Proceedings of the 17th International Conference on Availability, Reliability and Security最新文献

{"title":"Reactive Jamming Detection for LoRaWAN Based on Meta-Data Differencing","authors":"Henri Ruotsalainen","doi":"10.1145/3538969.3543805","DOIUrl":"https://doi.org/10.1145/3538969.3543805","url":null,"abstract":"Reactive jamming in LoRaWAN networks is a stealthy way to implement Denial-of-Service attacks against selected devices because the cause of the interference remains hidden from a network operator. In order to make such attacks more detectable this paper proposes a novel algorithm, which is able to expose a jamming attempt from a single LoRaWAN packet. By monitoring deviations in meta-data of LoRaWAN frames, our method can distinguish a jamming attempt from a normal packet collision with up to 99% accuracy. Furthermore, the presented algorithm is also suitable for light-weight implementations on LoRaWAN devices due to its low complexity.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134229923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multi-label Classification of Cybersecurity Text with Distant Supervision","authors":"M. Ishii, K. Mori, Ryoichi Kuwana, S. Matsuura","doi":"10.1145/3538969.3543795","DOIUrl":"https://doi.org/10.1145/3538969.3543795","url":null,"abstract":"Detailed analysis of cybersecurity intelligence in various data is essential to counter the recent advanced and complex evolution of cyber security attacks and threats. In particular, highly sophisticated learning models are required to classify cyberattacks and threats or extract security intelligence from unstructured data described in natural language. This study addresses text classification as the first step toward such sophisticated models. More specifically, we performed a multi-label classification of cybersecurity documents to reduce the cost of threat analysis and incident response. Detailed analysis of security incidents requires an integrated model that performs security intelligence extraction and event extraction tasks that leverage their relationships. We performed document-level multi-label classification with the standard categories of MITRE for cybersecurity attack and threat models. Furthermore, to reduce the cost of creating a large set of annotated data to improve the accuracy of the model, we automated generating of training data by using distant supervision [18]. We compared some methods for extracting keywords obtained from texts related to a defined classification category and multiple label assignment rules. We used cybersecurity documents from social news sites, threat reports, blog articles posted by security vendors as training and test data. We train a multi-label classification model on these texts using their document-level embedding vector obtained from a pre-trained language model. We also reported the experimental classification result for each category and compare several models and labeling with distant supervision. In addition, we performed human annotation for the sampled documents in the test data and evaluated the accuracy of classification on the annotated data. We showed that the machine learning models are slightly more accurate than the rule-based classifying with distant supervision on the test data. In some cases, the classification accuracy of distant supervision labeling is higher than the machine learning model on the human-annotated data. Furthermore, we analyzed and discussed the statistics of labels assigned by distant supervision, their co-occurrence with the predicted categories by the trained model, and how to utilize the classification model in cybersecurity incident response.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134505754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the Feasibility of Supervised Machine Learning for the Detection of Malicious Software Packages","authors":"Marc Ohm, Felix Boes, Christian Bungartz, M. Meier","doi":"10.1145/3538969.3544415","DOIUrl":"https://doi.org/10.1145/3538969.3544415","url":null,"abstract":"Modern software development heavily relies on a multitude of externally – often also open source – developed components that constitute a so-called Software Supply Chain. Over the last few years a rise of trojanized (i.e., maliciously manipulated) software packages have been observed and addressed in multiple academic publications. A central issue of this is the timely detection of such malicious packages for which typically single heuristic- or machine learning based approaches have been chosen. Especially the general suitability of supervised machine learning is currently not fully covered. In order to gain insight, we analyze a diverse set of commonly employed supervised machine learning techniques, both quantitatively and qualitatively. More precisely, we leverage a labeled dataset of known malicious software packages on which we measure the performance of each technique. This is followed by an in-depth analysis of the three best performing classifiers on unlabeled data, i.e., the whole npm package repository. Our combination of multiple classifiers indicates a good viability of supervised machine learning for the detection of malicious packages by pre-selecting a feasible number of suspicious packages for further manual analysis. This research effort includes the evaluation of over 25,210 different models which led to True Positive Rates of over 70 % and the detection and reporting of 13 previously unknown malicious packages.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133877330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SAMM: Situation Awareness with Machine Learning for Misbehavior Detection in VANET","authors":"Mohammed A. Abdelmaguid, H. Hassanein, Mohammad Zulkernine","doi":"10.1145/3538969.3543788","DOIUrl":"https://doi.org/10.1145/3538969.3543788","url":null,"abstract":"Vehicular Ad hoc Network (VANET) is a foundation stone for connected vehicles. As vehicles’ safety depends heavily on the exchanged data’s accuracy, VANET has a low tolerance for false data. The process of intentionally exchanging inaccurate data is called misbehaving. Machine learning (ML)-based solutions were heavily invested in detecting misbehavior messages. However, they also have some limitations with respect to how much they can detect. To overcome such limitations, we introduce situation awareness (SA) as a powerful concept that can break the limits of the used ML models, leading to more accurate and reliable solutions. Situation awareness uses environmental elements and events to gain a holistic view of the system at any given time. In this paper, we propose using SA to predict the trust of the surrounding cars and consequently reevaluate the outcome of the used ML model. Based on the collected data and SA information, we may reject a message classified as benign by the ML model or vice versa. We used VeReMi dataset to evaluate the proposed approach called SAMM (Situation Awareness with Machine Learning for Misbehavior Detection in VANET) on different ML models with a wide range of features. The results show that the proposed approach improves the system’s accuracy for various misbehavior attacks by enhancing the recall rate up to 24% and 50% in some cases.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"235 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131888430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Network Steganography Through Redundancy in Higher-Radix Floating-Point Representations","authors":"Carina Heßeling, J. Keller, Sebastian Litzinger","doi":"10.1145/3538969.3544429","DOIUrl":"https://doi.org/10.1145/3538969.3544429","url":null,"abstract":"Higher-radix floating-point representations have the potential for higher performance, lower energy footprint, and reduced gate count in embedded systems when compared to traditional binary floating-point numbers. Thus, they might also appear in transmission of sensor data values. However, these number formats introduce redundancies, which can be exploited for steganographic message transfer. We present a covert channel that exploits this redundancy and can trade steganographic bandwidth against introduced error and thus detectability. In the basic variant, the covert channel is fully reversible, i.e., not detectable from the data. Experiments with an implementation illustrate that detectability via compressibility metric, Shannon entropy and bi-grams is possible depending on how aggressive bandwidth is pushed.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131191003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards a Security Benchmark for the Architectural Design of Microservice Applications","authors":"Anusha Bambhore Tukaram, S. Schneider, N. E. D. Ferreyra, Georg Simhandl, Uwe Zdun, R. Scandariato","doi":"10.1145/3538969.3543807","DOIUrl":"https://doi.org/10.1145/3538969.3543807","url":null,"abstract":"The microservice architecture presents many challenges from a security perspective, due to the large amount of services, leading to an increased attack surface and an unmanageble cognitive load for security analysts. Several benchmarks exist to guide the secure configuration of the deployment infrastructure for microservice applications, including containers (e.g., Docker), orchestration systems (e.g., Kubernetes), cloud platforms (e.g., AWS), and even operating systems (e.g., Linux). In this paper we approach the creation of a benchmark for the design of the microservice applications themselves. To this aim, we inventorize a number of relevant security rules for the architectural design of microservice applications and assess (in a preliminary way) how these rules could be checked automatically.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132088612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Real-world Deployment of Privacy-Enhancing Authentication System using Attribute-based Credentials","authors":"Petr Dzurenda, Raúl Casanova Marqués, L. Malina","doi":"10.1145/3538969.3543803","DOIUrl":"https://doi.org/10.1145/3538969.3543803","url":null,"abstract":"With the daily increase in digitalization and integration of the physical and digital worlds, we need to better protect users’ privacy and identity. Attribute-based Credentials (ABCs) seem to be a promising technology for this task. In this paper, we provide comprehensive analyses of the readiness, maturity, and applicability of ABCs to real-world applications. Furthermore, we introduce our Privacy-Enhancing Authentication System (PEAS), which is based on ABCs and meets all privacy requirements such as anonymity and unlinkability of the user’s activities. Besides privacy features, PEAS also provides revocation mechanisms to identify and revoke malicious users. The system is suitable for deployment in real-world scenarios and runs on a wide range of user devices (e.g., smart cards, smartphones, and wearables).","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127817580","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fast and Blind Detection of Rate-Distortion-Preserving Video Watermarks","authors":"Hannes Mareen, G. Wallendael, Peter Lambert, F. Khelifi","doi":"10.1145/3538969.3543793","DOIUrl":"https://doi.org/10.1145/3538969.3543793","url":null,"abstract":"Forensic watermarking enables the tracing of digital pirates that leak copyright-protected multimedia. To prevent a negative impact on the video quality or bit rate, rate-distortion-preserving watermarking exists, which represents a watermark as compression artifacts. However, this method has two main disadvantages; the detection has a high complexity and it is non-blind. Although a method based on perceptual hashing exists that speeds up the detection of a fallback watermarking system, it decreases its robustness. Therefore, this paper proposes a novel fast detection method that has less impact on the robustness than related work. Our method optimized NS-DCT-DST hashes for rate-distortion-preserving watermarking, which are more robust to content-preserving attacks. Moreover, a blind version is proposed which does not require the original video for hash extraction. As such, the detection is experimentally measured to be up to 5700 times faster, at the cost of a modest decrease in robustness. In fact, the proposed method shows good robustness to content-preserving recompression attacks when using hashes that are as small as 432 bytes. This is much smaller than related work at comparable performance. In conclusion, this paper enables fast adversary tracing using watermarks that do not impact the video’s compression efficiency.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115029030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Precise Analysis of Purpose Limitation in Data Flow Diagrams","authors":"Hanaa Alshareef, Katja Tuma, Sandro Stucki, G. Schneider, R. Scandariato","doi":"10.1145/3538969.3539010","DOIUrl":"https://doi.org/10.1145/3538969.3539010","url":null,"abstract":"Data Flow Diagrams (DFDs) are primarily used for modelling functional properties of a system. In recent work, it was shown that DFDs can be used to also model non-functional properties, such as security and privacy properties, if they are annotated with appropriate security- and privacy-related information. An important privacy principle one may wish to model in this way is purpose limitation. But previous work on privacy-aware DFDs (PA-DFDs) considers purpose limitation only superficially, without explaining how the purpose of DFD activators and flows ought to be specified, checked or inferred. In this paper, we define a rigorous formal framework for (1) annotating DFDs with purpose labels and privacy signatures, (2) checking the consistency of labels and signatures, and (3) inferring labels from signatures. We implement our theoretical framework in a proof-of concept tool consisting of a domain-specific language (DSL) for specifying privacy signatures and algorithms for checking and inferring purpose labels from such signatures. Finally, we evaluate our framework and tool through a case study based on a DFD from the privacy literature.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116839750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MalRec: A Blockchain-based Malware Recovery Framework for Internet of Things","authors":"Ahmed Lekssays, Giorgia Sirigu, B. Carminati, E. Ferrari","doi":"10.1145/3538969.3544446","DOIUrl":"https://doi.org/10.1145/3538969.3544446","url":null,"abstract":"IoT devices have been considered an attractive target for malware (e.g., botnets) due to their low computational resources and lack of security measures. The literature focuses on detecting malware, but less attention is given to recovery solutions. In addition, with the development of data processing regulations in different countries, a need for transparent recovery systems that can help organizations present their due diligence arises. This work proposes a blockchain-based backup policy enforcement framework for IoT where an organization can formalize backup policies and enforce them. We have run our solution under extensive tests that show that it can be deployed in real-life IoT environments, despite the limited computational resources of IoT devices.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124507381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}