{"title":"Defending Against Model Inversion Attack by Adversarial Examples","authors":"Jing Wen, S. Yiu, L. Hui","doi":"10.1109/CSR51186.2021.9527945","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527945","url":null,"abstract":"Model inversion (MI) attacks aim to infer and reconstruct the input data from the output of a neural network, which poses a severe threat to the privacy of input data. Inspired by adversarial examples, we propose defending against MI attacks by adding adversarial noise to the output. The critical challenge is finding a noise vector that maximizes the inversion error and introduces negligible utility loss to the target model. We propose an algorithm to craft such noise vectors, which also incorporates utility-loss constraints. Specifically, our algorithm takes advantage of the gradient of an inversion model we train to mimic the adversary and compute a noise vector to turn the output into an adversarial example that can maximize the reconstruction error of the inversion model. Then we apply a label modifier that keeps the label unchanged to achieve zero accuracy loss of the target model. Our defense does not tamper with the training process or need the private training dataset. Thus it can be easily applied to any current neural networks or APIs. We evaluate our method under both standard and adaptive attack settings. Our empirical results show our approach is effective against state-of-the-art MI attacks due to the transferability of adversarial examples and outperforms existing defenses. Furthermore, it causes more reconstruction errors while introducing zero accuracy loss and less distortion than existing defenses.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115492660","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Clustering Analysis of Email Malware Campaigns","authors":"Ruichao Zhang, Shang Wang, Renée Burton, Minh Hoang, Juhua Hu, A. Nascimento","doi":"10.1109/CSR51186.2021.9527902","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527902","url":null,"abstract":"The task of malware labeling on real datasets faces huge challenges—ever-changing datasets and lack of ground-truth labels—owing to the rapid growth of malware. Clustering malware on their respective families is a well known tool used for improving the efficiency of the malware labeling process. In this paper, we addressed the challenge of clustering email malware, and carried out a cluster analysis on a real dataset collected from email campaigns over a 13-month period. Our main original contribution is to analyze the usefulness of email’s header information for malware clustering (a novel approach proposed by Burton [1]), and compare it with features collected from the malware directly. We compare clustering based on email header’s information with traditional features extracted from varied resources provided by VirusTotal [2], including static and dynamic analysis. We show that email header information has an excellent performance.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116929554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ioannis Bothos, Vasileios Vlachos, D. Kyriazanos, I. Stamatiou, K. Thanos, Pantelis Tzamalis, Sotirios E. Nikoletseas, S. Thomopoulos
{"title":"Modelling Cyber-Risk in an Economic Perspective","authors":"Ioannis Bothos, Vasileios Vlachos, D. Kyriazanos, I. Stamatiou, K. Thanos, Pantelis Tzamalis, Sotirios E. Nikoletseas, S. Thomopoulos","doi":"10.1109/CSR51186.2021.9527994","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527994","url":null,"abstract":"In this paper, we present a theoretical approach concerning the econometric modelling for the estimation of cyber-security risk, with the use of time-series analysis methods and alternatively with Machine Learning (ML) based, deep learning methodology. Also we present work performed in the framework of SAINT H2020 Project [1], concerning innovative data mining techniques, based on automated web scrapping, for the retrieving of the relevant time-series data. We conclude with a review of emerging challenges in cyber-risk assessment brought by the rapid development of adversarial AI.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127276844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Gylling, M. Ekstedt, Zeeshan Afzal, Per Eliasson
{"title":"Mapping Cyber Threat Intelligence to Probabilistic Attack Graphs","authors":"A. Gylling, M. Ekstedt, Zeeshan Afzal, Per Eliasson","doi":"10.1109/CSR51186.2021.9527970","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527970","url":null,"abstract":"As cyber threats continue to grow and expertise resources are limited, organisations need to find ways to evaluate their resilience efficiently and take proactive measures against an attack from a specific adversary before it occurs. Threat modelling is an excellent method of assessing the resilience of ICT systems, forming Attack (Defense) Graphs (ADGs) that illustrate an adversary’s attack vectors. Cyber Threat Intelligence (CTI) is information that helps understand the current cyber threats, but has little integration with ADGs. This paper contributes with an approach that resolves this problem by using CTI feeds of known threat actors to enrich ADGs under multiple reuse. This enables security analysts to take proactive measures and strengthen their ICT systems against current methods used by any threat actor that is believed to pose a threat to them.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116813597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nikos Oikonomou, Notis Mengidis, Minas Spanopoulos-Karalexidis, A. Voulgaridis, Matteo Merialdo, Ivo Raisr, Kaarel Hanson, Paloma de La Vallée, T. Tsikrika, S. Vrochidis, K. Votis
{"title":"ECHO Federated Cyber Range: Towards Next-Generation Scalable Cyber Ranges","authors":"Nikos Oikonomou, Notis Mengidis, Minas Spanopoulos-Karalexidis, A. Voulgaridis, Matteo Merialdo, Ivo Raisr, Kaarel Hanson, Paloma de La Vallée, T. Tsikrika, S. Vrochidis, K. Votis","doi":"10.1109/CSR51186.2021.9527985","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527985","url":null,"abstract":"Cyber ranges are valuable assets but have limitations in simulating complex realities and multi-sector dependencies; to address this, federated cyber ranges are emerging. This work presents the ECHO Federated Cyber Range, a marketplace for cyber range services, that establishes a mechanism by which independent cyber range capabilities can be interconnected and accessed via a convenient portal. This allows for more complex and complete emulations, spanning potentially multiple sectors and complex exercises. Moreover, it supports a semi-automated approach for processing and deploying service requests to assist customers and providers interfacing with the marketplace. Its features and architecture are described in detail, along with the design, validation and deployment of a training scenario.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126905919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Detecting Adversarial DDoS Attacks in Software- Defined Networking Using Deep Learning Techniques and Adversarial Training","authors":"Beny Nugraha, Naina Kulkarni, Akash Gopikrishnan","doi":"10.1109/CSR51186.2021.9527967","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527967","url":null,"abstract":"In recent years, Deep Learning (DL) has been utilized for cyber-attack detection mechanisms as it offers highly accurate detection and is able to overcome the limitations of standard machine learning techniques. When applied in a Software-Defined Network (SDN) environment, a DL-based detection mechanism shows satisfying detection performance. However, in the case of adversarial attacks, the detection performance deteriorates. Therefore, in this paper, first, we outline a highly accurate flooding DDoS attack detection framework based on DL for SDN environments. Second, we investigate the performance degradation of our detection framework when being tested with two adversary traffic datasets. Finally, we evaluate three adversarial training procedures for improving the detection performance of our framework concerning adversarial attacks. It is shown that the application of one of the adversarial training procedures can avoid detection performance degradation and thus might be used in a real-time detection system based on continual learning.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126907070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Georgios Aivatoglou, Mike Anastasiadis, Georgios Spanos, A. Voulgaridis, K. Votis, D. Tzovaras
{"title":"A tree-based machine learning methodology to automatically classify software vulnerabilities","authors":"Georgios Aivatoglou, Mike Anastasiadis, Georgios Spanos, A. Voulgaridis, K. Votis, D. Tzovaras","doi":"10.1109/CSR51186.2021.9527965","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527965","url":null,"abstract":"Software vulnerabilities have become a major problem for the security analysts, since the number of new vulnerabilities is constantly growing. Thus, there was a need for a categorization system, in order to group and handle these vulnerabilities in a more efficient way. Hence, the MITRE corporation introduced the Common Weakness Enumeration that is a list of the most common software and hardware vulnerabilities. However, the manual task of understanding and analyzing new vulnerabilities by security experts, is a very slow and exhausting process. For this reason, a new automated classification methodology is introduced in this paper, based on the vulnerability textual descriptions from National Vulnerability Database. The proposed methodology, combines textual analysis and tree-based machine learning techniques in order to classify vulnerabilities automatically. The results of the experiments showed that the proposed methodology performed pretty well achieving an overall accuracy close to 80%.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121502840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"ERAMO: Effective Remote Attestation through Memory Offloading","authors":"J. Østergaard, Edlira Dushku, N. Dragoni","doi":"10.1109/CSR51186.2021.9527978","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527978","url":null,"abstract":"Remote Attestation (RA) has gained a broad attention over recent years as an essential security mechanism that enables integrity verification of remote IoT devices. Typically, existing RA protocols aim at detecting malware presence in program memory. Recent RA schemes work towards attesting also data memory and focus mainly on detecting runtime attacks that manipulate stack pointers to hijack the execution flow of a running program. Despite different RA approaches, some data memory attacks still remain undetected. This paper proposes ERAMO, a novel RA protocol that investigates memory offloading technique in attesting broad memory regions of IoT devices. Instead of running a complex RA protocol on a resource-constrained IoT device, ERAMO leverages the emerging paradigm of Fog Computing to securely offload memory contents of IoT devices to nearby powerful devices. This approach aims at increasing the effectiveness of RA protocols by attesting larger data memory regions and allowing powerful devices to perform complex analysis of IoT devices’ state. We validate and evaluate ERAMO with a hardware proof-of-concept implementation using an ARM Cortex-M33 based microcontroller that provides ARM TrustZone to support secure isolation of the RA procedure. The conducted experiments confirm the feasibility of ERAMO and demonstrate that offloading technique increases the RA effectiveness in attesting dynamic memory regions.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121711930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Achilleas Pasias, Thanasis Kotsiopoulos, G. Lazaridis, A. Drosou, D. Tzovaras, P. Sarigiannidis
{"title":"Enabling Cyber-attack Mitigation Techniques in a Software Defined Network","authors":"Achilleas Pasias, Thanasis Kotsiopoulos, G. Lazaridis, A. Drosou, D. Tzovaras, P. Sarigiannidis","doi":"10.1109/CSR51186.2021.9527932","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527932","url":null,"abstract":"Software Defined Networking (SDN) is an innovative technology, which can be applied in a plethora of applications and areas. Recently, SDN has been identified as one of the most promising solutions for industrial applications as well. The key features of SDN include the decoupling of the control plane from the data plane and the programmability of the network through application development. Researchers are looking at these features in order to enhance the Quality of Service (QoS) provisioning of modern network applications. To this end, the following work presents the development of an SDN application, capable of mitigating attacks and maximizing the network’s QoS, by implementing mixed integer linear programming but also using genetic algorithms. Furthermore, a low-cost, physical SDN testbed was developed in order to evaluate the aforementioned application in a more realistic environment other than only using simulation tools.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126344877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Stream Clustering Algorithm for Classifying Network IDS Alerts","authors":"Risto Vaarandi","doi":"10.1109/CSR51186.2021.9527926","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527926","url":null,"abstract":"Network IDS is a widely used security monitoring technology for detecting cyber attacks, malware activity, and other unwanted network traffic. Unfortunately, network IDSs are known to generate a large number of alerts which overwhelm the human analyst, with many alerts having low importance or being false positives. This paper addresses this issue and proposes a lightweight stream clustering algorithm for classifying IDS alerts and discovering frequent attack scenarios.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133593655","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}