Markus Rautell, Outi-Marja Latvala, V. Vallivaara, Kimmo Halunen
Measuring the security of cryptographic systems is not a simple task. Nevertheless, there is an increasing need for a cryptographic metric which could assist in decision making when choosing between various candidates. The National Institute of Standards and Technology (NIST) has launched a process to standardize quantum-resistance public key encryption, key encapsulation and digital signature algorithms. This is NIST’s response to the threat posed by quantum computers against classical public key cryptography. In this paper, we apply a metric taxonomy, produced by earlier studies, to two NIST third round finalist digital signature algorithms Dilithium and Falcon in order to asses the effectiveness and extensiveness of the metric. Although, our results show that clear differences can be found with used metrics, we propose some improvements to them to allow more comprehensive analysis.
{"title":"Applying a cryptographic metric to post-quantum lattice-based signature algorithms","authors":"Markus Rautell, Outi-Marja Latvala, V. Vallivaara, Kimmo Halunen","doi":"10.1145/3538969.3544438","DOIUrl":"https://doi.org/10.1145/3538969.3544438","url":null,"abstract":"Measuring the security of cryptographic systems is not a simple task. Nevertheless, there is an increasing need for a cryptographic metric which could assist in decision making when choosing between various candidates. The National Institute of Standards and Technology (NIST) has launched a process to standardize quantum-resistance public key encryption, key encapsulation and digital signature algorithms. This is NIST’s response to the threat posed by quantum computers against classical public key cryptography. In this paper, we apply a metric taxonomy, produced by earlier studies, to two NIST third round finalist digital signature algorithms Dilithium and Falcon in order to asses the effectiveness and extensiveness of the metric. Although, our results show that clear differences can be found with used metrics, we propose some improvements to them to allow more comprehensive analysis.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122530567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Karol Rzepka, Przemysław Szary, Krzysztof Cabaj, W. Mazurczyk
The popularity, variety, and number of Internet of Things (IoT) devices and solutions have been increasing significantly with each passing year. This diversity of devices, and limited computational, memory, and battery resources make it difficult to apply effective security solutions. That is why dedicated mechanisms for the protection of IoT-based transmissions are developed. One of the most popular solutions is Datagram Transport Layer Security (DTLS), which allows securing datagram-based applications. In this paper, we investigate how efficient the three currently available DTLS implementations provided by the RIOT Operating System are. Based on the results obtained, interested parties can choose the DTLS module that has the best performance for the chosen IoT application.
{"title":"Performance Evaluation of DTLS Implementations on RIOT OS for Internet of Things Applications","authors":"Karol Rzepka, Przemysław Szary, Krzysztof Cabaj, W. Mazurczyk","doi":"10.1145/3538969.3544470","DOIUrl":"https://doi.org/10.1145/3538969.3544470","url":null,"abstract":"The popularity, variety, and number of Internet of Things (IoT) devices and solutions have been increasing significantly with each passing year. This diversity of devices, and limited computational, memory, and battery resources make it difficult to apply effective security solutions. That is why dedicated mechanisms for the protection of IoT-based transmissions are developed. One of the most popular solutions is Datagram Transport Layer Security (DTLS), which allows securing datagram-based applications. In this paper, we investigate how efficient the three currently available DTLS implementations provided by the RIOT Operating System are. Based on the results obtained, interested parties can choose the DTLS module that has the best performance for the chosen IoT application.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122645576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Hajny, Marek Sikora, A. Grammatopoulos, Fabio Di Franco
We present the updated version of the Curricula Designer, a tool that is devoted to helping study program administrators and education providers to create cybersecurity curricula that are modern and reflect the needs of the job market. Our main contribution is the inclusion of the European Cybersecurity Skills Framework (ECSF) developed by ENISA to the Curricula Designer. The ECSF makes it possible to directly link knowledge and skills with professional profiles, which in turn reflect actual work roles on the job market. By adding ECSF to the Curricula Designer, we get a simple yet powerful tool that helps to identify the right content of cybersecurity curricula using rigorous, deterministic methods, applicable at any higher education provider. At the time of the paper submission, the Curricula Designer is the first practical application that is based on ECSF. However, due to its focus on practicality, usability and simplicity, we expect ECSF to become the dominant framework for cybersecurity knowledge and skills identification in Europe.
{"title":"Adding European Cybersecurity Skills Framework into Curricula Designer","authors":"J. Hajny, Marek Sikora, A. Grammatopoulos, Fabio Di Franco","doi":"10.1145/3538969.3543799","DOIUrl":"https://doi.org/10.1145/3538969.3543799","url":null,"abstract":"We present the updated version of the Curricula Designer, a tool that is devoted to helping study program administrators and education providers to create cybersecurity curricula that are modern and reflect the needs of the job market. Our main contribution is the inclusion of the European Cybersecurity Skills Framework (ECSF) developed by ENISA to the Curricula Designer. The ECSF makes it possible to directly link knowledge and skills with professional profiles, which in turn reflect actual work roles on the job market. By adding ECSF to the Curricula Designer, we get a simple yet powerful tool that helps to identify the right content of cybersecurity curricula using rigorous, deterministic methods, applicable at any higher education provider. At the time of the paper submission, the Curricula Designer is the first practical application that is based on ECSF. However, due to its focus on practicality, usability and simplicity, we expect ECSF to become the dominant framework for cybersecurity knowledge and skills identification in Europe.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124974603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Over the last decade, DevSecOps principles have gained widespread acceptance, replacing many traditional approaches to software development. DevSecOps has helped developers shorten the overall software development life cycle, and as a result, decreased the time to market. Following the broad success of DevSecOps, the next logical progression is to apply DevSecOps principles to other fields to achieve similar results, such as embedded systems. While embedded systems practices may stand to benefit greatly from the inclusion of DevSecOps principles, the field offers many new and unique challenges that have not been faced with traditional software systems. Existing DevSecOps frameworks cannot simply be applied to embedded systems. It is necessary to adapt current DevSecOps frameworks specifically to embedded systems. This piece will first lay out current DevSecOps principles and their application to software systems. Then, an empirical examination of existing work on DevSecOps in embedded systems will be presented. The required components of a DevSecOps framework that have been excluded from previous research will be highlighted, and from this, future areas of research in DevSecOps for embedded systems will be presented. The goal of this work is to summarize and analyze the current state of knowledge on DevSecOps in embedded systems and outline a path for future research. • Computer systems organization → Embedded systems; Redundancy; Robotics; • Networks → Network reliability.
{"title":"DevSecOps In Embedded Systems: An Empirical Study Of Past Literature","authors":"Hasan Yasar, Sam E Teplov","doi":"10.1145/3538969.3544451","DOIUrl":"https://doi.org/10.1145/3538969.3544451","url":null,"abstract":"Over the last decade, DevSecOps principles have gained widespread acceptance, replacing many traditional approaches to software development. DevSecOps has helped developers shorten the overall software development life cycle, and as a result, decreased the time to market. Following the broad success of DevSecOps, the next logical progression is to apply DevSecOps principles to other fields to achieve similar results, such as embedded systems. While embedded systems practices may stand to benefit greatly from the inclusion of DevSecOps principles, the field offers many new and unique challenges that have not been faced with traditional software systems. Existing DevSecOps frameworks cannot simply be applied to embedded systems. It is necessary to adapt current DevSecOps frameworks specifically to embedded systems. This piece will first lay out current DevSecOps principles and their application to software systems. Then, an empirical examination of existing work on DevSecOps in embedded systems will be presented. The required components of a DevSecOps framework that have been excluded from previous research will be highlighted, and from this, future areas of research in DevSecOps for embedded systems will be presented. The goal of this work is to summarize and analyze the current state of knowledge on DevSecOps in embedded systems and outline a path for future research. • Computer systems organization → Embedded systems; Redundancy; Robotics; • Networks → Network reliability.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120914175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Y. Yanakiev, Marta Irene García Cid, J. M. Vidal, N. Stoianov, Marco Antonio Sotelo Monge
A methodology for tracking and analysing the needs for standardization and certification harmonization thorough the project life cycle will be defined and enforced, which will allow the early identification of issues related to the conceptualization, design, implementation, integration and deployment of tools for support the EU disaster resiliency; which will be facilitated by a complete consultation strategy to the different stakeholders that are expected to act at each capability development phase, ranging from providers to end users. On these grounds H2020-VALKYRIES will develop, integrate and demonstrate capabilities for enabling immediate and coordinated emergency response including search and rescue, security and health, in scenarios of natural/provoked catastrophes with multiple victims, with special application in cases in which several regions or countries are affected and hence greater interoperability being required. H2020-VALKYRIES will propose both design and development of a modular, interoperable, scalable and secure-oriented reference integration, called SIGRUN, which will allow the integration between legacy solutions and new technologies in a framework of harmonized solutions. SIGRUN will be able to deploy services and dynamically adapt its behaviour, as the emergency requires it. A series of demonstration scenarios will be developed placing an emphasis on cross-border and cross-sectorial BLOS (Beyond Line of Sight) scenarios, where the usual communications infrastructure could have been damaged, and emergency response teams are deployed without an accurate view of the operation environment.
{"title":"VALKYRIES: Harmonization and Pre-Standardization of Technology, Training and Tactical Coordinated Operations for First Responders on EU MCI","authors":"Y. Yanakiev, Marta Irene García Cid, J. M. Vidal, N. Stoianov, Marco Antonio Sotelo Monge","doi":"10.1145/3538969.3544482","DOIUrl":"https://doi.org/10.1145/3538969.3544482","url":null,"abstract":"A methodology for tracking and analysing the needs for standardization and certification harmonization thorough the project life cycle will be defined and enforced, which will allow the early identification of issues related to the conceptualization, design, implementation, integration and deployment of tools for support the EU disaster resiliency; which will be facilitated by a complete consultation strategy to the different stakeholders that are expected to act at each capability development phase, ranging from providers to end users. On these grounds H2020-VALKYRIES will develop, integrate and demonstrate capabilities for enabling immediate and coordinated emergency response including search and rescue, security and health, in scenarios of natural/provoked catastrophes with multiple victims, with special application in cases in which several regions or countries are affected and hence greater interoperability being required. H2020-VALKYRIES will propose both design and development of a modular, interoperable, scalable and secure-oriented reference integration, called SIGRUN, which will allow the integration between legacy solutions and new technologies in a framework of harmonized solutions. SIGRUN will be able to deploy services and dynamically adapt its behaviour, as the emergency requires it. A series of demonstration scenarios will be developed placing an emphasis on cross-border and cross-sectorial BLOS (Beyond Line of Sight) scenarios, where the usual communications infrastructure could have been damaged, and emergency response teams are deployed without an accurate view of the operation environment.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128216129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kevin De Boeck, Jenno Verdonck, M. Willocx, Jorn Lapon, Vincent Naessens
Many tourists heavily rely on online review platforms for decisions with respect to food, visits and hotel bookings today. Review communities rigorously log all experiences on popular online platforms such as Google Maps, Tripadvisor and Yelp. However, many contributors are unaware that, along with experiences, a lot of sensitive information is often indirectly exposed to platform visitors. Examples are reviewer’s locations in the privacy sphere, age, medical information and financial status. Malicious entities could potentially employ this information in various ways, for example during extortion or targeted phishing attempts. This work outlines the potential risks for contributors on review platforms. The Google Maps review platform is applied as a prototypical example, with a special focus on predicting the reviewer’s home location. The accuracy of our predictions is assessed by relying on ground truth datasets. This paper further presents and evaluates strategies to tackle common problems.
{"title":"Reviewing review platforms: a privacy perspective","authors":"Kevin De Boeck, Jenno Verdonck, M. Willocx, Jorn Lapon, Vincent Naessens","doi":"10.1145/3538969.3538974","DOIUrl":"https://doi.org/10.1145/3538969.3538974","url":null,"abstract":"Many tourists heavily rely on online review platforms for decisions with respect to food, visits and hotel bookings today. Review communities rigorously log all experiences on popular online platforms such as Google Maps, Tripadvisor and Yelp. However, many contributors are unaware that, along with experiences, a lot of sensitive information is often indirectly exposed to platform visitors. Examples are reviewer’s locations in the privacy sphere, age, medical information and financial status. Malicious entities could potentially employ this information in various ways, for example during extortion or targeted phishing attempts. This work outlines the potential risks for contributors on review platforms. The Google Maps review platform is applied as a prototypical example, with a special focus on predicting the reviewer’s home location. The accuracy of our predictions is assessed by relying on ground truth datasets. This paper further presents and evaluates strategies to tackle common problems.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132941641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security can be considered one of the essential aspects of any software system today. The current landscape is constantly evolving and new computing models are appearing at the same time as different attacks emerge. All this means that there is an increasing need for new security solutions. Among the different aspects that are opening up, this work focuses on the protection of sensitive data. In particular, an environment based on mobile agents is considered, which contains sensitive information that needs to be protected. To simulate an Internet of Things (IoT) environment, the agencies on which the agents run are deployed on Raspberry Pi devices.
{"title":"Secure Mobile Agents on Embedded Boards: a TPM based solution","authors":"A. Muñoz","doi":"10.1145/3538969.3544419","DOIUrl":"https://doi.org/10.1145/3538969.3544419","url":null,"abstract":"Security can be considered one of the essential aspects of any software system today. The current landscape is constantly evolving and new computing models are appearing at the same time as different attacks emerge. All this means that there is an increasing need for new security solutions. Among the different aspects that are opening up, this work focuses on the protection of sensitive data. In particular, an environment based on mobile agents is considered, which contains sensitive information that needs to be protected. To simulate an Internet of Things (IoT) environment, the agencies on which the agents run are deployed on Raspberry Pi devices.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114093274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Simone Scalco, Ranindya Paramitha, Duc-Ly Vu, F. Massacci
Open-source packages typically have their source code available on a source code repository (e.g., on GitHub), but developers prefer to use pre-built artifacts directly from the package repositories (such as npm for JavaScript). Between the source code and the distributed artifacts, there could be differences that pose security risks (e.g., attackers deploy malicious code during package installation) in the software supply chain. Existing package scanners focus on the entire artifact of a package to detect this kind of attacks. These procedures are not only time consuming, but also generate high irrelevant alerts (FPs). An approach called LastPyMile by Vu et al. (ESEC/FSE’21) has been shown to be effective in detecting discrepancies and reducing false alerts in vetting Python packages on PyPI by focusing only on the differences between the source and the package. In this work, we propose to port that approach to scan JavaScript packages in the npm ecosystem. We presented a preliminary evaluation of our implementation on a set of real malicious npm packages and the top popular packages. The results show that while being 20.7x faster than git-log approach, our approach managed to reduce the percentage of false alerts produced by package scanner by 69%.
{"title":"On the feasibility of detecting injections in malicious npm packages","authors":"Simone Scalco, Ranindya Paramitha, Duc-Ly Vu, F. Massacci","doi":"10.1145/3538969.3543815","DOIUrl":"https://doi.org/10.1145/3538969.3543815","url":null,"abstract":"Open-source packages typically have their source code available on a source code repository (e.g., on GitHub), but developers prefer to use pre-built artifacts directly from the package repositories (such as npm for JavaScript). Between the source code and the distributed artifacts, there could be differences that pose security risks (e.g., attackers deploy malicious code during package installation) in the software supply chain. Existing package scanners focus on the entire artifact of a package to detect this kind of attacks. These procedures are not only time consuming, but also generate high irrelevant alerts (FPs). An approach called LastPyMile by Vu et al. (ESEC/FSE’21) has been shown to be effective in detecting discrepancies and reducing false alerts in vetting Python packages on PyPI by focusing only on the differences between the source and the package. In this work, we propose to port that approach to scan JavaScript packages in the npm ecosystem. We presented a preliminary evaluation of our implementation on a set of real malicious npm packages and the top popular packages. The results show that while being 20.7x faster than git-log approach, our approach managed to reduce the percentage of false alerts produced by package scanner by 69%.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114622827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Macák, Radek Vaclavek, Dasa Kusnirakova, Raimundas Matulevičius, Barbora Buhnova
Manufacturing production heavily depends on the processes that need to be followed during manufacturing. As there might be many reasons behind possible deviations from these processes, the deviations can also cover ongoing insider attacks, e.g., intended to perform sabotage or espionage on these infrastructures. Insider attacks can cause tremendous damage to a manufacturing company because an insider knows how to act inconspicuously, making insider attacks very hard to detect. In this paper, we examine the potential of process-mining methods for insider-attack detection in the context of manufacturing, which is a new and promising application context for process-aware methods. To this end, we present five manufacturing-related scenarios of insider threats identified in cooperation with a manufacturing company, where the process mining could be most helpful in the detection of their respective attack events. We describe these scenarios and demonstrate the utilization of process mining in this context, creating ground for further future research.
{"title":"Scenarios for Process-Aware Insider Attack Detection in Manufacturing","authors":"M. Macák, Radek Vaclavek, Dasa Kusnirakova, Raimundas Matulevičius, Barbora Buhnova","doi":"10.1145/3538969.3544449","DOIUrl":"https://doi.org/10.1145/3538969.3544449","url":null,"abstract":"Manufacturing production heavily depends on the processes that need to be followed during manufacturing. As there might be many reasons behind possible deviations from these processes, the deviations can also cover ongoing insider attacks, e.g., intended to perform sabotage or espionage on these infrastructures. Insider attacks can cause tremendous damage to a manufacturing company because an insider knows how to act inconspicuously, making insider attacks very hard to detect. In this paper, we examine the potential of process-mining methods for insider-attack detection in the context of manufacturing, which is a new and promising application context for process-aware methods. To this end, we present five manufacturing-related scenarios of insider threats identified in cooperation with a manufacturing company, where the process mining could be most helpful in the detection of their respective attack events. We describe these scenarios and demonstrate the utilization of process mining in this context, creating ground for further future research.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132268850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The need for anonymity and privacy has given a rise to open web proxies that act as gateways relaying traffic between web servers and their clients, allowing users to access otherwise not accessible content. As the open web proxy ecosystem continues to grow, research studies point out the extent of content alteration on the Internet. While the previous studies focused on detection and analysis of content manipulation by proxies, we focus on the feasibility of predicting these manipulations. In this work, we present a new approach for predicting the types of content alterations that might be silently introduced by open proxies. Our approach is designed to proactively indicate changes without a need to fetch the data through a proxy first. We explore the feasibility of the approach on a website content of 1028 domains fetched through 1293 proxies. We leverage our approach to proactively and accurately identify various content manipulations with 87% - 92% accuracy. Our study reveals an important observation that the majority of proxies manipulate website content based on technical information of the website and its web server.
{"title":"Analysis and prediction of web proxies misbehavior","authors":"Zahra Nezhadian, Enrico Branca, Natalia Stakhanova","doi":"10.1145/3538969.3544412","DOIUrl":"https://doi.org/10.1145/3538969.3544412","url":null,"abstract":"The need for anonymity and privacy has given a rise to open web proxies that act as gateways relaying traffic between web servers and their clients, allowing users to access otherwise not accessible content. As the open web proxy ecosystem continues to grow, research studies point out the extent of content alteration on the Internet. While the previous studies focused on detection and analysis of content manipulation by proxies, we focus on the feasibility of predicting these manipulations. In this work, we present a new approach for predicting the types of content alterations that might be silently introduced by open proxies. Our approach is designed to proactively indicate changes without a need to fetch the data through a proxy first. We explore the feasibility of the approach on a website content of 1028 domains fetched through 1293 proxies. We leverage our approach to proactively and accurately identify various content manipulations with 87% - 92% accuracy. Our study reveals an important observation that the majority of proxies manipulate website content based on technical information of the website and its web server.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134369074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}