发布求助
文献互助 智能选刊 最新文献

Proceedings of the 17th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Detection of Malicious Images in Production-Quality Scenarios with the SIMARGL Toolkit 使用sigma工具包检测生产质量场景中的恶意图像
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544469
L. Caviglione, Martin Grabowski, Kai Gutberlet, A. Marzecki, M. Zuppelli, A. Schaffhauser, W. Mazurczyk
{"title":"Detection of Malicious Images in Production-Quality Scenarios with the SIMARGL Toolkit","authors":"L. Caviglione, Martin Grabowski, Kai Gutberlet, A. Marzecki, M. Zuppelli, A. Schaffhauser, W. Mazurczyk","doi":"10.1145/3538969.3544469","DOIUrl":"https://doi.org/10.1145/3538969.3544469","url":null,"abstract":"An increasing trend exploits steganography to conceal payloads in digital images, e.g., to drop malicious executables or to retrieve configuration files. Due to the very attack-specific nature of the exploited hiding mechanisms, developing general detection methods is a hard task. An effective approach concerns the creation of ad-hoc solutions to be integrated within general toolkits, also to holistically face unknown threats. Therefore, this paper discusses the integration of a tool for detecting malicious contents hidden in digital images via the Invoke-PSImage technique within the Secure Intelligent Methods for Advanced Recognition of Malware and Stegomalware framework. Since the real impact of images embedding steganographic threats and the behavior of ad-hoc solutions in realistic scenarios are still unknown territories, this work also showcases a performance evaluation conducted in a nation-wide telecommunication provider. Results demonstrated the effectiveness of the approach and also support the need of modular architectures to face the emerging wave of highly-specialized threats.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121636147","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SoK: Applications and Challenges of using Recommender Systems in Cybersecurity Incident Handling and Response 推荐系统在网络安全事件处理和响应中的应用和挑战
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3538981
M. Husák, Milan Cermák
{"title":"SoK: Applications and Challenges of using Recommender Systems in Cybersecurity Incident Handling and Response","authors":"M. Husák, Milan Cermák","doi":"10.1145/3538969.3538981","DOIUrl":"https://doi.org/10.1145/3538969.3538981","url":null,"abstract":"Incident handling, a fundamental activity of a cybersecurity incident response team, is a complex discipline that consumes a significant amount of personnel’s time and costs. There are continuous efforts to facilitate incident handling and response in terms of providing procedural or decision support and processing relevant data. In this paper, we survey the approaches towards (semi-)automated incident handling and response backed by recommender systems that are successful in other domains. We discuss which phases and tiers of incident handling can be automated and to what level while evaluating the maturity of proposed approaches and tools. While we did not find a full-scale recommender system that would guide the user through incident handling and suggest which steps to take, many of them aim at particular problems. The discussed issues are not resolved yet but seem to get the attention of researchers and will likely be investigated in the future.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114188823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Data Acquisition on a Large Darknet Marketplace 大型暗网市场的数据采集
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544472
York Yannikos, J. Heeger, M. Steinebach
{"title":"Data Acquisition on a Large Darknet Marketplace","authors":"York Yannikos, J. Heeger, M. Steinebach","doi":"10.1145/3538969.3544472","DOIUrl":"https://doi.org/10.1145/3538969.3544472","url":null,"abstract":"Darknet marketplaces in the Tor network are popular places to anonymously buy and sell various kinds of illegal goods. Previous research on marketplaces ranged from analyses of type, availability and quality of goods to methods for identifying users. Although many darknet marketplaces exist, their lifespan is usually short, especially for very popular marketplaces that are in focus of law enforcement agencies. We built a data acquisition architecture to collect data from White House Market, one of the largest darknet marketplaces in 2021. In this paper we describe our architecture and the problems we had to solve, and present findings from our analysis of the collected data.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116058201","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Revisit of Attestable Nodes for Networked Applications 网络应用中可验证节点的回顾
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544433
M. Schüpany, Martin Pirker
{"title":"A Revisit of Attestable Nodes for Networked Applications","authors":"M. Schüpany, Martin Pirker","doi":"10.1145/3538969.3544433","DOIUrl":"https://doi.org/10.1145/3538969.3544433","url":null,"abstract":"A core security (or trustworthiness) question for all designs of networked applications persists: If distributed nodes connect, are these nodes trustworthy? Is it possible to assess a node’s software state before sharing data, programs and/or interacting with them? This paper revisits a scenario of assembling distributed, individual nodes for networked applications, such as data science compute nodes or bridge nodes connecting established applications to novel blockchain-related applications and their ecosystem. By taking advantage of special hardware support (Intel TXT), modern boot software that supports it (Trenchboot) and a custom attestation-before-joining protocol, we report on our prototype implementation how attestable nodes can be achieved today.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115033342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Synopsis of Critical Aspects for Darknet Research 暗网研究关键方面综述
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544444
Florian Platzer, Alexandra Lux
{"title":"A Synopsis of Critical Aspects for Darknet Research","authors":"Florian Platzer, Alexandra Lux","doi":"10.1145/3538969.3544444","DOIUrl":"https://doi.org/10.1145/3538969.3544444","url":null,"abstract":"Descriptives of the darknet, and in particular of the Tor network, appear inconsistent and implausible in nature. In order to gain insight into how these conflicting results are produced, the goal of this study is to review previous research on the matter with regard to terminology used, methodology of sample collection and the analysis of the data. Our results indicate six critical aspects that in particular pertain to (A) an inconsistent use of terminology, (B) the methodology with which the sample was gathered, as well as the handling of (C) short-lived services, (D) botnet command and control servers, (E) web services with undetermined content and (F) duplicates of onion services. Further, we include a small case study on darknet marketplaces to demonstrate how reports concerning the number of a certain category can easily mislead. Through the implications of these aspects the presented description of Tor does not necessarily reflect the actual nature of Tor.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123236157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
STRIPED: A Threat Analysis Method for IoT Systems 条纹:物联网系统的威胁分析方法
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3538970
Kamakshi Srikumar, Komal Kashish, Kolja Eggers, N. E. D. Ferreyra, Julian Koch, Thorsten Schüppstuhl, R. Scandariato
{"title":"STRIPED: A Threat Analysis Method for IoT Systems","authors":"Kamakshi Srikumar, Komal Kashish, Kolja Eggers, N. E. D. Ferreyra, Julian Koch, Thorsten Schüppstuhl, R. Scandariato","doi":"10.1145/3538969.3538970","DOIUrl":"https://doi.org/10.1145/3538969.3538970","url":null,"abstract":"Currently, IoT systems display a poor level of security, as 50% of IoT devices are vulnerable to severe attacks, according to research. In an attempt to ameliorate the situation, we propose STRIPED, a threat analysis technique that focuses particularly on threat scenarios involving IoT devices that can be physically accessed by attackers. We evaluate STRIPED in a two-pronged way. First, we assess its performance compared to STRIDE (from which STRIPED is derived) in the context of a case study from the manufacturing industry. Second, we gather the feedback of 8 security experts working in a large, multinational company that specializes in secure IoT products for the domains of automotive, industrial, mobile and smart-home applications. These initial evaluation attempts provide encouraging evidence and suggest our method is a step in the right direction of facilitating security-by-design in IoT systems, especially industrial ones.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"498 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123158499","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Improved Integer-wise Homomorphic Comparison and Division based on Polynomial Evaluation 基于多项式求值的改进整数同态比较与除法
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3538988
Koki Morimura, Daisuke Maeda, T. Nishide
{"title":"Improved Integer-wise Homomorphic Comparison and Division based on Polynomial Evaluation","authors":"Koki Morimura, Daisuke Maeda, T. Nishide","doi":"10.1145/3538969.3538988","DOIUrl":"https://doi.org/10.1145/3538969.3538988","url":null,"abstract":"Fully homomorphic encryption (FHE) is a promising tool for privacy-preserving applications, and it enables us to perform homomorphic addition and multiplication on FHE ciphertexts without decrypting them. FHE has two types: one supporting the exact computation and the other supporting the approximate computation. Further the FHE schemes supporting the exact computation have two types, bit-wise FHE, which encrypts a plaintext bit by bit, and integer-wise FHE, which encrypts a plaintext as an integer. Both types of FHE are important depending on the types of computation we need to execute securely. In this work, we focus on integer-wise FHE, and propose improved methods for integer-wise homomorphic comparison and division operations. For a comparison operation, we propose a method that halves the number of necessary homomorphic multiplications by introducing an odd function as an interpolated polynomial to be evaluated, as opposed to the previous work of Narumanchi et al. (AINA ’17). For a division operation, as opposed to the previous work of Okada et al. (WISTP ’18), we propose a simple method to reduce the processing time by introducing an equality function based on Fermat’s little theorem without changing the multiplicative depth, and show the analysis of why this approach can achieve better efficiency in detail. In our homomorphic division, the number of interpolated polynomials is reduced by half, thus also achieving the reduction of the processing time of precomputations and the number of polynomials to be stored. We also implement our improved methods in HElib, which is one of popular FHE libraries using the BGV encryption. As a result, we show that, e.g., in the plaintext space , our homomorphic comparison with the Paterson-Stockmeyer method is faster by a factor of about 5.61 compared with Narumanchi et al. (AINA ’17) and our homomorphic division is faster by a factor of about 1.45 compared with Okada et al. (WISTP ’18).","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"513 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123408352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Safety and Security Analysis using LDA based on Case Reports: Case Study and Trust Evaluation Method 基于案例报告的LDA安全与保障分析:案例研究与信任评估方法
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3538993
K. Umezawa, Hiroki Koyanagi, Sven Wohlgemuth, Yusuke Mishina, K. Takaragi
{"title":"Safety and Security Analysis using LDA based on Case Reports: Case Study and Trust Evaluation Method","authors":"K. Umezawa, Hiroki Koyanagi, Sven Wohlgemuth, Yusuke Mishina, K. Takaragi","doi":"10.1145/3538969.3538993","DOIUrl":"https://doi.org/10.1145/3538969.3538993","url":null,"abstract":"There are many cases where the safety and security of systems are threatened by accidental or intentional human error. This study focuses on the fact that there is information available about human error in design and operation documents and case reports, and they are in natural language. Therefore, we propose a method to analyze the impact of human error on safety and security using Latent Dirichlet Allocation (LDA), which is one of the topic model methods. First, we matched the given information to create a list of similarities (co-occurrence list) between documents. Based on this co-occurrence list, a fault and attack tree was constructed. While manually considering them, the critical points were identified through sensitivity analysis. We show the effectiveness of this proposed method through two characteristic case studies of cyber-based connected car design deficiencies and physical-based manufacturing inspection fraud. Both analyzes add a way to leverage big data interoperability in manufacturing processes using the IoT.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"217 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128624985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
ConSenseIoT: A Consensus Algorithm for Secure and Scalable Blockchain in the IoT context ConSenseIoT:物联网环境下安全可扩展区块链的共识算法
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3543811
H. Niavis, K. Loupos
{"title":"ConSenseIoT: A Consensus Algorithm for Secure and Scalable Blockchain in the IoT context","authors":"H. Niavis, K. Loupos","doi":"10.1145/3538969.3543811","DOIUrl":"https://doi.org/10.1145/3538969.3543811","url":null,"abstract":"Data protection and privacy is a major concern in the Internet of Things (IoT) ecosystem, and the excessive use of IoT devices may risk the security of the network. Blockchain solutions are used to enhance the trustworthiness and eliminate the need for trusted third parties by providing mechanisms to reach consensus in a network of trustless participants. The consensus algorithms employed by blockchain architectures ensure the integrity of the data stored in the blockchain, the resiliency of the network and manage the security of devices. However, current solutions are compute intensive affecting the performance of the network and consuming much energy. In this work, we introduce a consensus algorithm for offering secure distributed consensus among IoT devices without affecting the performance of the network. The algorithm is inspired by existing solutions, employs decentralised identities, verifiable credentials and a decentralised trust management mechanism to guarantee security, privacy and trustworthiness of transactions. Finally, our algorithm combines technologies for operating in a distributed manner which favors the scalability and allow the effective integration in large scale networks.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125924040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Web Page Harvesting for Automatized Large-scale Digital Images Anomaly Detection 基于网页采集的大规模数字图像异常自动检测
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544471
M. Kowalczyk, Agnieszka Malanowska, W. Mazurczyk, Krzysztof Cabaj
{"title":"Web Page Harvesting for Automatized Large-scale Digital Images Anomaly Detection","authors":"M. Kowalczyk, Agnieszka Malanowska, W. Mazurczyk, Krzysztof Cabaj","doi":"10.1145/3538969.3544471","DOIUrl":"https://doi.org/10.1145/3538969.3544471","url":null,"abstract":"Currently, digital media content is increasingly being used by cybercriminals for nefarious purposes. Such objects can be used, e.g., to covertly transfer malicious code to the infected host or to exfiltrate sensitive information from the secured perimeter to the attacker’s server. In this paper, we present the design and deployment of a web page harvesting platform that allows performing various types of large-scale analyses, including metadata inspection, detection of hidden data, or evaluation of compliance with the graphical standard. The platform architecture has a distributed, flexible, and modular form, making it easily extendable and efficient. In this article, we also include initial experimental results of the analyzes carried out on the content of 1,000 of the most popular websites.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126015584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信