发布求助
文献互助 智能选刊 最新文献

Proceedings of the 15th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Dynamic risk management architecture based on heterogeneous data sources for enhancing the cyber situational awareness in organizations 基于异构数据源增强组织网络态势感知的动态风险管理体系结构
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409224
X. Larriva-Novo, Mario Vega-Barbas, V. Villagrá, Diego Rivera, Mario Sanz Rodrigo, M. Álvarez-Campana
{"title":"Dynamic risk management architecture based on heterogeneous data sources for enhancing the cyber situational awareness in organizations","authors":"X. Larriva-Novo, Mario Vega-Barbas, V. Villagrá, Diego Rivera, Mario Sanz Rodrigo, M. Álvarez-Campana","doi":"10.1145/3407023.3409224","DOIUrl":"https://doi.org/10.1145/3407023.3409224","url":null,"abstract":"Traditional static risk assessment and management are currently not enough in most of the scenarios where the cybersecurity context of an organization varies dynamically. New threats that may affect to the organization can appear, suspicious activity is detected, etc. These changes are not taken into account by a static risk assessment as it is carried out unresponsively to these sudden changes in the context. This paper proposes a dynamic risk management system with the capability of reacting to those rapid changes in the context of the organization. This system is responsible for collecting multiple data from different types of sensors (presence, environmental, wifi, Bluetooth, network anomaly, work climate, etc.) and detecting anomalies in such data using correlation techniques. This architecture also counts with a prediction module that mathematically models the attacks, using Hidden Markov Models and Bayesian networks, and tries to estimate the next step of the attacker. Also, it is capable of automatically inferring the best response action in order to deploy the proper countermeasures against the attack.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123717263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Evaluation methodology for mission-centric cyber situational awareness capabilities 以任务为中心的网络态势感知能力评估方法
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409223
David Sandoval Rodríguez-Bermejo, Roumen Daton Medenou, Gerardo Ramis Pasqual De Riquelme, J. M. Vidal, Francesco Torelli, S. Sánchez
{"title":"Evaluation methodology for mission-centric cyber situational awareness capabilities","authors":"David Sandoval Rodríguez-Bermejo, Roumen Daton Medenou, Gerardo Ramis Pasqual De Riquelme, J. M. Vidal, Francesco Torelli, S. Sánchez","doi":"10.1145/3407023.3409223","DOIUrl":"https://doi.org/10.1145/3407023.3409223","url":null,"abstract":"The emerging need for cyber defence capabilities able to bring closer cyberspace supremacy in joint military operations has led defence practitioners to begin a cyber race where academy, researchers, industry and military organizations work together. Because of the higher maturity of civilian technologies for cybersecurity, this often involves adapting capabilities not initially intended for military use to new dual-use requirements, where concepts like operations, missions or Courses of Action (CoAs) shall be presented and aligned with the military doctrine. One of the main 'battle horses' in this transformation is to develop supporting systems able to facilitate the mission-centric acquisition of Cyber Situational Awareness (CSA), where the observations in the cyberspace shall be properly correlated, propagated and understood in the scope of planned/ongoing mission. But despite these CSA needs, there is a wide methodological gap in the lack of suitable validation and verification frameworks, which not only relies on the raising need for capabilities able to verify if the existing solutions meet the requirements to operate on military actions, but also to support the thorough development life-cycle of brand new cyber defence technologies. In these grounds, this research introduces a novel evaluation framework able to guide the evaluation of CSA related tools, for which three core validation concepts are discussed: software, operational and application tests. They cover from the day-to-day implementation of the new capabilities, to their ability of facilitating that human decision-makers acquire a joint operational picture.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126599853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
DoH Insight: detecting DNS over HTTPS by machine learning DoH Insight:通过机器学习检测HTTPS上的DNS
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409192
Dmitrii Vekshin, Karel Hynek, T. Čejka
{"title":"DoH Insight: detecting DNS over HTTPS by machine learning","authors":"Dmitrii Vekshin, Karel Hynek, T. Čejka","doi":"10.1145/3407023.3409192","DOIUrl":"https://doi.org/10.1145/3407023.3409192","url":null,"abstract":"Over the past few years, a new protocol DNS over HTTPS (DoH) has been created to improve users' privacy on the internet. DoH can be used instead of traditional DNS for domain name translation with encryption as a benefit. This new feature also brings some threats because various security tools depend on readable information from DNS to identify, e.g., malware, botnet communication, and data exfiltration. Therefore, this paper focuses on the possibilities of encrypted traffic analysis, especially on the accurate recognition of DoH. The aim is to evaluate what information (if any) can be gained from HTTPS extended IP flow data using machine learning. We evaluated five popular ML methods to find the best DoH classifiers. The experiments show that the accuracy of DoH recognition is over 99.9 %. Additionally, it is also possible to identify the application that was used for DoH communication, since we have discovered (using created datasets) significant differences in the behavior of Firefox, Chrome, and cloudflared. Our trained classifier can distinguish between DoH clients with the 99.9 % accuracy.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126831985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
PaperW8
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407044
Calvin Brierley, Jamie Pont, B. Arief, D. Barnes, J. Hernandez-Castro
{"title":"PaperW8","authors":"Calvin Brierley, Jamie Pont, B. Arief, D. Barnes, J. Hernandez-Castro","doi":"10.1145/3407023.3407044","DOIUrl":"https://doi.org/10.1145/3407023.3407044","url":null,"abstract":"Internet of Things (IoT) devices are used in many facets of modern life, from smart homes to smart cities, including Internet-enabled healthcare systems and industrial control systems. The prevalence and ubiquity of IoT devices makes them extremely attractive targets for malicious actors, in particular for taking control of vulnerable devices and demand ransom from their owners. The aim of this paper is twofold: to investigate the viability of a ransomware-type attack being carried out on IoT devices; and to explore what damage can be inflicted upon devices after they have been compromised. To test whether ransomware is a viable method for attacking IoT devices, we developed our own proof of concept malware for Linux-based IoT devices dubbed \"PaperW8\". We looked at feasible ways for infecting IoT devices, as well as potential methods for gaining control and applying persistent changes to the target device. We successfully created a proof of concept ransomware, which we tested against six vulnerable IoT devices of various brands and functions, some of which are known to have been targeted in the past but are still widely in use today. Developing this proof of concept tool allowed us to identify the main requirements for a successful ransomware attack against IoT devices. We also determined some limitations of IoT devices that may discourage attackers from developing IoT-specific ransomware, while highlighting workarounds that more determined attackers may use to overcome these obstacles. This paper has demonstrated that IoT ransomware is a credible threat. We implemented a proof of concept tool that can compromise many IoT devices of varying types. We envisage that this work can be used to assist current and future IoT developers to improve the security of their devices, and also to help security researchers in implementing more effective ransomware countermeasures, including for IoT devices.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114914562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Exploiting minification for data hiding purposes 利用最小化来实现数据隐藏目的
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409209
Paweł Rajba, W. Mazurczyk
{"title":"Exploiting minification for data hiding purposes","authors":"Paweł Rajba, W. Mazurczyk","doi":"10.1145/3407023.3409209","DOIUrl":"https://doi.org/10.1145/3407023.3409209","url":null,"abstract":"Nowadays various types of data hiding techniques are used to conceal data in different types of digital content, e.g. image, video, audio, text, or even network traffic. Such methods can be utilized for nefarious purposes, for instance, for confidential data exfiltration, enabling secret communication between the infected host and attacker's server or to download additional modules of malware. From this perspective, analyzing different schemes of data hiding allows to assess the preparedness of the current defensive systems. Minification is the process of the source code manipulation while preserving its functionality. In result, the size of the source code is reduced making the transmission more efficient. In this paper we investigate whether minification of JavaScript files can be exploited for data hiding purposes. The obtained results prove that this is feasible and thus countermeasures must be adjusted to take into account such threats.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115052090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Template-based Android inter process communication fuzzing 基于模板的Android进程间通信模糊测试
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407052
Anatoli Kalysch, M. Deutel, Tilo Müller
{"title":"Template-based Android inter process communication fuzzing","authors":"Anatoli Kalysch, M. Deutel, Tilo Müller","doi":"10.1145/3407023.3407052","DOIUrl":"https://doi.org/10.1145/3407023.3407052","url":null,"abstract":"Fuzzing is a test method in vulnerability assessments that calls the interfaces of a program in order to find bugs in its input processing. Automatically generated inputs, based on a set of templates and randomness, are sent to a program at a high rate, collecting crashes for later investigation. We apply fuzz testing to the inter process communication (IPC) on Android in order to find bugs in the mechanisms how Android apps communicate with each other. The sandboxing principle on Android usually ensures that apps can only communicate to other apps via programmatic interfaces. Unlike traditional operating systems, two Android apps running in the same user context are not able to access the data of each other (security) or quit the other app (safety). Our IPC fuzzer for Android detects the structure of data sent within Intents between apps by disassembling and analyzing an app's bytecode. It relies on multiple mutation engines for input generation and supports post-mortem analysis for a detailed insight into crashes. We tested 1488 popular apps from the Google Play-Store, enabling us to crash 450 apps with intents that could be sent from any unprivileged app on the same device, thus undermining the safety guarantees given by Android. We show that any installed app on a device could easily crash a series of other apps, effectively rendering them useless. Even worse, we discovered flaws in popular frameworks like Unity, the Google Services API, and the Adjust SDK. Comparing our implementation to previous research shows improvements in the depth and diversity of our detected crashes.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122433411","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Feasibility study of a camera-based PUF in a realistic scenario 基于摄像机的PUF在现实场景中的可行性研究
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407047
Kazuhide Fukushima, Thomas Perianin, Victor Dyseryn, S. Kiyomoto, S. Guilley, A. Facon
{"title":"Feasibility study of a camera-based PUF in a realistic scenario","authors":"Kazuhide Fukushima, Thomas Perianin, Victor Dyseryn, S. Kiyomoto, S. Guilley, A. Facon","doi":"10.1145/3407023.3407047","DOIUrl":"https://doi.org/10.1145/3407023.3407047","url":null,"abstract":"Supply chain management is critical in industrial efforts to reduce costs and time, stabilize product supply, and improve profitability. Surveillance cameras play a significant role in supply chain management, as they can record work activities to achieve appropriate monitoring of company operations. A solution for ensuring the reliability of the video taken by a surveillance camera is to achieve data integrity using a cryptographic algorithm. Another important solution is the identification of a surveillance camera to ensure the traceability of video. This paper proposes a novel approach for video-based fingerprint extraction and key generation, that can be used for camera PUF construction. Our experiment shows that a 256-bit key can be extracted from 50 frames of a normal video with a resolution of 800 X 600 pixels, and we theoretically prove that our methodology satisfies the randomness, uniqueness, steadiness, and unpredictability requirements. Our PUF construction can thus be used to identify a surveillance camera from a video.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122034963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Clust-IT: clustering-based intrusion detection in IoT environments 集群it:物联网环境中基于集群的入侵检测
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409201
Robert P. Markiewicz, D. Sgandurra
{"title":"Clust-IT: clustering-based intrusion detection in IoT environments","authors":"Robert P. Markiewicz, D. Sgandurra","doi":"10.1145/3407023.3409201","DOIUrl":"https://doi.org/10.1145/3407023.3409201","url":null,"abstract":"Low-powered and resource-constrained devices are forming a greater part of our smart networks. For this reason, they have recently been the target of various cyber-attacks. However, these devices often cannot implement traditional intrusion detection systems (IDS), or they can not produce or store the audit trails needed for inspection. Therefore, it is often necessary to adapt existing IDS systems and malware detection approaches to cope with these constraints. We explore the application of unsupervised learning techniques, specifically clustering, to develop a novel IDS for networks composed of low-powered devices. We describe our solution, called Clust-IT (Clustering of IoT), to manage heterogeneous data collected from cooperative and distributed networks of connected devices and searching these data for indicators of compromise while remaining protocol agnostic. We outline a novel application of OPTICS to various available IoT datasets, composed of both packet and flow captures, to demonstrate the capabilities of the proposed techniques and evaluate their feasibility in developing an IoT IDS.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129456681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Anonymization of geosocial network data by the (k, l)-degree method with location entropy edge selection 基于位置熵边选择的(k, l)度方法对地理社交网络数据的匿名化
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409184
Jana Medková
{"title":"Anonymization of geosocial network data by the (k, l)-degree method with location entropy edge selection","authors":"Jana Medková","doi":"10.1145/3407023.3409184","DOIUrl":"https://doi.org/10.1145/3407023.3409184","url":null,"abstract":"Geosocial networks (GSNs) have become an important branch of location-based services since sharing information among friends is the additional feature to provide information based on the user's current location. The growing popularity of location-based services contribute to the development of highly customized and flexible utilities. However, providing customized services relates to collecting and storing a large amount of users' information. In this paper, we focus on the privacy-preserving concern in publishing GSN datasets. We introduce a new (k, l)-degree anonymization method to prevent the re-identification attack in the published GSN dataset. The presented method anonymizes users' social relationships as well as location-based information in GSN. We propose the new (k, l)-degree anonymization algorithm which modifies the network structure with a sequence of edge editing operations. GSN is newly represented by the combination of social network describing social ties between users and affiliation network linking users with their checked-in locations. Furthermore, we innovatively use the location entropy metric in the proposed GSN anonymization method. The location entropy measures the importance of the visited locations in the edge selection procedure of the (k, l)-degree anonymization algorithm. We explore the usability of the algorithm by running experiments on real-world geosocial network datasets, Gowalla and Brightkite.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129640095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Real-time stream processing tool for detecting suspicious network patterns using machine learning 实时流处理工具,用于检测可疑的网络模式使用机器学习
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409189
Mikołaj Komisarek, M. Choraś, R. Kozik, M. Pawlicki
{"title":"Real-time stream processing tool for detecting suspicious network patterns using machine learning","authors":"Mikołaj Komisarek, M. Choraś, R. Kozik, M. Pawlicki","doi":"10.1145/3407023.3409189","DOIUrl":"https://doi.org/10.1145/3407023.3409189","url":null,"abstract":"In this paper, the performance of stream processing and accuracy in the prediction of suspicious flows in simulated network traffic is investigated. In addition, concepts of an engine that integrates with novel solutions like the Elastic-search database and Apache Kafka that allows easy definition of streams and implementation of any machine learning algorithm are presented.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123526119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信