发布求助
文献互助 智能选刊 最新文献

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy最新文献

筛选
英文 中文
Parameter Tuning and Confidence Limits of Malware Clustering 恶意软件聚类的参数调优和置信度
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3302385
Houtan Faridi, Srivathsan Srinivasagopalan, Rakesh M. Verma
{"title":"Parameter Tuning and Confidence Limits of Malware Clustering","authors":"Houtan Faridi, Srivathsan Srinivasagopalan, Rakesh M. Verma","doi":"10.1145/3292006.3302385","DOIUrl":"https://doi.org/10.1145/3292006.3302385","url":null,"abstract":"The growing number of new malware and the sophisticated obfuscation techniques used by malware authors are causing major problems in identifying, managing, and releasing anti-malware products to the consumers. Clustering malware variants based on their behavior has the potential to ease this problem of scale and conveniently lend itself to better, faster, and efficient prioritization of malware analysis. In this paper, we cluster real-world malware and expand on commonly used algorithms through fine grained testing. Results of top performing algorithms are discussed.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131783112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Toward Efficient Spammers Gathering in Twitter Social Networks 向有效的垃圾邮件制造者聚集在Twitter社交网络
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3302382
Yihe Zhang, Hao Zhang, Xu Yuan
{"title":"Toward Efficient Spammers Gathering in Twitter Social Networks","authors":"Yihe Zhang, Hao Zhang, Xu Yuan","doi":"10.1145/3292006.3302382","DOIUrl":"https://doi.org/10.1145/3292006.3302382","url":null,"abstract":"This paper introduces a novel system, named pseudo-honeypot, for efficient spammers gathering. Different from the manual setup in the honeypot, the pseudo-honeypot takes advantage of Twitter users' diversity and selects accounts with the attributes of having the higher potentials of attracting spammers, as the parasitic bodies. By harnessing a set of normal accounts possessing these attributes and monitoring their streaming posts and behavioral patterns, the pseudo-honeypot can gather the tweets that are far more likely of including spammer activities, while removing the risks of being recognized by smart spammers. It substantially advances the honeypot-based solutions in attribute availability, deployment flexibility, network scalability, and system portability. We present the system design and implementation of pseudo-honeypot (including node selection, monitoring, feature extraction, and learning-based classification) in Twitter networks. Through experiments, we demonstrate its effectiveness in term of spammer gathering.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132018481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
SKA-CaNPT: Secure Key Agreement using Cancelable and Noninvertible Biometrics based on Periodic Transformation 基于周期变换的可取消和不可逆转生物特征的安全密钥协议
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300037
Laleh Eskandarian, Dilara Akdogan, Duygu Karaoglan, A. Levi
{"title":"SKA-CaNPT: Secure Key Agreement using Cancelable and Noninvertible Biometrics based on Periodic Transformation","authors":"Laleh Eskandarian, Dilara Akdogan, Duygu Karaoglan, A. Levi","doi":"10.1145/3292006.3300037","DOIUrl":"https://doi.org/10.1145/3292006.3300037","url":null,"abstract":"Nowadays, many of the security-providing applications use biometrics-based authentication. However, since each person's biometrics is unique and non-replaceable, once it is compromised, it will be compromised forever. Therefore, it is hard for the users to trust biometrics. To overcome this problem, in this paper, we propose a novel secure key agreement protocol SKA-CaNPT. Here, we use a periodic transformation function to make biometrics cancelable and noninvertible. At the very end of our SKA-CaNPT protocol, the user and the server make an agreement on a symmetric shared key that is based on the feature points of the user's biometrics. Therefore, if the transformed data is compromised, then just by changing one of the inputs of the transformation function, we can renew the cryptographic key. As a proof of concept, we apply our SKA-CaNPT protocol on fingerprints. Besides, we apply different security analyses on our protocol. We use Shannon's entropy and Hamming distance metrics to analyze the randomness and the distinctiveness of the agreed keys. Moreover, according to the low IKGR (Incorrect Key Generation Rate), high CKGR (Correct Key Generation Rate) and high attack complexity possessed by our SKA-CaNPT protocol, we can conclude that our scheme is secure against brute-force, replay and impersonation attacks.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133070649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Understanding and Predicting Private Interactions in Underground Forums 理解和预测地下论坛中的私人互动
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300036
Zhibo Sun, Carlos E. Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupé, Gail-Joon Ahn
{"title":"Understanding and Predicting Private Interactions in Underground Forums","authors":"Zhibo Sun, Carlos E. Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupé, Gail-Joon Ahn","doi":"10.1145/3292006.3300036","DOIUrl":"https://doi.org/10.1145/3292006.3300036","url":null,"abstract":"The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114961043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots 使用可扩展vpn转发蜜罐检测物联网设备的威胁
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300024
Amit Tambe, Y. Aung, Ragav Sridharan, Martín Ochoa, Nils Ole Tippenhauer, A. Shabtai, Y. Elovici
{"title":"Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots","authors":"Amit Tambe, Y. Aung, Ragav Sridharan, Martín Ochoa, Nils Ole Tippenhauer, A. Shabtai, Y. Elovici","doi":"10.1145/3292006.3300024","DOIUrl":"https://doi.org/10.1145/3292006.3300024","url":null,"abstract":"Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years. Recent large-scale attacks, such as Persirai, Hakai, etc. corroborate concerns about the security of IoT devices. In this work, we propose an approach that allows easy integration of commercial off-the-shelf IoT devices into a general honeypot architecture. Our approach projects a small number of heterogeneous IoT devices (that are physically at one location) as many (geographically distributed) devices on the Internet, using connections to commercial and private VPN services. The goal is for those devices to be discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities. For detection and examination of potentially malicious traffic, we devise two analysis strategies: (1) given an outbound connection from honeypot, backtrack into network traffic to detect the corresponding attack command that caused the malicious connection and use it to download malware, (2) perform live detection of unseen URLs from HTTP requests using adaptive clustering. We show that our implementation and analysis strategies are able to detect recent large-scale attacks targeting IoT devices (IoT Reaper, Hakai, etc.) with overall low cost and maintenance effort.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123345054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Large Scale PoC Experiment with 57,000 people to Accumulate Patterns for Lifestyle Authentication 57000人的大规模PoC实验:生活方式验证模式积累
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3302383
Ryosuke Kobayashi, Nobuyuki Saji, Nobuo Shigeta, R. Yamaguchi
{"title":"Large Scale PoC Experiment with 57,000 people to Accumulate Patterns for Lifestyle Authentication","authors":"Ryosuke Kobayashi, Nobuyuki Saji, Nobuo Shigeta, R. Yamaguchi","doi":"10.1145/3292006.3302383","DOIUrl":"https://doi.org/10.1145/3292006.3302383","url":null,"abstract":"The spread of ICT has made it possible for people to use various online services via the Internet. User authentication technique is important for using online services in order to confirm that the user is legitimate. There are already some authentication methods, but several problems have been pointed out in them. We focused attention on lifestyle authentication as a new individual authentication method, that utilizes human behavior information. Then, we conducted a large scale PoC experiment in order to collect human behavior information, and we succeeded in gathering data of about 57,000 people. By analyzing the collected data, we found that human behavior is patterned. In this paper, we introduce the large scale PoC experiment and the analysis result of human behavior.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122368546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Adversarial Authorship Attribution in Open-Source Projects 开源项目中的对抗性作者归属
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300032
A. Matyukhina, Natalia Stakhanova, M. Preda, Celine Perley
{"title":"Adversarial Authorship Attribution in Open-Source Projects","authors":"A. Matyukhina, Natalia Stakhanova, M. Preda, Celine Perley","doi":"10.1145/3292006.3300032","DOIUrl":"https://doi.org/10.1145/3292006.3300032","url":null,"abstract":"Open-source software is open to anyone by design, whether it is a community of developers, hackers or malicious users. Authors of open-source software typically hide their identity through nicknames and avatars. However, they have no protection against authorship attribution techniques that are able to create software author profiles just by analyzing software characteristics. In this paper we present an author imitation attack that allows to deceive current authorship attribution systems and mimic a coding style of a target developer. Withing this context we explore the potential of the existing attribution techniques to be deceived. Our results show that we are able to imitate the coding style of the developers based on the data collected from the popular source code repository, GitHub. To subvert author imitation attack, we propose a novel author obfuscation approach that allows us to hide the coding style of the author. Unlike existing obfuscation tools, this new obfuscation technique uses transformations that preserve code readability. We assess the effectiveness of our attacks on several datasets produced by actual developers from GitHub, and participants of the GoogleCodeJam competition. Throughout our experiments we show that the author hiding can be achieved by making sensible transformations which significantly reduce the likelihood of identifying the author's style to 0% by current authorship attribution systems.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122942010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Behind Enemy Lines: Exploring Trusted Data Stream Processing on Untrusted Systems 敌后:探索可信数据流处理在不可信系统
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300021
C. Thoma, Adam J. Lee, Alexandros Labrinidis
{"title":"Behind Enemy Lines: Exploring Trusted Data Stream Processing on Untrusted Systems","authors":"C. Thoma, Adam J. Lee, Alexandros Labrinidis","doi":"10.1145/3292006.3300021","DOIUrl":"https://doi.org/10.1145/3292006.3300021","url":null,"abstract":"Data Stream Processing Systems (DSPSs) execute long-running, continuous queries over transient streaming data, often making use of outsourced, third-party computational platforms. However, third-party outsourcing can lead to unwanted violations of data providers' access controls or privacy policies, as data potentially flows through untrusted infrastructure. To address these types of violations, data providers can elect to use stream processing techniques based upon computation-enabling encryption. Unfortunately, this class of solutions can leak information about underlying plaintext values, reduce the possible set of queries that can be executed, and come with detrimental performance overheads. To alleviate the concerns with cryptographically-enforced access controls in DSPSs, we have developed system, a DSPS that makes use of Intel's Software Guard Extensions (SGX) to protect data being processed on untrusted infrastructure. We show that system can execute arbitrary queries while leaking no more information than an idealized baseline system. At the same time, an extensive evaluation shows that the overheads associated with stream processing in system are comparable to its computation-enabling encryption counterparts for many queries.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122270156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Efficient and Precise Information Flow Control for Machine Code through Demand-Driven Secure Multi-Execution 基于需求驱动的安全多执行的机器代码高效精确信息流控制
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300040
Tobias F. Pfeffer, Thomas Göthel, S. Glesner
{"title":"Efficient and Precise Information Flow Control for Machine Code through Demand-Driven Secure Multi-Execution","authors":"Tobias F. Pfeffer, Thomas Göthel, S. Glesner","doi":"10.1145/3292006.3300040","DOIUrl":"https://doi.org/10.1145/3292006.3300040","url":null,"abstract":"Dynamic Information Flow Control (IFC) systems, like No-Sensitive-Upgrade or Permissive-Upgrade, can guarantee Termination-Insensitive Non-Interference, but reject valid programs due to their inability to track implicit flows. More advanced multi-execution based approaches, like Shadow Execution and Secure Multi-Execution, are precise and guarantee Termination-Sensitive Non-Interference, but require additional resources or, in the case of Faceted Evaluation, deep changes to the execution semantics. In this paper, we propose a novel efficient and precise Information Flow Control system for machine code through Demand-Driven Secure Multi-Execution. Our key idea is to use lightweight single-execution monitoring as long as the execution is secretless and fork multiple copies on-demand when necessary. We present the first Secure Multi-Execution implementation for legacy code in Unix-based environments and show that our demand-driven optimization drastically reduces the run-time overhead for cat and sha256sum. Our results indicate that further acceleration is possible through improved static analyses, making multi-execution based IFC systems applicable to machine code.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132751788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing 小心包装:一种实用且可扩展的可信计算反篡改软件保护
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300029
Flavio Toffalini, Martín Ochoa, Jun Sun, Jianying Zhou
{"title":"Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing","authors":"Flavio Toffalini, Martín Ochoa, Jun Sun, Jianying Zhou","doi":"10.1145/3292006.3300029","DOIUrl":"https://doi.org/10.1145/3292006.3300029","url":null,"abstract":"Ensuring the correct behaviour of an application is a critical security issue. One of the most popular ways to modify the intended behaviour of a program is to tamper its binary. Several solutions have been proposed to solve this problem, including trusted computing and anti-tampering techniques. Both can substantially increase security, and yet both have limitations. In this work, we propose an approach which combines trusted computing technologies and anti-tampering techniques, and that synergistically overcomes some of their inherent limitations. In our approach critical software regions are protected by leveraging on trusted computing technologies and cryptographic packing, without introducing additional software layers. To illustrate our approach we implemented a secure monitor which collects user activities, such as keyboard and mouse events for insider attack detection. We show how our solution provides a strong anti-tampering guarantee with a low overhead: around 10 lines of code added to the entire application, an average execution time overhead of 5.7% and only 300KB of memory allocated for the trusted module.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133315679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信