发布求助
文献互助 智能选刊 最新文献

2023 IEEE International Conference on Cyber Security and Resilience (CSR)最新文献

筛选
英文 中文
Counteracting Modeling Attacks Using Hardware-Based Dynamic Physical Unclonable Function 基于硬件的动态物理不可克隆函数对抗建模攻击
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224914
Shailesh Rajput, Jaya Dofe
{"title":"Counteracting Modeling Attacks Using Hardware-Based Dynamic Physical Unclonable Function","authors":"Shailesh Rajput, Jaya Dofe","doi":"10.1109/CSR57506.2023.10224914","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224914","url":null,"abstract":"The widespread adoption of Internet of Things (IoT) devices across various application domains has significantly improved quality of life. However, the resource-constrained, heterogeneous, and low-power nature of these devices poses challenges in ensuring secure communication and authenticity. Physical Unclonable Functions (PUFs) provide a solution by creating a unique and device-specific identity through manufacturing process variations without requiring additional resources. To authenticate IoT devices, a challenge-response pair (CRP) is generated based on the unique characteristics of each device. However, the CRPs generated by PUFs often exhibit high correlation, making them vulnerable to modeling attacks. Despite the proposal of numerous intricate PUF architectures, such as XOR PUF and Interpose PDF, the advancement in machine learning algorithms has enabled modeling attacks on these PUFs. This work presents a hardware-based dynamic PUF and evaluates its performance on field programmable gate arrays (FPGAs). The dynamic nature of the proposed PUF architecture makes it challenging for prevalent machine learning models to predict accurate PUF responses. The research also compares the efficacy of logistic regression and multilayer perceptron-based modeling attacks on Arbiter PUF and XOR PUF architectures. The experimental findings reveal that the dynamic PUF outperforms the other two PUFs against machine learning-based attacks. These results suggest that the dynamic PUF architecture is viable for IoT applications.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116752852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SPAT: A Testbed for Automotive Cybersecurity Training 汽车网络安全培训的测试平台
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224967
Roberto Caviglia, G. Gaggero, Nicola Vincis, Omar Morando, Alessio Aceti, Mario Marchese
{"title":"SPAT: A Testbed for Automotive Cybersecurity Training","authors":"Roberto Caviglia, G. Gaggero, Nicola Vincis, Omar Morando, Alessio Aceti, Mario Marchese","doi":"10.1109/CSR57506.2023.10224967","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224967","url":null,"abstract":"With the increasing of cyber threats in cyber-physical systems, and especially in the automotive sector, companies need to train cybersecurity experts with vertical competencies in the field as described in the regulations R155 and R156 defined by UNECE (United Nations Economic Commission for Europe). Testbeds capable of simulating the control network, the sensors and the actuators of a vehicle represent a great tool for this purpose. This paper presents the first prototype of SPAT (Sababa Portable Automotive Testbed), a testbed for automotive cybersecurity training. SPAT includes, in a portable suitcase, all the control and network devices based on the CANBus technology of a real vehicle. We present the features of the functioning prototype, and we also discuss the next steps towards a testbed that will include the most recent communication technologies employed in the automotive sector.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116411036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Phishing and Smishing Detection Using Machine Learning 使用机器学习的网络钓鱼和欺骗检测
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224954
Hadi El Karhani, Riad Al Jamal, Yorgo Bou Samra, I. Elhajj, A. Kayssi
{"title":"Phishing and Smishing Detection Using Machine Learning","authors":"Hadi El Karhani, Riad Al Jamal, Yorgo Bou Samra, I. Elhajj, A. Kayssi","doi":"10.1109/CSR57506.2023.10224954","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224954","url":null,"abstract":"We propose the use of a hybridized machine learning model to detect phishing and smishing - phishing using SMS messages - attacks with the use of several extracted features related to domains, coupled with natural language processing (NLP) trained on actual smishing messages to accurately detect attacks. Moreover, we propose an integration of the detection system with the open-source threat intelligence platform, MISP (Malware Information Sharing Platform). This allows for more effective storage and use of flagged phishing domains. The model was trained and tested using publicly available data as well as data provided by TELUS Corp. The results show an accuracy of 99.40% and an Fl score in excess of 99%.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116445022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
HSchain: Anonymous Permissioned Blockchain with Enhanced Auditability HSchain:具有增强可审计性的匿名许可区块链
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10225006
Jipeng Hou, Lei Xu, Liehuang Zhu, Peng Jiang, Shaorui Song
{"title":"HSchain: Anonymous Permissioned Blockchain with Enhanced Auditability","authors":"Jipeng Hou, Lei Xu, Liehuang Zhu, Peng Jiang, Shaorui Song","doi":"10.1109/CSR57506.2023.10225006","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10225006","url":null,"abstract":"Anonymity and auditability of transactions are two important but conflicting requirements for many blockchain-based applications. Technologies proposed to realize anonymous transactions, such as coin mixing and ring signature, make it hard to identify the participants of transactions. In this paper, we propose a system called HSchain, which enables the regulator to identify the participants while keeping the identity information hidden from nodes in the blockchain network. The proposed system uses the ring signature and the one-time public key to hide the sender and the receiver of a transaction respectively. By running a secret handshake protocol with the regulator, the sender/receiver generates a tag which is attached to the transaction to make it auditable. We carefully design the structure of the tag so that only the regulator can determine if a user has participated in a specific transaction. Simulation results demonstrate that adding such a tag to an anonymous transaction does not incur much overhead.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123611884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Moving Target Defense Strategy Selection against Malware in Resource-Constrained Devices 资源受限设备中恶意软件移动目标防御策略选择
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224824
Jan von der Assen, Alberto Huertas Celdrán, Nicolas Huber, Gérôme Bovet, G. Pérez, B. Stiller
{"title":"Moving Target Defense Strategy Selection against Malware in Resource-Constrained Devices","authors":"Jan von der Assen, Alberto Huertas Celdrán, Nicolas Huber, Gérôme Bovet, G. Pérez, B. Stiller","doi":"10.1109/CSR57506.2023.10224824","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224824","url":null,"abstract":"Internet-of-Things (IoT) devices have become critical assets to be protected due to increased adoption for emerging use cases. As such, these devices are confronted with a myriad of malware-based threats. To combat malware in IoT, Moving Target Defense (MTD) is a viable defense layer, since MTD does not rely on a low breach probability - aiming to increase security in a dynamic way. Although evidence supports the usefulness of MTD for IoT, the current state of the art suffers from unrealistic deployments, including the problem of operating multiple MTD techniques. Especially, there is a commonly observed gap in determining and deploying one of a set of locally available MTD techniques. This paper addresses this gap by relying on a rule-based selection mechanism. For that, a risk-driven methodology to establish this selection agent with a well-defined architecture is followed. As an input, the device's behavior, as expressed through its resource consumption, serves as a selection criterion. This architecture was implemented for a Raspberry Pi and evaluated against seven malware, given four existing MTD techniques. The resulting prototype highlights that a rule-based system can efficiently mitigate the malware samples.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123936340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Conference Sponsors 会议的赞助商
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/csr57506.2023.10224988
{"title":"Conference Sponsors","authors":"","doi":"10.1109/csr57506.2023.10224988","DOIUrl":"https://doi.org/10.1109/csr57506.2023.10224988","url":null,"abstract":"","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125001204","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DDoS Attack Detection in a Real Urban IoT Environment Using Federated Deep Learning 基于联邦深度学习的真实城市物联网环境中的DDoS攻击检测
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224916
Khatereh Ahmadi, R. Javidan
{"title":"DDoS Attack Detection in a Real Urban IoT Environment Using Federated Deep Learning","authors":"Khatereh Ahmadi, R. Javidan","doi":"10.1109/CSR57506.2023.10224916","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224916","url":null,"abstract":"today, alongside the opportunities provided by Internet of Things (IoT), Distributed Denial of Service (DDoS) attacks are one of the most significant attacks that target the overall availability and reliability of the network. Many researches have been devoted to propose new machine learning-based detection mechanisms. However, centralized learning models require the traffic data and learning process to be concentrated on a specific device, which leads to more computational complexity and privacy concerns. Consequently, in this paper, detection and prediction of such attacks is modeled as a distributed cooperative learning scheme, which is conducted based on federated deep learning implemented in a real smart city environment. The results compared with traditional centralized deep learning models indicate high performance and accuracy, while maintaining confidentiality of traffic data. More precisely, in terms of common learning metrics, our proposed model is capable of gaining 0.953 and 0.0369 accuracy and loss rates, respectively.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125141437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
VulDetect: A novel technique for detecting software vulnerabilities using Language Models VulDetect:一种使用语言模型检测软件漏洞的新技术
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224924
Marwan Omar, S. Shiaeles
{"title":"VulDetect: A novel technique for detecting software vulnerabilities using Language Models","authors":"Marwan Omar, S. Shiaeles","doi":"10.1109/CSR57506.2023.10224924","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224924","url":null,"abstract":"Recently, deep learning techniques have garnered substantial attention for their ability to identify vulnerable code patterns accurately. However, current state-of-the-art deep learning models, such as Convolutional Neural Networks (CNN), and Long Short-Term Memories (LSTMs) require substantial computational resources. This results in a level of overhead that makes their implementation unfeasible for deployment in realtime settings. This study presents a novel transformer-based vulnerability detection framework, referred to as VulDetect, which is achieved through the fine-tuning of a pretrained large language model, (GPT) on various benchmark datasets of vulnerable code. Our empirical findings indicate that our framework is capable of identifying vulnerable software code with an accuracy of up to 92.65%. Our proposed technique outperforms SyseVR and VuIDeBERT, two state-of-the-art vulnerability detection techniques.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"162 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123029062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mitigating Membership Inference Attacks in Machine Learning as a Service 减少机器学习即服务中的成员推理攻击
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224960
Myria Bouhaddi, K. Adi
{"title":"Mitigating Membership Inference Attacks in Machine Learning as a Service","authors":"Myria Bouhaddi, K. Adi","doi":"10.1109/CSR57506.2023.10224960","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224960","url":null,"abstract":"The increasing use of Machine Learning as a Service (MLaaS) has raised privacy and security issues due to membership inference attacks. These attacks can extract sensitive information such as the identification of an individual's participation in a training dataset, by exploiting a binary classifier with limited access. The attacks exploit weaknesses in the decision boundaries of the model, and can lead to the disclosure of private information. However, the current defenses against such attacks, such as those based on differential privacy or regularization, have significant limitations. Therefore, further research is needed to develop effective defenses that maintain the utility of machine learning models while providing formal guarantees, even in the presence of strategic adversaries. In this paper, we focus on mitigating the risks of black-box inference attacks against machine learning models as a service. We propose a defense mechanism that brings the attacker's inference classifier into a zone of uncertainty, rendering it unable to classify a data point as a member or non-member. This mechanism takes into account the attacker's behavior by modeling the interaction between defense and attacker as a game, considering potential gains in confidentiality and costs. Our experiments on two datasets demonstrate the effectiveness of our approach in mitigating membership inference attacks. Furthermore, our defense mechanism outperforms existing defenses by offering superior privacy-utility-performance tradeoffs.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122795734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automated Patch Management: An Empirical Evaluation Study 自动化补丁管理:一个实证评估研究
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224970
Vida Ahmadi Mehri, P. Arlos, E. Casalicchio
{"title":"Automated Patch Management: An Empirical Evaluation Study","authors":"Vida Ahmadi Mehri, P. Arlos, E. Casalicchio","doi":"10.1109/CSR57506.2023.10224970","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224970","url":null,"abstract":"Vulnerability patch management is one of IT orga-nizations' most complex issues due to the increasing number of publicly known vulnerabilities and explicit patch deadlines for compliance. Patch management requires human involvement in testing, deploying, and verifying the patch and its potential side effects. Hence, there is a need to automate the patch management procedure to keep the patch deadline with a limited number of available experts. This study proposed and implemented an automated patch management procedure to address mentioned challenges. The method also includes logic to automatically handle errors that might occur in patch deployment and ver-ification. Moreover, the authors added an automated review step before patch management to adjust the patch prioritization list if multiple cumulative patches or dependencies are detected. The result indicated that our method reduced the need for human intervention, increased the ratio of successfully patched vulnerabilities, and decreased the execution time of vulnerability risk management.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"15 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124070094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信
小红书