP-Based RAT Detection Method in Proxy Server Logs","authors":"M. Mimura, Yuhei Otsubo, Hidehiko Tanaka, Hidema Tanaka","doi":"10.1109/AsiaJCIS.2017.13","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.13","url":null,"abstract":"Detecting RAT (Remote Access Trojan or Remote Administration Tool) used in APT (Advanced Persistent Threat) attacks is a challenging task. Many previous methods to detect RATs on the network require monitoring all network traffic. However, it is difficult to keep all network traffic because the size is too huge. Actually, we would have to detect RAT activity through insufficient information such as proxy server logs. Therefore, we proposed how to detect RAT activity in proxy server logs. Our method uses only the behavior and does not use pattern matching. While the behavior is not defined by character strings or regular expressions, is defined by network traffic patterns such as the sizes of the object returned to the client or the intervals of the logged time. The classification performance in general condition is good. However, the performance in practical condition is not certain. In practical condition, we have to choose arbitrary training data. In this paper, we apply this method to actual proxy server logs in practical condition, and show that this method can detect more than 95 percent of malicious communications with few false positives in APT attacks. This method does not require monitoring all network traffic, uses only standard proxy server logs. Moreover, this method can also detect http based RATs in real time.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121231502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Simulation Study of BGP Origin Validation Effect against Mis-Origination with Internet Topology Internet拓扑下防止错误发起的BGP起源验证效果仿真研究
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.17
Masahito Ando, Masayuki Okada, Akira Kanaoka
{"title":"Simulation Study of BGP Origin Validation Effect against Mis-Origination with Internet Topology","authors":"Masahito Ando, Masayuki Okada, Akira Kanaoka","doi":"10.1109/AsiaJCIS.2017.17","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.17","url":null,"abstract":"The current Border Gateway Protocol (BGP) operation in the Internet has a serious problem with regard to Mis-Origination, which is the hijacking or misconfiguration of network prefixes. We already have several Origin Validation (OV) techniques to mitigate the impact of Mis-Origination. an Internet Routing Registry (IRR) has been deployed only for a small number of users. More recently, RPKI (Resource Public Key Infrastructure) has come to be considered as the reality of the OV However, quantitative and large-scale simulation studies of its effect are not discussed deeply. In this paper, a quantitative simulation method of the OV effect for BGP is proposed. OV's impact on the entire Internet is measured in detail. Our results indicate that 1.56% of the top-ranked ASes can protect 98.70% of the ASes from Mis-Origination.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116049670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
An Efficient Dispersal Storage Scheme Based on Ring-LWE and NTT 基于环形lwe和NTT的高效分散存储方案
2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI: 10.1109/AsiaJCIS.2017.12
Ling Yang, Xianhui Lu
{"title":"An Efficient Dispersal Storage Scheme Based on Ring-LWE and NTT","authors":"Ling Yang, Xianhui Lu","doi":"10.1109/AsiaJCIS.2017.12","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2017.12","url":null,"abstract":"We propose a novel dispersal storage scheme based on the ring learning with errors (Ring-LWE) problem. Our main technical contribution is a new systematic erasure code, called SNTT, to solve the problem of applying Ring-LWE in dispersal storage. SNTT is based on the number theoretic transform (NTT). To the best of our knowledge, SNTT is the first work that applies NTT to guarantee data availability. Analysis and experiments show that our new scheme with proper configurations outperforms the state of the art in encoding/decoding speed. Furthermore, we show that SNTT can also be used to optimize performance of existing schemes.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"351 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116533986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信