发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics最新文献

筛选
英文 中文
Towards Automatic Identification of JavaScript-oriented Machine-Based Tracking 面向javascript的机器跟踪自动识别研究
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875479
Andrew J. Kaizer, Minaxi Gupta
{"title":"Towards Automatic Identification of JavaScript-oriented Machine-Based Tracking","authors":"Andrew J. Kaizer, Minaxi Gupta","doi":"10.1145/2875475.2875479","DOIUrl":"https://doi.org/10.1145/2875475.2875479","url":null,"abstract":"Machine-based tracking is a type of behavior that extracts information on a user's machine, which can then be used for fingerprinting, tracking, or profiling purposes. In this paper, we focus on JavaScript-oriented machine-based tracking as JavaScript is widely accessible in all browsers. We find that coarse features related to JavaScript access, cookie access, and URL length subdomain information can perform well in creating a classifier that can identify these machine-based trackers with 97.7% accuracy. We then use the classifier on real-world datasets based on 30-minute website crawls of different types of websites -- including websites that target children and websites that target a popular audience -- and find 85%+ of all websites utilize machine-based tracking, even when they target a regulated group (children) as their primary audience.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127342136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification 基于分形维数的机器学习分类检测高级持续威胁
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875484
S. Siddiqui, Muhammad Salman Khan, K. Ferens, W. Kinsner
{"title":"Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification","authors":"S. Siddiqui, Muhammad Salman Khan, K. Ferens, W. Kinsner","doi":"10.1145/2875475.2875484","DOIUrl":"https://doi.org/10.1145/2875475.2875484","url":null,"abstract":"Advanced Persistent Threats (APTs) are a new breed of internet based smart threats, which can go undetected with the existing state of-the-art internet traffic monitoring and protection systems. With the evolution of internet and cloud computing, a new generation of smart APT attacks has also evolved and signature based threat detection systems are proving to be futile and insufficient. One of the essential strategies in detecting APTs is to continuously monitor and analyze various features of a TCP/IP connection, such as the number of transferred packets, the total count of the bytes exchanged, the duration of the TCP/IP connections, and details of the number of packet flows. The current threat detection approaches make extensive use of machine learning algorithms that utilize statistical and behavioral knowledge of the traffic. However, the performance of these algorithms is far from satisfactory in terms of reducing false negatives and false positives simultaneously. Mostly, current algorithms focus on reducing false positives, only. This paper presents a fractal based anomaly classification mechanism, with the goal of reducing both false positives and false negatives, simultaneously. A comparison of the proposed fractal based method with a traditional Euclidean based machine learning algorithm (k-NN) shows that the proposed method significantly outperforms the traditional approach by reducing false positive and false negative rates, simultaneously, while improving the overall classification rates.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115326865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection 获取和分析有效移动恶意软件检测的应用参数
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875481
G. Canfora, Eric Medvet, F. Mercaldo, C. A. Visaggio
{"title":"Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection","authors":"G. Canfora, Eric Medvet, F. Mercaldo, C. A. Visaggio","doi":"10.1145/2875475.2875481","DOIUrl":"https://doi.org/10.1145/2875475.2875481","url":null,"abstract":"Android malware is becoming very effective in evading detection techniques, and traditional malware detection techniques are demonstrating their weaknesses. Signature based detection shows at least two drawbacks: first, the detection is possible only after the malware has been identified, and the time needed to produce and distribute the signature provides attackers with window of opportunities for spreading the malware in the wild. For solving this problem, different approaches that try to characterize the malicious behavior through the invoked system and API calls emerged. Unfortunately, several evasion techniques have proven effective to evade detection based on system and API calls. In this paper, we propose an approach for capturing the malicious behavior in terms of device resource consumption (using a thorough set of features), which is much more difficult to camouflage. We describe a procedure, and the corresponding practical setting, for extracting those features with the aim of maximizing their discriminative power. Finally, we describe the promising results we obtained experimenting on more than 2000 applications, on which our approach exhibited an accuracy greater than 99%.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124411346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 56
Malware Detection Using Dynamic Birthmarks 恶意软件检测使用动态胎记
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875476
Swapna Vemparala, Fabio Di Troia, C. A. Visaggio, Thomas H. Austin, M. Stamp
{"title":"Malware Detection Using Dynamic Birthmarks","authors":"Swapna Vemparala, Fabio Di Troia, C. A. Visaggio, Thomas H. Austin, M. Stamp","doi":"10.1145/2875475.2875476","DOIUrl":"https://doi.org/10.1145/2875475.2875476","url":null,"abstract":"In this paper, we compare the effectiveness of Hidden Markov Models (HMMs) with that of Profile Hidden Markov Models (PHMMs), where both are trained on sequences of API calls. We compare our results to static analysis using HMMs trained on sequences of opcodes, and show that dynamic analysis achieves significantly stronger results in many cases. Furthermore, in comparing our two dynamic analysis approaches, we find that using PHMMs consistently outperforms our technique based on HMMs.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133588890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
Session details: Keynote Session 会议详情:主题会议
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/3255947
Rakesh M. Verma
{"title":"Session details: Keynote Session","authors":"Rakesh M. Verma","doi":"10.1145/3255947","DOIUrl":"https://doi.org/10.1145/3255947","url":null,"abstract":"","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128366888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Industrial Session 会话详细信息:Industrial Session
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/3255948
Lila Ghemri
{"title":"Session details: Industrial Session","authors":"Lila Ghemri","doi":"10.1145/3255948","DOIUrl":"https://doi.org/10.1145/3255948","url":null,"abstract":"","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"307 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131848097","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Data Driven Data Center Network Security 数据驱动的数据中心网络安全
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875490
V. Jeyakumar, Omid Madani, Ali ParandehGheibi, Navindra Yadav
{"title":"Data Driven Data Center Network Security","authors":"V. Jeyakumar, Omid Madani, Ali ParandehGheibi, Navindra Yadav","doi":"10.1145/2875475.2875490","DOIUrl":"https://doi.org/10.1145/2875475.2875490","url":null,"abstract":"Large scale datacenters are becoming the compute and data platform of large enterprises, but their scale makes them difficult to secure applications running within. We motivate this setting using a real world complex scenario, and propose a data-driven approach to taming this complexity. We discuss several machine learning problems that arise, in particular focusing on inducing so-called whitelist communication policies, from observing masses of communications among networked computing nodes. Briefly, a whitelist policy specifies which machine, or groups of machines, can talk to which. We present some of the challenges and opportunities, such as noisy and incomplete data, non-stationarity, lack of supervision, challenges of evaluation, and describe some of the approaches we have found promising.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"128 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134619855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Clone or Relative?: Understanding the Origins of Similar Android Apps 克隆还是亲戚?:了解类似Android应用的起源
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875480
Y. Ishii, Takuya Watanabe, Mitsuaki Akiyama, Tatsuya Mori
{"title":"Clone or Relative?: Understanding the Origins of Similar Android Apps","authors":"Y. Ishii, Takuya Watanabe, Mitsuaki Akiyama, Tatsuya Mori","doi":"10.1145/2875475.2875480","DOIUrl":"https://doi.org/10.1145/2875475.2875480","url":null,"abstract":"Since it is not hard to repackage an Android app, there are many cloned apps, which we call clones in this work. As previous studies have reported, clones are generated for bad purposes by malicious parties, e.g., adding malicious functions, injecting/replacing advertising modules, and piracy. Besides such clones, there are legitimate, similar apps, which we call \"relatives\" in this work. These relatives are not clones but are similar in nature; i.e., they are generated by the same app-building service or by the same developer using a same template. Given these observations, this paper aims to answer the following two research questions: (RQ1) How can we distinguish between clones and relatives? (RQ2) What is the breakdown of clones and relatives in the official and third-party marketplaces? To answer the first research question, we developed a scalable framework called APPraiser that systematically extracts similar apps and classifies them into clones and relatives. We note that our key algorithms, which leverage sparseness of the data, have the time complexity of O(n) in practice. To answer the second research question, we applied the APPraiser framework to the over 1.3 millions of apps collected from official and third-party marketplaces. Our analysis revealed the following findings: In the official marketplace, 79% of similar apps were attributed to relatives while, in the third-party marketplace, 50% of similar apps were attributed to clones. The majority of relatives are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the clones that were originally published in the official market, 76% of them are malware.To the best of our knowledge, this is the first work that clarified the breakdown of \"similar\" Android apps, and quantified their origins using a huge dataset equivalent to the size of official market.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125613233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Security Analytics in the Context of Adversarial Machine Learning 对抗性机器学习背景下的安全分析
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875488
J. D. Tygar
{"title":"Security Analytics in the Context of Adversarial Machine Learning","authors":"J. D. Tygar","doi":"10.1145/2875475.2875488","DOIUrl":"https://doi.org/10.1145/2875475.2875488","url":null,"abstract":"Bio Doug Tygar is Professor of Computer Science at UC Berkeley and also a Professor of Information Management at UC Berkeley. He works in the areas of computer security, privacy, and electronic commerce. His current research includes privacy, security issues in sensor webs, digital rights management, and usable computer security. His awards include a National Science Foundation Presidential Young Investigator Award, an Okawa Foundation Fellowship, a teaching award from Carnegie Mellon, and invited keynote addresses at PODC, PODS, VLDB, and many other conferences.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127839076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Countering Phishing from Brands' Vantage Point 从品牌的制高点打击网络钓鱼
Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics Pub Date : 2016-03-11 DOI: 10.1145/2875475.2875478
V. Bulakh, Minaxi Gupta
{"title":"Countering Phishing from Brands' Vantage Point","authors":"V. Bulakh, Minaxi Gupta","doi":"10.1145/2875475.2875478","DOIUrl":"https://doi.org/10.1145/2875475.2875478","url":null,"abstract":"Most anti-phishing solutions that exist today require scanning a large portion of the web, which is vast and equivalent to finding a needle in a haystack. In addition, such solutions are not very efficient. We propose a different approach. Our solution does not rely on the scanning of the entire Internet or a large portion of it and only needs access to the brand's traffic in order to be able to detect phishing attempts against that brand. By analyzing a sample of phishing websites, we find features that can be used to distinguish phishing websites from the legitimate ones. We then use these features to train a machine learning classifier capable of helping brands detect phishing attempts against them. Our approach can detect up to 86% of phishing attacks against the brands and is best used as a complementary tool to the existing anti-phishing solutions.","PeriodicalId":393015,"journal":{"name":"Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114498658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信