Biblio

Filters: Author is Kang, H.  [Clear All Filters]
2019-04-05
Bapat, R., Mandya, A., Liu, X., Abraham, B., Brown, D. E., Kang, H., Veeraraghavan, M..  2018.  Identifying Malicious Botnet Traffic Using Logistic Regression. 2018 Systems and Information Engineering Design Symposium (SIEDS). :266-271.

An important source of cyber-attacks is malware, which proliferates in different forms such as botnets. The botnet malware typically looks for vulnerable devices across the Internet, rather than targeting specific individuals, companies or industries. It attempts to infect as many connected devices as possible, using their resources for automated tasks that may cause significant economic and social harm while being hidden to the user and device. Thus, it becomes very difficult to detect such activity. A considerable amount of research has been conducted to detect and prevent botnet infestation. In this paper, we attempt to create a foundation for an anomaly-based intrusion detection system using a statistical learning method to improve network security and reduce human involvement in botnet detection. We focus on identifying the best features to detect botnet activity within network traffic using a lightweight logistic regression model. The network traffic is processed by Bro, a popular network monitoring framework which provides aggregate statistics about the packets exchanged between a source and destination over a certain time interval. These statistics serve as features to a logistic regression model responsible for classifying malicious and benign traffic. Our model is easy to implement and simple to interpret. We characterized and modeled 8 different botnet families separately and as a mixed dataset. Finally, we measured the performance of our model on multiple parameters using F1 score, accuracy and Area Under Curve (AUC).

2018-05-30
Liu, Y., Li, R., Liu, X., Wang, J., Tang, C., Kang, H..  2017.  Enhancing Anonymity of Bitcoin Based on Ring Signature Algorithm. 2017 13th International Conference on Computational Intelligence and Security (CIS). :317–321.

Bitcoin is a decentralized digital currency, widely used for its perceived anonymity property, and has surged in popularity in recent years. Bitcoin publishes the complete transaction history in a public ledger, under pseudonyms of users. This is an alternative way to prevent double-spending attack instead of central authority. Therefore, if pseudonyms of users are attached to their identities in real world, the anonymity of Bitcoin will be a serious vulnerability. It is necessary to enhance anonymity of Bitcoin by a coin mixing service or other modifications in Bitcoin protocol. But in a coin mixing service, the relationship among input and output addresses is not hidden from the mixing service provider. So the mixing server still has the ability to track the transaction records of Bitcoin users. To solve this problem, We present a new coin mixing scheme to ensure that the relationship between input and output addresses of any users is invisible for the mixing server. We make use of a ring signature algorithm to ensure that the mixing server can't distinguish specific transaction from all these addresses. The ring signature ensures that a signature is signed by one of its users in the ring and doesn't leak any information about who signed it. Furthermore, the scheme is fully compatible with existing Bitcoin protocol and easily to scale for large amount of users.