发布求助
文献互助 智能选刊 最新文献

2015 10th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Novel Method of Hiding Information in IP Telephony Using Pitch Approximation 基于基音近似的IP电话信息隐藏新方法
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.12
A. Janicki
{"title":"Novel Method of Hiding Information in IP Telephony Using Pitch Approximation","authors":"A. Janicki","doi":"10.1109/ARES.2015.12","DOIUrl":"https://doi.org/10.1109/ARES.2015.12","url":null,"abstract":"In this paper a novel steganographic method, called Hide F0, dedicated to IP telephony is proposed. It is based on the approximation of the parameter that describes the F0 frequency (the pitch) of the speaker's voice. We show that thanks to approximating some fragments of the \"fine pitch\" parameter in the Speex codec we can create efficient hidden transmission channels. We determined that for Speex working in mode 5 the Hide F0 method can provide a hidden channel with a capacity of ca. 220 bps at the optimal operating point. We also demonstrated that the proposed method offers a significantly more advantageous trade-off between the steganographic bandwidth and steganographic cost than the classic least significant bit (LSB) approach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130628606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Concept Detection in Multimedia Web Resources About Home Made Explosives 自制炸药多媒体网络资源中的概念检测
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.85
George Kalpakis, T. Tsikrika, Fotini Markatopoulou, Nikiforos Pittaras, S. Vrochidis, V. Mezaris, I. Patras, Y. Kompatsiaris
{"title":"Concept Detection in Multimedia Web Resources About Home Made Explosives","authors":"George Kalpakis, T. Tsikrika, Fotini Markatopoulou, Nikiforos Pittaras, S. Vrochidis, V. Mezaris, I. Patras, Y. Kompatsiaris","doi":"10.1109/ARES.2015.85","DOIUrl":"https://doi.org/10.1109/ARES.2015.85","url":null,"abstract":"This work investigates the effectiveness of a state-of-the-art concept detection framework for the automatic classification of multimedia content, namely images and videos, embedded in publicly available Web resources containing recipes for the synthesis of Home Made Explosives (HMEs), to a set of predefined semantic concepts relevant to the HME domain. The concept detection framework employs advanced methods for video (shot) segmentation, visual feature extraction (using SIFT, SURF, and their variations), and classification based on machine learning techniques (logistic regression). The evaluation experiments are performed using an annotated collection of multimedia HME content discovered on the Web, and a set of concepts, which emerged both from an empirical study, and were also provided by domain experts and interested stakeholders, including Law Enforcement Agencies personnel. The experiments demonstrate the satisfactory performance of our framework, which in turn indicates the significant potential of the adopted approaches on the HME domain.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125558103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic 通过分析暗网流量推断精心策划的探测活动的时间序列方法
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.9
E. Bou-Harb, M. Debbabi, C. Assi
{"title":"A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic","authors":"E. Bou-Harb, M. Debbabi, C. Assi","doi":"10.1109/ARES.2015.9","DOIUrl":"https://doi.org/10.1109/ARES.2015.9","url":null,"abstract":"This paper aims at inferring probing campaigns by investigating dark net traffic. The latter probing events refer to a new phenomenon of reconnaissance activities that are distinguished by their orchestration patterns. The objective is to provide a systematic methodology to infer, in a prompt manner, whether or not the perceived probing packets belong to an orchestrated campaign. Additionally, the methodology could be easily leveraged to generate network traffic signatures to facilitate capturing incoming packets as belonging to the same inferred campaign. Indeed, this would be utilized for early cyber attack warning and notification as well as for simplified analysis and tracking of such events. To realize such goals, the proposed approach models such challenging task as a problem of interpolating and predicting time series with missing values. By initially employing trigonometric interpolation and subsequently executing state space modeling in conjunction with a time-varying window algorithm, the proposed approach is able to pinpoint orchestrated probing campaigns by only monitoring few orchestrated flows. We empirically evaluate the effectiveness of the proposed model using 330 GB of real dark net data. By comparing the outcome with a previously validated work, the results indeed demonstrate the promptness and accuracy of the proposed approach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133034853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Challenges of Data Provenance for Cloud Forensic Investigations 云取证调查中数据来源的挑战
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.54
Victoria M. Katilu, V. N. Franqueira, Olga Angelopoulou
{"title":"Challenges of Data Provenance for Cloud Forensic Investigations","authors":"Victoria M. Katilu, V. N. Franqueira, Olga Angelopoulou","doi":"10.1109/ARES.2015.54","DOIUrl":"https://doi.org/10.1109/ARES.2015.54","url":null,"abstract":"Cloud computing has gained popularity due to its efficiency, robustness and cost effectiveness. Carrying out digital forensic investigations in the cloud is currently a relevant and open issue. The root of this issue is the fact that servers cannot be physically accessed, coupled with the dynamic and distributed nature of cloud computing with regards to data processing and storage. This renders traditional methods of evidence collection impractical. The use of provenance data in cloud forensics is critical as it provides forensic investigators with data history in terms of people, entities and activities involved in producing related data objects. Therefore, cloud forensics requires effective provenance collection mechanisms. This paper provides an overview of current provenance challenges in cloud computing and identifies limitations of current provenance collection mechanisms. Recommendations for additional research in digital provenance for cloud forensics are also presented.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131568583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
TEAR: A Multi-purpose Formal Language Specification for TEsting at Runtime 用于运行时测试的多用途形式化语言规范
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.90
Jorge López, S. Maag, Gerardo Morales
{"title":"TEAR: A Multi-purpose Formal Language Specification for TEsting at Runtime","authors":"Jorge López, S. Maag, Gerardo Morales","doi":"10.1109/ARES.2015.90","DOIUrl":"https://doi.org/10.1109/ARES.2015.90","url":null,"abstract":"Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well, therefore, trustworthy interactions of the different systems are a priority. We have proposed a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Using this approach, some limitations regarding the testers resources have been found. In this paper, we identify the constraints and propose and new language suited for testing at runtime in different environments.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134445888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Don't Brick Your Car: Firmware Confidentiality and Rollback for Vehicles 不要破坏你的汽车:车辆的固件机密性和回滚
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.58
Hafizah Mansor, K. Markantonakis, Raja Naeem Akram, K. Mayes
{"title":"Don't Brick Your Car: Firmware Confidentiality and Rollback for Vehicles","authors":"Hafizah Mansor, K. Markantonakis, Raja Naeem Akram, K. Mayes","doi":"10.1109/ARES.2015.58","DOIUrl":"https://doi.org/10.1109/ARES.2015.58","url":null,"abstract":"In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system (s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using Casper FDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129797209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Independent Security Testing on Agile Software Development: A Case Study in a Software Company 敏捷软件开发中的独立安全测试:一个软件公司的案例研究
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.79
Jesus Choliz, Julian Vilas, Jose Moreira
{"title":"Independent Security Testing on Agile Software Development: A Case Study in a Software Company","authors":"Jesus Choliz, Julian Vilas, Jose Moreira","doi":"10.1109/ARES.2015.79","DOIUrl":"https://doi.org/10.1109/ARES.2015.79","url":null,"abstract":"Agile methodologies are becoming increasingly common on Software Engineering Teams. Unfortunately, their relation with the security activities is complex to approach, even more complex when the Security Team has strong requirements of independence. This paper shows a case study of a software security testing process, based on the Microsoft Software Development Lifecycle for Agile, on a company moving their Software Engineering Teams from waterfall to agile. The results of this case study show a successful synchronization between the tasks of agile Software Engineering Teams and the independent Security Team.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129951160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code Android应用的动态自我保护和防篡改
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.98
Mykola Protsenko, Sebastien Kreuter, Tilo Müller
{"title":"Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code","authors":"Mykola Protsenko, Sebastien Kreuter, Tilo Müller","doi":"10.1109/ARES.2015.98","DOIUrl":"https://doi.org/10.1109/ARES.2015.98","url":null,"abstract":"With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132928800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Fair Fingerprinting Protocol for Attesting Software Misuses 公平指纹协议证明软件滥用
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.29
Raphael Machado, D. Boccardo, V. P. D. Sá, J. Szwarcfiter
{"title":"Fair Fingerprinting Protocol for Attesting Software Misuses","authors":"Raphael Machado, D. Boccardo, V. P. D. Sá, J. Szwarcfiter","doi":"10.1109/ARES.2015.29","DOIUrl":"https://doi.org/10.1109/ARES.2015.29","url":null,"abstract":"Digital watermarks embed information into a host artifact in such a way that the functionalities of the artifact remain unchanged. Allowing for the timely retrieval of authorship/ownership information, and ideally hard to be removed, watermarks discourage piracy and have thus been regarded as important tools to protect the intellectual property. A watermark aimed at uniquely identifying an artifact is referred to as a fingerprint. After presenting a formal definition of digital watermarks, we introduce an unbiased fingerprinting protocol -- based on oblivious transfer -- that lends no advantage to the prosecuting party in a dispute around intellectual property breach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123203732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Model Implementing Certified Reputation and Its Application to TripAdvisor 认证信誉的实现模型及其在TripAdvisor上的应用
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.26
F. Buccafurri, G. Lax, S. Nicolazzo, Antonino Nocera
{"title":"A Model Implementing Certified Reputation and Its Application to TripAdvisor","authors":"F. Buccafurri, G. Lax, S. Nicolazzo, Antonino Nocera","doi":"10.1109/ARES.2015.26","DOIUrl":"https://doi.org/10.1109/ARES.2015.26","url":null,"abstract":"Many real-life reputation models suffer from classical drawbacks making the systems where they are used vulnerable to users' misbehavior. TripAdvisor is a good example of this problem. Indeed, despite its popularity, the weakness of its reputation model is resulting in loss of credibility and growth of legal disputes. In this paper, we propose a reputation model abstractly considering service providers, users and feedbacks, and implementing the theoretical notion of certified reputation to concretely define a strategy to normalize feedback scores towards reliable values. We apply the model to the case of TripAdvisor, by proposing a solution to improve its dependability not increasing invasiveness nor reducing usability of the system. Moreover, it fully guarantees backward compatibility. In the context of project activities, we are in progress to fully implement the system and validate it on real-life data.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121921709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信