2021 18th International Conference on Privacy, Security and Trust (PST)最新文献

筛选
英文 中文
Measurement of Local Differential Privacy Techniques for IoT-based Streaming Data 基于物联网流数据的局部差分隐私技术测量
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647839
Sharmin Afrose, D. Yao, O. Kotevska
{"title":"Measurement of Local Differential Privacy Techniques for IoT-based Streaming Data","authors":"Sharmin Afrose, D. Yao, O. Kotevska","doi":"10.1109/PST52912.2021.9647839","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647839","url":null,"abstract":"Various Internet of Things (IoT) devices generate complex, dynamically changed, and infinite data streams. Adversaries can cause harm if they can access the user’s sensitive raw streaming data. For this reason, protecting the privacy of the data streams is crucial. In this paper, we explore local differential privacy techniques for streaming data. We compare the techniques and report the advantages and limitations. We also present the effect on component (e.g., smoother, perturber) variations of distribution-based local differential privacy. We find that combining distribution-based noise during perturbation provides more flexibility to the interested entity.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127663596","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Practical Protection of Binary Applications via Transparent Immunization 通过透明免疫实现二进制应用程序的实际保护
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647820
Xinyuan Wang
{"title":"Practical Protection of Binary Applications via Transparent Immunization","authors":"Xinyuan Wang","doi":"10.1109/PST52912.2021.9647820","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647820","url":null,"abstract":"In the past few years, massive data breach attacks on large organizations (e.g., Anthem Inc., Equifax) have compromised sensitive data of tens or even hundreds of millions of people. The 2017 Equifax data breach attack has compromised sensitive data of 148 million people and has costed Equifax $$ 1.4$ billion as of May 2019. Unfortunately the average time to detect, contain a data breach was 206 days and 73 days respectively in 2019. There is a pressing need to develop practical and deployable capability to detect and block previously unseen, application specific cyberattacks on vulnerable binary applications in real-time. In this paper, we present AppImmu, a practical cyber defense system that can detect and block previously unknown cyber-attacks on vulnerable binary applications in real-time with no false positive. Given a potentially vulnerable ELF binary application, AppImmu can transparently and statically immunize it into an immunized version via binary rewriting. At run-time, AppImmu uses kernel level immunization based anomaly detection techniques to detect and block previously unknown cyberattacks on immunized binary applications without any prior knowledge of the attacks. We have successfully immunized real world large binary applications such as Apache Java execution environment, bash shell, Snort in Linux and have successfully detected and blocked real world data breach attacks (e.g., Apache Strut exploit used in 2017 Equifax data breach attack, Shellshock exploit) in true real-time. Our benchmark experiments show that AppImmu incurs less than 6% run-time overhead in overall system performance, 2.1% run-time overhead for applications under typical workload.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114275312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Intrusion Detection in Internet of Things using Convolutional Neural Networks 基于卷积神经网络的物联网入侵检测
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647828
M. Kodys, Zhi Lu, Fok Kar Wai, V. Thing
{"title":"Intrusion Detection in Internet of Things using Convolutional Neural Networks","authors":"M. Kodys, Zhi Lu, Fok Kar Wai, V. Thing","doi":"10.1109/PST52912.2021.9647828","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647828","url":null,"abstract":"Internet of Things (IoT) has become a popular paradigm to fulfil needs of the industry such as asset tracking, resource monitoring and automation. As security mechanisms are often neglected during the deployment of IoT devices, they are more easily attacked by complicated and large volume intrusion attacks using advanced techniques. Artificial Intelligence (AI) has been used by the cyber security community in the past decade to automatically identify such attacks. However, deep learning methods have yet to be extensively explored for Intrusion Detection Systems (IDS) specifically for IoT. Most recent works are based on time sequential models like LSTM and there is short of research in CNNs as they are not naturally suited for this problem. In this article, we propose a novel solution to the intrusion attacks against IoT devices using CNNs. The data is encoded as the convolutional operations to capture the patterns from the sensors data along time that are useful for attacks detection by CNNs. The proposed method is integrated with two classical CNNs: ResNet and EfficientNet, where the detection performance is evaluated. The experimental results show significant improvement in both true positive rate and false positive rate compared to the baseline using LSTM.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115663086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Unmasking Privacy Leakage through Android Apps Obscured with Hidden Permissions 通过隐藏权限隐藏的Android应用揭秘隐私泄露
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647851
Pranav Kotak, S. Bhandari, A. Zemmari, Jaykrishna Joshi
{"title":"Unmasking Privacy Leakage through Android Apps Obscured with Hidden Permissions","authors":"Pranav Kotak, S. Bhandari, A. Zemmari, Jaykrishna Joshi","doi":"10.1109/PST52912.2021.9647851","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647851","url":null,"abstract":"Data theft is a significant security threat for mobile app users. The growing importance of digitization motivates the diversity of available applications. In this paper, we propose a novel and lightweight method for classifying Android apps into low, medium, and high-risk categories. Our approach relies largely on the other permissions (also termed as hidden permissions) of the Android applications. We have proposed a linear regression-based technique to classify the apps into different risk categories. We will show how other permissions can be used as a strong indicator for defining risk categories. We have used K-means clustering to validate and explain the decision of our method. In an evaluation with 500 applications and 101 other permissions, our proposed approach decides the risk factor of an app, and the explanation is provided for each detection reveal relevant properties of the detected risk.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123921036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detection of Induced False Negatives in Malware Samples 恶意软件样本中诱导假阴性的检测
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647787
Adrian Wood, Michael N. Johnstone
{"title":"Detection of Induced False Negatives in Malware Samples","authors":"Adrian Wood, Michael N. Johnstone","doi":"10.1109/PST52912.2021.9647787","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647787","url":null,"abstract":"Malware detection is an important area of cyber security. Computer systems rely on malware detection applications to prevent malware attacks from succeeding. Malware detection is not a straightforward task, as new variants of malware are generated at an increasing rate. Machine learning (ML) has been utilised to generate predictive classification models to identify new malware variants which conventional malware detection methods may not detect. Machine learning, has however, been found to be vulnerable to different types of adversarial attacks, in which an attacker is able to negatively affect the classification ability of the ML model. Several defensive measures to prevent adversarial poisoning attacks have been developed, but they often rely on the use of a trusted clean dataset to help identify and remove adversarial examples from the training dataset. The defence in this paper does not require a trusted clean dataset, but instead, identifies intentional false negatives (zero day malware classified as benign) at the testing stage by examining the activation weights of the ML model. The defence was able to identify 94.07% of the successful targeted poisoning attacks.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123745780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
TEE-based Selective Testing of Local Workers in Federated Learning Systems 基于tee的联邦学习系统中本地工人的选择性测试
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-11-04 DOI: 10.1109/PST52912.2021.9647773
Wensheng Zhang, Trent Muhr
{"title":"TEE-based Selective Testing of Local Workers in Federated Learning Systems","authors":"Wensheng Zhang, Trent Muhr","doi":"10.1109/PST52912.2021.9647773","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647773","url":null,"abstract":"This paper considers a federated learning system consisting of a central aggregation server and multiple distributed local workers, all having access to trusted execution environments (TEEs). For the local workers, which are untrusted but economically-rational, to conduct local learning honestly, we propose a TEE-based selective testing scheme that also combines techniques from applied cryptography, game theory and smart contract. Theoretical analysis of the scheme indicates that only a small number of tests are needed to enforce honest execution by the local workers. Implementation-based experiments compare the cost of the proposed scheme against two reference schemes (i.e., the original scheme without security measure and the all-SGX scheme which conducts training completely in an SGX enclave). The results show that, our proposed scheme incurs much lower cost at the SGX enclave though introducing a higher cost at the untrusted execution environment. We argue that this tradeoff is appropriate given that computing in the untrusted environment can access more resources and is cheaper than in the trusted environment. The experiment results also show that, the increase of the cost in the untrusted execution environment get smaller as the size of the training model increases, which demonstrates the scalability of the scheme.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129911561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Introducing a Framework to Enable Anonymous Secure Multi-Party Computation in Practice 在实践中引入一个实现匿名安全多方计算的框架
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-11-03 DOI: 10.1109/PST52912.2021.9647793
Malte Breuer, Ulrike Meyer, S. Wetzel
{"title":"Introducing a Framework to Enable Anonymous Secure Multi-Party Computation in Practice","authors":"Malte Breuer, Ulrike Meyer, S. Wetzel","doi":"10.1109/PST52912.2021.9647793","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647793","url":null,"abstract":"Secure Multi-Party Computation (SMPC) allows a set of parties to securely compute a functionality in a distributed fashion without the need for any trusted external party. Usually, it is assumed that the parties know each other and have already established authenticated channels among each other. However, in practice the parties sometimes must stay anonymous. In this paper, we conceptualize a framework that enables the repeated execution of an SMPC protocol for a given functionality such that the parties can keep their participation in the protocol executions private and at the same time be sure that only authorized parties may take part in a protocol execution. We identify the security properties that an implementation of our framework must meet and introduce a first implementation of the framework that achieves these properties.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115455625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Dazed and Confused: What’s Wrong with Crypto Libraries? 茫然和困惑:加密库有什么问题?
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-11-02 DOI: 10.1109/PST52912.2021.9647786
Mohammadreza Hazhirpasand, Oscar Nierstrasz, Mohammad Ghafari
{"title":"Dazed and Confused: What’s Wrong with Crypto Libraries?","authors":"Mohammadreza Hazhirpasand, Oscar Nierstrasz, Mohammad Ghafari","doi":"10.1109/PST52912.2021.9647786","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647786","url":null,"abstract":"Recent studies have shown that developers have difficulties in using cryptographic APIs, which often led to security flaws. We are interested to tackle this matter by looking into what types of problems exist in various crypto libraries. We manually studied 500 posts on Stack Overflow associated with 20 popular crypto libraries. We realized there are 10 themes in the discussions. Interestingly, there were only two questions related to attacks against cryptography. There were 63 discussions in which developers had interoperability issues when working with more than a crypto library. The majority of posts (112) were about encryption/decryption problems and 111 were about installation/compilation issues of crypto libraries. Overall, we realize that the crypto libraries are frequently involved in more than five themes of discussions. We believe the current initial findings can help team leaders and experienced developers to correctly guide the team members in the domain of cryptography. Moreover, future research should investigate the similarity of problems at the API level among popular crypto libraries.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124782187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Long Passphrases: Potentials and Limits 长密码短语:潜力和限制
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-10-18 DOI: 10.1109/PST52912.2021.9647800
Christopher Bonk, Zach Parish, Julie Thorpe, Amirali Salehi-Abari
{"title":"Long Passphrases: Potentials and Limits","authors":"Christopher Bonk, Zach Parish, Julie Thorpe, Amirali Salehi-Abari","doi":"10.1109/PST52912.2021.9647800","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647800","url":null,"abstract":"Passphrases offer an alternative to traditional passwords which aim to be stronger and more memorable. However, users tend to choose short passphrases with predictable patterns that may reduce the security they offer. To explore the potential of long passphrases, we formulate a set of passphrase policies and guidelines aimed at supporting their creation and use. Through a 39-day user study we analyze the usability and security of passphrases generated using our policies and guidelines. Our analysis indicates these policies lead to reasonable usability and promising security for some use cases, and that there are some common pitfalls in free-form passphrase creation. Our results suggest that our policies can support the use of long passphrases.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116377023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI PyPI中Python包的大规模面向安全的静态分析
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-07-27 DOI: 10.1109/PST52912.2021.9647791
Jukka Ruohonen, Kalle Hjerppe, Kalle Rindell
{"title":"A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI","authors":"Jukka Ruohonen, Kalle Hjerppe, Kalle Rindell","doi":"10.1109/PST52912.2021.9647791","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647791","url":null,"abstract":"Different security issues are a common problem for open source packages archived to and delivered through software ecosystems. These often manifest themselves as software weaknesses that may lead to concrete software vulnerabilities. This paper examines various security issues in Python packages with static analysis. The dataset is based on a snapshot of all packages stored to the Python Package Index (PyPI). In total, over 197 thousand packages and over 749 thousand security issues are covered. Even under the constraints imposed by static analysis, (a) the results indicate prevalence of security issues; at least one issue is present for about 46% of the Python packages. In terms of the issue types, (b) exception handling and different code injections have been the most common issues. The subprocess module stands out in this regard. Reflecting the generally small size of the packages, (c) software size metrics do not predict well the amount of issues revealed through static analysis. With these results and the accompanying discussion, the paper contributes to the field of large-scale empirical studies for better understanding security problems in software ecosystems.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124760345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信