Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00242
Junzhi Yan, X. Hang, Bo Yang, Li Su, Shen He
Some issues such as CRL/OCSP (Certificate Revocation List / Online Certificate Status Protocol) unavailable, previsioned trust anchor unavailable, high communication load arise when PKI (Public Key Infrastructure) is leveraged into mobile networks. A blockchain based PKI framework in mobile network is proposed to solve these issues. The system is constituted by submission nodes, validator nodes, inquiry nodes. Scenarios and application cases are provided, and it shows the system can be widely used in mobile networks. The blockchain based PKI system is analyzed and compared to traditional solutions. It shows the trustworthy of SSL (Security Socket Layer) certificates and device certificates are the same as those in traditional PKI system. The storage requirement and certificate capacity of blockchain based PKI system is analyzed. Since certificates have expiry dates, the optimization method based on the invalid certificates is proposed. The optimization improves the storage efficiency of the blockchain based PKI certificate management system.
当PKI (Public Key Infrastructure)应用于移动网络时,会出现诸如CRL/OCSP (Certificate Revocation List / Online Certificate Status Protocol)不可用、预设信任锚不可用、高通信负载等问题。针对这些问题,提出了一种基于区块链的移动网络PKI框架。系统由提交节点、验证节点、查询节点组成。给出了应用场景和应用案例,表明该系统可以广泛应用于移动网络。对基于区块链的PKI系统进行了分析,并与传统方案进行了比较。说明SSL (Security Socket Layer)证书和设备证书的可信赖性与传统PKI系统相同。分析了基于区块链的PKI系统的存储需求和证书容量。由于证书具有有效期,提出了基于无效证书的优化方法。该优化提高了基于区块链的PKI证书管理系统的存储效率。
{"title":"Blockchain based PKI and Certificates Management in Mobile Networks","authors":"Junzhi Yan, X. Hang, Bo Yang, Li Su, Shen He","doi":"10.1109/TrustCom50675.2020.00242","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00242","url":null,"abstract":"Some issues such as CRL/OCSP (Certificate Revocation List / Online Certificate Status Protocol) unavailable, previsioned trust anchor unavailable, high communication load arise when PKI (Public Key Infrastructure) is leveraged into mobile networks. A blockchain based PKI framework in mobile network is proposed to solve these issues. The system is constituted by submission nodes, validator nodes, inquiry nodes. Scenarios and application cases are provided, and it shows the system can be widely used in mobile networks. The blockchain based PKI system is analyzed and compared to traditional solutions. It shows the trustworthy of SSL (Security Socket Layer) certificates and device certificates are the same as those in traditional PKI system. The storage requirement and certificate capacity of blockchain based PKI system is analyzed. Since certificates have expiry dates, the optimization method based on the invalid certificates is proposed. The optimization improves the storage efficiency of the blockchain based PKI certificate management system.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"19 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128319992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00230
Samaneh Rashidibajgan, Thomas Hupperich, R. Doss, Lei Pan
Cyber-Physical Systems raise a new dimension of security concerns as they open up the opportunity for attackers to affect a real-world environment. These systems are often applied in specific environments with special requirements and a common issue is to keep track of movements in a mobile system, e.g., involving autonomous robots, drones or sensory I/O devices. In Opportunistic Networks, nodes are usually mobile, forwarding messages from one device to another, not relying on external infrastructure like WiFi. Due to compact and convenient wearability, the nodes of an OppNet might be used to detect the absence and presence of devices or even people in an area where classical networks may not be reliable enough. In this paper, we combine opportunistic network technology with cyber-physical systems and propose a reliable routing algorithm for nodes tracking. Our real-world setup implements hardware sensor tags to evaluate the algorithm in a state-of-the-art environment. Efficiency and performance are compared with established algorithms i. e., Epidemic and Prophet, in terms of latency, network overhead, as well as message delivery probability, and to evaluate the algorithm's scalability, we simulate the tracking in a huge environment.
{"title":"Opportunistic Tracking in Cyber-Physical Systems","authors":"Samaneh Rashidibajgan, Thomas Hupperich, R. Doss, Lei Pan","doi":"10.1109/TrustCom50675.2020.00230","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00230","url":null,"abstract":"Cyber-Physical Systems raise a new dimension of security concerns as they open up the opportunity for attackers to affect a real-world environment. These systems are often applied in specific environments with special requirements and a common issue is to keep track of movements in a mobile system, e.g., involving autonomous robots, drones or sensory I/O devices. In Opportunistic Networks, nodes are usually mobile, forwarding messages from one device to another, not relying on external infrastructure like WiFi. Due to compact and convenient wearability, the nodes of an OppNet might be used to detect the absence and presence of devices or even people in an area where classical networks may not be reliable enough. In this paper, we combine opportunistic network technology with cyber-physical systems and propose a reliable routing algorithm for nodes tracking. Our real-world setup implements hardware sensor tags to evaluate the algorithm in a state-of-the-art environment. Efficiency and performance are compared with established algorithms i. e., Epidemic and Prophet, in terms of latency, network overhead, as well as message delivery probability, and to evaluate the algorithm's scalability, we simulate the tracking in a huge environment.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128621631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00260
Hossein Rezaeighaleh, C. Zou
Bitcoin and other altcoin cryptocurrencies use the Elliptic-Curve cryptography to control the ownership of coins. A user has one or more private keys to sign a transaction and send coins to others. The user locks her private keys with a password and stores them on a piece of software or a hardware wallet to protect them. A challenge in cryptocurrencies is losing access to private keys by its user, resulting in inaccessible coins. These coins are assigned to addresses which access to their private keys is impossible. Today, about 20 percent of all possible bitcoins are inaccessible and lost forever. A promising solution is the off-chain recovery transaction that aggregates all available coins to send them to an address when the private key is not accessible. Unfortunately, this recovery transaction must be regenerated after all sends and receives, and it is time-consuming to generate on hardware wallets. In this paper, we propose a new mechanism called lean recovery transaction to tackle this problem. We make a change in wallet key management to generate the recovery transaction as less frequently as possible. In our design, the wallet generates a lean recovery transaction only when needed and provides better performance, especially for micropayment. We evaluate the regular recovery transaction on two real hardware wallets and implement our proposed mechanism on a hardware wallet. We achieve a %40 percentage of less processing time for generating payment transactions with few numbers of inputs. The performance difference becomes even more significant, with a larger number of inputs.
{"title":"Efficient Off-Chain Transaction to Avoid Inaccessible Coins in Cryptocurrencies","authors":"Hossein Rezaeighaleh, C. Zou","doi":"10.1109/TrustCom50675.2020.00260","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00260","url":null,"abstract":"Bitcoin and other altcoin cryptocurrencies use the Elliptic-Curve cryptography to control the ownership of coins. A user has one or more private keys to sign a transaction and send coins to others. The user locks her private keys with a password and stores them on a piece of software or a hardware wallet to protect them. A challenge in cryptocurrencies is losing access to private keys by its user, resulting in inaccessible coins. These coins are assigned to addresses which access to their private keys is impossible. Today, about 20 percent of all possible bitcoins are inaccessible and lost forever. A promising solution is the off-chain recovery transaction that aggregates all available coins to send them to an address when the private key is not accessible. Unfortunately, this recovery transaction must be regenerated after all sends and receives, and it is time-consuming to generate on hardware wallets. In this paper, we propose a new mechanism called lean recovery transaction to tackle this problem. We make a change in wallet key management to generate the recovery transaction as less frequently as possible. In our design, the wallet generates a lean recovery transaction only when needed and provides better performance, especially for micropayment. We evaluate the regular recovery transaction on two real hardware wallets and implement our proposed mechanism on a hardware wallet. We achieve a %40 percentage of less processing time for generating payment transactions with few numbers of inputs. The performance difference becomes even more significant, with a larger number of inputs.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134086542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In SDN, the controller is the core and is responsible for processing all flow requests of the network switches. However, due to the sudden occurrence and unbalanced distribution of flows in the network, it is likely that some controllers suffer workload that is far heavier than their load capacity, which leads to the failure of the controller and further leads to the paralysis of the entire network. To solve this problem, we propose a dynamic flow redirection scheme (DFR) to prevent network crash. We describe the phenomenon of controller failure caused by numerous flow requests. The flow redirection is formalized as a multi-objective optimization problem and constrained by flow table and bandwidth. We prove that the problem is NP-hard. We solve this problem with the dynamic flow redirection approach (DFR). First, state detection module detects whether the current flow requests will exceed the controller load. The Flow Redirection Assignment Module then computes the redirect path for the redundant flow request. Finally, Rule Dispense issues the flow rules to the corresponding switches. Simulation results show that DFR reduces network latency and reduces the overload probability of controllers by at least 3 times.
{"title":"Dynamic flow redirecton scheme for enhancing control plane robustness in SDN","authors":"Dong Liang, Qinrang Liu, Yanbin Hu, Tao Hu, Binghao Yan, Haiming Zhao","doi":"10.1109/TrustCom50675.2020.00182","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00182","url":null,"abstract":"In SDN, the controller is the core and is responsible for processing all flow requests of the network switches. However, due to the sudden occurrence and unbalanced distribution of flows in the network, it is likely that some controllers suffer workload that is far heavier than their load capacity, which leads to the failure of the controller and further leads to the paralysis of the entire network. To solve this problem, we propose a dynamic flow redirection scheme (DFR) to prevent network crash. We describe the phenomenon of controller failure caused by numerous flow requests. The flow redirection is formalized as a multi-objective optimization problem and constrained by flow table and bandwidth. We prove that the problem is NP-hard. We solve this problem with the dynamic flow redirection approach (DFR). First, state detection module detects whether the current flow requests will exceed the controller load. The Flow Redirection Assignment Module then computes the redirect path for the redundant flow request. Finally, Rule Dispense issues the flow rules to the corresponding switches. Simulation results show that DFR reduces network latency and reduces the overload probability of controllers by at least 3 times.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134276071","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00066
Yu Fu, Siming Tong, Xiangyu Guo, Liang Cheng, Yang Zhang, D. Feng
Fuzzing has been widely adopted as an effective techniques to detect vulnerabilities in softwares. However, existing fuzzers suffer from the problems of generating excessive test inputs that either cannot pass input validation or are ineffective in exploring unvisited regions in the program under test (PUT). To tackle these problems, we propose a greybox fuzzer called MuFuzzer based on AFL, which incorporates two heuristics that optimize seed selection and automatically extract input formatting information from the PUT to increase the chance of generating valid test inputs, respectively. In particular, the first heuristic collects the branch coverage and execution information during a fuzz session, and utilizes such information to guide fuzzing tools in selecting seeds that are fast to execute, small in size, and more importantly, more likely to explore new behaviors of the PUT for subsequent fuzzing activities. The second heuristic automatically identifies string comparison operations that the PUT uses for input validation, and establishes a dictionary with string constants from these operations to help fuzzers generate test inputs that have higher chances to pass input validation. We have evaluated the performance of MuFuzzer, in terms of code coverage and bug detection, using a set of realistic programs and the LAVA-M test bench. Experiment results demonstrate that MuFuzzer is able to achieve higher code coverage and better or comparative bug detection performance than state-of-the-art fuzzers.
{"title":"Improving the Effectiveness of Grey-box Fuzzing By Extracting Program Information","authors":"Yu Fu, Siming Tong, Xiangyu Guo, Liang Cheng, Yang Zhang, D. Feng","doi":"10.1109/TrustCom50675.2020.00066","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00066","url":null,"abstract":"Fuzzing has been widely adopted as an effective techniques to detect vulnerabilities in softwares. However, existing fuzzers suffer from the problems of generating excessive test inputs that either cannot pass input validation or are ineffective in exploring unvisited regions in the program under test (PUT). To tackle these problems, we propose a greybox fuzzer called MuFuzzer based on AFL, which incorporates two heuristics that optimize seed selection and automatically extract input formatting information from the PUT to increase the chance of generating valid test inputs, respectively. In particular, the first heuristic collects the branch coverage and execution information during a fuzz session, and utilizes such information to guide fuzzing tools in selecting seeds that are fast to execute, small in size, and more importantly, more likely to explore new behaviors of the PUT for subsequent fuzzing activities. The second heuristic automatically identifies string comparison operations that the PUT uses for input validation, and establishes a dictionary with string constants from these operations to help fuzzers generate test inputs that have higher chances to pass input validation. We have evaluated the performance of MuFuzzer, in terms of code coverage and bug detection, using a set of realistic programs and the LAVA-M test bench. Experiment results demonstrate that MuFuzzer is able to achieve higher code coverage and better or comparative bug detection performance than state-of-the-art fuzzers.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134293779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00158
Wenjuan Li, W. Meng, Huimin Zhu
With the speedy growth of distributed networks such as Internet of Things (IoT), there is an increasing need to protect network security against various attacks by deploying collaborative intrusion detection systems (CIDSs), which allow different detector nodes to exchange required information and data with each other. While due to the distributed architecture, insider attacks are a big threat for CIDSs, in which an attacker can reside inside the network. To address this issue, designing an appropriate trust management scheme is considered as an effective solution. In this work, we first analyze the development of CIDSs in the past decades and identify the major challenges on building an effective trust management scheme. Then we introduce a generic framework aiming to enhance the security of CIDSs against advanced insider threats by deriving multilevel trust. In the study, our results demonstrate the viability and the effectiveness of our framework.
{"title":"Towards Collaborative Intrusion Detection Enhancement against Insider Attacks with Multi-Level Trust","authors":"Wenjuan Li, W. Meng, Huimin Zhu","doi":"10.1109/TrustCom50675.2020.00158","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00158","url":null,"abstract":"With the speedy growth of distributed networks such as Internet of Things (IoT), there is an increasing need to protect network security against various attacks by deploying collaborative intrusion detection systems (CIDSs), which allow different detector nodes to exchange required information and data with each other. While due to the distributed architecture, insider attacks are a big threat for CIDSs, in which an attacker can reside inside the network. To address this issue, designing an appropriate trust management scheme is considered as an effective solution. In this work, we first analyze the development of CIDSs in the past decades and identify the major challenges on building an effective trust management scheme. Then we introduce a generic framework aiming to enhance the security of CIDSs against advanced insider threats by deriving multilevel trust. In the study, our results demonstrate the viability and the effectiveness of our framework.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134475491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00127
Amjad Qashlan, P. Nanda, Xiangian He
There has been wide range of applications involving smart home systems for user comfort and accessibility to essential commodities. Users enjoy featured home services supported by the IoT smart devices. These IoT devices are resource-constrained, incapable of securing themselves and can be easily hacked. Edge computing can provide localized computations and storage which can augment such capacity limitations for IoT devices. Furthermore, blockchain has emerged as technology with capabilities to provide secure access and authentication for IoT devices in decentralized manner. In this paper, we propose an authentication scheme which integrate attribute based access control using smart contracts with ERC-20 Token (Ethereum Request For Comments) and edge computing to construct a secure framework for IoT devices in Smart home system. The edge server provide scalability to the system by offloading heavier computation tasks to edge servers. We present system architecture and design and discuss various aspects related to testing and implementation of the smart contracts. We show that our proposed scheme is secure by thoroughly analysing its security goals with respect to confidentiality, integrity and availability. Finally, we conduct a performance evaluation to demonstrate the feasibility and efficiency of the proposed scheme.
{"title":"Security and Privacy Implementation in Smart Home: Attributes Based Access Control and Smart Contracts","authors":"Amjad Qashlan, P. Nanda, Xiangian He","doi":"10.1109/TrustCom50675.2020.00127","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00127","url":null,"abstract":"There has been wide range of applications involving smart home systems for user comfort and accessibility to essential commodities. Users enjoy featured home services supported by the IoT smart devices. These IoT devices are resource-constrained, incapable of securing themselves and can be easily hacked. Edge computing can provide localized computations and storage which can augment such capacity limitations for IoT devices. Furthermore, blockchain has emerged as technology with capabilities to provide secure access and authentication for IoT devices in decentralized manner. In this paper, we propose an authentication scheme which integrate attribute based access control using smart contracts with ERC-20 Token (Ethereum Request For Comments) and edge computing to construct a secure framework for IoT devices in Smart home system. The edge server provide scalability to the system by offloading heavier computation tasks to edge servers. We present system architecture and design and discuss various aspects related to testing and implementation of the smart contracts. We show that our proposed scheme is secure by thoroughly analysing its security goals with respect to confidentiality, integrity and availability. Finally, we conduct a performance evaluation to demonstrate the feasibility and efficiency of the proposed scheme.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124329700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00026
Ming Liu, Zhi Xue, Xiangjian He
The host-based intrusion detection system (HIDS) is an essential research domain of cybersecurity. HIDS examines log data of hosts to identify intrusive behaviors. The detection efficiency is a significant factor of HIDS. Traditionally, HIDS is often installed with a standalone mode. Training detection engines with a large amount of data on a single physical computer with limited computing resources may be time-consuming. Therefore, this paper offers a unified HIDS framework based on Spark and deployed in the Google cloud. The framework includes a unified machine learning pipeline to implement scalable and efficient HIDS.
{"title":"A Unified Host-based Intrusion Detection Framework using Spark in Cloud","authors":"Ming Liu, Zhi Xue, Xiangjian He","doi":"10.1109/TrustCom50675.2020.00026","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00026","url":null,"abstract":"The host-based intrusion detection system (HIDS) is an essential research domain of cybersecurity. HIDS examines log data of hosts to identify intrusive behaviors. The detection efficiency is a significant factor of HIDS. Traditionally, HIDS is often installed with a standalone mode. Training detection engines with a large amount of data on a single physical computer with limited computing resources may be time-consuming. Therefore, this paper offers a unified HIDS framework based on Spark and deployed in the Google cloud. The framework includes a unified machine learning pipeline to implement scalable and efficient HIDS.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"225 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122361248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Although machine learning (ML) based solutions are ever-evolving for the attack defending paradigm, signatures of malicious network traffic are vital resources for intrusion detection systems (IDSs) and network forensic procedure, covering the lack of interpretability and stability for ML models. However, signature extraction is still a time and labor consuming task nowadays, resulting in possible increase of the attackers' dwell time. Existing automatic solutions rely too much on sequence similarity based and heuristic based methods, encountering performance degradation in large scale and dynamic network environment. In this paper, we present a novel method, called Clustering and Model Inference-based Rule Generation (CMIRGen), automatically generating token-set based signature rules for malicious traffic payloads to be inspected. CMIRGen leverages both optimized sequence similarity based and black-box model inference based methods to extract patterns from homogeneous and heterogeneous payloads respectively. Experimental evaluations have been conducted on several datasets and show the CMIRGen framework can extract discriminative signatures, presenting high recall rate and low false positive rate at the same time for malicious content recognition.
{"title":"CMIRGen: Automatic Signature Generation Algorithm for Malicious Network Traffic","authors":"Runzi Zhang, Mingkai Tong, Lei Chen, Jianxin Xue, Wenmao Liu, Feng Xie","doi":"10.1109/TrustCom50675.2020.00101","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00101","url":null,"abstract":"Although machine learning (ML) based solutions are ever-evolving for the attack defending paradigm, signatures of malicious network traffic are vital resources for intrusion detection systems (IDSs) and network forensic procedure, covering the lack of interpretability and stability for ML models. However, signature extraction is still a time and labor consuming task nowadays, resulting in possible increase of the attackers' dwell time. Existing automatic solutions rely too much on sequence similarity based and heuristic based methods, encountering performance degradation in large scale and dynamic network environment. In this paper, we present a novel method, called Clustering and Model Inference-based Rule Generation (CMIRGen), automatically generating token-set based signature rules for malicious traffic payloads to be inspected. CMIRGen leverages both optimized sequence similarity based and black-box model inference based methods to extract patterns from homogeneous and heterogeneous payloads respectively. Experimental evaluations have been conducted on several datasets and show the CMIRGen framework can extract discriminative signatures, presenting high recall rate and low false positive rate at the same time for malicious content recognition.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123028409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00234
Xianze Liu, Jihong Liu, B. Jiang, Haozhen Jiang, Zhi Yang
Currently, SM9 algorithm has received more and more attention as a new cryptographic product. The SM9 algorithm encryption and decryption principle relies on the mapping relationship on the elliptic curve. Although this mapping relationship improves the security, it will slightly reduce the efficiency. The goal of this article is to improve the efficiency of the SM9 algorithm. Different from the traditional assembly line acceleration method, we decided to start with the basic operation of the algorithm itself. There is a bilinear pairing operation on the elliptic curve, which completes the point to point on the elliptic curve. The calculation complexity directly determines the SM9 algorithm. For this reason, we propose two new bilinear pair processing methods. The former uses the properties of isomorphic mapping to transfer the operations involved in the calculation of bilinear pairs from a large feature domain to a small feature domain, reducing the number of operations on the feature domain. The latter is for special operations in the bilinear pairing process, adding intermediate variables to convert them into low-time-consuming multiplication operations. According to the traditional Miller algorithm, the calculation of bilinear pairs requires 900 multiplication time units. Our solution can reduce this value to 700 and 800 multiplication time units respectively. In addition, the two algorithms have not changed the mapping relationship of the bilinear pair. On the premise of ensuring the correct mapping relationship, the efficiency of the SM9 algorithm is improved.
{"title":"More efficient SM9 algorithm based on bilinear pair optimization processing","authors":"Xianze Liu, Jihong Liu, B. Jiang, Haozhen Jiang, Zhi Yang","doi":"10.1109/TrustCom50675.2020.00234","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00234","url":null,"abstract":"Currently, SM9 algorithm has received more and more attention as a new cryptographic product. The SM9 algorithm encryption and decryption principle relies on the mapping relationship on the elliptic curve. Although this mapping relationship improves the security, it will slightly reduce the efficiency. The goal of this article is to improve the efficiency of the SM9 algorithm. Different from the traditional assembly line acceleration method, we decided to start with the basic operation of the algorithm itself. There is a bilinear pairing operation on the elliptic curve, which completes the point to point on the elliptic curve. The calculation complexity directly determines the SM9 algorithm. For this reason, we propose two new bilinear pair processing methods. The former uses the properties of isomorphic mapping to transfer the operations involved in the calculation of bilinear pairs from a large feature domain to a small feature domain, reducing the number of operations on the feature domain. The latter is for special operations in the bilinear pairing process, adding intermediate variables to convert them into low-time-consuming multiplication operations. According to the traditional Miller algorithm, the calculation of bilinear pairs requires 900 multiplication time units. Our solution can reduce this value to 700 and 800 multiplication time units respectively. In addition, the two algorithms have not changed the mapping relationship of the bilinear pair. On the premise of ensuring the correct mapping relationship, the efficiency of the SM9 algorithm is improved.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128789067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: