Proceedings of the 15th International Conference on Availability, Reliability and Security最新文献

{"title":"Cyberspace threats: not only hackers and criminals. Raising the awareness of selected unusual cyberspace actors - cybersecurity researchers' perspective","authors":"Aleksandra Pawlicka, M. Choraś, M. Pawlicki","doi":"10.1145/3407023.3409181","DOIUrl":"https://doi.org/10.1145/3407023.3409181","url":null,"abstract":"Despite its development having changed and improved citizens' lives, cyberspace has also become a new arena for competition among states, organizations and individuals, and various cyber threats to people's security are becoming more prevalent, damaging and complex. Although it is rather commonly known that cyberspace is a battlefield, and almost every individual, organization or even state may fall victim to malicious hackers or greedy cybercriminals, the members of the public rarely seem to think of other sources of threat. Thus, in an attempt to raise the general awareness, this paper presents an additional number of selected, often unsuspected actors that shape and influence the cyberspace of today: nation-state actors, cyberterrorists, hacktivists and trolls. The motives of each actor, their modus operandi and the most significant representatives have also been discussed. Being aware of the existence and nature of each actor helps one better understand the threat they pose, as well as grasp the significance of the cybersecurity measures.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114057079","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Machine learning for tree structures in fake site detection","authors":"Taichi Ishikawa, Yu-Lu Liu, D. Shepard, Kilho Shin","doi":"10.1145/3407023.3407035","DOIUrl":"https://doi.org/10.1145/3407023.3407035","url":null,"abstract":"Tree data analysis has many applications in information security. In particular, HTML pages' DOM trees are an important target of analysis because web pages can be vectors for, and targets of, major cyberattacks like phishing. Previous attempts to incorporate tree data analysis into security applications, however, have been hampered by the lack of efficient methods for tree data analysis in machine learning. As such, most security research has focused on data representable as vectors of real numbers, like most machine learning work. Recent work, however, has yielded several efficiency break-throughs in tree analysis. One example is kernel methods, a methodological bridge that fills the gap between discretely-structured data (like trees) and multivariate analysis. Kernel methods enable applying a variety of multivariate analysis techniques such as SVM and PCA to trees. The method we are interested in is the subpath kernel. The subpath kernel offers the following advantages: (1) it is invariant over ordered and unordered trees; (2) it can be computed using an extremely fast linear-time algorithm compared to the quadratic time required to compute values of most tree kernels; (3) its excellent prediction accuracy has been proven through intensive experiments. This paper proposes a subpath kernel-based method for tree-structured security data. To demonstrate the effectiveness of our method, we apply it to the problem of detecting fake e-commerce sites, a sub-problem of phishing detection with a significant real-world financial cost. In an experiment on a real dataset of fake sites provided by a major e-commerce company, our method exhibited accuracy as high as 0.998 when training SVM with as few as 1,000 instances. Its generalization efficiency is also excellent: with only 100 training instances, the accuracy score reaches 0.996. While previous phishing detection methods relied on textual content, URL components, and blacklists, our approach is the first to leverage DOM trees, which makes it both more effective and more robust against adversarial attacks. Unlike URL or content changes, changing a page's DOM structure incurs large costs to criminals.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114793814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Formalising fault injection and countermeasures","authors":"Thomas Given-Wilson, Axel Legay","doi":"10.1145/3407023.3407049","DOIUrl":"https://doi.org/10.1145/3407023.3407049","url":null,"abstract":"Fault injection is widely used as a method to evaluate the robustness and security of a system against many kinds of faults and attacks. Recent works have considered many ways to demonstrate security risks and viable attacks using fault injection, and some have also proposed countermeasures. However, no general and formal definition of fault injection or countermeasure has been provided that can be used to reason about such attacks. This leaves significant results in this area to be ad-hoc and without broad applicability. This paper presents formal definitions of both fault injection on an arbitrary system and what an effective countermeasure is. These definitions are used to prove that fault injection attacks cannot in general be prevented (by any countermeasure). An example is presented that demonstrates how to construct an effective countermeasure for a specific fault injection that parallels some well known approaches. Further extensions to account for probabilistic behaviour and systems with time are also presented. These definitions and results demonstrate formal proofs about the security and defences of systems in ways that can be used, thus yielding a broadly applicable approach that can formalise fault injections and countermeasures in the future.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124070283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel automatic discovery system of critical assets in cyberspace-oriented military missions","authors":"Álvaro Luis Martínez, V. Villagrá","doi":"10.1145/3407023.3409225","DOIUrl":"https://doi.org/10.1145/3407023.3409225","url":null,"abstract":"As result of the digitalization of the military operations, the need for capabilities able to facilitate the acquisition of cyber situation awareness are increasingly demanded. In this context, augmenting the conscious of the context and warfare environment, risks and impacts of cyber threats on kinetic actuations became a critical rule-changer that military decision-makers must consider. Among the challenges that developing these solutions addresses, it is worth to highlight the dynamically assessment of the impact of the ICT infrastructure that enables the modern military operations, regarding the mission expectations and goals. In this context, the identification of Key Cyber Terrains (KCT) becomes an essential task, which requires the analysis of cross-domain knowledge from the tactical environment combined by feeds from the cyberspace. Bearing this in mind, the aim of the research presented in this paper is to explore the existing gaps and challenges concerning the dynamic cyber asset valuation and based on that, design a supporting system able to automatically identify KCT on military missions that rely on the cyberspace. Accordingly, the proposed KCT identification solution was not only a cyber risk management analysis tool for dual-use cyber assets, but a full procedure for their mission-centric identification. The approach explored the dependency degrees among tasks and assets defined by commanders as part of the assessment criteria. They were correlated with the discoveries on the operational network and the asset vulnerabilities identified thorough the supported mission development. In order to facilitate the understanding of the introduced method, an illustrative use case that combined a hypothetical mission scenario with real network traffic has been defined and discussed.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122736001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Automated security test generation for MQTT using attack patterns","authors":"Hannes Sochor, Flavio Ferrarotti, R. Ramler","doi":"10.1145/3407023.3407078","DOIUrl":"https://doi.org/10.1145/3407023.3407078","url":null,"abstract":"The dramatic increase of attacks and malicious activities has made security a major concern in the development of interconnected cyber-physical systems and raised the need to address this concern also in testing. The goal of security testing is to discover vulnerabilities in the system under test so that they can be fixed before an attacker finds and abuses them. However, testing for security issues faces the challenge of systematically exploring a potentially non-tractable number of interaction scenarios that have to include also invalid inputs and possible harmful interaction attempts. In this paper, we describe an approach for automated generation of test cases for security testing, which are based on attack patterns. These patterns are blueprints that can be used for exploiting common vulnerabilities. The approach combines random test case generation with attack patterns implemented for the Message Queuing Telemetry Transport (MQTT) protocol. We have applied the proposed testing approach to five popular and widely available MQTT brokers, generating 1,804 interaction sequences in form of executable test cases which resulted in numerous test failures, unhandled exceptions and crashes. A detailed manual analysis of these cases have revealed 28 security-relevant issues and critical shortcomings in the tested MQTT broker implementations.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"110 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124685944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A real world study on employees' susceptibility to phishing attacks","authors":"M. Bona, F. Paci","doi":"10.1145/3407023.3409179","DOIUrl":"https://doi.org/10.1145/3407023.3409179","url":null,"abstract":"Phishing email attacks have been around for fifteen years but they are still among the top security risks faced by organisations. The most common approach to mitigate these attacks is employees' education and awareness. Employees' awareness on phishing attacks is achieved by embedded training that educate employees when they fall for the attack. However, the effectiveness of embedded training in workplace settings is uncertain given the large number of employees that remain vulnerable to phishing email attacks. Similarly, the role of persuasion techniques in making employees vulnerable to phishing attacks is yet to be investigated in the workplace settings. Therefore, in this paper we investigate which persuasion technique between authority and urgency is more effective in making employees susceptible to phishing, the relation between employees' susceptibility and their demographic data, and the effectiveness of embedded training in reducing employees' susceptibility to phishing attacks. To this end, we conducted a real phishing study with 191 employees of an Italian company. We found that employees were more vulnerable to phishing attacks when urgency principle was exploited. The study also showed no significant effect of employees' demographic data on susceptibility to phishing. Embedded training was perceived as effective by employees but it did not reduce their susceptibility to phishing.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123561700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Negative filtering of CCTV Content - forensic video analysis framework","authors":"Franck Jeveme Panta, A. Péninou, F. Sèdes","doi":"10.1145/3407023.3407069","DOIUrl":"https://doi.org/10.1145/3407023.3407069","url":null,"abstract":"This paper presents our work on forensic video analysis that aimed to assist videosurveillance operators by reducing the volume of video to analyze during the search for post-evidence in videos. This work is conducted in collaboration with the French National Police and is based on requirements defined in a project related to videos analysis in the context of investigations. Due to the constant increasing volume of video generated by CCTV cameras, one of the investigators' goals is to reduce video analysis time. For this purpose, we propose a negative filtering approach based on quality and usability/utility metadata, enabling to eliminate video sequences that do not satisfy requirements for their analysis through automatic processing. Our approach involves a data model which is able to integrate different levels of video metadata, and an associated query mechanism. Experiments performed using the developed framework demonstrate the utility of our approach in a real-world case. Results show that our approach helps CCTV operators to significantly reduce video analysis times.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133810492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A comparison of stream mining algorithms on botnet detection","authors":"Guilherme Henrique Ribeiro, Elaine Ribeiro de Faria Paiva, R. Miani","doi":"10.1145/3407023.3407053","DOIUrl":"https://doi.org/10.1145/3407023.3407053","url":null,"abstract":"Recent botnet activities targeting IoT infrastructure and turning computing devices into cryptocurrency miners indicate an increase in the botnet attack surface and capabilities. These facts emphasize the importance of investigating alternative methods for detecting botnets. One of them is using stream mining algorithms to classify malicious network traffic. Although some initiatives seek to adopt stream mining strategies to detect botnets, several research topics still need to be discussed. Our goal is to compare the use of single and ensemble-based stream mining algorithms to identify botnet network flows. Since obtaining examples of malicious network flows could be a hassle to security managers, we also investigate whether the use of ensembles could reduce the number of labeled instances required to update the classification model. Our results indicate that the ensemble-based Ozaboost algorithm with the prequential evaluation strategy outperforms the other selected algorithms. We also found that ensemble-based algorithms and some botnet characteristics (C&C communication protocol) requires less labeled instances while maintains high performance.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115394889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An investigation on the feasibility of the bluetooth frequency hopping mechanism for the use as a covert channel technique","authors":"Daniel Vogel, Ulugbek Akhmedjanov, Marc Ohm, M. Meier","doi":"10.1145/3407023.3409218","DOIUrl":"https://doi.org/10.1145/3407023.3409218","url":null,"abstract":"Adaptive Frequency Hopping is a mechanism included in the Bluetooth standard to minimize the effects of interference from other signals sharing the same frequency band. In this paper, several possible strategies of exploiting the frequency hopping mechanism as a covert channel are discussed. There has been some research presenting ways to make use of covert channels over Bluetooth yet none have explored frequency hopping in this context. Three groups of approaches are presented for sending hidden information by means of exploiting specific properties of the frequency hopping mechanism and the generated hopping sequence. These groups consist of strategies to transmit data hidden in protocol packets, modulated on manipulated hopping sequences or by influencing available channels through jamming, thus limiting possible hop frequencies. These approaches are compared by their bandwidth, ease of implementation as well as the detectability of a communication using these covert channels. We show that there are vast unexplored opportunities for covert communication using the adaptive frequency hopping mechanism used by Bluetooth devices.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121058566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards the performance evaluation of a clustering and trust based security mechanism for VANET","authors":"Amira Kchaou, Ryma Abassi, S. Fatmi","doi":"10.1145/3407023.3407071","DOIUrl":"https://doi.org/10.1145/3407023.3407071","url":null,"abstract":"Vehicular Ad-hoc Networks (VANETs) establish communication between vehicles in order to share safety information about road accidents or traffic jams, or non-safety information through messages. Besides, VANETs have a dynamic topology since the vehicles have a high mobility and therefore, the exchanged messages could be dropped or modified. However, falsified messages can be transmitted, the network performance can be affected. In a previous work, we have proposed a Clustering Mechanism for VANET (CMV) as well as a Trust management based on CMV (TCMV) to secure clustering mechanism for message exchange in the VANET. The CMV is based on two steps: (1) the clusters formation step where clusters are formed and the Cluster Heads are elected, and (2) the clusters maintenance step where the organization of clusters is kept in the presence of velocity when the topology changes in VANET, mainly at the arrival of a new vehicle or the displacement or the failure of a vehicle. Besides, the TCMV is used the reputation values of vehicles to compute the credibility of exchanged message. In this paper, we evaluate the performance of the CMV and TCMV. Hence, several simulations were realized with different number of vehicles, velocities and transmission range for the number of formed clusters, the cluster stability status, the Packet Data Ratio (PDR), the reputation of honest and dishonest vehicle, and cases of Trust Message.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125870032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}