发布求助
文献互助 智能选刊 最新文献

Proceedings of the 32nd Annual Conference on Computer Security Applications最新文献

筛选
英文 中文
You can promote, but you can't hide: large-scale abused app detection in mobile app stores 你可以推广,但你不能隐藏:手机应用商店中大规模滥用应用检测
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991099
Z. Xie, Sencun Zhu, Qing Li, Wenjing Wang
{"title":"You can promote, but you can't hide: large-scale abused app detection in mobile app stores","authors":"Z. Xie, Sencun Zhu, Qing Li, Wenjing Wang","doi":"10.1145/2991079.2991099","DOIUrl":"https://doi.org/10.1145/2991079.2991099","url":null,"abstract":"Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121080558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
LMP
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991089
Wei Huang, Zhen Huang, Dhaval Miyani, D. Lie
{"title":"LMP","authors":"Wei Huang, Zhen Huang, Dhaval Miyani, D. Lie","doi":"10.1145/2991079.2991089","DOIUrl":"https://doi.org/10.1145/2991079.2991089","url":null,"abstract":"Despite a long history and numerous proposed defenses, memory corruption attacks are still viable. A secure and low-overhead defense against return-oriented programming (ROP) continues to elude the security community. Currently proposed solutions still must choose between either not fully protecting critical data and relying instead on information hiding, or using incomplete, coarse-grain checking that can be circumvented by a suitably skilled attacker. In this paper, we present a light-weighted memory protection approach (LMP) that uses Intel's MPX hardware extensions to provide complete, fast ROP protection without having to rely in information hiding. We demonstrate a prototype that defeats ROP attacks while incurring an average runtime overhead of 3.9%.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124913772","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Adaptive encrypted traffic fingerprinting with bi-directional dependence 双向依赖自适应加密流量指纹
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991123
K. Al-Naami, Swarup Chandra, A. M. Mustafa, L. Khan, Zhiqiang Lin, Kevin W. Hamlen, B. Thuraisingham
{"title":"Adaptive encrypted traffic fingerprinting with bi-directional dependence","authors":"K. Al-Naami, Swarup Chandra, A. M. Mustafa, L. Khan, Zhiqiang Lin, Kevin W. Hamlen, B. Thuraisingham","doi":"10.1145/2991079.2991123","DOIUrl":"https://doi.org/10.1145/2991079.2991123","url":null,"abstract":"Recently, network traffic analysis has been increasingly used in various applications including security, targeted advertisements, and network management. However, data encryption performed on network traffic poses a challenge to these analysis techniques. In this paper, we present a novel method to extract characteristics from encrypted traffic by utilizing data dependencies that occur over sequential transmissions of network packets. Furthermore, we explore the temporal nature of encrypted traffic and introduce an adaptive model that considers changes in data content over time. We evaluate our analysis on two packet encrypted applications: website fingerprinting and mobile application (app) fingerprinting. Our evaluation shows how the proposed approach outperforms previous works especially in the open-world scenario and when defense mechanisms are considered.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125260434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
Efficient, adversarial neighbor discovery using logical channels on Microsoft Azure 使用Microsoft Azure上的逻辑通道进行高效、对抗性的邻居发现
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991113
Mehmet Sinan Inci, Gorka Irazoqui Apecechea, T. Eisenbarth, B. Sunar
{"title":"Efficient, adversarial neighbor discovery using logical channels on Microsoft Azure","authors":"Mehmet Sinan Inci, Gorka Irazoqui Apecechea, T. Eisenbarth, B. Sunar","doi":"10.1145/2991079.2991113","DOIUrl":"https://doi.org/10.1145/2991079.2991113","url":null,"abstract":"We introduce an effective technique that exploits logical channels for malicious co-location and target identification on Microsoft Azure cloud instances. Specifically, we employ-two co-location scenarios: targeted co-location with a specific victim or co-location with subsequent identification of victims of interest. We develop a novel, noise-resistant co-location detection method through the network channel that provides fast, reliable results with no cooperation from the victim. Also, our method does not require access to the victim instance neither as a legitimate user nor a malicious attacker. The efficacy of the proposed technique enables practical QoS degradation attacks which are easy and cheap to implement yet hard to discover. The slightest performance degradation in web interfaces or time critical applications can result in significant financial losses. To this end, we show that once co-located, a malicious instance can use memory bus locking to render the victim server unusable to the customers. This work underlines the need for cloud service providers to apply stronger isolation techniques.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129748290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Life-experience passwords (LEPs) 生活体验密码(LEPs)
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991107
Simon S. Woo, E. Kaiser, Ron Artstein, J. Mirkovic
{"title":"Life-experience passwords (LEPs)","authors":"Simon S. Woo, E. Kaiser, Ron Artstein, J. Mirkovic","doi":"10.1145/2991079.2991107","DOIUrl":"https://doi.org/10.1145/2991079.2991107","url":null,"abstract":"Passwords are widely used for user authentication, but they are often difficult for a user to recall, easily cracked by automated programs and heavily reused. Security questions are also used for secondary authentication. They are more memorable than passwords, but are very easily guessed. We propose a new authentication mechanism, called \"life-experience passwords (LEPs),\" which outperforms passwords and security questions, both at recall and at security. Each LEP consists of several facts about a user-chosen past experience, such as a trip, a graduation, a wedding, etc. At LEP creation, the system extracts these facts from the user's input and transforms them into questions and answers. At authentication, the system prompts the user with questions and matches her answers with the stored ones. In this paper we propose two LEP designs, and evaluate them via user studies. We further compare LEPs to passwords, and find that: (1) LEPs are 30--47 bits stronger than an ideal, randomized, 8-character password, (2) LEPs are up to 3x more memorable, and (3) LEPs are reused half as often as passwords. While both LEPs and security questions use personal experiences for authentication, LEPs use several questions, which are closely tailored to each user. This increases LEP security against guessing attacks. In our evaluation, only 0.7% of LEPs were guessed by friends, while prior research found that friends could guess 17--25% of security questions. LEPs also contained a very small amount of sensitive or fake information. All these qualities make LEPs a promising, new authentication approach.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134253345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Spicy: a unified deep packet inspection framework for safely dissecting all your data Spicy:一个统一的深度包检测框架,用于安全剖析您的所有数据
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991100
Robin Sommer, J. Amann, Seth Hall
{"title":"Spicy: a unified deep packet inspection framework for safely dissecting all your data","authors":"Robin Sommer, J. Amann, Seth Hall","doi":"10.1145/2991079.2991100","DOIUrl":"https://doi.org/10.1145/2991079.2991100","url":null,"abstract":"Deep packet inspection systems (DPI) process wire format network data from untrusted sources, collecting semantic information from a variety of protocols and file formats as they work their way upwards through the network stack. However, implementing corresponding dissectors for the potpourri of formats that today's networks carry, remains time-consuming and cumbersome, and also poses fundamental security challenges. We introduce a novel framework, Spicy, for dissecting wire format data that consists of (i) a format specification language that tightly integrates syntax and semantics; (ii) a compiler toolchain that generates efficient and robust native dissector code from these specifications just-in-time; and (iii) an extensive API for DPI applications to drive the process and leverage results. Furthermore, Spicy can reverse the process as well, assembling wire format from the high-level specifications. We pursue a number of case studies that show-case dissectors for network protocols and file formats---individually, as well as chained into a dynamic stack that processes raw packets up to application-layer content. We also demonstrate a number of example host applications, from a generic driver program to integration into Wireshark and Bro. Overall, this work provides a new capability for developing powerful, robust, and reusable dissectors for DPI applications. We publish Spicy as open-source under BSD license.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124709685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Location-enhanced authentication using the IoT: because you cannot be in two places at once 使用物联网的位置增强身份验证:因为你不能同时在两个地方
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991090
Ioannis Agadakos, Per A. Hallgren, D. Damopoulos, A. Sabelfeld, G. Portokalidis
{"title":"Location-enhanced authentication using the IoT: because you cannot be in two places at once","authors":"Ioannis Agadakos, Per A. Hallgren, D. Damopoulos, A. Sabelfeld, G. Portokalidis","doi":"10.1145/2991079.2991090","DOIUrl":"https://doi.org/10.1145/2991079.2991090","url":null,"abstract":"User location can act as an additional factor of authentication in scenarios where physical presence is required, such as when making in-person purchases or unlocking a vehicle. This paper proposes a novel approach for estimating user location and modeling user movement using the Internet of Things (IoT). Our goal is to utilize its scale and diversity to estimate location more robustly, than solutions based on smartphones alone, and stop adversaries from using compromised user credentials (e.g., stolen keys, passwords, etc.), when sufficient evidence physically locates them elsewhere. To locate users, we leverage the increasing number of IoT devices carried and used by them and the smart environments that observe these devices. We also exploit the ability of many IoT devices to \"sense\" the user. To demonstrate our approach, we build a system, called Icelus. Our experiments with it show that it exhibits a smaller false-rejection rate than smartphone-based location-based authentication (LBA) and it rejects attackers with few errors (i.e., false acceptances).","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128207302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Bootstrapping and maintaining trust in the cloud 引导和维护对云的信任
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991104
N. Schear, Patrick T. Cable, Thomas Moyer, Bryan Richard, Robert Rudd
{"title":"Bootstrapping and maintaining trust in the cloud","authors":"N. Schear, Patrick T. Cable, Thomas Moyer, Bryan Richard, Robert Rudd","doi":"10.1145/2991079.2991104","DOIUrl":"https://doi.org/10.1145/2991079.2991104","url":null,"abstract":"Today's infrastructure as a service (IaaS) cloud environments rely upon full trust in the provider to secure applications and data. Cloud providers do not offer the ability to create hardware-rooted cryptographic identities for IaaS cloud resources or sufficient information to verify the integrity of systems. Trusted computing protocols and hardware like the TPM have long promised a solution to this problem. However, these technologies have not seen broad adoption because of their complexity of implementation, low performance, and lack of compatibility with virtualized environments. In this paper we introduce keylime, a scalable trusted cloud key management system. keylime provides an end-to-end solution for both bootstrapping hardware rooted cryptographic identities for IaaS nodes and for system integrity monitoring of those nodes via periodic attestation. We support these functions in both bare-metal and virtualized IaaS environments using a virtual TPM. keylime provides a clean interface that allows higher level security services like disk encryption or configuration management to leverage trusted computing without being trusted computing aware. We show that our bootstrapping protocol can derive a key in less than two seconds, we can detect system integrity violations in as little as 110ms, and that keylime can scale to thousands of IaaS cloud nodes.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129352823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Cypider: building community-based cyber-defense infrastructure for android malware detection cyider:为android恶意软件检测构建基于社区的网络防御基础设施
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991124
E. Karbab, M. Debbabi, A. Derhab, D. Mouheb
{"title":"Cypider: building community-based cyber-defense infrastructure for android malware detection","authors":"E. Karbab, M. Debbabi, A. Derhab, D. Mouheb","doi":"10.1145/2991079.2991124","DOIUrl":"https://doi.org/10.1145/2991079.2991124","url":null,"abstract":"The popularity of Android OS has dramatically increased malware apps targeting this mobile OS. The daily amount of malware has overwhelmed the detection process. This fact has motivated the need for developing malware detection and family attribution solutions with the least manual intervention. In response, we propose Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building an efficient and scalable similarity network infrastructure of malicious apps. Our detection method is based on a novel concept, namely malicious community, in which we consider, for a given family, the instances that share common features. Under this concept, we assume that multiple similar Android apps with different authors are most likely to be malicious. Cypider leverages this assumption for the detection of variants of known malware families and zero-day malware. It is important to mention that Cypider does not rely on signature-based or learning-based patterns. Alternatively, it applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious and most likely malicious communities. Furthermore, we propose a novel fingerprinting technique, namely community fingerprint, based on a learning model for each malicious community. Cypider shows excellent results by detecting about 50% of the malware dataset in one detection iteration. Besides, the preliminary results of the community fingerprint are promising as we achieved 87% of the detection.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127011403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
HERCULE: attack story reconstruction via community discovery on correlated log graph HERCULE:在相关日志图上通过社区发现重构攻击故事
Proceedings of the 32nd Annual Conference on Computer Security Applications Pub Date : 2016-12-05 DOI: 10.1145/2991079.2991122
Kexin Pei, Zhongshu Gu, Brendan Saltaformaggio, Shiqing Ma, Fei Wang, Zhiwei Zhang, Luo Si, X. Zhang, Dongyan Xu
{"title":"HERCULE: attack story reconstruction via community discovery on correlated log graph","authors":"Kexin Pei, Zhongshu Gu, Brendan Saltaformaggio, Shiqing Ma, Fei Wang, Zhiwei Zhang, Luo Si, X. Zhang, Dongyan Xu","doi":"10.1145/2991079.2991122","DOIUrl":"https://doi.org/10.1145/2991079.2991122","url":null,"abstract":"Advanced cyber attacks consist of multiple stages aimed at being stealthy and elusive. Such attack patterns leave their footprints spatio-temporally dispersed across many different logs in victim machines. However, existing log-mining intrusion analysis systems typically target only a single type of log to discover evidence of an attack and therefore fail to exploit fundamental inter-log connections. The output of such single-log analysis can hardly reveal the complete attack story for complex, multi-stage attacks. Additionally, some existing approaches require heavyweight system instrumentation, which makes them impractical to deploy in real production environments. To address these problems, we present HERCULE, an automated multi-stage log-based intrusion analysis system. Inspired by graph analytics research in social network analysis, we model multi-stage intrusion analysis as a community discovery problem. HERCULE builds multi-dimensional weighted graphs by correlating log entries across multiple lightweight logs that are readily available on commodity systems. From these, HERCULE discovers any \"attack communities\" embedded within the graphs. Our evaluation with 15 well known APT attack families demonstrates that HERCULE can reconstruct attack behaviors from a spectrum of cyber attacks that involve multiple stages with high accuracy and low false positive rates.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"87 26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126303433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 119
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信