Biblio

The botnet is a serious network security threat that can cause servers crash, so how to detect the behavior of Botnet has already become an important part of the research of network security. DNS(Domain Name System) request is the first step for most of the mainframe computers controlled by Botnet to communicate with the C&C(command; control) server. The detection of DNS request domain names is an important way for mainframe computers controlled by Botnet. However, the detection method based on fixed rules is hard to take effect for botnet based on DGA(Domain Generation Algorithm) because malicious domain names keep evolving and derive many different generation methods. Contrasted with the traditional methods, the method based on machine learning is a better way to detect it by learning and modeling the DGA. This paper presents a method based on the Naive Bayes model, the XGBoost model, the SVM(Support Vector Machine) model, and the MLP(Multi-Layer Perceptron) model, and tests it with real data sets collected from DGA, Alexa, and Secrepo. The experimental results show the precision score, the recall score, and the F1 score for each model.

The new architecture of transformer networks proposed in the work can be used to create an intelligent chat bot that can learn the process of communication and immediately model responses based on what has been said. The essence of the new mechanism is to divide the information flow into two branches containing the history of the dialogue with different levels of granularity. Such a mechanism makes it possible to build and develop the personality of a dialogue agent in the process of dialogue, that is, to accurately imitate the natural behavior of a person. This gives the interlocutor (client) the feeling of talking to a real person. In addition, making modifications to the structure of such a network makes it possible to identify a likely attack using social engineering methods. The results obtained after training the created system showed the fundamental possibility of using a neural network of a new architecture to generate responses close to natural ones. Possible options for using such neural network dialogue agents in various fields, and, in particular, in information security systems, are considered. Possible options for using such neural network dialogue agents in various fields, and, in particular, in information security systems, are considered. The new technology can be used in social engineering attack detection systems, which is a big problem at present. The novelty and prospects of the proposed architecture of the neural network also lies in the possibility of creating on its basis dialogue systems with a high level of biological plausibility.

This paper investigates what cues people use to spot a phishing email when the email is spoken back to them by the Alexa voice assistant, instead of read on a screen. We configured Alexa to read there emails to a sample of 52 participants and ask for their phishing evaluations. We also asked a control group of another 52 participants to evaluate these emails on a regular screen to compare the plausibility of phishing pretexting in voice assistant environments. The results suggest that Alexa can be used for pretexting users that lack phishing awareness to receive and act upon a relatively urgent email from an authoritative sender. Inspecting the sender (authority cue”) and relying on their personal experiences helped participants with higher phishing awareness to use Alexa towards a preliminary email screening to flag an email as potentially “phishing.”

Smart assistants, like Amazon's Alexa or Apple's Siri, have become commonplace in many people's lives, appearing in their phones and homes. Despite their ubiquity, these conversational AI agents still largely remain a mystery to many, in terms of how they work and what they can do. To lower the barrier to entry to understanding and creating these agents for young students, we expanded on Convo, a conversational programming agent that can respond to both voice and text inputs. The previous version of Convo focused on teaching only programming skills, so we created a simple, intuitive user interface for students to use those programming skills to train and create their own conversational AI agents. We also developed a curriculum to teach students about key concepts in AI and conversational AI in particular. We ran a 3-day workshop with 15 participating middle school students. Through the data collected from the pre- and post-workshop surveys as well as a mid-workshop brainstorming session, we found that after the workshop, students tended to think that conversational AI agents were less intelligent than originally perceived, gained confidence in their abilities to build these agents, and learned some key technical concepts about conversational AI as a whole. Based on these results, we are optimistic about CONVO'S ability to teach and empower students to develop conversational AI agents in an intuitive way.

Content blocking is an important part of a per-formant, user-serving, privacy respecting web. Current content blockers work by building trust labels over URLs. While useful, this approach has many well understood shortcomings. Attackers may avoid detection by changing URLs or domains, bundling unwanted code with benign code, or inlining code in pages.The common flaw in existing approaches is that they evaluate code based on its delivery mechanism, not its behavior. In this work we address this problem by building a system for generating signatures of the privacy-and-security relevant behavior of executed JavaScript. Our system uses as the unit of analysis each script's behavior during each turn on the JavaScript event loop. Focusing on event loop turns allows us to build highly identifying signatures for JavaScript code that are robust against code obfuscation, code bundling, URL modification, and other common evasions, as well as handle unique aspects of web applications.This work makes the following contributions to the problem of measuring and improving content blocking on the web: First, we design and implement a novel system to build per-event-loop-turn signatures of JavaScript behavior through deep instrumentation of the Blink and V8 runtimes. Second, we apply these signatures to measure how much privacy-and-security harming code is missed by current content blockers, by using EasyList and EasyPrivacy as ground truth and finding scripts that have the same privacy and security harming patterns. We build 1,995,444 signatures of privacy-and-security relevant behaviors from 11,212 unique scripts blocked by filter lists, and find 3,589 unique scripts hosting known harmful code, but missed by filter lists, affecting 12.48% of websites measured. Third, we provide a taxonomy of ways scripts avoid detection and quantify the occurrence of each. Finally, we present defenses against these evasions, in the form of filter list additions where possible, and through a proposed, signature based system in other cases.As part of this work, we share the implementation of our signature-generation system, the data gathered by applying that system to the Alexa 100K, and 586 AdBlock Plus compatible filter list rules to block instances of currently blocked code being moved to new URLs.

The rapid expansion and diversity of technology throughout society have impacted the growing knowledge gap in conducting analysis on IoT devices. The IoT digital forensic field lacks the necessary tools and guidance to perform digital forensics on these devices. This is mainly attributed to their level of complexity and heterogeneity that is abundant within IoT devices-making the use of a JTAG technique one of the only ways to acquire information stored on an IoT device effectively. Nonetheless, utilizing a JTAG technique can be challenging, especially when having multiple devices with each possibly having its own configuration. To alleviate these issues within the field, we propose the development of an Internet of Things - Forensics Recovery Assistant (IoT-FRA). The IoT-FRA will offer the capabilities of an expert system to assist inexperienced users in performing forensics recovery of IoT devices through a JTAG technique and analysis on the device's capabilities to develop an organized method that will prioritize IoT devices to be analyzed.

With the rapid growth of online services, the number of online accounts proliferates. The security of a single user account no longer depends merely on its own service provider but also the accounts on other service platforms (We refer to this online account environment as Online Account Ecosystem). In this paper, we first uncover the vulnerability of Online Account Ecosystem, which stems from the defective multi-factor authentication (MFA), specifically the ones with SMS-based verification, and dependencies among accounts on different platforms. We propose Chain Reaction Attack that exploits the weakest point in Online Account Ecosystem and can ultimately compromise the most secure platform. Furthermore, we design and implement ActFort, a systematic approach to detect the vulnerability of Online Account Ecosystem by analyzing the authentication credential factors and sensitive personal information as well as evaluating the dependency relationships among online accounts. We evaluate our system on hundreds of representative online services listed in Alexa in diversified fields. Based on the analysis from ActFort, we provide several pragmatic insights into the current Online Account Ecosystem and propose several feasible countermeasures including the online account exposed information protection mechanism and the built-in authentication to fortify the security of Online Account Ecosystem.

Web pages aggressively track users for a variety of purposes from targeted advertisements to enhanced authentication. As browsers move to restrict traditional cookie-based tracking, web pages increasingly move to tracking based on browser fingerprinting. Unfortunately, the state-of-the-art to detect fingerprinting in browsers is often error-prone, resorting to imprecise heuristics and crowd-sourced filter lists. This paper presents EssentialFP, a principled approach to detecting fingerprinting on the web. We argue that the pattern of (i) gathering information from a wide browser API surface (multiple browser-specific sources) and (ii) communicating the information to the network (network sink) captures the essence of fingerprinting. This pattern enables us to clearly distinguish fingerprinting from similar types of scripts like analytics and polyfills. We demonstrate that information flow tracking is an excellent fit for exposing this pattern. To implement EssentialFP we leverage, extend, and deploy JSFlow, a state-of-the-art information flow tracker for JavaScript, in a browser. We illustrate the effectiveness of EssentialFP to spot fingerprinting on the web by evaluating it on two categories of web pages: one where the web pages perform analytics, use polyfills, and show ads, and one where the web pages perform authentication, bot detection, and fingerprinting-enhanced Alexa top pages.

This research work consists in to design a system of occupancy simulation in smart homes based on IoT, in order to create configurations within a home that make look like the daily behavior of home inhabitants. Due to the high rate of burglary in uninhabited places, reaching an 9% in average in 2019 in the Chilean case, technologies have been involved with greater emphasis on improving security systems, where the implementation of the Internet of Things will allow rapid action against the intruder detection in those places. The proposed IoT system is based on a motion sensor, actuators as relays and lights, Arduino platform to control system, and a Amazon Echo virtual assistant to interface with inhabitants. The main contribution of this prototype security system is the integration of different IoT (Adafruit, IFTTT) and control platforms (Arduino uno and NodeMCU), virtual assistant (Alexa) and actuators, which has features that can be replicated in larger processes and with a larger number of devices. The results demonstrate that security system create an environment occupied by owners without to be inside home, through sensors and actuators.

Since being launched in 2014, Alexa, Amazon's versatile cloud-based voice service, is now active in over 100 million households worldwide [1]. Alexa's user-friendly, personalized vocal experience offers customers a more natural way of interacting with cutting-edge technology by allowing the ability to directly dictate commands to the assistant. Now in the present year, the Alexa service is more accessible than ever, available on hundreds of millions of devices from not only Amazon but third-party device manufacturers. Unfortunately, that success has also been the source of concern and controversy. The success of Alexa is based on its effortless usability, but in turn, that has led to a lack of sufficient security. This paper surveys various attacks against Amazon Alexa ecosystem including attacks against the frontend voice capturing and the cloud backend voice command recognition and processing. Overall, we have identified six attack surfaces covering the lifecycle of Alexa voice interaction that spans several stages including voice data collection, transmission, processing and storage. We also discuss the potential mitigation solutions for each attack surface to better improve Alexa or other voice assistants in terms of security and privacy.