Biblio

At present, with the increase of automated attack tools and the development of the underground industrial chain brought by network attack, even well-managed network is vulnerable to complex multi-step network attack, which combines multiple network vulnerabilities and uses the causal relationship between them to achieve the attack target. The detection of such attack intention is very difficult. Therefore, in order to solve the problem that the real attack intention of the attackers in complex network is difficult to be recognized, this paper proposes to assume the possible targets in the network according to the important asset information in the network. By constructing the hierarchical attack path graph, the probability of each hypothetical attack intention target is calculated, and the real attack intention and the most likely attack path of the attacker are deduced. The hierarchical attack path graph we use can effectively overcome the cognitive difficulties caused by network complexity and large scale, and can quantitatively and qualitatively analyze the network status. It is of great importance to make the protection and strategy of network security.

Modern distributed systems are characterized by complex deployment designed to ensure high availability through replication and diversity, to tolerate the presence of failures and to limit the possibility of successful compromising. However, software is not free from bugs that generate vulnerabilities that could be exploited by an attacker through multiple steps. This paper presents an attack-graph based multi-step attack detector aiming at detecting a possible on-going attack early enough to take proper countermeasures through; a Visualization interfaced with the described attack detector presents the security operator with the relevant pieces of information, allowing a better comprehension of the network status and providing assistance in managing attack situations (i.e., reactive analysis mode). We first propose an architecture and then we present the implementation of each building block. Finally, we provide an evaluation of the proposed approach aimed at highlighting the existing trade-off between accuracy of the detection and detection time.

It is important to assess the cost benefits of IT security investments. Typically, this is done by manual risk assessment process. In this paper, we propose an approach to automate this using graphical security models (GSMs). GSMs have been used to assess the security of networked systems using various security metrics. Most of the existing GSMs assumed that networks are static, however, modern networks (e.g., Cloud and Software Defined Networking) are dynamic with changes. Thus, it is important to develop an approach that takes into account the dynamic aspects of networks. To this end, we automate security investments analysis of dynamic networks using a GSM named Temporal-Hierarchical Attack Representation Model (T-HARM) in order to automatically evaluate the security investments and their effectiveness for a given period of time. We demonstrate our approach via simulations.

In recent days, organizational networks are becoming target of sophisticated multi-hop attacks. Attack Graph has been proposed as a useful modeling tool for complex attack scenarios by combining multiple vulnerabilities in causal chains. Analysis of attack scenarios enables security administrators to calculate quantitative security measurements. These measurements justify security investments in the organization. Different security metrics based on attack graph have been introduced for evaluation of comparable security measurements. Studies show that difficulty of exploiting the same vulnerability changes with change of its position in the causal chains of attack graph. In this paper, a new security metric based on attack graph, namely Attack Difficulty has been proposed to include this position factor. The security metrics are classified in two major categories viz. counting metrics and difficulty-based metrics. The proposed Attack Difficulty Metric employs both categories of metrics as the basis for its measurement. Case studies have been presented for demonstrating applicability of the proposed metric. Comparison of this new metric with other attack graph based security metrics has also been included to validate its acceptance in real life situations.

Outsourcing the decryption of attribute-based encryption (ABE) ciphertext is a promising way to tackle the question of how users can perform decryption efficiently. However, existing solutions require the type of the target ciphertext to be determined at the setup of the outsourcing scheme. As such, making the target cryptosystems (or the clients) to be versatile becomes an issue that warrants investigations. In this paper, the problem we wish to tackle is to transform an ABE ciphertext to any client who is using the same, or possibly different, public-key encryption (PKE) system with the sender. The problem is of practical interest since it is hard to require all clients to use the same PKE, especially in the case of remote and cross-system data sharing. In addition, we also consider whether robust client-side decryption scheme can be adopted. This feature is not supported in the existing ABE with outsourcing. We introduce cross-system proxy re-encryptions (CS-PRE), a new re-encryption paradigm in which a semi-trusted proxy converts a ciphertext of a source cryptosystem (\$\textparagraphi\_0\$) into a ciphertext for a target cryptosystem (\$\textparagraphi\$). We formalize CS-PRE and present a construction that performs well in the following aspects. (1)Versatility: \$\textparagraphi\_0\$ can be any attribute-based encryption (ABE) within Attrapadung's pair encoding framework. \$\textparagraphi\$ can be any public-key encryption. Furthermore, the keys and public parameters can be generated independently. (2) Compatibility: CS-PRE does not modify the public parameters and keys of \$\textparagraphi\_0\$ and \$\textparagraphi\$. Besides, input for the conversion is an ordinary ciphertext of \$\textparagraphi\_0\$. (3) Efficiency: The computational cost for re-encryption and decryption of the re-encrypted ciphertext are roughly the same as a decryption in \$\textparagraphi\_0\$ and \$\textparagraphi\$ respectively. We prove that our construction is fully secure assuming \$\textparagraphi\_0\$ is secure in Attrapadung's framework and \$\textparagraphi\$ is IND-CPA secure. Furthermore, it remains secure when there are multiple target cryptosystems. As with other proxy re-encryption, CS-PRE enables flexible sharing of cloud data, as the owner can instruct the cloud server to re-encrypt his ciphertext to those for the intended recipient. In addition, it allows lightweight devices to enjoy access to remote data encrypted under powerful but possibly costly encryption, such as functional encryption, by utilizing the server's power in converting the ciphertext to a simpler encryption, such as RSA. Finally, instances of CS-PRE can be viewed as new proxy re-encryption schemes, such as a PRE supporting ABE for regular language to Hierarchical IBE or Doubly Spatial Encryption to lattice-based encryptions (e.g. NTRUCCA).

Deep neural networks (DNNs) are known vulnerable to adversarial attacks. That is, adversarial examples, obtained by adding delicately crafted distortions onto original legal inputs, can mislead a DNN to classify them as any target labels. In a successful adversarial attack, the targeted mis-classification should be achieved with the minimal distortion added. In the literature, the added distortions are usually measured by \$L\_0\$, \$L\_1\$, \$L\_2\$, and \$L\_$\backslash$infty \$ norms, namely, L\_0, L\_1, L\_2, and L\_$ınfty$ attacks, respectively. However, there lacks a versatile framework for all types of adversarial attacks. This work for the first time unifies the methods of generating adversarial examples by leveraging ADMM (Alternating Direction Method of Multipliers), an operator splitting optimization approach, such that \$L\_0\$, \$L\_1\$, \$L\_2\$, and \$L\_$\backslash$infty \$ attacks can be effectively implemented by this general framework with little modifications. Comparing with the state-of-the-art attacks in each category, our ADMM-based attacks are so far the strongest, achieving both the 100% attack success rate and the minimal distortion.

Deep neural network based steganalysis has developed rapidly in recent years, which poses a challenge to the security of steganography. However, there is no steganography method that can effectively resist the neural networks for steganalysis at present. In this paper, we propose a new strategy that constructs enhanced covers against neural networks with the technique of adversarial examples. The enhanced covers and their corresponding stegos are most likely to be judged as covers by the networks. Besides, we use both deep neural network based steganalysis and high-dimensional feature classifiers to evaluate the performance of steganography and propose a new comprehensive security criterion. We also make a tradeoff between the two analysis systems and improve the comprehensive security. The effectiveness of the proposed scheme is verified with the evidence obtained from the experiments on the BOSSbase using the steganography algorithm of WOW and popular steganalyzers with rich models and three state-of-the-art neural networks.

In the field of Cyber Security there has been a transition from the stage of Cyber Criminality to the stage of Cyber War over the last few years. According to the new challenges, the expert community has two main approaches: to adopt the philosophy and methods of Military Intelligence, and to use Artificial Intelligence methods for counteraction of Cyber Attacks. \cyrchar\CYRThis paper describes some of the results obtained at Technical University of Sofia in the implementation of project related to the application of intelligent methods for increasing the security in computer networks. The analysis of the feasibility of various Artificial Intelligence methods has shown that a method that is equally effective for all stages of the Cyber Intelligence cannot be identified. While for Tactical Cyber Threats Intelligence has been selected and experimented a Multi-Agent System, the Recurrent Neural Networks are offered for the needs of Operational Cyber Threats Intelligence.

Virtualization enables datacenter operators to safely run computations that belong to untrusted tenants. An ideal virtual machine has three properties: a small memory footprint; strong isolation from other VMs and the host OS; and the ability to maintain in-memory state across client requests. Unfortunately, modern virtualization technologies cannot provide all three properties at once. In this paper, we explain why, and propose a new virtualization approach, called Alto, that virtualizes at the layer of a managed runtime interface. Through careful design of (1) the application-facing managed interface and (2) the internal runtime architecture, Alto provides VMs that are small, secure, and stateful. Conveniently, Alto also simplifies VM operations like suspension, migration, and resumption. We provide several details about the proposed design, and discuss the remaining challenges that must be solved to fully realize the Alto vision.

This work investigates the fundamental constraints of anonymous communication (AC) protocols. We analyze the relationship between bandwidth overhead, latency overhead, and sender anonymity or recipient anonymity against the global passive (network-level) adversary. We confirm the trilemma that an AC protocol can only achieve two out of the following three properties: strong anonymity (i.e., anonymity up to a negligible chance), low bandwidth overhead, and low latency overhead. We further study anonymity against a stronger global passive adversary that can additionally passively compromise some of the AC protocol nodes. For a given number of compromised nodes, we derive necessary constraints between bandwidth and latency overhead whose violation make it impossible for an AC protocol to achieve strong anonymity. We analyze prominent AC protocols from the literature and depict to which extent those satisfy our necessary constraints. Our fundamental necessary constraints offer a guideline not only for improving existing AC systems but also for designing novel AC protocols with non-traditional bandwidth and latency overhead choices.

Android applications are vulnerable to reverse engineering which could result in tampering and repackaging of applications. Even though there are many off the shelf obfuscation tools that hardens Android applications, they are limited to basic obfuscation techniques. Obfuscation techniques that transform the code segments drastically are difficult to implement on Android because of the Android runtime verifier which validates the loaded code. In this paper, we introduce a novel obfuscation technique, Android Encryption based Obfuscation (AEON), which can encrypt code segments and perform runtime decryption during execution. The encrypted code is running outside of the normal Android virtual machine, in an embeddable Java source interpreter and thereby circumventing the scrutiny of Android runtime verifier. Our obfuscation technique works well with Android source code and Dalvik bytecode.

Air-gap data is important for the security of computer systems. The injection of the computer virus is limited but possible, however data communication channel is necessary for the transmission of stolen data. This paper considers BFSK digital modulation applied to brightness changes of screen for unidirectional transmission of valuable data. Experimental validation and limitations of the proposed technique are provided.

The term "artificial intelligence" is a buzzword today and is heavily used to market products, services, research, conferences, and more. It is scientifically disputed which types of products and services do actually qualify as "artificial intelligence" versus simply advanced computer technologies mimicking aspects of natural intelligence. Yet it is undisputed that, despite often inflationary use of the term, there are mainstream products and services today that for decades were only thought to be science fiction. They range from industrial automation, to self-driving cars, robotics, and consumer electronics for smart homes, workspaces, education, and many more contexts. Several technological advances enable what is commonly referred to as "artificial intelligence". It includes connected computers and the Internet of Things (IoT), open and big data, low cost computing and storage, and many more. Yet regardless of the definition of the term artificial intelligence, technological advancements in this area provide immense potential, especially for people with disabilities. In this paper we explore some of these potential in the context of web accessibility. We review some existing products and services, and their support for web accessibility. We propose accessibility conformance evaluation as one potential way forward, to accelerate the uptake of artificial intelligence, to improve web accessibility.

The advent and widespread adoption of wearable cameras and autonomous robots raises important issues related to privacy. The mobile cameras on these systems record and may re-transmit enormous amounts of video data that can then be used to identify, track, and characterize the behavior of the general populous. This paper presents a preliminary computational architecture designed to preserve specific types of privacy over a video stream by identifying categories of individuals, places, and things that require higher than normal privacy protection. This paper describes the architecture as a whole as well as preliminary results testing aspects of the system. Our intention is to implement and test the system on ground robots and small UAVs and demonstrate that the system can provide selective low-level masking or deletion of data requiring higher privacy protection.

Machine learning (ML) algorithms provide a good solution for many security sensitive applications, they themselves, however, face the threats of adversary attacks. As a key problem in machine learning, how to design robust feature selection algorithms against these attacks becomes a hot issue. The current researches on defending evasion attacks mainly focus on wrapped adversarial feature selection algorithm, i.e., WAFS, which is dependent on the classification algorithms, and time cost is very high for large-scale data. Since mRMR (minimum Redundancy and Maximum Relevance) algorithm is one of the most popular filter algorithms for feature selection without considering any classifier during feature selection process. In this paper, we propose a novel adversary-aware feature selection algorithm under filter model based on mRMR, named FAFS. The algorithm, on the one hand, takes the correlation between a single feature and a label, and the redundancy between features into account; on the other hand, when selecting features, it not only considers the generalization ability in the absence of attack, but also the robustness under attack. The performance of four algorithms, i.e., mRMR, TWFS (Traditional Wrapped Feature Selection algorithm), WAFS, and FAFS is evaluated on spam filtering and PDF malicious detection in the Perfect Knowledge attack scenarios. The experiment results show that FAFS has a better performance under evasion attacks with less time complexity, and comparable classification accuracy.

We explore methods of producing adversarial examples on deep generative models such as the variational autoencoder (VAE) and the VAE-GAN. Deep learning architectures are known to be vulnerable to adversarial examples, but previous work has focused on the application of adversarial examples to classification tasks. Deep generative models have recently become popular due to their ability to model input data distributions and generate realistic examples from those distributions. We present three classes of attacks on the VAE and VAE-GAN architectures and demonstrate them against networks trained on MNIST, SVHN and CelebA. Our first attack leverages classification-based adversaries by attaching a classifier to the trained encoder of the target generative model, which can then be used to indirectly manipulate the latent representation. Our second attack directly uses the VAE loss function to generate a target reconstruction image from the adversarial example. Our third attack moves beyond relying on classification or the standard loss for the gradient and directly optimizes against differences in source and target latent representations. We also motivate why an attacker might be interested in deploying such techniques against a target generative network.

With an increase in targeted attacks such as advanced persistent threats (APTs), enterprise system defenders require comprehensive frameworks that allow them to collaborate and evaluate their defense systems against such attacks. MITRE has developed a framework which includes a database of different kill-chains, tactics, techniques, and procedures that attackers employ to perform these attacks. In this work, we leverage natural language processing techniques to extract attacker actions from threat report documents generated by different organizations and automatically classify them into standardized tactics and techniques, while providing relevant mitigation advisories for each attack. A naïve method to achieve this is by training a machine learning model to predict labels that associate the reports with relevant categories. In practice, however, sufficient labeled data for model training is not always readily available, so that training and test data come from different sources, resulting in bias. A naïve model would typically underperform in such a situation. We address this major challenge by incorporating an importance weighting scheme called bias correction that efficiently utilizes available labeled data, given threat reports, whose categories are to be automatically predicted. We empirically evaluated our approach on 18,257 real-world threat reports generated between year 2000 and 2018 from various computer security organizations to demonstrate its superiority by comparing its performance with an existing approach.

In this paper, an novel active safety monitoring system is constructed for a class of nonlinear discrete-time systems. The considered nonlinear system is subjected to unknown inputs, external disturbances, and possible unknown deception attacks, simultaneously. In order to secure the safety of control systems, an active attack estimator composed of state/output estimator, attack detector and attack/attacker action estimator is constructed to monitor the system running status. The analysis and synthesis of attack estimator is performed in the H∞performance optimization manner. The off-line calculation and on-line application of active attack estimator are summarized simultaneously. The effectiveness of the proposed results is finally verified by an numerical example.

The concept of Internet of Things (IoT) has received considerable attention and development in recent years. There have been significant studies on access control models for IoT in academia, while companies have already deployed several cloud-enabled IoT platforms. However, there is no consensus on a formal access control model for cloud-enabled IoT. The access-control oriented (ACO) architecture was recently proposed for cloud-enabled IoT, with virtual objects (VOs) and cloud services in the middle layers. Building upon ACO, operational and administrative access control models have been published for virtual object communication in cloud-enabled IoT illustrated by a use case of sensing speeding cars as a running example. In this paper, we study AWS IoT as a major commercial cloud-IoT platform and investigate its suitability for implementing the afore-mentioned academic models of ACO and VO communication control. While AWS IoT has a notion of digital shadows closely analogous to VOs, it lacks explicit capability for VO communication and thereby for VO communication control. Thus there is a significant mismatch between AWS IoT and these academic models. The principal contribution of this paper is to reconcile this mismatch by showing how to use the mechanisms of AWS IoT to effectively implement VO communication models. To this end, we develop an access control model for virtual objects (shadows) communication in AWS IoT called AWS-IoT-ACMVO. We develop a proof-of-concept implementation of the speeding cars use case in AWS IoT under guidance of this model, and provide selected performance measurements. We conclude with a discussion of possible alternate implementations of this use case in AWS IoT.

This paper 1 addresses a problem of vulnerability detection in software represented as assembly code. An extended approach to the vulnerability detection problem is proposed. This work concentrates on improvement of neural network-based approach described in previous works of authors. The authors propose to include the morphology of instructions in vector representations. The bidirectional recurrent neural network is used with access to the execution traces of the program. This has significantly improved the vulnerability detecting accuracy.

User Generated Videos (UGV) are the dominating content stored in scattered caches to meet end-user Content Delivery Networks (CDN) requests with quality of service. End-User behaviour leads to a highly variable UGV popularity. This aspect can be exploited to efficiently utilize the limited storage of the caches, and improve the hit ratio of UGVs. In this paper, we propose a new architecture for Data Analytics in Cloud-based CDN to derive UGVs popularity online. This architecture uses RESTful web services to gather CDN logs, store them through generic collections in a NoSQL database, and calculate related popular UGVs in a real time fashion. It uses a dynamic model training and prediction services to provide each CDN with related popular videos to be cached based on the latest trained model. The proposed architecture is implemented with k-means clustering prediction model and the obtained results are 99.8% accurate.

This paper addresses the problem of querying Knowledge bases (KBs) that store semantic big data. For efficiently querying data the most important factor is cache replacement policy, which determines the overall query response. As cache is limited in size, less frequently accessed data should be removed to provide more space to hot triples (frequently accessed). So, to achieve a similar performance to RDBMS, we proposed an Adaptive Cache Replacement (ACR) policy that predict the hot triples from query log. Moreover, performance bottleneck of triplestore, makes realworld application difficult. To achieve a closer performance similar to RDBMS, we have proposed an Adaptive Cache Replacement (ACR) policy that predict the hot triples from query log. Our proposed algorithm effectively replaces cache with high accuracy. To implement cache replacement policy, we have applied exponential smoothing, a forecast method, to collect most frequently accessed triples. The evaluation result shows that the proposed scheme outperforms the existing cache replacement policies, such as LRU (least recently used) and LFU (least frequently used), in terms of higher hit rates and less time overhead.

In recent years, FPGAs have been deployed in data centres of major cloud service providers, such as Microsoft [1], Amazon [2], Alibaba [3], Tencent [4], Huawei [5], and Nimbix [6]. This marks the beginning of bringing FPGA computing to the masses, as being in the cloud, one can access an FPGA from anywhere. A wide range of applications are run in the cloud, including web servers and databases among many others. Memcached is a high-performance in-memory ob ject caching system, which acts as a caching layer between web servers and databases. It is used by many companies, including Flicker, Wikipedia, Wordpress, and Facebook [7, 8]. In this paper, we present a Memcached accelerator implemented on the AWS FPGA cloud (F1 instance). Compared to AWS ElastiCache, an AWS-managed CPU Memcached service, our Memcached accelerator provides up to 9 x better throughput and latency. A live demo of the Memcached accelerator running on F1 can be accessed on our website [9].

Today, maintaining the security of the web application is of great importance. Sites Intermediate Script (XSS) is a security flaw that can affect web applications. This error allows an attacker to add their own malicious code to HTML pages that are displayed to the user. Upon execution of the malicious code, the behavior of the system or website can be completely changed. The XSS security vulnerability is used by attackers to steal the resources of a web browser such as cookies, identity information, etc. by adding malicious Java Script code to the victim's web applications. Attackers can use this feature to force a malicious code worker into a Web browser of a user, since Web browsers support the execution of embedded commands on web pages to enable dynamic web pages. This work has been proposed as a technique to detect and prevent manipulation that may occur in web sites, and thus to prevent the attack of Site Intermediate Script (XSS) attacks. Ayrica has developed four different languages that detect XSS explanations with Asp.NET, PHP, PHP and Ruby languages, and the differences in the detection of XSS attacks in environments provided by different programming languages.

The data transmitted from the wearable device commonly includes sensitive data. So, application service using the data collected from the unauthorized wearable devices can cause serious problems. Also, it is important to authenticate any wearable device and then, protect the transmitted data between the wearable devices and the application server. In this paper, we propose an authentication protocol, which is designed by using the Transport Layer Security (TLS) handshake protocol combined with a mobile authentication proxy. By using the proposed authentication protocol, we can authenticate the wearable device. And we can secure data transmission since session key is shared between the wearable device and the application server. In addition, the proposed authentication protocol is secure even when the mobile authentication proxy is unreliable.