S. Bhandari, Rishabh Gupta, V. Laxmi, M. Gaur, A. Zemmari, M. Anikeev
Android being the most popular open source mobile operating system, attracts a plethora of app developers. Millions of applications are developed for Android platform with a great extent of behavioral diversities and are available on Play Store as well as on many third party app stores. Due to its open nature, in the past Android Platform has been targeted by many malware writers. The conventional way of signature-based detection methods for detecting malware on a device are no longer promising due to an exponential increase in the number of variants of the same application with different signatures. Moreover, they lack in dynamic analysis too. In this paper, we propose DRACO, which employs a two-phase detection technique that blends the synergy of both static and dynamic analysis. It has two modules, client module that is in the form an Android app and gets installed on mobile devices and a server module that runs on a server. DRACO also explains user about the features contributing to the maliciousness of analyzed app and generates scoring for that maliciousness. It does not require any root or super-user privileges. In an evaluation of 18,000 benign applications and 10,000 malware samples, DRACO performs better than several related existing approaches and detects 98.4% of the malware with few false alerts. On ten popular smartphones, the method requires an average of 6 seconds for on device analysis and 90 seconds on server analysis.
{"title":"DRACO: DRoid analyst combo an android malware analysis framework","authors":"S. Bhandari, Rishabh Gupta, V. Laxmi, M. Gaur, A. Zemmari, M. Anikeev","doi":"10.1145/2799979.2800003","DOIUrl":"https://doi.org/10.1145/2799979.2800003","url":null,"abstract":"Android being the most popular open source mobile operating system, attracts a plethora of app developers. Millions of applications are developed for Android platform with a great extent of behavioral diversities and are available on Play Store as well as on many third party app stores. Due to its open nature, in the past Android Platform has been targeted by many malware writers. The conventional way of signature-based detection methods for detecting malware on a device are no longer promising due to an exponential increase in the number of variants of the same application with different signatures. Moreover, they lack in dynamic analysis too. In this paper, we propose DRACO, which employs a two-phase detection technique that blends the synergy of both static and dynamic analysis. It has two modules, client module that is in the form an Android app and gets installed on mobile devices and a server module that runs on a server. DRACO also explains user about the features contributing to the maliciousness of analyzed app and generates scoring for that maliciousness. It does not require any root or super-user privileges. In an evaluation of 18,000 benign applications and 10,000 malware samples, DRACO performs better than several related existing approaches and detects 98.4% of the malware with few false alerts. On ten popular smartphones, the method requires an average of 6 seconds for on device analysis and 90 seconds on server analysis.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115146350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paper presents an analytical model to study the performance and availability of queueing systems with finite queue and a lot of service phases. The first phase has the exponential distribution of service time, while the second one has the hyper-Erlangian distribution. The analytical results obtained are verified using discrete-event simulation. A few numerical examples for varying the service rates and arrival rates are given. The results presented in the paper can be used for analysis of the Next Generation Firewalls (NGFWs).
{"title":"Modeling of next-generation firewalls as queueing services","authors":"S. Zapechnikov, N. Miloslavskaya, A. Tolstoy","doi":"10.1145/2799979.2799997","DOIUrl":"https://doi.org/10.1145/2799979.2799997","url":null,"abstract":"The paper presents an analytical model to study the performance and availability of queueing systems with finite queue and a lot of service phases. The first phase has the exponential distribution of service time, while the second one has the hyper-Erlangian distribution. The analytical results obtained are verified using discrete-event simulation. A few numerical examples for varying the service rates and arrival rates are given. The results presented in the paper can be used for analysis of the Next Generation Firewalls (NGFWs).","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122409778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Advanced Persistent Threat (APT) attacks are special kind of slow moving attacks that are designed to defeat security controls using unique attack vectors and malware specifically developed for the target organization. Aim behind APT attacks is not to disrupt services but to steal valuable data and intellectual property. Therefore, timely detection of APT attack is very important. We believe that deception tools like honeypots can significantly increase the possibility of early detection of such sophisticated attacks. In this research effort, a framework is proposed in which Honeypot along with NIDS is used to actively alert the administrator and not leaving the detection of APT in the hands to administrator by correlating different network events. The proposed framework is also implemented to test effectiveness of the proposed technique.
{"title":"Towards proactive detection of advanced persistent threat (APT) attacks using honeypots","authors":"Zainab Saud, M. H. Islam","doi":"10.1145/2799979.2800042","DOIUrl":"https://doi.org/10.1145/2799979.2800042","url":null,"abstract":"The Advanced Persistent Threat (APT) attacks are special kind of slow moving attacks that are designed to defeat security controls using unique attack vectors and malware specifically developed for the target organization. Aim behind APT attacks is not to disrupt services but to steal valuable data and intellectual property. Therefore, timely detection of APT attack is very important. We believe that deception tools like honeypots can significantly increase the possibility of early detection of such sophisticated attacks. In this research effort, a framework is proposed in which Honeypot along with NIDS is used to actively alert the administrator and not leaving the detection of APT in the hands to administrator by correlating different network events. The proposed framework is also implemented to test effectiveness of the proposed technique.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122078520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper deals with fully homomorphic cryptosystems exploiting the problem of big integers factoring. We give a short review of them and highlight two main types of such fully homomorphic cryptosystems (FHCs): polynomial-based and matrix-based. The main focus of the discussion is placed on one recently proposed polynomial-based FHC. Its construction is recalled, but mainly we concentrate on security issues. And here our contribution is twofold. First, we review a known-plaintext attack (KPA) proposed in literature on this FHC. We give the general idea of KPA, the probability of its success and the number of pairs (plaintext, ciphertext) necessary to break the FHC. Second, we discuss how the reviewed KPA may be extended in order to decrease the necessary number of pairs. On a high level the proposed extension of KPA may be applied not only to this concrete FHC, but to all reviewed here FHCs. Our KPA essentially uses non-uniformity of probabilistic distribution over plaintexts to obtain a high probability of success. And instead of missing pairs it requires an additional sequence of ciphertexts produced on the same key.
{"title":"Cryptanalysis of factoring-based fully homomorphic encryption","authors":"L. Babenko, A. Trepacheva","doi":"10.1145/2799979.2800038","DOIUrl":"https://doi.org/10.1145/2799979.2800038","url":null,"abstract":"This paper deals with fully homomorphic cryptosystems exploiting the problem of big integers factoring. We give a short review of them and highlight two main types of such fully homomorphic cryptosystems (FHCs): polynomial-based and matrix-based. The main focus of the discussion is placed on one recently proposed polynomial-based FHC. Its construction is recalled, but mainly we concentrate on security issues. And here our contribution is twofold. First, we review a known-plaintext attack (KPA) proposed in literature on this FHC. We give the general idea of KPA, the probability of its success and the number of pairs (plaintext, ciphertext) necessary to break the FHC. Second, we discuss how the reviewed KPA may be extended in order to decrease the necessary number of pairs. On a high level the proposed extension of KPA may be applied not only to this concrete FHC, but to all reviewed here FHCs. Our KPA essentially uses non-uniformity of probabilistic distribution over plaintexts to obtain a high probability of success. And instead of missing pairs it requires an additional sequence of ciphertexts produced on the same key.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127585664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We briefly describe Russia's current approach to the Common Criteria-based IT-certification scheme and its current state. Basic historical and perspective issues are observed, as well as our statistics and future plans.
{"title":"Modern trends in the regulatory framework of the information security compliance assessment in Russia based on common criteria","authors":"A. Barabanov, A. Markov","doi":"10.1145/2799979.2799980","DOIUrl":"https://doi.org/10.1145/2799979.2799980","url":null,"abstract":"We briefly describe Russia's current approach to the Common Criteria-based IT-certification scheme and its current state. Basic historical and perspective issues are observed, as well as our statistics and future plans.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128868880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The questions of protection of information systems against threats of functional failures are considered. The concept of active protection technology realizing the functional restructuring of the system is suggested. The conceptual apparatus of functional redundancy are developed. The principles of operation of the immutability of purpose and principle of operation of the reduction target are defined. The classification of methods to ensure functional stability is submitted.
{"title":"Modern techniques of function-level fault tolerance in MFM-systems","authors":"Alexander Tarasov","doi":"10.1145/2799979.2800016","DOIUrl":"https://doi.org/10.1145/2799979.2800016","url":null,"abstract":"The questions of protection of information systems against threats of functional failures are considered. The concept of active protection technology realizing the functional restructuring of the system is suggested. The conceptual apparatus of functional redundancy are developed. The principles of operation of the immutability of purpose and principle of operation of the reduction target are defined. The classification of methods to ensure functional stability is submitted.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123330302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov, Igor Shakhalov
A study of the available approaches aimed at mitigating vulnerabilities in the software development, and their applicability during the software compliance evaluation was carried out. Having systematized the standards and guidelines on the development of secure software, we made a list of basic requirements that enables us, among other things, to assess the software development processes for compliance with secure software requirements. We present an original conceptual model for analysis and synthesis of controls for secure software development, which allows software developers to select reasonable controls for developing secure software.
{"title":"Synthesis of secure software development controls","authors":"A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov, Igor Shakhalov","doi":"10.1145/2799979.2799998","DOIUrl":"https://doi.org/10.1145/2799979.2799998","url":null,"abstract":"A study of the available approaches aimed at mitigating vulnerabilities in the software development, and their applicability during the software compliance evaluation was carried out. Having systematized the standards and guidelines on the development of secure software, we made a list of basic requirements that enables us, among other things, to assess the software development processes for compliance with secure software requirements. We present an original conceptual model for analysis and synthesis of controls for secure software development, which allows software developers to select reasonable controls for developing secure software.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122856206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
E-Learning portal (EP) developers are facing many security issues to make it a trusted tool for e-Learning. The paper discusses EP usage in blended learning of Masters on the "Business continuity and information security maintenance" (BC&ISM) at the NRNU MEPhI. The motivation of security implementation expedience for EP including a brief overview of typical attacks against EP is given. BC&ISM EP's structure as a protection object is discussed. The key security requirements and functional security subsystem components of a secure BC&ISM EP being able to protect it against the main possible attacks are described.
{"title":"Secure e-Learning portal for teaching business continuity and information security management","authors":"N. Miloslavskaya, A. Tolstoy, V. Petrov","doi":"10.1145/2799979.2800020","DOIUrl":"https://doi.org/10.1145/2799979.2800020","url":null,"abstract":"E-Learning portal (EP) developers are facing many security issues to make it a trusted tool for e-Learning. The paper discusses EP usage in blended learning of Masters on the \"Business continuity and information security maintenance\" (BC&ISM) at the NRNU MEPhI. The motivation of security implementation expedience for EP including a brief overview of typical attacks against EP is given. BC&ISM EP's structure as a protection object is discussed. The key security requirements and functional security subsystem components of a secure BC&ISM EP being able to protect it against the main possible attacks are described.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127679802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In modern era, remote user can access the multiple-services from anywhere in the world at any time through Internet. So, to provide the legitimacy among the users, various remote user authentication schemes have been designed. Recently, Chuang and Chang has proposed a scheme under multi-server architecture based on three security factors namely, smart card, password and biometric and claimed that, their scheme can resist several kind of attacks and can be successful to provide more security properties than that of existing schemes. In this paper, we have reviewed their schemes and proved that Chuang and Chang's scheme cannot resist server spoofing or user impersonate attack, password guessing attack and also fails to achieve forward key secrecy. To overcome their weaknesses and fulfill such important security requirements, we have proposed an improved remote user authentication scheme under multi-server environment.
{"title":"A perfect dynamic-id and biometric based remote user authentication scheme under multi-server environments using smart cards","authors":"Subhasish Banerjee, M. P. Dutta, C. Bhunia","doi":"10.1145/2799979.2799984","DOIUrl":"https://doi.org/10.1145/2799979.2799984","url":null,"abstract":"In modern era, remote user can access the multiple-services from anywhere in the world at any time through Internet. So, to provide the legitimacy among the users, various remote user authentication schemes have been designed. Recently, Chuang and Chang has proposed a scheme under multi-server architecture based on three security factors namely, smart card, password and biometric and claimed that, their scheme can resist several kind of attacks and can be successful to provide more security properties than that of existing schemes. In this paper, we have reviewed their schemes and proved that Chuang and Chang's scheme cannot resist server spoofing or user impersonate attack, password guessing attack and also fails to achieve forward key secrecy. To overcome their weaknesses and fulfill such important security requirements, we have proposed an improved remote user authentication scheme under multi-server environment.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123279611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Malware authors make use of some anti-reverse engineering and obfuscation techniques like packing and encoding in-order to conceal their malicious payload. These techniques succeeded in evading the traditional signature based AV scanners. Packed or encoded malware samples are difficult to be analysed directly by the AV scanners. So, such samples must be initially unpacked or decoded for efficient analysis of the malicious code. This paper illustrates a static information theoretic method for the classification of packed and encoded files. The proposed method extracts fragments of fixed size from the files and calculates the entropy scores of the fragments. These entropy scores are then used for computing the Similarity Distance Matrix for fragments in a file-pair. The proposed system classifies all the encoded and packed samples properly, thereby obtaining improved detection. The proposed system is also capable of differentiating the type of packers used for the packing or encoding process.
{"title":"Information theoretic method for classification of packed and encoded files","authors":"Jithu Raphel, P. Vinod","doi":"10.1145/2799979.2800015","DOIUrl":"https://doi.org/10.1145/2799979.2800015","url":null,"abstract":"Malware authors make use of some anti-reverse engineering and obfuscation techniques like packing and encoding in-order to conceal their malicious payload. These techniques succeeded in evading the traditional signature based AV scanners. Packed or encoded malware samples are difficult to be analysed directly by the AV scanners. So, such samples must be initially unpacked or decoded for efficient analysis of the malicious code. This paper illustrates a static information theoretic method for the classification of packed and encoded files. The proposed method extracts fragments of fixed size from the files and calculates the entropy scores of the fragments. These entropy scores are then used for computing the Similarity Distance Matrix for fragments in a file-pair. The proposed system classifies all the encoded and packed samples properly, thereby obtaining improved detection. The proposed system is also capable of differentiating the type of packers used for the packing or encoding process.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129239322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: