Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy最新文献_第6页

ISAdetect: Usable Automated Detection of CPU Architecture and Endianness for Executable Binary Files and Object Code ISAdetect:可用的自动检测CPU架构和Endianness为可执行二进制文件和目标代码

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-08-15 DOI: 10.1145/3374664.3375742

Sami Kairajärvi, Andrei Costin, T. Hämäläinen

{"title":"ISAdetect: Usable Automated Detection of CPU Architecture and Endianness for Executable Binary Files and Object Code","authors":"Sami Kairajärvi, Andrei Costin, T. Hämäläinen","doi":"10.1145/3374664.3375742","DOIUrl":"https://doi.org/10.1145/3374664.3375742","url":null,"abstract":"Static and dynamic binary analysis techniques are actively used to reverse engineer software's behavior and to detect its vulnerabilities, even when only the binary code is available for analysis. To avoid analysis errors due to misreading op-codes for a wrong CPU architecture, these analysis tools must precisely identify the Instruction Set Architecture (ISA) of the object code under analysis. The variety of CPU architectures that modern security and reverse engineering tools must support is ever increasing due to massive proliferation of IoT devices and the diversity of firmware and malware targeting those devices. Recent studies concluded that falsely identifying the binary code's ISA caused alone about 10% of failures of IoT firmware analysis. The state of the art approaches detecting ISA for executable object code look promising, and their results demonstrate effectiveness and high-performance. However, they lack the support of publicly available datasets and toolsets, which makes the evaluation, comparison, and improvement of those techniques, datasets, and machine learning models quite challenging (if not impossible). This paper bridges multiple gaps in the field of automated and precise identification of architecture and endianness of binary files and object code. We develop from scratch the toolset and datasets that are lacking in this research space. As such, we contribute a comprehensive collection of open data, open source, and open API web-services. We also attempt experiment reconstruction and cross-validation of effectiveness, efficiency, and results of the state of the art methods. When training and testing classifiers using solely code-sections from executable binary files, all our classifiers performed equally well achieving over 98% accuracy. The results are consistent and comparable with the current state of the art, hence supports the general validity of the algorithms, features, and approaches suggested in those works.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128518012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3

Dissecting Android Cryptocurrency Miners 剖析Android加密货币矿工

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-05-07 DOI: 10.1145/3374664.3375724

Stanislav Dashevskyi, Yury Zhauniarovich, O. Gadyatskaya, Aleksandr Pilgun, Hamza Ouhssain

{"title":"Dissecting Android Cryptocurrency Miners","authors":"Stanislav Dashevskyi, Yury Zhauniarovich, O. Gadyatskaya, Aleksandr Pilgun, Hamza Ouhssain","doi":"10.1145/3374664.3375724","DOIUrl":"https://doi.org/10.1145/3374664.3375724","url":null,"abstract":"Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134201118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 9

Random Spiking and Systematic Evaluation of Defenses Against Adversarial Examples 对抗实例防御的随机峰值和系统评估

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2018-12-05 DOI: 10.1145/3374664.3375736

Huangyi Ge, Sze Yiu Chau, Ninghui Li

引用次数: 1

Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation 基于不可见摄动的卷积神经网络模型后门嵌入

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2018-08-30 DOI: 10.1145/3374664.3375751

C. Liao, Haoti Zhong, A. Squicciarini, Sencun Zhu, David J. Miller

{"title":"Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation","authors":"C. Liao, Haoti Zhong, A. Squicciarini, Sencun Zhu, David J. Miller","doi":"10.1145/3374664.3375751","DOIUrl":"https://doi.org/10.1145/3374664.3375751","url":null,"abstract":"Deep learning models have consistently outperformed traditional machine learning models in various classification tasks, including image classification. As such, they have become increasingly prevalent in many real world applications including those where security is of great concern. Such popularity, however, may attract attackers to exploit the vulnerabilities of the deployed deep learning models and launch attacks against security-sensitive applications. In this paper, we focus on a specific type of data poisoning attack, which we refer to as a em backdoor injection attack. The main goal of the adversary performing such attack is to generate and inject a backdoor into a deep learning model that can be triggered to recognize certain embedded patterns with a target label of the attacker's choice. Additionally, a backdoor injection attack should occur in a stealthy manner, without undermining the efficacy of the victim model. Specifically, we propose two approaches for generating a backdoor that is hardly perceptible yet effective in poisoning the model. We consider two attack settings, with backdoor injection carried out either before model training or during model updating. We carry out extensive experimental evaluations under various assumptions on the adversary model, and demonstrate that such attacks can be effective and achieve a high attack success rate (above 90%) at a small cost of model accuracy loss with a small injection rate, even under the weakest assumption wherein the adversary has no knowledge either of the original training data or the classifier model.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129085846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 219