发布求助
文献互助 智能选刊 最新文献

EAI Endorsed Trans. Security Safety最新文献

筛选
英文 中文
Network-based Analysis and Classification of Malware using Behavioral Artifacts Ordering 基于网络的恶意软件行为工件排序分析与分类
EAI Endorsed Trans. Security Safety Pub Date : 2018-12-11 DOI: 10.4108/eai.13-7-2018.156002
Aziz Mohaisen, Omar Alrawi, Jeman Park, Joongheon Kim, Daehun Nyang, Manar Mohaisen
{"title":"Network-based Analysis and Classification of Malware using Behavioral Artifacts Ordering","authors":"Aziz Mohaisen, Omar Alrawi, Jeman Park, Joongheon Kim, Daehun Nyang, Manar Mohaisen","doi":"10.4108/eai.13-7-2018.156002","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.156002","url":null,"abstract":"Using runtime execution artifacts to identify malware and its associated family is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form, only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121209236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A secure and lightweight multicast communication system for Smart Grids 面向智能电网的安全轻量级多播通信系统
EAI Endorsed Trans. Security Safety Pub Date : 2018-12-11 DOI: 10.4108/eai.13-7-2018.156004
Tiago Antônio Rizzetti, B. Silva, A. Rodrigues, R. Milbradt, L. Canha
{"title":"A secure and lightweight multicast communication system for Smart Grids","authors":"Tiago Antônio Rizzetti, B. Silva, A. Rodrigues, R. Milbradt, L. Canha","doi":"10.4108/eai.13-7-2018.156004","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.156004","url":null,"abstract":"In the Smart Grids context, all communications must be handled in a secure way, including multicast traffic. The Application Layer Multicast (ALM) algorithms provide better flexibility and can employ security mechanisms, however, causes overhead to all nodes to build the multicast tree. In this work is proposed another approach to provide a secure multicast focusing on filtering packets on nodes without need an overlay protocol. It uses the multihop property of Wireless Mesh Networks (WMN) usually employed to bring connectivity to smart meters. Also, there is the support to message authentication code (MAC) using symmetric cryptography and presents an algorithm to provide a secure key distribution system. The results show that this approach is lightweight, secure, and assures multicast message delivery, even on failures caused by attacks on the key distribution system. The key management protocol used to provide authentication and integrity are evaluated using an automated test tool. Received on 08 September 2018, accepted on 27 November 2018, published on 03 December 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115316453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Formal Approach to Detect and Resolve Anomalies while Clustering ABAC Policies ABAC策略聚类时检测和解决异常的形式化方法
EAI Endorsed Trans. Security Safety Pub Date : 2018-12-03 DOI: 10.4108/eai.13-7-2018.156003
Maryem Ait El Hadj, A. Khoumsi, Yahya Benkaouz, M. Erradi
{"title":"Formal Approach to Detect and Resolve Anomalies while Clustering ABAC Policies","authors":"Maryem Ait El Hadj, A. Khoumsi, Yahya Benkaouz, M. Erradi","doi":"10.4108/eai.13-7-2018.156003","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.156003","url":null,"abstract":"In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Using Attribute-Based Access Control (ABAC) model to ensure access control might become complex and hard to manage. Moreover, ABAC policies may be aggregated from multiple parties. Therefore, they may contain several anomalies such as conflicts and redundancies, resulting in safety and availability problems. Several policy analysis and design methods have been proposed. However, most of these methods do not preserve the original policy semantics. In this paper, we present an ABAC anomaly detection and resolution method based on the access domain concept, while preserving the policy semantics. To make the suggested method scalable for large policies, we decompose the policy into clusters of rules, then the method is applied to each cluster. We prove correctness of the method and evaluate its computational complexity. Experimental results are given and discussed. Received on 11 October 2018; accepted on 16 November 2018; published on 03 December 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122879734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures 关键基础设施网络攻击的威胁、对策和归因
EAI Endorsed Trans. Security Safety Pub Date : 2018-10-17 DOI: 10.4108/eai.15-10-2018.155856
L. Maglaras, M. Ferrag, A. Derhab, M. Mukherjee, H. Janicke, Stylianos Rallis
{"title":"Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures","authors":"L. Maglaras, M. Ferrag, A. Derhab, M. Mukherjee, H. Janicke, Stylianos Rallis","doi":"10.4108/eai.15-10-2018.155856","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155856","url":null,"abstract":"As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122464872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
How Stakeholders Perceived Security Risks? A New Predictive Functional Level Model and its Application to E-Learning 利益相关者如何感知安全风险?一种新的预测功能层模型及其在网络学习中的应用
EAI Endorsed Trans. Security Safety Pub Date : 2018-10-15 DOI: 10.4108/eai.15-10-2018.155738
N. Rjaibi, Latifa Ben Arfa Rabai
{"title":"How Stakeholders Perceived Security Risks? A New Predictive Functional Level Model and its Application to E-Learning","authors":"N. Rjaibi, Latifa Ben Arfa Rabai","doi":"10.4108/eai.15-10-2018.155738","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155738","url":null,"abstract":"A new predictive functional level security risk management model is proposed in order to quantify the security level perception and the level of risk involved. It helps in defining the assets, measuring economically the risk, managing the risk toward decisions making. It is out of implementation and based on a functional level architecture. The paper defines a simple predictive model, it relies on a few number of inputs which form the system’s security specifications and provides one output which is the average loss per unit of time ($/H) incurred by a stakeholder as a result of security threats. The obtained values represent how stakeholders perceived economically security risks and predict how it will change over time to implement in advance the needed security strategies. Our model is useful in any security context. We report it in practice originally to the level of e-Learning systems for current architectures because they lack a common measurable value and evidence of cyber security. Our model assists security experts from the early phases of system’s development to implement future safe and secure platforms.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"283 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116091990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
FPGA Implementation of Elliptic Curve Cryptoprocessor for Perceptual Layer of the Internet of Things 物联网感知层椭圆曲线密码处理器的FPGA实现
EAI Endorsed Trans. Security Safety Pub Date : 2018-10-15 DOI: 10.4108/eai.15-10-2018.155739
V. Kamalakannan, S. Tamilselvan
{"title":"FPGA Implementation of Elliptic Curve Cryptoprocessor for Perceptual Layer of the Internet of Things","authors":"V. Kamalakannan, S. Tamilselvan","doi":"10.4108/eai.15-10-2018.155739","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155739","url":null,"abstract":"Today’s developing era data and information security plays an important role in unsecured communication between Internet of Things (IoT) elements. In IoT, data are transmitted in plaintext for many reasons. One of the most common reason is the availability of hardware. Many IoT products are inexpensive components with limited memory and computational resources. Such devices might be unable to support the computationally intense cryptographic functions of asymmetrical cryptography. If designers considered the privacy implications of unencrypted data, they have limited options for encryption because of the hardware platform. Therefore the designers have to create their own security protocols or implement stripped-down versions of existing security protocols. The second option has a better chances. Evidence recommends such a modified protocol would run efficiently on small devices. Elliptic Curve Cryptography (ECC) is used to ensure complete protection against the security risks such as confidentiality, integrity, privacy and authentication by implementing an Elliptic Curve Cryptoprocessor. The work focuses on high-performance Elliptic Curve Cryptoprocessor design, optimized for Field Programmable Gate Array (FPGA) implementation, using the concept of asymmetric and hash algorithms. A novel cryptographic algorithm consisting of matrix mapping methodology and hidden generator point theory is to be applied for encryption/decryption between the sender and receiver whereas Elliptic Curve Digital Signature Algorithm (ECDSA) designed using Keccak Secured Hash Algorithm (SHA) algorithm is applied for the validation of the encrypted data. The proposed Cryptoprocessor operates at a minimum period of 6.980 ns and maximum frequency of 143.276 MHz. This work focuses on the practicability of public key cryptography implementation for devices connected in the perceptual layer of IoT.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127851794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Multi-connection Encryption Algorithm Applied in Secure Channel Service System 一种用于安全信道业务系统的多连接加密算法
EAI Endorsed Trans. Security Safety Pub Date : 2018-10-15 DOI: 10.4108/eai.15-5-2018.155167
Fanhao Meng, Rongheng Lin, Zhuoran Wang, Hua Zou, Shiqi Zhou
{"title":"A Multi-connection Encryption Algorithm Applied in Secure Channel Service System","authors":"Fanhao Meng, Rongheng Lin, Zhuoran Wang, Hua Zou, Shiqi Zhou","doi":"10.4108/eai.15-5-2018.155167","DOIUrl":"https://doi.org/10.4108/eai.15-5-2018.155167","url":null,"abstract":"Encryption is the most important method to enhance security of network transmitting. SDN (Software Defined Networking) Security Transmission Service can provide multi-connection transmitting service, which scatters data to multiple network connections for transmission so that data on different connections is isolated from each other. Based on the service, encrypting the isolated data prevents overall data from intercepted and deciphered. In the above scenario, we propose an encryption algorithm that uses the data themselves as encryption keys, and use the data isolation effect of multi-connection transmission to distribute the encrypted ciphertext to different network transmission paths, which is equivalent to using a rather random sequence as an encryption key for each data fragment without sharp increase in transmitting data, so that data transmitted on every connection are ensured to be safe. After compared with other encryption algorithms such as DES, AES and RSA, it is proved that in the multi-connection transmitting scenario this algorithm has better encryption effect and operating efficiency, which provides an effective guarantee for network security.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132735283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus 鼠标底层:基于几乎不可见窗口的全局键和鼠标监听器,具有本地监听器和复杂焦点
EAI Endorsed Trans. Security Safety Pub Date : 2018-10-15 DOI: 10.4108/eai.15-10-2018.155740
Tim Niklas Witte
{"title":"Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus","authors":"Tim Niklas Witte","doi":"10.4108/eai.15-10-2018.155740","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155740","url":null,"abstract":"Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results. Received on 02 July 2018; accepted on 09 October 2018; published on 15 October 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"5 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123729831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Kernel-Space Intrusion Detection Using Software-Defined Networking 基于软件定义网络的内核空间入侵检测
EAI Endorsed Trans. Security Safety Pub Date : 2018-10-09 DOI: 10.4108/EAI.13-7-2018.155168
Tommy Chin, Kaiqi Xiong, M. Rahouti
{"title":"Kernel-Space Intrusion Detection Using Software-Defined Networking","authors":"Tommy Chin, Kaiqi Xiong, M. Rahouti","doi":"10.4108/EAI.13-7-2018.155168","DOIUrl":"https://doi.org/10.4108/EAI.13-7-2018.155168","url":null,"abstract":"Software-Defined Networking (SDN) has encountered serious Denial of Service (DoS) attacks. However, existing approaches cannot sufficiently address the serious attacks in the real world because they often present significant overhead and they require long detection and mitigation time. In this paper, we propose a lightweight kernel-level intrusion detection and prevention framework called KernelDetect, which leverages modular string searching and filtering mechanisms with SDN techniques. In KernelDetect, we sufficiently utilize the strengths of the Aho-Corasick and Bloom filter to design KernelDetect by using SDN. We further experimentally compare it with SNORT and BROS, two conventional and popular Intrusion Detection and Prevention System (IDPS) on the Global Environment for Networking Innovations (GENI), a real-world testbed. Our comprehensive studies through experimental data and analysis show that KernelDetect is more efficient and effective than SNORT and BROS. Received on 01 May 2018; accepted on 02 June 2018; published on 09 October 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116447923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Leveraging attention-based deep neural networks for security vetting of Android applications 利用基于注意力的深度神经网络对Android应用程序进行安全审查
EAI Endorsed Trans. Security Safety Pub Date : 2018-07-13 DOI: 10.4108/eai.27-9-2021.171168
Prabesh Pathak, Prabesh Poudel, Sankardas Roy, Doina Caragea
{"title":"Leveraging attention-based deep neural networks for security vetting of Android applications","authors":"Prabesh Pathak, Prabesh Poudel, Sankardas Roy, Doina Caragea","doi":"10.4108/eai.27-9-2021.171168","DOIUrl":"https://doi.org/10.4108/eai.27-9-2021.171168","url":null,"abstract":"Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of attention-based mechanisms in natural language processing motivates us to apply the idea for security vetting of Android apps. An Android app’s code contains API-calls that can provide clues regarding the malicious or benign nature of an app. By observing the pattern of the API-calls being invoked, we can interpret the predictions of a model trained to separate benign apps from malicious apps. In this paper, using the attention mechanism, we aim to find the API-calls that are predictive with respect to the maliciousness of Android apps. More specifically, we target to identify a set of API-calls that malicious apps exploit, which might help the community discover new signatures of malware. In our experiment, we work with two attention-based models: Bi-LSTM Attention and Self-Attention. Our classification models achieve high accuracy in malware detection. Using the attention weights, we also extract the top 200 API-calls (that reflect the malicious behavior of the apps) from each of these two models, and we observe that there is significant overlap between the top 200 API-calls identified by the two models. This result increases our confidence that the top 200 API-calls can be used to improve the interpretability of the models. Received on 14 July 2021; accepted on 03 August 2021; published on 27 September 2021","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124878251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信