发布求助
文献互助 智能选刊 最新文献

2022 6th International Conference on Cryptography, Security and Privacy (CSP)最新文献

筛选
英文 中文
Multifaceted Analysis of Malicious Ethereum Accounts and Corresponding Activities 恶意以太坊账户及其相关活动的多方面分析
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/csp55486.2022.00022
J. Wang, Takayuki Sasaki, Kazumasa Omote, K. Yoshioka, Tsutomu Matsumoto
{"title":"Multifaceted Analysis of Malicious Ethereum Accounts and Corresponding Activities","authors":"J. Wang, Takayuki Sasaki, Kazumasa Omote, K. Yoshioka, Tsutomu Matsumoto","doi":"10.1109/csp55486.2022.00022","DOIUrl":"https://doi.org/10.1109/csp55486.2022.00022","url":null,"abstract":"In recent years, Ethereum, one of the leading applications to realize the service of blockchain technology, has received a great deal of attention with the usability and functionality to execute smart contracts, arbitrary programmable calculations in addition to cryptocurrency trading. However, misconfigured Ethereum clients with application programming interface (API) enabled, JSON-RPC in particular, are targeted by cyberattacks. In this research, we propose a new framework to detect malicious and suspicious Ethereum accounts using 3 different data sources (honeypot, Internet-wide scanner and blockchain explorer). The honeypot, named Etherpot, utilizes a proxy server placed between a real Ethereum client and the Internet. It modifies responses from the Ethereum client to attract attackers, identifies malicious accounts and analyzes their behaviors. With the Internet-wide scan results from Shodan, we also detect suspicious Ethereum accounts that are registered on multiple nodes. Finally, we utilize Etherscan, a well-known blockchain explorer for Ethereum, to track and analyze the activities related to the detected accounts. Through the observation of 6 weeks, we observed 538 hosts trying to call JSON- RPC of our honeypots with 41 different types of methods, including 2 types of unreported attacks in the wild. We detected 16 malicious accounts from the honeypots and 64 suspicious accounts from Shodan scan results, 5 out of which are overlapped. Finally, from Etherscan, we collected records of activities related to the detected accounts, including transactions of 21.50 ETH and mining of 22.61 ETH (equivalent to 167,560 USS at the rate of 2021/10/14). To an end, we provide a much brighter view of malicious activities on Ethereum.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117349042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Differential Privacy under Incalculable Sensitivity 不可计算敏感性下的差分隐私
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00013
Tomoaki Mimoto, Masayuki Hashimoto, Hiroyuki Yokoyama, Toru Nakamura, T. Isohara, R. Kojima, Aki Hasegawa, Yasushi Okuno
{"title":"Differential Privacy under Incalculable Sensitivity","authors":"Tomoaki Mimoto, Masayuki Hashimoto, Hiroyuki Yokoyama, Toru Nakamura, T. Isohara, R. Kojima, Aki Hasegawa, Yasushi Okuno","doi":"10.1109/CSP55486.2022.00013","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00013","url":null,"abstract":"Differential privacy mechanisms have been proposed to guarantee the privacy of individuals in various types of statistical information. When constructing a probabilistic mechanism to satisfy differential privacy, it is necessary to consider the impact of an arbitrary record on its statistics, i.e., sensitivity, but there are situations where sensitivity is difficult to derive. In this paper, we first summarize the situations in which it is difficult to derive sensitivity in general, and then propose a definition equivalent to the conventional definition of differential privacy to deal with them. This definition considers neighboring datasets as in the conventional definition. Therefore, known differential privacy mechanisms can be applied. Next, as an example of the difficulty in deriving sensitivity, we focus on the t-test, a basic tool in statistical analysis, and show that a concrete differential privacy mechanism can be constructed in practice. Our proposed definition can be treated in the same way as the conventional differential privacy definition, and can be applied to cases where it is difficult to derive sensitivity.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130286348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Lightweight Advertisement Ecosystem Simulation Platform for Security Analysis 面向安全分析的轻型广告生态系统仿真平台
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00016
Chenjia Yu, M. Gheisari, Yang Liu
{"title":"A Lightweight Advertisement Ecosystem Simulation Platform for Security Analysis","authors":"Chenjia Yu, M. Gheisari, Yang Liu","doi":"10.1109/CSP55486.2022.00016","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00016","url":null,"abstract":"Based on the statistics, advertisements (ads) generate more than 80% of companies' revenues. However, the complexity of the ads ecosystem blurs the boundaries of responsibility between companies. It can not analyze privacy and security issues in such an ecosystem. For example, collecting user information without user consent for data analysis and displaying ads will cause privacy leakage. But we can not explain which types of the company need to take measures to protect privacy. In our paper, to clarify the responsibility of companies in the advertisement ecosystem, we divide them into six types of entities according to their needs and functions. Then, we design a lightweight simulation platform to illustrate the advertisement ecosystem and support security and privacy analysis. Finally, we take personal ads recommendations based on federated learning as an example to verify the feasibility for privacy and security analysis in this platform.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131590500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Blockchain-based Smart Parking System using Ring Learning With Errors based Signature 基于区块链的基于错误签名的环形学习智能停车系统
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00036
Jihan Lailatul Atiqoh, A. Barmawi, Farah Afianti
{"title":"Blockchain-based Smart Parking System using Ring Learning With Errors based Signature","authors":"Jihan Lailatul Atiqoh, A. Barmawi, Farah Afianti","doi":"10.1109/CSP55486.2022.00036","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00036","url":null,"abstract":"Recently, placing vehicles in the parking area is becoming a problem. A smart parking system is proposed to solve the problem. Most smart parking systems have a centralized system, wherein that type of system is at-risk of single-point failure that can affect the whole system. To overcome the weakness of the centralized system, the most popular mechanism that researchers proposed is blockchain. If there is no mechanism implemented in the blockchain to verify the authenticity of every transaction, then the system is not secure against impersonation attacks. This study combines blockchain mechanism with Ring Learning With Errors (RLWE) based digital signature for securing the scheme against impersonation and double-spending attacks. RLWE was first proposed by Lyubashevsky et al. This scheme is a development from the previous scheme Learning with Error or LWE.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124763469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
From Machine Learning Based Intrusion Detection to Cost Sensitive Intrusion Response 从基于机器学习的入侵检测到成本敏感的入侵响应
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00031
Tazar Hussain, Alfie Beard, Liming Chen, Chris D. Nugent, Jun Liu, A. Moore
{"title":"From Machine Learning Based Intrusion Detection to Cost Sensitive Intrusion Response","authors":"Tazar Hussain, Alfie Beard, Liming Chen, Chris D. Nugent, Jun Liu, A. Moore","doi":"10.1109/CSP55486.2022.00031","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00031","url":null,"abstract":"Machine learning (ML) based intrusion detection systems (IDS) are increasingly used to discover abnormal patterns in network data and predict cyberattacks. However, the construction of intrusion response systems (IRS) used to deploy countermeasures and prevent malicious activities is more challenging because they require in-depth understanding of attack patterns, attacker behavior, and the correlation between different types of attacks. Furthermore, IDSs generate a large number of false positives and the confidence with which an attack can be predicted is usually unknown. As a result of these challenges in IDS and IRSs, inappropriate actions may be deployed, which may reduce network performance and users’ ability to perform typical tasks. Therefore, the present work proposes an intrusion detection and response method based on the Calibrated Random Forest (CRF) algorithm to overcome the key challenges related to the construction of an efficient IRS. The proposed CRF is used to quantify uncertainty in the prediction of cyberattacks and expresses each attack as a probability distribution. Subsequently, the predicted probabilities are used as confidence scores and integrated with domain expert knowledge for decision making in an IRS. We then use publicly available intrusion detection data sets to test and evaluate the proposed method based on three metrics: log loss, Brier score, and expected calibration error (ECE). Experimental results show that the proposed method makes intrusion response more reasonable and cost-sensitive, and has the ability to manage criticality, integrate domain knowledge and explain model behavior. It also demonstrates that this method provides an effective solution for security analysts in how to appropriately deploy and prioritize actions.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130843931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An approach to construct feedforward clock-controlled sequence with high linear complexity 一种构造高线性复杂度前馈时钟控制序列的方法
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00034
Yangpan Zhang
{"title":"An approach to construct feedforward clock-controlled sequence with high linear complexity","authors":"Yangpan Zhang","doi":"10.1109/CSP55486.2022.00034","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00034","url":null,"abstract":"In practical applications, people tend to use feedforward clock control structures to construct stream ciphers. However, it is difficult to estimate the linear complexity lower bound for stream ciphers constructed in this way. This paper proposes a clock-controlled sequence construction method with provably high linear complexity. For a control sequence with period m, the complexity of proof is O(m2), independent of the controlled sequence period size. 1","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122274572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Anonymity-driven Measures for Privacy 匿名驱动的隐私措施
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00009
Sevgi Arca, R. Hewett
{"title":"Anonymity-driven Measures for Privacy","authors":"Sevgi Arca, R. Hewett","doi":"10.1109/CSP55486.2022.00009","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00009","url":null,"abstract":"In today’s world, digital data are enormous due to technologies that advance data collection, storage, and analyses. As more data are shared or publicly available, privacy is of great concern. Having privacy means having control over your data. The first step towards privacy protection is to understand various aspects of privacy and have the ability to quantify them. Much work in structured data, however, has focused on approaches to transforming the original data into a more anonymous form (via generalization and suppression) while preserving the data integrity. Such anonymization techniques count data instances of each set of distinct attribute values of interest to signify the required anonymity to protect an individual’s identity or confidential data. While this serves the purpose, our research takes an alternative approach to provide quick privacy measures by way of anonymity especially when dealing with large-scale data. This paper presents a study of anonymity measures based on their relevant properties that impact privacy. Specifically, we identify three properties: uniformity, variety, and diversity, and formulate their measures. The paper provides illustrated examples to evaluate their validity and discusses the use of multi-aspects of anonymity and privacy measures.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124978528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Analysis of the Propagation of Miner Botnet 矿工僵尸网络的传播分析
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00026
Yuxi Cheng, Zi Jin, Wei Ding
{"title":"Analysis of the Propagation of Miner Botnet","authors":"Yuxi Cheng, Zi Jin, Wei Ding","doi":"10.1109/CSP55486.2022.00026","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00026","url":null,"abstract":"Miner Botnet, a new type of botnet that perform digital cryptocurrency mining by invading and implanting malware programs in normal noncooperative user terminals, and occupy their computational resource, has been widely propagated with the soaring price of crypto currencies and become one of the major threats to the security of today’s cyber-space. Since the rapid spread of miner botnet mainly relies on the vulnerabilities in the computer system, the security of the computer system will be greatly improved if the vulnerability exploitation tactics of miner botnet can be predicted. In this paper, we study the exploitation history of the vulnerabilities exploited by miner botnets, build a new set of attributes on the basis of CVSS3.0 and use the knowledge graph as the framework to model the relationship between miner botnet, vulnerabilities and vulnerability attributes, and propose a method, combined with Apriori, Fast-Unfolding and a reasoning algorithm based on the knowledge structure, to predict the vulnerability exploitation tactics of miner botnet. Thereby we can prejudge the exploitation of miner botnets with historical data of vulnerability exploitation. The experimental results also show that the algorithm has a certain predictive effect on the vulnerability exploitation tactics of miner botnets. The algorithm can help security personnel respond to the attacker's behavior in advance and reduce the loss .","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116542590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Analyzing Initial Design Theory Components for Developing Information Security Laboratories 分析发展信息安全实验室的初始设计理论组成部分
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/CSP55486.2022.00015
S. Iqbal
{"title":"Analyzing Initial Design Theory Components for Developing Information Security Laboratories","authors":"S. Iqbal","doi":"10.1109/CSP55486.2022.00015","DOIUrl":"https://doi.org/10.1109/CSP55486.2022.00015","url":null,"abstract":"Online information security labs intended for training and facilitating hands-on learning for distance students at master’s level are not easy to develop and administer. This research focuses on analyzing the results of a DSR project for design, development, and implementation of an InfoSec lab. This research work contributes to the existing research by putting forth an initial outline of a generalized model for design theory for InfoSec labs aimed at hands-on education of students in the field of information security. The anatomy of design theory framework is used to analyze the necessary components of the anticipated design theory for InfoSec labs in future.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"29 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123247249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Vertical Scanning Behavior Analysis of High-Frequency Superpoints 高频叠加点垂直扫描行为分析
2022 6th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2022-01-01 DOI: 10.1109/csp55486.2022.00029
Wenxian Guo, Haiqing Yu, Wei Ding
{"title":"Vertical Scanning Behavior Analysis of High-Frequency Superpoints","authors":"Wenxian Guo, Haiqing Yu, Wei Ding","doi":"10.1109/csp55486.2022.00029","DOIUrl":"https://doi.org/10.1109/csp55486.2022.00029","url":null,"abstract":"Access superpoint is a host that communicates with a large number of peers at the same time in the network, occupying a large number of network communication resources. Under the background that access superpoint detection algorithms have been developed relatively mature, the anomaly detection research based on this is the direction worth exploring at present. In terms of time, access superpoints can be divided into high-frequency, medium-frequency and low-frequency superpoints. Among them, high-frequency superpoints often contain important data resources and are the first choice for hackers to attack, while vertical scanning is a common pre-invasion method for attackers. Therefore, detecting and analyzing the vertical scanning behavior of high-frequency superpoints plays an important role in the protection of high-frequency superpoints. In this paper, a time-frequency attribute is defined for the detected access superpoints and a time-frequency classification algorithm based on sliding window is proposed. The experimental results show that the algorithm has a high accuracy of 98.26% in a high-speed network environment. The vertical scanning behavior was screened based on the rules. And XGBoost algorithm was used to generate a classifier that can distinguish the abnormal behaviors of high frequency superpoints caused by vertical scanning. The classifier can identify the abnormal behaviors of high frequency superpoints caused by vertical scanning with an accuracy of 93.19%.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124922557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信