Proceedings of the 2021 11th International Conference on Communication and Network Security最新文献

{"title":"Research on Topology Evolution of Autonomous System Network","authors":"Yue Zhang, Guozheng Yang, Zhihao Luo","doi":"10.1145/3507509.3507519","DOIUrl":"https://doi.org/10.1145/3507509.3507519","url":null,"abstract":"After investigating the study about autonomous system level networks, we found that the latest data analysis used is open data provided in 2013. Thus, based on the open-source network BGP routing information provided by RouteViews from 2000 to 2020, this paper designs the calculation and analysis methods of the topological characteristic parameters of autonomous system level network combing the research theories and methods of Complex Network. Using these methods, the scale and topological characteristic parameters of the autonomous system-level network are calculated monthly from the global level and the national levels. And the evolution of the network scale and topological characteristics in the past 21 years are analyzed. Through analyzing the evolution of the number of connections, the number of network segments, the number of IP addresses, the number of nodes, the number of cores, the number of betweenness, and the average length of the path, and so on. Some regularities of network evolution are summarized. Firstly, some characteristics of the network are strongly correlated with each other. Since 2012, this kind of node has resumed its main part in the network whose number of degrees is 1, because the nodes of countries with late network development have gradually increased their influence. The evolution of the national autonomous system network characteristics is self-similar to the global network, but there are certain differences in different countries. These conclusions provide method support for the macro-level understanding of the Internet's topological characteristics and further inference of its evolutionary trend.","PeriodicalId":280794,"journal":{"name":"Proceedings of the 2021 11th International Conference on Communication and Network Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128710959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Side-Channel Vulnerability in Network Protocol","authors":"Kaiqi Ru, Yaning Zheng, Xuewei Feng, Dongxia Wang","doi":"10.1145/3507509.3507510","DOIUrl":"https://doi.org/10.1145/3507509.3507510","url":null,"abstract":"Some recent studies have found that there are some side-channel vulnerabilities in the operating system. Attackers would exploit the side-channel vulnerability for malicious purpose, such as hijack connections, denial of service attacks, etc. Currently, most attacks are detected manually. In this paper, we found that the reason for the existence of network protocol side-channel vulnerability is the use of shared resources. Since the state of shared resource affects all connections, when a connection uses a shared resource, information about that connection can be inferred by observing the usage of the shared resource. In order to find the shared resources, we implemented a tool called TASR which is a method of static analysis. The first is to find out what shared resources are available by the definition of shared resources in static analysis. Then, the data packet is used as the taint source to search the tainted shared resources. The second step is to analyze the taint-transmission-path according to the acquired tainted shared variable. Then it can find the side-channel vulnerability. By using this method on TCP, UDP and ICMP protocols, we find the following four shared variables: challenge_count, tcp_memory_allocated, tcp_memory_pressure, sysctl_icmp_msg_per_sec. It is difficult for tcp_memory allocated and tcp_memory pressure to exploit, because they will go through multiple strict checks. Using challenge_count can hijack the connection and inject malicious packets. Using sysctl_icmp_msg_per_sec can assist in DNS cache poisoning attack.","PeriodicalId":280794,"journal":{"name":"Proceedings of the 2021 11th International Conference on Communication and Network Security","volume":"2008 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116941208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SDNHive: A Proof-of-Concept SDN and Honeypot System for Defending Against Internal Threats","authors":"Meatasit Karakate, H. Esaki, H. Ochiai","doi":"10.1145/3507509.3507511","DOIUrl":"https://doi.org/10.1145/3507509.3507511","url":null,"abstract":"Nowadays, ransomware attacks are becoming more popular because they allow attackers to receive ransom payments from their victims. While older ransomware used to spread using social engineering means, modern ransomware tends to also be equipped with worm-like features. This allows it to propagate from the initially infected device to other computers in the same network. Those attacks motivated us to propose SDNHive, a proof-of-concept SDN and Honeypot-based protection system that can protect clean devices from being attacked by ransomware-infected devices in the same network. For intrusion protection, SDNHive implements address blacklisting, connection blocking, and transparent traffic rerouting inside the controller. These functions are called by the honeypot through our custom API once malicious activities are detected. Therefore, the honeypot in our system is not simply a decoy host, but a real intrusion detection device that can detect SMB and ARP scans. Our system is unique since state-of-the-art systems use only the SDN controller for both detection and protection. Still, we also implement the SMB and ARP scan detection functions inside the SDN controller as well in order to compare both SDN-only and SDN+Honeypot approaches. To demonstrate the performance of SDNHive, we create a Virtual Malware Testbed that simulates a real-life network with the ONOS SDN controller, the honeypot, and a mix of Linux and Windows virtual machines. We evaluate our system by using it to prevent WannaCry, a well-known SMB ransomware, from propagating to other hosts inside our testbed. Additionally, we also monitor CPU usage for each of the functions inside the system. When using only the SDN controller, our system is able to detect WannaCry within 20 seconds from the start of the propagation. The CPU usage stays at about 20 percent. However, when we make both the SDN controller and the honeypot work together, WannaCry is detected in only 2.5 seconds, and the CPU load is negligible. This proves that our SDN+Honeypot approach is better than the current SDN-only solutions.","PeriodicalId":280794,"journal":{"name":"Proceedings of the 2021 11th International Conference on Communication and Network Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128689762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security Analysis of Embedded SIM Remote Provisioning Protocol Using SPIN","authors":"Zhonglin Ding, Yang Hu, Wei Luo, Zhongming Huang, Lei Zhang, Zhongyuan Qin","doi":"10.1145/3507509.3507515","DOIUrl":"https://doi.org/10.1145/3507509.3507515","url":null,"abstract":"Abstract: With the advent of the 5G era, embedded SIM (eSIM) technology has been created to meet the needs of M2M technology. In earlier years, the GSMA provided a detailed description of the architecture and configuration protocol of the eSIM over-the-air writing technology. The remote configuration protocol of eSIM cards is divided into the processes of configuration file download, installation, activation, de-activation, and deletion. In this protocol, there are attacks such as identity impersonation threats, tampering threats, denial of service and eavesdropping threats, etc. This paper analyzes the security of key session establishment during the download and the installation of configuration files. And it uses a four-channel parallel method to simulate the session establishment process. The attacker is modeled based on the Dolev-Yao model. Through the test of the SPIN model detection tool, it is found that the attacker can intercept information from eSIM and SM-DP during the establishment of the key session. However, because the attacker lacks the key, he cannot obtain valid information from the obtained ciphertext. Therefore, the attacker cannot forge or modify the message. Our work proves the security of the eSIM system.","PeriodicalId":280794,"journal":{"name":"Proceedings of the 2021 11th International Conference on Communication and Network Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114391227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Proceedings of the 2021 11th International Conference on Communication and Network Security","authors":"","doi":"10.1145/3507509","DOIUrl":"https://doi.org/10.1145/3507509","url":null,"abstract":"","PeriodicalId":280794,"journal":{"name":"Proceedings of the 2021 11th International Conference on Communication and Network Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131520601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}