Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.360
D. Hoang, T. Dang
Fog computing preserves benefits of cloud computing and is strategically positioned to address effectively many local and performance issues because its resources and specific services are virtualized and located at the edge of the customer premises. Resource management is a critical issue affecting system performance significantly. Due to the complex distribution and high mobility of fog devices, computation resources still experience high latencies in fog's large coverage area. This paper considers a Fog-based Region and Cloud (FBRC) in which requests are locally handled not just by a region but multiple regions when additional resources are needed. An efficient task scheduling mechanism is thus essential to minimize the completion time of tasks and improve user experiences. To this end, two issues are investigated in the paper: 1) designing a fog-based region architecture to provide nearby computing resources; 2) investigating efficient scheduling algorithms to distribute tasks among regions and remote clouds. To deal with the complexity of scheduling tasks, a heuristic-based algorithm is proposed based on our formulation and validated by extensive simulations.
{"title":"FBRC: Optimization of task Scheduling in Fog-Based Region and Cloud","authors":"D. Hoang, T. Dang","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.360","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.360","url":null,"abstract":"Fog computing preserves benefits of cloud computing and is strategically positioned to address effectively many local and performance issues because its resources and specific services are virtualized and located at the edge of the customer premises. Resource management is a critical issue affecting system performance significantly. Due to the complex distribution and high mobility of fog devices, computation resources still experience high latencies in fog's large coverage area. This paper considers a Fog-based Region and Cloud (FBRC) in which requests are locally handled not just by a region but multiple regions when additional resources are needed. An efficient task scheduling mechanism is thus essential to minimize the completion time of tasks and improve user experiences. To this end, two issues are investigated in the paper: 1) designing a fog-based region architecture to provide nearby computing resources; 2) investigating efficient scheduling algorithms to distribute tasks among regions and remote clouds. To deal with the complexity of scheduling tasks, a heuristic-based algorithm is proposed based on our formulation and validated by extensive simulations.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123722462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.304
Yan Zhang, L. Liao, Chang Xu, Licheng Shi
Realtime simulation on organizational behaviors is very important for detection of group attacks in cyber situational awareness. Previous work on the modeling and simulation of organizational behaviors is successful in top-down approach centering on certain organizational behaviors. However, these models are inefficient for realtime simulation on unknown organizational behaviors. To address this issue, we use situation theory for runtime meaning of unknown organizational behaviors to propose a situation semantics aggregator with bottom-up approach. Based on behavior type theory, the proposed aggregator can converge organizational behaviors of simulating objects while entity objects running. So, the proposed aggregator is suitable for realtime simualtion of unknown organizational behaviors.
{"title":"Situation Semantics Aggregator for Realtime Simulation on Organizational Behaviors","authors":"Yan Zhang, L. Liao, Chang Xu, Licheng Shi","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.304","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.304","url":null,"abstract":"Realtime simulation on organizational behaviors is very important for detection of group attacks in cyber situational awareness. Previous work on the modeling and simulation of organizational behaviors is successful in top-down approach centering on certain organizational behaviors. However, these models are inefficient for realtime simulation on unknown organizational behaviors. To address this issue, we use situation theory for runtime meaning of unknown organizational behaviors to propose a situation semantics aggregator with bottom-up approach. Based on behavior type theory, the proposed aggregator can converge organizational behaviors of simulating objects while entity objects running. So, the proposed aggregator is suitable for realtime simualtion of unknown organizational behaviors.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"141 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113953631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.332
K. Dierckens, Adrian B. Harrison, C. Leung, Adrienne V. Pind
With advances in technology, high volumes of a wide variety of valuable data of different veracity can be easily collected or generated at a high velocity in the current era of big data. Embedded in these big data are implicit, previously unknown and potentially useful information. Hence, fast and scalable big data science and engineering solutions that mine and discover knowledge from these big data are in demand. A popular and practical data mining task is to group similar data into clusters (i.e., clustering). To cluster very large data or big data, k-means based algorithms have been widely used. Although many existing k-means algorithms give quality results, they also suffer from some problems. For instance, there are risks associated with randomly selecting the k centroids, there is a tendency to produce roughly equal circular clusters, and the runtime complexity is very high. To deal with these problems, we present in this paper a big data science and engineering solution that applies heuristic prototype-based algorithm. Evaluation results show the efficiency and scalability of this solution.
{"title":"A Data Science and Engineering Solution for Fast K-Means Clustering of Big Data","authors":"K. Dierckens, Adrian B. Harrison, C. Leung, Adrienne V. Pind","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.332","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.332","url":null,"abstract":"With advances in technology, high volumes of a wide variety of valuable data of different veracity can be easily collected or generated at a high velocity in the current era of big data. Embedded in these big data are implicit, previously unknown and potentially useful information. Hence, fast and scalable big data science and engineering solutions that mine and discover knowledge from these big data are in demand. A popular and practical data mining task is to group similar data into clusters (i.e., clustering). To cluster very large data or big data, k-means based algorithms have been widely used. Although many existing k-means algorithms give quality results, they also suffer from some problems. For instance, there are risks associated with randomly selecting the k centroids, there is a tendency to produce roughly equal circular clusters, and the runtime complexity is very high. To deal with these problems, we present in this paper a big data science and engineering solution that applies heuristic prototype-based algorithm. Evaluation results show the efficiency and scalability of this solution.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"17 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113978298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.244
Cong Zuo, Jun Shao, Zhe Liu, Y. Ling, Guiyi Wei
In this paper, we propose a variant of searchable public-key encryption named hidden-token searchable public-key encryption with two new security properties: token anonymity and one-token-per-trapdoor. With the former security notion, the client can obtain the search token from the data owner without revealing any information about the underlying keyword. Meanwhile, the client cannot derive more than one token from one trapdoor generated by the data owner according to the latter security notion. Furthermore, we present a concrete hiddentoken searchable public-key encryption scheme together with the security proofs in the random oracle model.
{"title":"Hidden-Token Searchable Public-Key Encryption","authors":"Cong Zuo, Jun Shao, Zhe Liu, Y. Ling, Guiyi Wei","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.244","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.244","url":null,"abstract":"In this paper, we propose a variant of searchable public-key encryption named hidden-token searchable public-key encryption with two new security properties: token anonymity and one-token-per-trapdoor. With the former security notion, the client can obtain the search token from the data owner without revealing any information about the underlying keyword. Meanwhile, the client cannot derive more than one token from one trapdoor generated by the data owner according to the latter security notion. Furthermore, we present a concrete hiddentoken searchable public-key encryption scheme together with the security proofs in the random oracle model.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124388733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.224
Qianqian Xing, Baosheng Wang, Xiaofeng Wang, Jing Tao, Liu Liu
We present the first selectively secure hierarchical identity-based non-interactive key agreement (HIB-NIKA) in the standard model that does not explicitly require multilinear maps. We give a novel solution for resilience called "shadowing factor" to improve the security of HIB-NIKA and present a practical attack model of hierarchical key agreement to analyze the anti-forgery and anti-collusion properties of key agreements in the real situation. Through the theoretical proof and practical analysis, our HIB-NIKA has been proved anti-collusion and resilient against the compromises from intermediate and leaf nodes in the hierarchy, which covers the shortage of the trial of Guo and solves the open problem posed by Gennaro in-the-true-sense.
{"title":"A Practical Anti-Collusion Hierarchical Identity-Based Non-interactive Key Agreement for Wireless Networks","authors":"Qianqian Xing, Baosheng Wang, Xiaofeng Wang, Jing Tao, Liu Liu","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.224","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.224","url":null,"abstract":"We present the first selectively secure hierarchical identity-based non-interactive key agreement (HIB-NIKA) in the standard model that does not explicitly require multilinear maps. We give a novel solution for resilience called \"shadowing factor\" to improve the security of HIB-NIKA and present a practical attack model of hierarchical key agreement to analyze the anti-forgery and anti-collusion properties of key agreements in the real situation. Through the theoretical proof and practical analysis, our HIB-NIKA has been proved anti-collusion and resilient against the compromises from intermediate and leaf nodes in the hierarchy, which covers the shortage of the trial of Guo and solves the open problem posed by Gennaro in-the-true-sense.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128120689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.342
Rong Ma, Jinbo Xiong, Mingwei Lin, Zhiqiang Yao, Hui Lin, Ayong Ye
As a new method of the Internet of Things (IoT), the mobile crowdsensing provides a novel way to realize the ubiquitous social perception. From the point of the game theory, this paper addresses the reputation incentive mechanism and discusses the prisoner's dilemma in the mobile crowdsensing. Firstly, we give a formal definition of the sensing user's contribution based on the accuracy in data analysis, and propose a reputation incentive mechanism based on this contribution, which considers the privacy protection of the sensing data and encourages more sensing users to continually provide the highquality data to participate in the mobile crowdsensing. Furthermore, we observe that the sensing user's benefits not only depend on their own contribution, but also rely on the outcome of the final data transaction between the service provider and the mediator. However, this data transaction is vulnerable to the prisoner's dilemma due to the selfish choice of the both parties. Therefore, we analyze and discuss the prisoner's dilemma in the above data transactionsand give the corresponding solutions. Finally, we point outsome future research directions about privacy protection ofthe mobile crowdsensing.
{"title":"Privacy Protection-Oriented Mobile Crowdsensing Analysis Based on Game Theory","authors":"Rong Ma, Jinbo Xiong, Mingwei Lin, Zhiqiang Yao, Hui Lin, Ayong Ye","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.342","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.342","url":null,"abstract":"As a new method of the Internet of Things (IoT), the mobile crowdsensing provides a novel way to realize the ubiquitous social perception. From the point of the game theory, this paper addresses the reputation incentive mechanism and discusses the prisoner's dilemma in the mobile crowdsensing. Firstly, we give a formal definition of the sensing user's contribution based on the accuracy in data analysis, and propose a reputation incentive mechanism based on this contribution, which considers the privacy protection of the sensing data and encourages more sensing users to continually provide the highquality data to participate in the mobile crowdsensing. Furthermore, we observe that the sensing user's benefits not only depend on their own contribution, but also rely on the outcome of the final data transaction between the service provider and the mediator. However, this data transaction is vulnerable to the prisoner's dilemma due to the selfish choice of the both parties. Therefore, we analyze and discuss the prisoner's dilemma in the above data transactionsand give the corresponding solutions. Finally, we point outsome future research directions about privacy protection ofthe mobile crowdsensing.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125719750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.218
Iakovos Gurulian, Carlton Shepherd, E. Frank, K. Markantonakis, Raja Naeem Akram, K. Mayes
Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been suggested as a potential countermeasure. In this study, we empirically evaluate the suitability of ambient sensors as a proximity detection mechanism for smartphone-based transactions under EMV constraints. We underpin our study using sensing data collected from 17 sensors from an emulated relay attack test-bed to assess whether they can thwart such attacks effectively. Each sensor, where feasible, was used to record 350-400 legitimate and relay (illegitimate) contactless transactions at two different physical locations. Our analysis provides an empirical foundation upon which to determine the efficacy of ambient sensing for providing a strong anti-relay mechanism in security-sensitive applications. We demonstrate that no single, evaluated mobile ambient sensor is suitable for such critical applications under realistic deployment constraints.
{"title":"On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks","authors":"Iakovos Gurulian, Carlton Shepherd, E. Frank, K. Markantonakis, Raja Naeem Akram, K. Mayes","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.218","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.218","url":null,"abstract":"Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been suggested as a potential countermeasure. In this study, we empirically evaluate the suitability of ambient sensors as a proximity detection mechanism for smartphone-based transactions under EMV constraints. We underpin our study using sensing data collected from 17 sensors from an emulated relay attack test-bed to assess whether they can thwart such attacks effectively. Each sensor, where feasible, was used to record 350-400 legitimate and relay (illegitimate) contactless transactions at two different physical locations. Our analysis provides an empirical foundation upon which to determine the efficacy of ambient sensing for providing a strong anti-relay mechanism in security-sensitive applications. We demonstrate that no single, evaluated mobile ambient sensor is suitable for such critical applications under realistic deployment constraints.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121936919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.316
Long Cheng, Zhihao Zhao, Kai Huang, Gang Chen, A. Knoll
Nowadays, multi-core processor architectures have been widely adopted in main domains e.g., embedded, general-purpose, real-time systems, etc. Diverse thermal managements have been proposed to manage the temperature under various constraints. This has made the selection of the right thermal management policy difficult. Designers need to validate any resource distribution decision in design phase on the target architecture, e.g., by using a re-configurable thermal framework running in the user-space. In this paper, we first analyze the requirements that such a framework should satisfy. Then, we propose McFTP: a thermal framework fulfilling all the requirements. For this purpose, an intermediate interface is defined to isolate thermal management policies from the low-level implementations. A set of commonly used temperature control mechanisms are implemented as a library which can be accessed via the interface. With these features, McFTP can not only implement a thermal management policy at high-level of abstraction, but also execute the user-defined task-set for real thermal evolution. We demonstrate the effectiveness and efficiency of McFTP by implementing it with two works in the literature on a Dell hardware platform.
{"title":"McFTP: A Framework to Explore and Prototype Multi-core Thermal Managements on Real Processors","authors":"Long Cheng, Zhihao Zhao, Kai Huang, Gang Chen, A. Knoll","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.316","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.316","url":null,"abstract":"Nowadays, multi-core processor architectures have been widely adopted in main domains e.g., embedded, general-purpose, real-time systems, etc. Diverse thermal managements have been proposed to manage the temperature under various constraints. This has made the selection of the right thermal management policy difficult. Designers need to validate any resource distribution decision in design phase on the target architecture, e.g., by using a re-configurable thermal framework running in the user-space. In this paper, we first analyze the requirements that such a framework should satisfy. Then, we propose McFTP: a thermal framework fulfilling all the requirements. For this purpose, an intermediate interface is defined to isolate thermal management policies from the low-level implementations. A set of commonly used temperature control mechanisms are implemented as a library which can be accessed via the interface. With these features, McFTP can not only implement a thermal management policy at high-level of abstraction, but also execute the user-defined task-set for real thermal evolution. We demonstrate the effectiveness and efficiency of McFTP by implementing it with two works in the literature on a Dell hardware platform.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"12 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131452858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.215
J. Schütte, Alexander Kuechler, Dennis Titze
Dynamic taint analysis traces data flows in applications at runtime and allows detection and consequently prevention of flow-based vulnerabilities, such as data leaks or injection attacks. While dynamic taint analysis spanning all components of the stack is potentially more precise, it requires adaptations of components across the OS stack and thus does not allow to analyze applications in their real runtime environment. In this paper, we introduce a dynamic taint analysis framework for Android applications which injects a taint analysis directly into an application's bytecode and can thus operate on any stock Android platform. Our approach is more precise than previous ones, copes with flow-aware source and sink definitions, and propagates data flows across process boundaries, including propagation over file I/O and inter process communication. We explain how our framework performs with popular apps from the Google Play Store and show that it achieves a precision which is comparable to the most precise platform-level tainting framework.
动态污染分析在运行时跟踪应用程序中的数据流,并允许检测和预防基于流的漏洞,例如数据泄漏或注入攻击。虽然跨越堆栈所有组件的动态污点分析可能更精确,但它需要跨操作系统堆栈调整组件,因此不允许在实际运行时环境中分析应用程序。在本文中,我们为Android应用程序引入了一个动态污染分析框架,它将污染分析直接注入到应用程序的字节码中,从而可以在任何现有的Android平台上运行。我们的方法比以前的方法更精确,处理流感知的源和接收定义,并跨进程边界传播数据流,包括通过文件I/O传播和进程间通信。我们解释了我们的框架是如何在Google Play Store的流行应用中执行的,并表明它达到了与最精确的平台级污染框架相媲美的精度。
{"title":"Practical Application-Level Dynamic Taint Analysis of Android Apps","authors":"J. Schütte, Alexander Kuechler, Dennis Titze","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.215","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.215","url":null,"abstract":"Dynamic taint analysis traces data flows in applications at runtime and allows detection and consequently prevention of flow-based vulnerabilities, such as data leaks or injection attacks. While dynamic taint analysis spanning all components of the stack is potentially more precise, it requires adaptations of components across the OS stack and thus does not allow to analyze applications in their real runtime environment. In this paper, we introduce a dynamic taint analysis framework for Android applications which injects a taint analysis directly into an application's bytecode and can thus operate on any stock Android platform. Our approach is more precise than previous ones, copes with flow-aware source and sink definitions, and propagates data flows across process boundaries, including propagation over file I/O and inter process communication. We explain how our framework performs with popular apps from the Google Play Store and show that it achieves a precision which is comparable to the most precise platform-level tainting framework.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129379087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.213
Tran Thao Phuong, A. Yamada, Kosuke Murakami, J. Urakawa, Y. Sawaya, A. Kubota
Detection of drive-by-download attack has gained a focus in security research since the attack has turned into the most popular and serious threat to web infrastructure. The attack exploits vulnerabilities in web browsers and their extensions for unnoticeably downloading malicious software. Often, the victim is sent through a long chain of redirection operations in order to take down the offending pages. Concretely, the attack is triggered when a user visits a benign webpage that is compromised by the attacker (called landing page) and is inserted some malicious code inside. The user is then automatically redirected to an actual page that installs malware on the user's computer (called distribution page) without his/her consent or knowledge. While there is a large body of works targeting on detection of drive-by download attack, there is little attention on the redirection which is a crucial characteristic of the attack. In this paper, for the first time, we propose an approach to the classification of landing and distribution domains which are important components forming the head and tail of a redirection chain in the attack. The methodology in our approach is to use machine learning for text mining on the registered information of the domains called whois. We intensively implemented our approach with six popular supervised learning algorithms, compared the results and concluded that Linear-based Support Vector Machine and CART algorithm-based Decision Tree are the best models for our dataset which respectively give 98.55% and 99.28% of accuracy, 97.78% and 98.95% of F1 score, 98.35% and 99.45% of average precision.
{"title":"Classification of Landing and Distribution Domains Using Whois’ Text Mining","authors":"Tran Thao Phuong, A. Yamada, Kosuke Murakami, J. Urakawa, Y. Sawaya, A. Kubota","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.213","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.213","url":null,"abstract":"Detection of drive-by-download attack has gained a focus in security research since the attack has turned into the most popular and serious threat to web infrastructure. The attack exploits vulnerabilities in web browsers and their extensions for unnoticeably downloading malicious software. Often, the victim is sent through a long chain of redirection operations in order to take down the offending pages. Concretely, the attack is triggered when a user visits a benign webpage that is compromised by the attacker (called landing page) and is inserted some malicious code inside. The user is then automatically redirected to an actual page that installs malware on the user's computer (called distribution page) without his/her consent or knowledge. While there is a large body of works targeting on detection of drive-by download attack, there is little attention on the redirection which is a crucial characteristic of the attack. In this paper, for the first time, we propose an approach to the classification of landing and distribution domains which are important components forming the head and tail of a redirection chain in the attack. The methodology in our approach is to use machine learning for text mining on the registered information of the domains called whois. We intensively implemented our approach with six popular supervised learning algorithms, compared the results and concluded that Linear-based Support Vector Machine and CART algorithm-based Decision Tree are the best models for our dataset which respectively give 98.55% and 99.28% of accuracy, 97.78% and 98.95% of F1 score, 98.35% and 99.45% of average precision.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129535937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: