发布求助
文献互助 智能选刊 最新文献

2023 IEEE International Conference on Cyber Security and Resilience (CSR)最新文献

筛选
英文 中文
Key Update for the IoT Security Standard OSCORE 物联网安全标准OSCORE密钥更新
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10225002
Rikard Höglund, Marco Tiloca, S. Bouget, S. Raza
{"title":"Key Update for the IoT Security Standard OSCORE","authors":"Rikard Höglund, Marco Tiloca, S. Bouget, S. Raza","doi":"10.1109/CSR57506.2023.10225002","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10225002","url":null,"abstract":"The standard Constrained Application Protocol (CoAP) is a lightweight, web-transfer protocol based on the REST paradigm and specifically suitable for constrained devices and the Internet-of-Things. Object Security for Constrained RESTful Environment (OSCORE) is a standard, lightweight security protocol that provides end-to-end protection of CoAP messages. A number of methods exist for managing keying material for OSCORE, as to its establishment and update. This paper provides a detailed comparison of such methods, in terms of their features, limitations and security properties. Also, it especially considers the new key update protocol KUDOS, for which it provides a more extended discussion about its features and mechanics, as well as a formal verification of its security properties.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"82 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122691615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Semi-automatic Approach for Enhancing the Quality of Automatically Generated Inventories 一种提高自动生成库存质量的半自动方法
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10225003
Silvia Bonomi, Marco Cuoci, S. Lenti
{"title":"A Semi-automatic Approach for Enhancing the Quality of Automatically Generated Inventories","authors":"Silvia Bonomi, Marco Cuoci, S. Lenti","doi":"10.1109/CSR57506.2023.10225003","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10225003","url":null,"abstract":"Inventories are precious sources of information for security-related processes. As a consequence, the quality of the data in the inventories plays a crucial role in the overall quality of the fed processes. This paper takes this challenge and provides heuristics to improve the accuracy of automatically generated inventories through a semi-automatic approach leveraging user knowledge.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125166785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Algorithm for simplifying the SHA-256 operations tree SHA-256操作树的简化算法
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224939
Andrey O. Plotnikov, A. Levina
{"title":"Algorithm for simplifying the SHA-256 operations tree","authors":"Andrey O. Plotnikov, A. Levina","doi":"10.1109/CSR57506.2023.10224939","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224939","url":null,"abstract":"- The article offers an algorithm for simplification of Boolean operations tree, which is obtained as a result of analyzing the execution of the SHA-256 hash function. The main idea of the algorithm is that we can reduce the size of the tree by replacing non-optimal Boolean subexpressions with smaller ones. This algorithm can later be used for cryptanalysis of the JSON Web Token protocol as an auxiliary tool that can simplify the search for the key. As a result, we will show that such operations trees can be significantly reduced with offered algorithm.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121931211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting Internal Reconnaissance Behavior Through Classification of Command Collections 通过命令集合分类检测内部侦察行为
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224951
Luke Vandenberghe, H. M. Koduvely, Maria Pospelova
{"title":"Detecting Internal Reconnaissance Behavior Through Classification of Command Collections","authors":"Luke Vandenberghe, H. M. Koduvely, Maria Pospelova","doi":"10.1109/CSR57506.2023.10224951","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224951","url":null,"abstract":"Internal reconnaissance is the adversarial mechanism of obtaining information about an infiltrated system or network. A common method used by the adversary to acquire this information is through the execution command-line utilities. Presently, only rule-based techniques have been operationalized to directly detect this internal reconnaissance behavior. There is significant overlap between the commands entered by adversaries for this task and commands frequently issued by typical users for legitimate tasks. Deterministic detection approaches have difficulties distinguishing between internal reconnaissance and legitimate command-line behavior that fall in this overlap, resulting in high false positives rates. To more effectively distinguish the internal reconnaissance a behavior, stochastic techniques can be employed. This paper proposes a machine learning approach to detect internal reconnaissance through binary classification of command collections. It considers two learning methods namely latent Dirichlet allocation (LDA) and long short-term memory (LSTM) and shows that both outperforms state of the art methods.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126890503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Attacking a packet Analyzer: Caronte case study 攻击数据包分析器:Caronte案例研究
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224918
D. Granata, M. Rak, Francesco Grimaldi
{"title":"Attacking a packet Analyzer: Caronte case study","authors":"D. Granata, M. Rak, Francesco Grimaldi","doi":"10.1109/CSR57506.2023.10224918","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224918","url":null,"abstract":"Nowadays it is common the adoption of network traffic analysis tools as a protection against possible cyberattacks, but Attackers have become increasingly skilled at building more and more complex attacks in order to avoid IDS/IPS action, typically through the adoption of evasion that hides attacks to the monitoring system. In this paper, we test an innovative idea to build attacks, that relies on the idea of carrying out attacks against a specific component of IDS/IPS, the packet analyzers, in order to make it (at least temporarily) unavailable, hiding possible attacks against the services. In order to explore the feasibility of the approach, we focused on a particular usage example: the network traffic analysis performed during the attack/defence Capture the Flag (CTF), a cybersecurity competition where different teams attempt to find vulnerabilities in services run by the opposing team, fix them and build exploits to perform attacks. It is worth noticing that such a scenario enabled us even to work in a protected context, avoiding producing attacks that can be exploited in a production environment. Accordingly, outlining that the state of the art shows a lack of results with respect to the proposed approach we performed a security assessment of the chosen tools and demonstrated the feasibility of the approach, concluding that these attack patterns should be taken into consideration when building a protection system.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133406609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A PUF Based on the Non-Linearity of Memristors 基于忆阻器非线性的PUF
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224980
Callum Aitchison, Basel Halak, Alexander Serb, T. Prodromakis
{"title":"A PUF Based on the Non-Linearity of Memristors","authors":"Callum Aitchison, Basel Halak, Alexander Serb, T. Prodromakis","doi":"10.1109/CSR57506.2023.10224980","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224980","url":null,"abstract":"As autonomous devices are increasingly used in security and safety-critical applications the security of the systems they comprise is of increasing concern. In such situations it is important that devices can be securely identified and trusted. When an IC or device is in the supply chain, or in the field, the lack of control over actors who can obtain physical access can compromise the trust and overall security of a system. Counterfeit chips may be incorporated into the device, compromising reliability or security. Additionally, for implemented devices, keys stored on-device may be copied by a bad actor. To help improve the security of such devices this paper proposes a new physical unclonable function (PUF) architecture, based on a TiOx memristor-based resistive memory (RRAM), that exploits the inherent analogue non-linearity in resistance of some memristor technologies. By directly exploiting non-linearity of memristor cells, rather than relying on the devices' absolute resistance at a single test voltage, a multi-bit-per-comparison PUF is created. As the architecture directly exploits cells' non-linearity, an additional source of hard-to-clone entropy is incorporated.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130386931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
RoG§: A Pipeline for Automated Sensitive Data Identification and Anonymisation 一种自动敏感数据识别和匿名化的管道
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224962
Sotirios Nikoletos, S. Vlachos, Efstathios Zaragkas, C. Vassilakis, Christos Tryfonopoulos, Paraskevi Raftopoulou
{"title":"RoG§: A Pipeline for Automated Sensitive Data Identification and Anonymisation","authors":"Sotirios Nikoletos, S. Vlachos, Efstathios Zaragkas, C. Vassilakis, Christos Tryfonopoulos, Paraskevi Raftopoulou","doi":"10.1109/CSR57506.2023.10224962","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224962","url":null,"abstract":"Nowadays, the amount of data available online is constantly increasing. This data may contain sensitive or private information that can expose the person behind the data or be misused by malicious actors for identity theft, stalking, and other nefarious purposes. There is thus, a growing need to protect individuals' privacy and prevent data breaches in several application domains. Protecting data privacy though, is a complex and multifaceted issue that involves a range of legal, ethical, and technical considerations. In this paper, we discuss the challenges associated with data protection, the role of automated tools, and the effectiveness of identifying and anonymising sensitive data. We then, propose a fully-automated process for sensitive data identification and anonymisation, based on Natural Language Processing (NLP) techniques, that can be applied both in big diverse datasets and to a wide range of domains.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130590444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
stealthML: Data-driven Malware for Stealthy Data Exfiltration stealthML:数据驱动的恶意软件,用于隐形数据泄露
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224946
Key-whan Chung, Phuong Cao, Z. Kalbarczyk, Ravishankar K. Iyer
{"title":"stealthML: Data-driven Malware for Stealthy Data Exfiltration","authors":"Key-whan Chung, Phuong Cao, Z. Kalbarczyk, Ravishankar K. Iyer","doi":"10.1109/CSR57506.2023.10224946","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224946","url":null,"abstract":"The use of machine learning methods have been actively studied to detect and mitigate the consequences of malicious attacks. However, this sophisticated technology can become a threat when it falls into the wrong hands. This paper describes a new class of malware that employs machine learning to autonomously infer when and how to trigger an attack payload to maximize impact while minimizing attack traces. We designed, implemented, and demonstrated a smart malware that monitors the realtime network traffic flow of the victim system, analyzes the collected traffic data to forecast traffic and identify the most opportune time to trigger data extraction, and optimizes its strategy in planning the data exfiltration to minimize traces that might reveal the malware's presence.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126606549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Open Sharing Method for Digital Heritage Assets Based on Self-Sovereign Identity Technology 基于自主权身份技术的数字遗产资产开放共享方法
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224909
Jiali Zhu, Zhenxin Wu
{"title":"An Open Sharing Method for Digital Heritage Assets Based on Self-Sovereign Identity Technology","authors":"Jiali Zhu, Zhenxin Wu","doi":"10.1109/CSR57506.2023.10224909","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224909","url":null,"abstract":"To address the issues of ownership and trustworthiness that are prevalent in the flow of Digital Heritage Assets(DHAs), this study proposes a method for DHA open sharing based on self-sovereign identity technology. Through decentralized identifier technology and blockchain technology, the trusted identity registration and verification of a participating subject are realized; through verifiable credential technology, the registration and flow of a DHA are realized; through verifiable credential technology and digital signature technology, the access and trustworthiness verification of a DHA are realized. This method can guarantee the trustworthiness of the identity of a participating subject, maintain the ownership attribution and trustworthiness of a DHA in the flow, and ultimately promote the scope and efficiency of DHA open sharing.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"129 37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115015838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Small Satellite System Modeling for Vulnerability Analysis 基于脆弱性分析的小卫星系统建模
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224948
Kyle Murbach, Tommy Morris, Fred Wiersig, Jeffery Golden
{"title":"Small Satellite System Modeling for Vulnerability Analysis","authors":"Kyle Murbach, Tommy Morris, Fred Wiersig, Jeffery Golden","doi":"10.1109/CSR57506.2023.10224948","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224948","url":null,"abstract":"The proliferation of ride-share rocket launches and decrease in the overall cost of sending payloads to space due to recent successes in the private space industry has made small satellite systems a cost effective and time-efficient method to put research vehicles in space. Inherent small satellite system functions are investigated to inform the development of a small satellite system model. This small satellite system model is developed using Raspberry Pis and other components commonly found in small satellite systems launched to space. This small satellite system is then tested and analyzed for potential vulnerabilities. A proof-of-concept Man-in-the-Middle attack is successfully executed against the small satellite system model that was developed. The small satellite system model provides a baseline testing system for small satellite designers, developers, and security researchers to improve the overall security posture of these small satellites that are launched into space.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115103016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信