In SDN, the controller is the core and is responsible for processing all flow requests of the network switches. However, due to the sudden occurrence and unbalanced distribution of flows in the network, it is likely that some controllers suffer workload that is far heavier than their load capacity, which leads to the failure of the controller and further leads to the paralysis of the entire network. To solve this problem, we propose a dynamic flow redirection scheme (DFR) to prevent network crash. We describe the phenomenon of controller failure caused by numerous flow requests. The flow redirection is formalized as a multi-objective optimization problem and constrained by flow table and bandwidth. We prove that the problem is NP-hard. We solve this problem with the dynamic flow redirection approach (DFR). First, state detection module detects whether the current flow requests will exceed the controller load. The Flow Redirection Assignment Module then computes the redirect path for the redundant flow request. Finally, Rule Dispense issues the flow rules to the corresponding switches. Simulation results show that DFR reduces network latency and reduces the overload probability of controllers by at least 3 times.
{"title":"Dynamic flow redirecton scheme for enhancing control plane robustness in SDN","authors":"Dong Liang, Qinrang Liu, Yanbin Hu, Tao Hu, Binghao Yan, Haiming Zhao","doi":"10.1109/TrustCom50675.2020.00182","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00182","url":null,"abstract":"In SDN, the controller is the core and is responsible for processing all flow requests of the network switches. However, due to the sudden occurrence and unbalanced distribution of flows in the network, it is likely that some controllers suffer workload that is far heavier than their load capacity, which leads to the failure of the controller and further leads to the paralysis of the entire network. To solve this problem, we propose a dynamic flow redirection scheme (DFR) to prevent network crash. We describe the phenomenon of controller failure caused by numerous flow requests. The flow redirection is formalized as a multi-objective optimization problem and constrained by flow table and bandwidth. We prove that the problem is NP-hard. We solve this problem with the dynamic flow redirection approach (DFR). First, state detection module detects whether the current flow requests will exceed the controller load. The Flow Redirection Assignment Module then computes the redirect path for the redundant flow request. Finally, Rule Dispense issues the flow rules to the corresponding switches. Simulation results show that DFR reduces network latency and reduces the overload probability of controllers by at least 3 times.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134276071","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00158
Wenjuan Li, W. Meng, Huimin Zhu
With the speedy growth of distributed networks such as Internet of Things (IoT), there is an increasing need to protect network security against various attacks by deploying collaborative intrusion detection systems (CIDSs), which allow different detector nodes to exchange required information and data with each other. While due to the distributed architecture, insider attacks are a big threat for CIDSs, in which an attacker can reside inside the network. To address this issue, designing an appropriate trust management scheme is considered as an effective solution. In this work, we first analyze the development of CIDSs in the past decades and identify the major challenges on building an effective trust management scheme. Then we introduce a generic framework aiming to enhance the security of CIDSs against advanced insider threats by deriving multilevel trust. In the study, our results demonstrate the viability and the effectiveness of our framework.
{"title":"Towards Collaborative Intrusion Detection Enhancement against Insider Attacks with Multi-Level Trust","authors":"Wenjuan Li, W. Meng, Huimin Zhu","doi":"10.1109/TrustCom50675.2020.00158","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00158","url":null,"abstract":"With the speedy growth of distributed networks such as Internet of Things (IoT), there is an increasing need to protect network security against various attacks by deploying collaborative intrusion detection systems (CIDSs), which allow different detector nodes to exchange required information and data with each other. While due to the distributed architecture, insider attacks are a big threat for CIDSs, in which an attacker can reside inside the network. To address this issue, designing an appropriate trust management scheme is considered as an effective solution. In this work, we first analyze the development of CIDSs in the past decades and identify the major challenges on building an effective trust management scheme. Then we introduce a generic framework aiming to enhance the security of CIDSs against advanced insider threats by deriving multilevel trust. In the study, our results demonstrate the viability and the effectiveness of our framework.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134475491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00020
Chengying Mao, Linlin Wen, T. Chen
Diversity is the key factor for test cases to detect program failures. Adaptive random testing (ART) is one of the effective methods to improve the diversity of test cases. Being an ART algorithm, the evolutionary adaptive random testing (eAR) only increases the distance between test cases to enhance its failure detection ability. This paper presents a new ART algorithm, MoesART, based on multi-objective evolutionary search. In this algorithm, in addition to the dispersion diversity, two other new diversities (or optimization objectives) are designed from the perspectives of the balance and proportionality of test cases. Then, the Pareto optimal solution returned by the NSGA-II framework is used as the next test case. In the experiments, the typical block failure pattern in the cases of two-dimensional and three-dimensional input domains is used to validate the effectiveness of the proposed MoesART algorithm. The experimental results show that MoesART exhibits better failure detection ability than both eAR and the fixed-sized-candidate-set ART (FSCS-ART), especially for the programs with three-dimensional input domain.
{"title":"Adaptive Random Test Case Generation Based on Multi-Objective Evolutionary Search","authors":"Chengying Mao, Linlin Wen, T. Chen","doi":"10.1109/TrustCom50675.2020.00020","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00020","url":null,"abstract":"Diversity is the key factor for test cases to detect program failures. Adaptive random testing (ART) is one of the effective methods to improve the diversity of test cases. Being an ART algorithm, the evolutionary adaptive random testing (eAR) only increases the distance between test cases to enhance its failure detection ability. This paper presents a new ART algorithm, MoesART, based on multi-objective evolutionary search. In this algorithm, in addition to the dispersion diversity, two other new diversities (or optimization objectives) are designed from the perspectives of the balance and proportionality of test cases. Then, the Pareto optimal solution returned by the NSGA-II framework is used as the next test case. In the experiments, the typical block failure pattern in the cases of two-dimensional and three-dimensional input domains is used to validate the effectiveness of the proposed MoesART algorithm. The experimental results show that MoesART exhibits better failure detection ability than both eAR and the fixed-sized-candidate-set ART (FSCS-ART), especially for the programs with three-dimensional input domain.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132628421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00269
Yu-Chih Wei, You-Xin Lai, Hai-Po Su, Yu-Wen Yen
It has been estimated that the global gaming market is worth nearly US$150 billion. Its consumer chargeback services often end up being used by some online gamers as a tool to commit fraud, causing a huge adverse impact on the industry. A gaming company in Taiwan found itself falling victim of malicious chargeback fraud. Nearly NT$10 million of fraudulent chargebacks were made during the period from January to April 2019 alone, making a huge dent in the revenue of the company. To counter chargeback fraud, some gaming companies resorted to manually checking for and blocking malicious accounts of their users, incurring huge labor cost in the process. Manual checking might have alleviated the problems to some extent; however, when new games came online, gaming companies would see a surge of malicious chargebacks, causing subsequent exponential increases in losses. To help reduce labor cost incurred by manual account checking, potential human errors and potential losses that may be caused by malicious chargebacks, this study proposed a k-NN model to detect malicious chargebacks by analysing online gamers' transactional records and gameplay data. The numbers of times and the amounts of prepayment, the numbers of times of chargebacks, and the times of the transactions that the gamers of our study gaming company made were used as characteristics for our k-NN model. The use of these characteristics enabled us to score a minimum of 0.81 in F1-Measure. In addition, three SMOTE (Synthetic Minority Over-sampling Technique) sampling methods were used to deal with the imbalance data provided by our study company and improve the F1-Measure of our proposed k-NN model (scoring up to 0.89 in our experiments). It is hoped that the use of our k-NN model can help reduce potential losses of online gaming companies that may be caused by malicious chargeback fraud, deter to malicious gamers against illegal gains, and prevent the online gaming ecosystem from being sabotaged by malicious chargebacks.
{"title":"Detecting Online Game Malicious Chargeback by using k-NN","authors":"Yu-Chih Wei, You-Xin Lai, Hai-Po Su, Yu-Wen Yen","doi":"10.1109/TrustCom50675.2020.00269","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00269","url":null,"abstract":"It has been estimated that the global gaming market is worth nearly US$150 billion. Its consumer chargeback services often end up being used by some online gamers as a tool to commit fraud, causing a huge adverse impact on the industry. A gaming company in Taiwan found itself falling victim of malicious chargeback fraud. Nearly NT$10 million of fraudulent chargebacks were made during the period from January to April 2019 alone, making a huge dent in the revenue of the company. To counter chargeback fraud, some gaming companies resorted to manually checking for and blocking malicious accounts of their users, incurring huge labor cost in the process. Manual checking might have alleviated the problems to some extent; however, when new games came online, gaming companies would see a surge of malicious chargebacks, causing subsequent exponential increases in losses. To help reduce labor cost incurred by manual account checking, potential human errors and potential losses that may be caused by malicious chargebacks, this study proposed a k-NN model to detect malicious chargebacks by analysing online gamers' transactional records and gameplay data. The numbers of times and the amounts of prepayment, the numbers of times of chargebacks, and the times of the transactions that the gamers of our study gaming company made were used as characteristics for our k-NN model. The use of these characteristics enabled us to score a minimum of 0.81 in F1-Measure. In addition, three SMOTE (Synthetic Minority Over-sampling Technique) sampling methods were used to deal with the imbalance data provided by our study company and improve the F1-Measure of our proposed k-NN model (scoring up to 0.89 in our experiments). It is hoped that the use of our k-NN model can help reduce potential losses of online gaming companies that may be caused by malicious chargeback fraud, deter to malicious gamers against illegal gains, and prevent the online gaming ecosystem from being sabotaged by malicious chargebacks.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122754856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00071
Minghui Li, Yang Li, Liming Fang
Mobile Crowd-Sensing (MCS) is gradually extended to the edge network to reduce the delay of data transmission and improve the ability of data processing. However, a challenge is that there are still loopholes in the protection of privacy data, especially in location-based services. The attacker can reconstruct the location relationship network among the correlation about the environment information, identity information, and other sensing data provided by mobile users. Moreover, in the edge environment, this kind of attack is more accurate and more threatening to the location privacy information. To solve this problem, we propose a location privacy protection scheme (ELPPS) for a mobile crowd-sensing network in the edge environment, to protect the position correlation weight between sensing users through differential privacy. We use the grid anonymous algorithm to confuse the location information in order to reduce the computing cost of edge nodes. The experiment results show that the proposed framework can effectively protect the location information of the sensing users without reducing the availability of the sensing task results, and has a low delay.
{"title":"ELPPS: An Enhanced Location Privacy Preserving Scheme in Mobile Crowd-Sensing Network Based on Edge Computing","authors":"Minghui Li, Yang Li, Liming Fang","doi":"10.1109/TrustCom50675.2020.00071","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00071","url":null,"abstract":"Mobile Crowd-Sensing (MCS) is gradually extended to the edge network to reduce the delay of data transmission and improve the ability of data processing. However, a challenge is that there are still loopholes in the protection of privacy data, especially in location-based services. The attacker can reconstruct the location relationship network among the correlation about the environment information, identity information, and other sensing data provided by mobile users. Moreover, in the edge environment, this kind of attack is more accurate and more threatening to the location privacy information. To solve this problem, we propose a location privacy protection scheme (ELPPS) for a mobile crowd-sensing network in the edge environment, to protect the position correlation weight between sensing users through differential privacy. We use the grid anonymous algorithm to confuse the location information in order to reduce the computing cost of edge nodes. The experiment results show that the proposed framework can effectively protect the location information of the sensing users without reducing the availability of the sensing task results, and has a low delay.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"232 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116324476","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00125
Paul Walther, T. Strufe
In Physical Layer Security, knowing the reciprocal state information of the legitimate terminals' wireless channel is considered a shared secret. Although questioned in recent works, the basic assumption is that an eavesdropper, residing more than half of a wavelength away from the legitimate terminals, is unable to even obtain estimates that are correlated to the state information of the legitimate channel. In this work, we present a Machine Learning based attack that does not require knowledge about the environment or terminal positions, but is solely based on the eavesdropper's measurements. It still successfully infers the legitimate channel state information as represented in impulse responses. We show the effectiveness of our attack by evaluating it on two sets of real world ultra wideband channel impulse responses, for which our attack predictions can achieve higher correlations than even the measurements at the legitimate channel.
{"title":"Inference Attacks on Physical Layer Channel State Information","authors":"Paul Walther, T. Strufe","doi":"10.1109/TrustCom50675.2020.00125","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00125","url":null,"abstract":"In Physical Layer Security, knowing the reciprocal state information of the legitimate terminals' wireless channel is considered a shared secret. Although questioned in recent works, the basic assumption is that an eavesdropper, residing more than half of a wavelength away from the legitimate terminals, is unable to even obtain estimates that are correlated to the state information of the legitimate channel. In this work, we present a Machine Learning based attack that does not require knowledge about the environment or terminal positions, but is solely based on the eavesdropper's measurements. It still successfully infers the legitimate channel state information as represented in impulse responses. We show the effectiveness of our attack by evaluating it on two sets of real world ultra wideband channel impulse responses, for which our attack predictions can achieve higher correlations than even the measurements at the legitimate channel.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114870920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00219
Han Zhang, Ming Liu, Zihan Yue, Zhi Xue, Yong-yu Shi, Xiangjian He
Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.
Web shell是最常见的网络攻击方式之一,传统的检测方法可能无法检测到复杂灵活的Web shell攻击变体。在本文中,我们提出了一个可以同时检测PHP和JSP web shell的综合检测系统。文件分类后,我们使用不同的特征提取方法,即PHP文件使用AST, JSP文件使用字节码。我们提出了一个基于文本处理方法的检测模型,包括TF-IDF和Word2vec算法。我们结合了不同的机器学习算法,并进行了全面的控制实验。经过实验和评估,我们选择了性能最好的检测机器学习模型,该模型可以达到98%以上的高检测准确率。
{"title":"A PHP and JSP Web Shell Detection System With Text Processing Based On Machine Learning","authors":"Han Zhang, Ming Liu, Zihan Yue, Zhi Xue, Yong-yu Shi, Xiangjian He","doi":"10.1109/TrustCom50675.2020.00219","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00219","url":null,"abstract":"Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115320872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00187
Tao Sun, Jing Yang, Wenjie Zhong
In order to solve the state explosion problem that makes model checking difficult to perform, this paper proposes a state space pruning algorithm. The property transition set is extracted from the ASK-CTL formula and the irrelevant transition set, which represents behaviors independent of the property to be detected is obtained through the data dependence relationship. To simplify the state space, the algorithm reduces concurrent occurrences of irrelevant transitions, which does not change property checking. The experimental results show that the state space pruning algorithm reduces the number of states and arcs of the state space, and improves the verification efficiency.
{"title":"CPN Model Checking Method of Concurrent Software Based on State Space Pruning","authors":"Tao Sun, Jing Yang, Wenjie Zhong","doi":"10.1109/TrustCom50675.2020.00187","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00187","url":null,"abstract":"In order to solve the state explosion problem that makes model checking difficult to perform, this paper proposes a state space pruning algorithm. The property transition set is extracted from the ASK-CTL formula and the irrelevant transition set, which represents behaviors independent of the property to be detected is obtained through the data dependence relationship. To simplify the state space, the algorithm reduces concurrent occurrences of irrelevant transitions, which does not change property checking. The experimental results show that the state space pruning algorithm reduces the number of states and arcs of the state space, and improves the verification efficiency.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114592015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00243
Shin-Ying Huang, Tao Ban
Publicly available software vulnerabilities and exploit code are often abused by malicious actors to launch cyberattacks to vulnerable targets. Organizations not only have to update their software to the latest versions, but do effective patch management and prioritize security-related patching as well. In addition to intelligence sources such as Computer Emergency Response Team (CERT) alerts, cybersecurity news, national vulnerability database (NBD), and commercial cybersecurity vendors, social media is another valuable source that facilitates early stage intelligence gathering. To early detect future cyber threats based on publicly available resources on the Internet, we propose a dynamic vulnerability-threat assessment model to predict the tendency to be exploited for vulnerability entries listed in Common Vulnerability Exposures, and also to analyze social media contents such as Twitter to extract meaningful information. The model takes multiple aspects of vulnerabilities gathered from different sources into consideration. Features range from profile information to contextual information about these vulnerabilities. For the social media data, this study leverages machine learning techniques specially for Twitter which helps to filter out non-cybersecurity-related tweets and also label the topic categories of each tweet. When applied to predict the vulnerabilities exploitation and analyzed the real-world social media discussion data, it showed promising prediction accuracy with purified social media intelligence. Moreover, the AI-enabling modules have been deployed into a threat intelligence platform for further applications.
{"title":"Monitoring Social Media for Vulnerability-Threat Prediction and Topic Analysis","authors":"Shin-Ying Huang, Tao Ban","doi":"10.1109/TrustCom50675.2020.00243","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00243","url":null,"abstract":"Publicly available software vulnerabilities and exploit code are often abused by malicious actors to launch cyberattacks to vulnerable targets. Organizations not only have to update their software to the latest versions, but do effective patch management and prioritize security-related patching as well. In addition to intelligence sources such as Computer Emergency Response Team (CERT) alerts, cybersecurity news, national vulnerability database (NBD), and commercial cybersecurity vendors, social media is another valuable source that facilitates early stage intelligence gathering. To early detect future cyber threats based on publicly available resources on the Internet, we propose a dynamic vulnerability-threat assessment model to predict the tendency to be exploited for vulnerability entries listed in Common Vulnerability Exposures, and also to analyze social media contents such as Twitter to extract meaningful information. The model takes multiple aspects of vulnerabilities gathered from different sources into consideration. Features range from profile information to contextual information about these vulnerabilities. For the social media data, this study leverages machine learning techniques specially for Twitter which helps to filter out non-cybersecurity-related tweets and also label the topic categories of each tweet. When applied to predict the vulnerabilities exploitation and analyzed the real-world social media discussion data, it showed promising prediction accuracy with purified social media intelligence. Moreover, the AI-enabling modules have been deployed into a threat intelligence platform for further applications.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121232988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A context-aware hook is a piece of code. It checks context-aware user privacy policy before some sensitive operations happen. We propose Prihook to address specific context-aware user privacy concerns through putting specific context-aware hooks. We design User Privacy Preference Table (UPPT) to help a user express his privacy concerns and propose a mapping from the words in the UPPT lexicon to the methods in the Potential Method Set. With this mapping, Prihook is able to (a) select a specific set of methods; and (b) generate and place hooks automatically. Hence, the hook placement in Prihook is personalized. We test Prihook separately on 6 typical UPPTs representing 6 kinds of resource-sensitive UPPTs, and no user privacy violation is found. The experimental results show that the hooks placed by PriHook have small runtime overhead.
{"title":"Prihook: Differentiated context-aware hook placement for different owners' smartphones","authors":"Chen Tian, Yazhe Wang, Peng Liu, Yu Wang, Ruirui Dai, Anyuan Zhou, Zhen Xu","doi":"10.1109/TrustCom50675.2020.00087","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00087","url":null,"abstract":"A context-aware hook is a piece of code. It checks context-aware user privacy policy before some sensitive operations happen. We propose Prihook to address specific context-aware user privacy concerns through putting specific context-aware hooks. We design User Privacy Preference Table (UPPT) to help a user express his privacy concerns and propose a mapping from the words in the UPPT lexicon to the methods in the Potential Method Set. With this mapping, Prihook is able to (a) select a specific set of methods; and (b) generate and place hooks automatically. Hence, the hook placement in Prihook is personalized. We test Prihook separately on 6 typical UPPTs representing 6 kinds of resource-sensitive UPPTs, and no user privacy violation is found. The experimental results show that the hooks placed by PriHook have small runtime overhead.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121554858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: