发布求助
文献互助 智能选刊 最新文献

2014 IEEE Security and Privacy Workshops最新文献

筛选
英文 中文
Collusion and Fraud Detection on Electronic Energy Meters - A Use Case of Forensics Investigation Procedures 电子电能表的合谋与欺诈侦测——法医学调查程序用例
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.19
R. A. D. Faria, K. Fonseca, Bertoldo Schneider, S. Nguang
{"title":"Collusion and Fraud Detection on Electronic Energy Meters - A Use Case of Forensics Investigation Procedures","authors":"R. A. D. Faria, K. Fonseca, Bertoldo Schneider, S. Nguang","doi":"10.1109/SPW.2014.19","DOIUrl":"https://doi.org/10.1109/SPW.2014.19","url":null,"abstract":"Smart meters (gas, electricity, water, etc.) play a fundamental role on the implementation of the Smart Grid concept. Nevertheless, the rollout of smart meters needed to achieve the foreseen benefits of the integrated network of devices is still slow. Among the reasons for the slower pace is the lack of trust on electronic devices and new kinds of frauds based on clever tampering and collusion. These facts have been challenging service providers and imposing great revenues losses. This paper presents a use case of forensics investigation procedures applied to detect electricity theft based on tampered electronic devices. The collusion fraud draw our attention for the involved amounts (losses) caused to the provider and the technique applied to hide fraud evidences.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130025060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Insider Threat Identification by Process Analysis 通过过程分析识别内部威胁
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.40
M. Bishop, H. Conboy, Huong Phan, Borislava I. Simidchieva, G. Avrunin, L. Clarke, L. Osterweil, S. Peisert
{"title":"Insider Threat Identification by Process Analysis","authors":"M. Bishop, H. Conboy, Huong Phan, Borislava I. Simidchieva, G. Avrunin, L. Clarke, L. Osterweil, S. Peisert","doi":"10.1109/SPW.2014.40","DOIUrl":"https://doi.org/10.1109/SPW.2014.40","url":null,"abstract":"The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential \"insider\"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"119 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126916986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
iCOP: Automatically Identifying New Child Abuse Media in P2P Networks iCOP:在P2P网络中自动识别新的儿童虐待媒体
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.27
Claudia Peersman, Christian Schulze, A. Rashid, M. Brennan, Carl Fischer
{"title":"iCOP: Automatically Identifying New Child Abuse Media in P2P Networks","authors":"Claudia Peersman, Christian Schulze, A. Rashid, M. Brennan, Carl Fischer","doi":"10.1109/SPW.2014.27","DOIUrl":"https://doi.org/10.1109/SPW.2014.27","url":null,"abstract":"The increasing levels of child sex abuse (CSA) media being shared in peer-to-peer (P2P) networks pose a significant challenge for law enforcement agencies. Although a number of P2P monitoring tools to detect offender activity in such networks exist, they typically rely on hash value databases of known CSA media. Such an approach cannot detect new or previously unknown media being shared. Conversely, identifying such new previously unknown media is a priority for law enforcement - they can be indicators of recent or on-going child abuse. Furthermore, originators of such media can be hands-on abusers and their apprehension can safeguard children from further abuse. The sheer volume of activity on P2P networks, however, makes manual detection virtually infeasible. In this paper, we present a novel approach that combines sophisticated filename and media analysis techniques to automatically flag new previously unseen CSA media to investigators. The approach has been implemented into the iCOP toolkit. Our evaluation on real case data shows high degrees of accuracy while hands-on trials with law enforcement officers highlight iCOP's usability and its complementarity to existing investigative workflows.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131536712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud 云中状态数据使用控制的体系结构、工作流和原型
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.13
A. Lazouski, Gaetano Mancini, F. Martinelli, P. Mori
{"title":"Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud","authors":"A. Lazouski, Gaetano Mancini, F. Martinelli, P. Mori","doi":"10.1109/SPW.2014.13","DOIUrl":"https://doi.org/10.1109/SPW.2014.13","url":null,"abstract":"This paper deals with the problem of continuous usage control of multiple copies of data objects in distributed systems. This work defines an architecture, a set of workflows, a set of policies and an implementation for the distributed enforcement. The policies, besides including access and usage rules, also specify the parties that will be involved in the decision process. Indeed, the enforcement requires collaboration of several entities because the access decision might be evaluated on one site, enforced on another, and the attributes needed for the policy evaluation might be stored in many distributed locations.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133724513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Towards Forensic Analysis of Attacks with DNSSEC 基于DNSSEC的攻击取证分析
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.20
Haya Schulmann, M. Waidner
{"title":"Towards Forensic Analysis of Attacks with DNSSEC","authors":"Haya Schulmann, M. Waidner","doi":"10.1109/SPW.2014.20","DOIUrl":"https://doi.org/10.1109/SPW.2014.20","url":null,"abstract":"DNS cache poisoning is a stepping stone towards advanced (cyber) attacks, and can be used to monitor users' activities, for censorship, to distribute malware and spam, and even to subvert correctness and availability of Internet networks and services. The DNS infrastructure relies on challenge-response defences, which are deemed effective for thwarting attacks by (the common) off-path adversaries. Such defences do not suffice against stronger adversaries, e.g., man-in-the-middle (MitM). However, there seems to be little willingness to adopt systematic, cryptographic mechanisms, since stronger adversaries are not believed to be common. In this work we validate this assumption and show that it is imprecise. In particular, we demonstrate that: (1) attackers can frequently obtain MitM capabilities, and (2) even weaker attackers can subvert DNS security. Indeed, as we show, despite wide adoption of challenge-response defences, cache-poisoning attacks against DNS infrastructure are highly prevalent. We evaluate security of domain registrars and name servers, experimentally, and find vulnerabilities, which expose DNS infrastructure to cache poisoning. We review DNSSEC, the defence against DNS cache poisoning, and argue that, not only it is the most suitable mechanism for preventing cache poisoning attacks, but it is also the only proposed defence that enables a-posteriori forensic analysis of attacks. Specifically, DNSSEC provides cryptographic evidences, which can be presented to, and validated by, any third party and can be used in investigations and for detection of attacks even long after the attack took place.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128854562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Constructing and Analyzing Criminal Networks 构建和分析犯罪网络
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.22
Hamed Sarvari, Ehab A. Abozinadah, Alex V. Mbaziira, Damon McCoy
{"title":"Constructing and Analyzing Criminal Networks","authors":"Hamed Sarvari, Ehab A. Abozinadah, Alex V. Mbaziira, Damon McCoy","doi":"10.1109/SPW.2014.22","DOIUrl":"https://doi.org/10.1109/SPW.2014.22","url":null,"abstract":"Analysis of criminal social graph structures can enable us to gain valuable insights into how these communities are organized. Such as, how large scale and centralized these criminal communities are currently? While these types of analysis have been completed in the past, we wanted to explore how to construct a large scale social graph from a smaller set of leaked data that included only the criminal's email addresses. We begin our analysis by constructing a 43 thousand node social graph from one thousand publicly leaked criminals' email addresses. This is done by locating Facebook profiles that are linked to these same email addresses and scraping the public social graph from these profiles. We then perform a large scale analysis of this social graph to identify profiles of high rank criminals, criminal organizations and large scale communities of criminals. Finally, we perform a manual analysis of these profiles that results in the identification of many criminally focused public groups on Facebook. This analysis demonstrates the amount of information that can be gathered by using limited data leaks.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130183233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 57
Insider Attack Identification and Prevention Using a Declarative Approach 使用声明性方法识别和预防内部攻击
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.41
A. Sarkar, Sven Köhler, S. Riddle, Bertram Ludäscher, M. Bishop
{"title":"Insider Attack Identification and Prevention Using a Declarative Approach","authors":"A. Sarkar, Sven Köhler, S. Riddle, Bertram Ludäscher, M. Bishop","doi":"10.1109/SPW.2014.41","DOIUrl":"https://doi.org/10.1109/SPW.2014.41","url":null,"abstract":"A process is a collection of steps, carried out using data, by either human or automated agents, to achieve a specific goal. The agents in our process are insiders, they have access to different data and annotations on data moving in between the process steps. At various points in a process, they can carry out attacks on privacy and security of the process through their interactions with different data and annotations, via the steps which they control. These attacks are sometimes difficult to identify as the rogue steps are hidden among the majority of the usual non-malicious steps of the process. We define process models and attack models as data flow based directed graphs. An attack A is successful on a process P if there is a mapping relation from A to P that satisfies a number of conditions. These conditions encode the idea that an attack model needs to have a corresponding similarity match in the process model to be successful. We propose a declarative approach to vulnerability analysis. We encode the match conditions using a set of logic rules that define what a valid attack is. Then we implement an approach to generate all possible ways in which agents can carry out a valid attack A on a process P, thus informing the process modeler of vulnerabilities in P. The agents, in addition to acting by themselves, can also collude to carry out an attack. Once A is found to be successful against P, we automatically identify improvement opportunities in P and exploit them, eliminating ways in which A can be carried out against it. The identification uses information about which steps in P are most heavily attacked, and try to find improvement opportunities in them first, before moving onto the lesser attacked ones. We then evaluate the improved P to check if our improvement is successful. This cycle of process improvement and evaluation iterates until A is completely thwarted in all possible ways.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122707724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
The Tricks of the Trade: What Makes Spam Campaigns Successful? 交易的技巧:是什么让垃圾邮件活动成功?
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.21
Jane Iedemska, G. Stringhini, R. Kemmerer, Christopher Krügel, G. Vigna
{"title":"The Tricks of the Trade: What Makes Spam Campaigns Successful?","authors":"Jane Iedemska, G. Stringhini, R. Kemmerer, Christopher Krügel, G. Vigna","doi":"10.1109/SPW.2014.21","DOIUrl":"https://doi.org/10.1109/SPW.2014.21","url":null,"abstract":"Spam is a profitable business for cyber criminals, with the revenue of a spam campaign that can be in the order of millions of dollars. For this reason, a wealth of research has been performed on understanding how spamming botnets operate, as well as what the economic model behind spam looks like. Running a spamming botnet is a complex task: the spammer needs to manage the infected machines, the spam content being sent, and the email addresses to be targeted, among the rest. In this paper, we try to understand which factors influence the spam delivery process and what characteristics make a spam campaign successful. To this end, we analyzed the data stored on a number of command and control servers of a large spamming botnet, together with the guidelines and suggestions that the botnet creators provide to spammers to improve the performance of their botnet.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124791434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Can We Identify NAT Behavior by Analyzing Traffic Flows? 我们可以通过分析流量来识别NAT行为吗?
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.28
Yasemin Gokcen, V. A. Foroushani, A. N. Zincir-Heywood
{"title":"Can We Identify NAT Behavior by Analyzing Traffic Flows?","authors":"Yasemin Gokcen, V. A. Foroushani, A. N. Zincir-Heywood","doi":"10.1109/SPW.2014.28","DOIUrl":"https://doi.org/10.1109/SPW.2014.28","url":null,"abstract":"It is shown in the literature that network address translation devices have become a convenient way to hide the source of malicious behaviors. In this research, we explore how far we can push a machine learning (ML) approach to identify such behaviors using only network flows. We evaluate our proposed approach on different traffic data sets against passive fingerprinting approaches and show that the performance of a machine learning approach is very promising even without using any payload (application layer) information.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114734664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis 将生成数据模型与形式失效相结合用于内部威胁分析
2014 IEEE Security and Privacy Workshops Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.45
F. Kammüller, Christian W. Probst
{"title":"Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis","authors":"F. Kammüller, Christian W. Probst","doi":"10.1109/SPW.2014.45","DOIUrl":"https://doi.org/10.1109/SPW.2014.45","url":null,"abstract":"In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows modelchecking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"107 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130747093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信