2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)最新文献

{"title":"Generation of malicious webpage samples based on GAN","authors":"Mengxiang Wan, Hanbing Yao, Xin Yan","doi":"10.1109/TrustCom50675.2020.00116","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00116","url":null,"abstract":"Machine learning needs a large amount of labeled data to train classifiers. However, it's hard to collect malicious web samples because of the short survival times and changeable attack means. In this paper, we propose Web Feature Samples Generative Adversarial Network (WFS-GAN) to generate malicious webpage feature samples. In the proposed scheme, the 48 features are extracted from relatively small number of real malicious webpages, and then convert them into webpage feature vectors. The WFS-GAN is trained by these feature vectors to get a generator which can generate webpage feature samples. Then, the classifier is trained to identify malicious webpages by webpage feature samples generated by the WFS-GAN. The WFS-GAN is based on the CGAN, and the conditional information is webpage's class label. Especially, there are four discriminators in the WFS-GAN, one is global discriminator and the other three are feature discriminators. The global discriminator determines the authenticity of the whole samples to control the quality of the whole generated samples, while each feature discriminator determines the authenticity of the specific feature data of the samples to make the generated samples detailed. The experimental results show that the feature samples generated by the WFS-GAN can be used to train malicious webpage classifier, and the quality of the feature samples generated by the WFS-GAN is better than CGAN and CVAE.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114535050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Security Model and Implementation of Embedded Software Based on Code Obfuscation","authors":"Jiajia Yi, Lirong Chen, Haitao Zhang, Yun Li, Huanyu Zhao","doi":"10.1109/TrustCom50675.2020.00222","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00222","url":null,"abstract":"Current approaches for the security of embedded software mainly focused on some specific platforms. In this paper, a security model based on code obfuscation is applied to embedded software. A control flow flattening algorithm is used to implement an automated obfuscator, which obfuscates C code first, and does source-to-source conversions to protect software on different platforms. The effectiveness of code obfuscation is evaluated by a multi-level quantitative model proposed in this paper. Related experiments are carried out on the NUC140VE3CN board and MC9S12XEPIOOMAG board, which are typical hardware platforms used in the application domain of automotive. The result of experiments shows that for one thing, the quantitative value of the effectiveness of the obfuscated program is obviously higher than that of the original program, namely the strength for software to keep it from being reversed is greater, and the overhead of time and space is acceptable; for another, the efficiency of the evaluation model is also demonstrated.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116318034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MLTracer: Malicious Logins Detection System via Graph Neural Network","authors":"Fucheng Liu, Yu Wen, Yanna Wu, Shuangshuang Liang, Xihe Jiang, Dan Meng","doi":"10.1109/TrustCom50675.2020.00099","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00099","url":null,"abstract":"Malicious login, especially lateral movement, has been a primary and costly threat for enterprises. However, there exist two critical challenges in the existing methods. Specifically, they heavily rely on a limited number of predefined rules and features. When the attack patterns change, security experts must manually design new ones. Besides, they cannot explore the attributes' mutual effect specific to login operations. We propose MLTracer, a graph neural network (GNN) based system for detecting such attacks. It has two core components to tackle the previous challenges. First, MLTracer adopts a novel method to differentiate crucial attributes of login operations from the rest without experts' designated features. Second, MLTracer leverages a GNN model to detect malicious logins. The model involves a convolutional neural network (CNN) to explore attributes of login operations, and a co-attention mechanism to mutually improve the representations (vectors) of login attributes through learning their login-specific relation. We implement an evaluation of such an approach. The results demonstrate that MLTracer significantly outperforms state-of-the-art methods. Moreover, MLTracer effectively detects various attack scenarios with a remarkably low false positive rate (FPR).","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125827363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"C2BID: Cluster Change-Based Intrusion Detection","authors":"Tiago Fernandes, Luís Dias, M. Correia","doi":"10.1109/TrustCom50675.2020.00051","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00051","url":null,"abstract":"The paper presents a network intrusion detection approach that flags malicious activity without previous knowledge about attacks or training data. The Cluster Change-Based Intrusion Detection approach (C2BID) detects intrusions by monitoring host behavior changes. For that purpose, C2BID defines and extracts features from network data, aggregates hosts with similar behavior using clustering, then analyses how hosts move between clusters along a period of time. This contrasts with previous work in the area that stops at the clustering step. We evaluated C2BID experimentally with two datasets, obtaining better F-Score than previous solutions.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125962149","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SCAFFISD: A Scalable Framework for Fine-grained Identification and Security Detection of Wireless Routers","authors":"Fangzhou Zhu, Liang Liu, W. Meng, Ting Lv, Simin Hu, Renjun Ye","doi":"10.1109/TrustCom50675.2020.00160","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00160","url":null,"abstract":"The security of wireless network devices has received widespread attention, but most existing schemes cannot achieve fine-grained device identification. In practice, the security vulnerabilities of a device are heavily depending on its model and firmware version. Motivated by this issue, we propose a universal, extensible and device-independent framework called SCAFFISD, which can provide fine-grained identification of wireless routers. It can generate access rules to extract effective information from the router admin page automatically and perform quick scans for known device vulnerabilities. Meanwhile, SCAFFISD can identify rogue access points (APs) in combination with existing detection methods, with the purpose of performing a comprehensive security assessment of wireless networks. We implement the prototype of SCAFFISD and verify its effectiveness through security scans of actual products.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125981449","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"STIDM: A Spatial and Temporal Aware Intrusion Detection Model","authors":"Xueying Han, Rongchao Yin, Zhigang Lu, Bo Jiang, Yuling Liu, Song Liu, Chonghua Wang, Ning Li","doi":"10.1109/TrustCom50675.2020.00058","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00058","url":null,"abstract":"Network intrusion detection plays a critical role in cyberspace security. Most existing conventional detection methods mostly rely on manually-designed features to detect intrusion behaviours from large-scale flow data. Recent studies show that deep learning-based methods are effective for network intrusion detection due to the ability to learn discriminative features from data automatically. However, these models ignore the problem of the irregular time intervals between packets in a flow, causing the degradation of detection performance. To this end, we propose a Spatial and Temporal Aware Intrusion Detection model (STIDM). The proposed STIDM model first uses a one-dimensional Convolutional Neural Network (1D-CNN) to extract spatial features based on the nature of flow and packet. Then we design a Time and Length sensitive LSTM (TL-LSTM) method to learn richer temporal features from the irregular flows. The two parts are trained simultaneously to achieve global optimum. Through extensive experiments on the ISCX2012 dataset and the CICIDS2017 dataset, we demonstrate that STIDM outperforms state-of-the-art models.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129432364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Doc2vec-based Insider Threat Detection through Behaviour Analysis of Multi-source Security Logs","authors":"Liu Liu, Chao Chen, Jinchao Zhang, O. De Vel, Yang Xiang","doi":"10.1109/TrustCom50675.2020.00050","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00050","url":null,"abstract":"Since insider attacks have been recognised as one of the most critical cyber security threats to an organisation, detection of malicious insiders has received increasing attention in recent years. Previously, we proposed an approach that performs the detection by analysing various security logs with Word2vec, which not only removes the reliance on prior knowledge but also greatly simplifies the process of decision making and improves the interpretability of the alerts. In this paper, following the similar idea, a new Doc2vec based approach is proposed to overcome the previous approach's limitations: (1) the behaviour metrics can be acquired straightforwardly due to the Doc2vec's capability in inferring unseen texts of any length; (2) other than the temporal metrics, some spatial metrics can also be realised, providing a more comprehensive insight into the unusual behaviours; and (3) a range of corpora are produced by adopting different keywords to aggregate, each of which may be suited to a specific type of behaviour metrics. A large number of numerical experiments are conducted using the same benchmark insider threat database, for the purpose of testing how the corpora, metrics and training parameters impact on the performance and be related to each other. The experiments demonstrate that the proposed approach can achieve a similar performance with greater simplicity and flexibility.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128330478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bearicade: secure access gateway to High Performance Computing systems","authors":"Taha Al-Jody, Violeta Holmes, Alexandros Antoniades, Yazan Kazkouzeh","doi":"10.1109/TrustCom50675.2020.00191","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00191","url":null,"abstract":"Cyber security is becoming a vital part of many information technologies and computing systems. Increasingly, High-Performance Computing systems are used in scientific research, academia and industry. High-Performance Computing applications are specifically designed to take advantage of the parallel nature of High-Performance Computing systems. Current research into High-Performance Computing systems focuses on the improvements in software development, parallel algorithms and computer systems architecture. However, there are no significant efforts in developing common High-Performance Computing security standards. Security of the High-Performance Computing resources is often an add-on to existing varied institutional policies that do not take into account additional requirements for High-Performance Computing security. Also, the users' terminals or portals used to access the High-Performance Computing resources are frequently insecure or they are being used in unprotected networks. In this paper we present Bearicade - a Data-driven Security Orchestration Automation and Response system. Bearicade collects data from the HPC systems and its users, enabling the use of Machine Learning based solutions to address current security issues in the High-Performance Computing systems. The system security is achieved through monitoring, analysis and interpretation of data such as users' activity, server requests, devices used and geographic locations. Any anomaly in users' behaviour is detected using machine learning algorithms, and would be visible to system administrators to help mediate the threats. The system was tested on a university campus grid system by administrators and users. Two case studies, Anomaly detection of user behaviour and Classification of Malicious Linux Terminal Command, have demonstrated machine learning approaches in identifying potential security threats. Bearicade's data was used in the experiments. The results demonstrated that detailed information is provided to the HPC administrators to detect possible security attacks and to act promptly.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129665870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Feedback-Driven Lightweight Reputation Scheme for IoV","authors":"Rohan Dahiya, Frank Jiang, R. Doss","doi":"10.1109/TrustCom50675.2020.00141","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00141","url":null,"abstract":"Most applications of Internet of Vehicles (IoVs) rely on collaboration between nodes. Therefore, false information flow in-between these nodes poses the challenging trust issue in rapidly moving IoV nodes. To resolve this issue, a number of mechanisms have been proposed in the literature for the detection of false information and establishment of trust in IoVs, most of which employ reputation scores as one of the important factors. However, it is critical to have a robust and consistent scheme that is suitable to aggregate a reputation score for each node based on the accuracy of the shared information. Such a mechanism has therefore been proposed in this paper. The proposed system utilises the results of any false message detection method to generate and share feedback in the network, this feedback is then collected and filtered to remove potentially malicious feedback in order to produce a dynamic reputation score for each node. The reputation system has been experimentally validated and proved to have high accuracy in the detection of malicious nodes sending false information and is robust or negligibly affected in the presence of spurious feedback.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130098225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy Smells: Detecting Privacy Problems in Cloud Architectures","authors":"Immanuel Kunz, Angelika Schneider, Christian Banse","doi":"10.1109/TrustCom50675.2020.00178","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00178","url":null,"abstract":"Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130159563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}