Biblio

A new Domain Name System (DNS) cache poisoning attack aiming at clients has emerged recently. It induced cloud users to visit fake web sites and thus reveal information such as account passwords. However, the design of current DNS defense architecture does not formally consider the protection of clients. Although the DNS traffic encryption technology can alleviate this new attack, its deployment is as slow as the new DNS architecture. Thus we propose a lightweight adaptive intelligent defense strategy, which only needs to be deployed on the client without any configuration support of DNS. Firstly, we model the attack and defense process as a static stochastic game with incomplete information under bounded rationality conditions. Secondly, to solve the problem caused by uncertain attack strategies and large quantities of game states, we adopt a deep reinforcement learning (DRL) with guaranteed monotonic improvement. Finally, through the prototype system experiment in Alibaba Cloud, the effectiveness of our method is proved against multiple attack modes with a success rate of 97.5% approximately.

Android kernel fuzzing is a research area of interest specifically for detecting kernel vulnerabilities which may allow attackers to obtain the root privilege. The number of Android mobile phones is increasing rapidly with the explosive growth of Android kernel drivers. Interface aware fuzzing is an effective technique to test the security of kernel driver. Existing researches rely on static analysis with kernel source code. However, in fact, there exist millions of Android mobile phones without public accessible source code. In this paper, we propose a hybrid interface recovery method for fuzzing kernels which can recover kernel driver interface no matter the source code is available or not. In white box condition, we employ a dynamic interface recover method that can automatically and completely identify the interface knowledge. In black box condition, we use reverse engineering to extract the key interface information and use similarity computation to infer argument types. We evaluate our hybrid algorithm on on 12 Android smartphones from 9 vendors. Empirical experimental results show that our method can effectively recover interface argument lists and find Android kernel bugs. In total, 31 vulnerabilities are reported in white and black box conditions. The vulnerabilities were responsibly disclosed to affected vendors and 9 of the reported vulnerabilities have been already assigned CVEs.

As massive research efforts are poured into server-side DNS security enhancement in online cloud service platforms, sophisticated APTs tend to develop client-side DNS attacks, where defenders only have limited resources and abilities. The collaborative DNS attack is a representative newest client-side paradigm to stealthily undermine user cache by falsifying DNS responses. Different from existing static methods, in this paper, we propose a moving target defense solution named multi-vNIC intelligent mutation to free defenders from arduous work and thwart elusive client-side DNS attack in the meantime. Multiple virtual network interface cards are created and switched in a mutating manner. Thus attackers have to blindly guess the actual NIC with a high risk of exposure. Firstly, we construct a dynamic game-theoretic model to capture the main characteristics of both attacker and defender. Secondly, a reinforcement learning mechanism is developed to generate adaptive optimal defense strategy. Experiment results also highlight the security performance of our defense method compared to several state-of-the-art technologies.

Modern vehicles in Intelligent Transportation Systems (ITS) can communicate with each other as well as roadside infrastructure units (RSUs) in order to increase transportation efficiency and road safety. For example, there are techniques to alert drivers in advance about traffic incidents and to help them avoid congestion. Threats to these systems, on the other hand, can limit the benefits of these technologies. Securing ITS itself is an important concern in ITS design and implementation. In this paper, we provide a security model of ITS which extends the classic layered network security model with transportation security and information security, and gives a reference for designing ITS architectures. Based on this security model, we also present a classification of ITS threats for defense. Finally a proof-of-concept example with malicious nodes in an ITS system is also given to demonstrate the impact of attacks. We analyzed the threat of malicious nodes and their effects to commuters, like increasing toll fees, travel distances, and travel times etc. Experimental results from simulations based on Veins shows the threats will bring about 43.40% more total toll fees, 39.45% longer travel distances, and 63.10% more travel times.