S. Bhandari, Rishabh Gupta, V. Laxmi, M. Gaur, A. Zemmari, M. Anikeev
Android being the most popular open source mobile operating system, attracts a plethora of app developers. Millions of applications are developed for Android platform with a great extent of behavioral diversities and are available on Play Store as well as on many third party app stores. Due to its open nature, in the past Android Platform has been targeted by many malware writers. The conventional way of signature-based detection methods for detecting malware on a device are no longer promising due to an exponential increase in the number of variants of the same application with different signatures. Moreover, they lack in dynamic analysis too. In this paper, we propose DRACO, which employs a two-phase detection technique that blends the synergy of both static and dynamic analysis. It has two modules, client module that is in the form an Android app and gets installed on mobile devices and a server module that runs on a server. DRACO also explains user about the features contributing to the maliciousness of analyzed app and generates scoring for that maliciousness. It does not require any root or super-user privileges. In an evaluation of 18,000 benign applications and 10,000 malware samples, DRACO performs better than several related existing approaches and detects 98.4% of the malware with few false alerts. On ten popular smartphones, the method requires an average of 6 seconds for on device analysis and 90 seconds on server analysis.
{"title":"DRACO: DRoid analyst combo an android malware analysis framework","authors":"S. Bhandari, Rishabh Gupta, V. Laxmi, M. Gaur, A. Zemmari, M. Anikeev","doi":"10.1145/2799979.2800003","DOIUrl":"https://doi.org/10.1145/2799979.2800003","url":null,"abstract":"Android being the most popular open source mobile operating system, attracts a plethora of app developers. Millions of applications are developed for Android platform with a great extent of behavioral diversities and are available on Play Store as well as on many third party app stores. Due to its open nature, in the past Android Platform has been targeted by many malware writers. The conventional way of signature-based detection methods for detecting malware on a device are no longer promising due to an exponential increase in the number of variants of the same application with different signatures. Moreover, they lack in dynamic analysis too. In this paper, we propose DRACO, which employs a two-phase detection technique that blends the synergy of both static and dynamic analysis. It has two modules, client module that is in the form an Android app and gets installed on mobile devices and a server module that runs on a server. DRACO also explains user about the features contributing to the maliciousness of analyzed app and generates scoring for that maliciousness. It does not require any root or super-user privileges. In an evaluation of 18,000 benign applications and 10,000 malware samples, DRACO performs better than several related existing approaches and detects 98.4% of the malware with few false alerts. On ten popular smartphones, the method requires an average of 6 seconds for on device analysis and 90 seconds on server analysis.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115146350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paper presents an analytical model to study the performance and availability of queueing systems with finite queue and a lot of service phases. The first phase has the exponential distribution of service time, while the second one has the hyper-Erlangian distribution. The analytical results obtained are verified using discrete-event simulation. A few numerical examples for varying the service rates and arrival rates are given. The results presented in the paper can be used for analysis of the Next Generation Firewalls (NGFWs).
{"title":"Modeling of next-generation firewalls as queueing services","authors":"S. Zapechnikov, N. Miloslavskaya, A. Tolstoy","doi":"10.1145/2799979.2799997","DOIUrl":"https://doi.org/10.1145/2799979.2799997","url":null,"abstract":"The paper presents an analytical model to study the performance and availability of queueing systems with finite queue and a lot of service phases. The first phase has the exponential distribution of service time, while the second one has the hyper-Erlangian distribution. The analytical results obtained are verified using discrete-event simulation. A few numerical examples for varying the service rates and arrival rates are given. The results presented in the paper can be used for analysis of the Next Generation Firewalls (NGFWs).","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122409778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Advanced Persistent Threat (APT) attacks are special kind of slow moving attacks that are designed to defeat security controls using unique attack vectors and malware specifically developed for the target organization. Aim behind APT attacks is not to disrupt services but to steal valuable data and intellectual property. Therefore, timely detection of APT attack is very important. We believe that deception tools like honeypots can significantly increase the possibility of early detection of such sophisticated attacks. In this research effort, a framework is proposed in which Honeypot along with NIDS is used to actively alert the administrator and not leaving the detection of APT in the hands to administrator by correlating different network events. The proposed framework is also implemented to test effectiveness of the proposed technique.
{"title":"Towards proactive detection of advanced persistent threat (APT) attacks using honeypots","authors":"Zainab Saud, M. H. Islam","doi":"10.1145/2799979.2800042","DOIUrl":"https://doi.org/10.1145/2799979.2800042","url":null,"abstract":"The Advanced Persistent Threat (APT) attacks are special kind of slow moving attacks that are designed to defeat security controls using unique attack vectors and malware specifically developed for the target organization. Aim behind APT attacks is not to disrupt services but to steal valuable data and intellectual property. Therefore, timely detection of APT attack is very important. We believe that deception tools like honeypots can significantly increase the possibility of early detection of such sophisticated attacks. In this research effort, a framework is proposed in which Honeypot along with NIDS is used to actively alert the administrator and not leaving the detection of APT in the hands to administrator by correlating different network events. The proposed framework is also implemented to test effectiveness of the proposed technique.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122078520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper deals with fully homomorphic cryptosystems exploiting the problem of big integers factoring. We give a short review of them and highlight two main types of such fully homomorphic cryptosystems (FHCs): polynomial-based and matrix-based. The main focus of the discussion is placed on one recently proposed polynomial-based FHC. Its construction is recalled, but mainly we concentrate on security issues. And here our contribution is twofold. First, we review a known-plaintext attack (KPA) proposed in literature on this FHC. We give the general idea of KPA, the probability of its success and the number of pairs (plaintext, ciphertext) necessary to break the FHC. Second, we discuss how the reviewed KPA may be extended in order to decrease the necessary number of pairs. On a high level the proposed extension of KPA may be applied not only to this concrete FHC, but to all reviewed here FHCs. Our KPA essentially uses non-uniformity of probabilistic distribution over plaintexts to obtain a high probability of success. And instead of missing pairs it requires an additional sequence of ciphertexts produced on the same key.
{"title":"Cryptanalysis of factoring-based fully homomorphic encryption","authors":"L. Babenko, A. Trepacheva","doi":"10.1145/2799979.2800038","DOIUrl":"https://doi.org/10.1145/2799979.2800038","url":null,"abstract":"This paper deals with fully homomorphic cryptosystems exploiting the problem of big integers factoring. We give a short review of them and highlight two main types of such fully homomorphic cryptosystems (FHCs): polynomial-based and matrix-based. The main focus of the discussion is placed on one recently proposed polynomial-based FHC. Its construction is recalled, but mainly we concentrate on security issues. And here our contribution is twofold. First, we review a known-plaintext attack (KPA) proposed in literature on this FHC. We give the general idea of KPA, the probability of its success and the number of pairs (plaintext, ciphertext) necessary to break the FHC. Second, we discuss how the reviewed KPA may be extended in order to decrease the necessary number of pairs. On a high level the proposed extension of KPA may be applied not only to this concrete FHC, but to all reviewed here FHCs. Our KPA essentially uses non-uniformity of probabilistic distribution over plaintexts to obtain a high probability of success. And instead of missing pairs it requires an additional sequence of ciphertexts produced on the same key.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127585664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We briefly describe Russia's current approach to the Common Criteria-based IT-certification scheme and its current state. Basic historical and perspective issues are observed, as well as our statistics and future plans.
{"title":"Modern trends in the regulatory framework of the information security compliance assessment in Russia based on common criteria","authors":"A. Barabanov, A. Markov","doi":"10.1145/2799979.2799980","DOIUrl":"https://doi.org/10.1145/2799979.2799980","url":null,"abstract":"We briefly describe Russia's current approach to the Common Criteria-based IT-certification scheme and its current state. Basic historical and perspective issues are observed, as well as our statistics and future plans.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128868880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The questions of protection of information systems against threats of functional failures are considered. The concept of active protection technology realizing the functional restructuring of the system is suggested. The conceptual apparatus of functional redundancy are developed. The principles of operation of the immutability of purpose and principle of operation of the reduction target are defined. The classification of methods to ensure functional stability is submitted.
{"title":"Modern techniques of function-level fault tolerance in MFM-systems","authors":"Alexander Tarasov","doi":"10.1145/2799979.2800016","DOIUrl":"https://doi.org/10.1145/2799979.2800016","url":null,"abstract":"The questions of protection of information systems against threats of functional failures are considered. The concept of active protection technology realizing the functional restructuring of the system is suggested. The conceptual apparatus of functional redundancy are developed. The principles of operation of the immutability of purpose and principle of operation of the reduction target are defined. The classification of methods to ensure functional stability is submitted.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"209 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123330302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov, Igor Shakhalov
A study of the available approaches aimed at mitigating vulnerabilities in the software development, and their applicability during the software compliance evaluation was carried out. Having systematized the standards and guidelines on the development of secure software, we made a list of basic requirements that enables us, among other things, to assess the software development processes for compliance with secure software requirements. We present an original conceptual model for analysis and synthesis of controls for secure software development, which allows software developers to select reasonable controls for developing secure software.
{"title":"Synthesis of secure software development controls","authors":"A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov, Igor Shakhalov","doi":"10.1145/2799979.2799998","DOIUrl":"https://doi.org/10.1145/2799979.2799998","url":null,"abstract":"A study of the available approaches aimed at mitigating vulnerabilities in the software development, and their applicability during the software compliance evaluation was carried out. Having systematized the standards and guidelines on the development of secure software, we made a list of basic requirements that enables us, among other things, to assess the software development processes for compliance with secure software requirements. We present an original conceptual model for analysis and synthesis of controls for secure software development, which allows software developers to select reasonable controls for developing secure software.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122856206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
E-Learning portal (EP) developers are facing many security issues to make it a trusted tool for e-Learning. The paper discusses EP usage in blended learning of Masters on the "Business continuity and information security maintenance" (BC&ISM) at the NRNU MEPhI. The motivation of security implementation expedience for EP including a brief overview of typical attacks against EP is given. BC&ISM EP's structure as a protection object is discussed. The key security requirements and functional security subsystem components of a secure BC&ISM EP being able to protect it against the main possible attacks are described.
{"title":"Secure e-Learning portal for teaching business continuity and information security management","authors":"N. Miloslavskaya, A. Tolstoy, V. Petrov","doi":"10.1145/2799979.2800020","DOIUrl":"https://doi.org/10.1145/2799979.2800020","url":null,"abstract":"E-Learning portal (EP) developers are facing many security issues to make it a trusted tool for e-Learning. The paper discusses EP usage in blended learning of Masters on the \"Business continuity and information security maintenance\" (BC&ISM) at the NRNU MEPhI. The motivation of security implementation expedience for EP including a brief overview of typical attacks against EP is given. BC&ISM EP's structure as a protection object is discussed. The key security requirements and functional security subsystem components of a secure BC&ISM EP being able to protect it against the main possible attacks are described.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127679802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There are many problems of network security. Formalization of these problems can be the key to solving some of them. This paper focuses on two specific network security problems. We propose an approach based on Boolean-valued networks to solve these and possibly other network problems. Two models to solve the addressed problems are offered. A definition of a maximum flow in Boolean-valued networks and algorithms to find this flow were proposed. Two examples to demonstrate the described problems, models and algorithms are also presented in the paper.
{"title":"Two formal problems of network security and a theory of boolean-valued flow networks","authors":"E. Shcherba","doi":"10.1145/2799979.2800040","DOIUrl":"https://doi.org/10.1145/2799979.2800040","url":null,"abstract":"There are many problems of network security. Formalization of these problems can be the key to solving some of them. This paper focuses on two specific network security problems. We propose an approach based on Boolean-valued networks to solve these and possibly other network problems. Two models to solve the addressed problems are offered. A definition of a maximum flow in Boolean-valued networks and algorithms to find this flow were proposed. Two examples to demonstrate the described problems, models and algorithms are also presented in the paper.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131761375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Goswami, Subhasish Banerjee, M. P. Dutta, C. Bhunia
Rapid development of computer networks laid a trend to share the information worldwide. However, one of the important criterions is to provide the confidentiality to the shared data over the insecure communication channel. Due to the growth of computer technology; assuring the security of such shared information becomes challenging and complicated task among the researchers. In this consequence, the dynamic key approach is most desirable as compared to static key. In this respect, the AVK is one of the best techniques to achieve the perfect security as per the literature. In this paper, we have proposed a dynamic mechanism of AVK to enhance the security by increasing the randomness among the successive keys.
{"title":"Absolute key variation technique of automatic variable key in cryptography","authors":"R. Goswami, Subhasish Banerjee, M. P. Dutta, C. Bhunia","doi":"10.1145/2799979.2800021","DOIUrl":"https://doi.org/10.1145/2799979.2800021","url":null,"abstract":"Rapid development of computer networks laid a trend to share the information worldwide. However, one of the important criterions is to provide the confidentiality to the shared data over the insecure communication channel. Due to the growth of computer technology; assuring the security of such shared information becomes challenging and complicated task among the researchers. In this consequence, the dynamic key approach is most desirable as compared to static key. In this respect, the AVK is one of the best techniques to achieve the perfect security as per the literature. In this paper, we have proposed a dynamic mechanism of AVK to enhance the security by increasing the randomness among the successive keys.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131912349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: