H. Tian, Yanpeng Wu, Yongfeng Huang, Jin Liu, Yonghong Chen, Tian Wang, Yiqiao Cai
Steganography in low bit-rare speech streams is an important branch of Voice-over-IP steganography. From the point of preventing cybercrimes, it is significant to design effective steganalysis methods. In this paper, we present a support-vector-machine based steganalysis of low bit-rate speech exploiting statistic characteristics of pulse positions. Specifically, we utilize the probability distribution of pulse positions as a long-time distribution feature, extract Markov transition probabilities of pulse positions according to the short-time invariance characteristic of speech signals, and employ joint probability matrices to characterize the pulse-to-pulse correlation. We evaluate the performance of the proposed method with a large number of G.729a encoded samples, and compare it with the state-of-the-art methods. The experimental results demonstrate that our method significantly outperforms the previous ones on detection accuracy at any given embedding rates or with any sample lengths. Particularly, this method can successfully detect steganography employing only one or a few of the potential cover bits, which is hard to be effectively detected by the existing methods.
{"title":"Steganalysis of Low Bit-Rate Speech Based on Statistic Characteristics of Pulse Positions","authors":"H. Tian, Yanpeng Wu, Yongfeng Huang, Jin Liu, Yonghong Chen, Tian Wang, Yiqiao Cai","doi":"10.1109/ARES.2015.21","DOIUrl":"https://doi.org/10.1109/ARES.2015.21","url":null,"abstract":"Steganography in low bit-rare speech streams is an important branch of Voice-over-IP steganography. From the point of preventing cybercrimes, it is significant to design effective steganalysis methods. In this paper, we present a support-vector-machine based steganalysis of low bit-rate speech exploiting statistic characteristics of pulse positions. Specifically, we utilize the probability distribution of pulse positions as a long-time distribution feature, extract Markov transition probabilities of pulse positions according to the short-time invariance characteristic of speech signals, and employ joint probability matrices to characterize the pulse-to-pulse correlation. We evaluate the performance of the proposed method with a large number of G.729a encoded samples, and compare it with the state-of-the-art methods. The experimental results demonstrate that our method significantly outperforms the previous ones on detection accuracy at any given embedding rates or with any sample lengths. Particularly, this method can successfully detect steganography employing only one or a few of the potential cover bits, which is hard to be effectively detected by the existing methods.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116954557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The electronic payment transaction involves the use of a smart card. A card application is a software, corresponding to standards and non-proprietary and proprietary specifications, and is stored in the smart card. Despite increased security with Euro pay Mastercard Visa (EMV) specifications, attacks still exist due to anomalies in the card application. The validation of the card application enables the detection of any anomaly, improving the overall security of electronic payment transactions. Among the different ways of validating a card application, we can use the verification of required behaviors. These behavior can be materialized as properties of commands sent by the terminal and responses from the smart card, using the Application Protocol Data Unit (APDU) from the ISO/IEC 7816 standard [1]. However, the creation of these behaviors is complicated. We propose in this article a way to automatically create such behaviors by using a genetic algorithm technique.
{"title":"Generation of Local and Expected Behaviors of a Smart Card Application to Detect Software Anomaly","authors":"G. Jolly, B. Hemery, C. Rosenberger","doi":"10.1109/ARES.2015.76","DOIUrl":"https://doi.org/10.1109/ARES.2015.76","url":null,"abstract":"The electronic payment transaction involves the use of a smart card. A card application is a software, corresponding to standards and non-proprietary and proprietary specifications, and is stored in the smart card. Despite increased security with Euro pay Mastercard Visa (EMV) specifications, attacks still exist due to anomalies in the card application. The validation of the card application enables the detection of any anomaly, improving the overall security of electronic payment transactions. Among the different ways of validating a card application, we can use the verification of required behaviors. These behavior can be materialized as properties of commands sent by the terminal and responses from the smart card, using the Application Protocol Data Unit (APDU) from the ISO/IEC 7816 standard [1]. However, the creation of these behaviors is complicated. We propose in this article a way to automatically create such behaviors by using a genetic algorithm technique.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"154 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132482763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The emerging technologies of Smart Camera Sensor Networks (SCSN) are being driven by the social need for security assurance and analytical information. SCSN are deployed for protection and for surveillance tracking of potential criminals. A smart camera sensor does not just capture visual and audio information but covers the whole electromagnetic spectrum. It constitutes of intelligent onboard processor, autonomous communication interfaces, memory and has the ability to execute algorithms. The rapid deployment of smart camera sensors with ubiquitous imaging access causes security and privacy issues for the captured data and its metadata, as well as the need for trust and cooperation between the smart camera sensors. The intelligence growth in this technology requires adequate information security with capable privacy and trust protocols to prevent malicious content attacks. This paper presents, first, a clear definition of SCSN. It addresses current methodologies with perspectives in privacy and trust protection, and proposes a multi-layer security approach. The proposed approach highlights the need for a public key infrastructure layer in association with a Reputation-Based Cooperation mechanism.
{"title":"Privacy and Trust in Smart Camera Sensor Networks","authors":"M. Loughlin, A. Adnane","doi":"10.1109/ARES.2015.31","DOIUrl":"https://doi.org/10.1109/ARES.2015.31","url":null,"abstract":"The emerging technologies of Smart Camera Sensor Networks (SCSN) are being driven by the social need for security assurance and analytical information. SCSN are deployed for protection and for surveillance tracking of potential criminals. A smart camera sensor does not just capture visual and audio information but covers the whole electromagnetic spectrum. It constitutes of intelligent onboard processor, autonomous communication interfaces, memory and has the ability to execute algorithms. The rapid deployment of smart camera sensors with ubiquitous imaging access causes security and privacy issues for the captured data and its metadata, as well as the need for trust and cooperation between the smart camera sensors. The intelligence growth in this technology requires adequate information security with capable privacy and trust protocols to prevent malicious content attacks. This paper presents, first, a clear definition of SCSN. It addresses current methodologies with perspectives in privacy and trust protection, and proposes a multi-layer security approach. The proposed approach highlights the need for a public key infrastructure layer in association with a Reputation-Based Cooperation mechanism.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128341625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cold boot attacks provide a means to obtain a dump of a computer's volatile memory even if the machine is locked. Such a dump can be used to reconstruct hard disk encryption keys and get access to the content of Bit locker or True crypt encrypted drives. This is even possible, if the obtained dump contains errors. Cold boot attacks have been demonstrated successfully on DDR1 and DDR2 SDRAM. They have also been tried on DDR3 SDRAM using various types of equipment but all attempts have failed so far. In this paper we describe a different hardware setup which turns out to work for DDR3 SDRAM as well. Using this setup it will be possible for digital forensic investigators to recover keys from newer machines that use DDR3 SDRAM.
{"title":"Cold Boot Attacks on DDR2 and DDR3 SDRAM","authors":"Simon Lindenlauf, Hans Höfken, Marko Schuba","doi":"10.1109/ARES.2015.28","DOIUrl":"https://doi.org/10.1109/ARES.2015.28","url":null,"abstract":"Cold boot attacks provide a means to obtain a dump of a computer's volatile memory even if the machine is locked. Such a dump can be used to reconstruct hard disk encryption keys and get access to the content of Bit locker or True crypt encrypted drives. This is even possible, if the obtained dump contains errors. Cold boot attacks have been demonstrated successfully on DDR1 and DDR2 SDRAM. They have also been tried on DDR3 SDRAM using various types of equipment but all attempts have failed so far. In this paper we describe a different hardware setup which turns out to work for DDR3 SDRAM as well. Using this setup it will be possible for digital forensic investigators to recover keys from newer machines that use DDR3 SDRAM.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"152 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134318091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A set of challenges of developing secure software using the agile development approach and methods are reported in the literature. This paper reports about a systematic literature review to identify these challenges and evaluates the causes of each of these challenges, with respect to the agile values, the agile principles, and the security assurance practices. We identified in this study 20 challenges, which are reported in 10 publications. We found that 14 of these challenges are valid and 6 are neither caused by the agile values and principles, nor by the security assurance practices. We also found that 2 of the the valid challenges are related to the software development life-cycle, 4are related to incremental development, 4 are related to security assurance, 2 are related to awareness and collaboration, and 2 are related to security management. These results justify the need for research to make developing secure software smooth.
{"title":"Literature Review of the Challenges of Developing Secure Software Using the Agile Approach","authors":"H. Oueslati, M. M. Rahman, L. B. Othmane","doi":"10.1109/ARES.2015.69","DOIUrl":"https://doi.org/10.1109/ARES.2015.69","url":null,"abstract":"A set of challenges of developing secure software using the agile development approach and methods are reported in the literature. This paper reports about a systematic literature review to identify these challenges and evaluates the causes of each of these challenges, with respect to the agile values, the agile principles, and the security assurance practices. We identified in this study 20 challenges, which are reported in 10 publications. We found that 14 of these challenges are valid and 6 are neither caused by the agile values and principles, nor by the security assurance practices. We also found that 2 of the the valid challenges are related to the software development life-cycle, 4are related to incremental development, 4 are related to security assurance, 2 are related to awareness and collaboration, and 2 are related to security management. These results justify the need for research to make developing secure software smooth.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126162995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security engineering and agile development are often perceived as a clash of cultures. To address this clash, several approaches have been proposed that allow for agile security engineering. Unfortunately, agile development organization differ in their actual procedures and environmental properties resulting in varying requirements. We propose an approach to compare and select methods for agile security engineering. Furthermore, our approach addresses adaptation or construction of a tailored method taking the existing development culture into account. We demonstrate the feasibility of our proposal and report early experiences from its application within a small development organization for digital solutions in the automotive domain.
{"title":"Method Selection and Tailoring for Agile Threat Assessment and Mitigation","authors":"Stephan Renatus, C. Teichmann, Jörn Eichler","doi":"10.1109/ARES.2015.96","DOIUrl":"https://doi.org/10.1109/ARES.2015.96","url":null,"abstract":"Security engineering and agile development are often perceived as a clash of cultures. To address this clash, several approaches have been proposed that allow for agile security engineering. Unfortunately, agile development organization differ in their actual procedures and environmental properties resulting in varying requirements. We propose an approach to compare and select methods for agile security engineering. Furthermore, our approach addresses adaptation or construction of a tailored method taking the existing development culture into account. We demonstrate the feasibility of our proposal and report early experiences from its application within a small development organization for digital solutions in the automotive domain.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123677842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose in this work an error detection process for wireless networks, applied to a previously published transmitter/Receiver system model. This model is based on a bit interleaved coded modulation (BICM) scheme over a frequency selective channel. The detection process is able to discern the attacked block: encoder, modulator or channel. We prove using simulations that the deployed intrusion detection system (IDS) is competitive by comparing it to existing intrusion detection systems.
{"title":"Error/Intrusion Target Identification on the Physical Layer over a BICM Scheme","authors":"Sihem Châabouni, A. Meddeb-Makhlouf","doi":"10.1109/ARES.2015.46","DOIUrl":"https://doi.org/10.1109/ARES.2015.46","url":null,"abstract":"We propose in this work an error detection process for wireless networks, applied to a previously published transmitter/Receiver system model. This model is based on a bit interleaved coded modulation (BICM) scheme over a frequency selective channel. The detection process is able to discern the attacked block: encoder, modulator or channel. We prove using simulations that the deployed intrusion detection system (IDS) is competitive by comparing it to existing intrusion detection systems.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131798482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Marc Antoine Gosselin-Lavigne, Hugo Gonzalez, Natalia Stakhanova, A. Ghorbani
IP reputation lookup is one of the traditional methods for recognition of blacklisted IPs, i.e., IP addresses known to be sources of spam and malware-related threats. Its use however has been rapidly increasing beyond its traditional domain reaching various IP filtering tasks. One of the solutions able to provide a necessary scalability is a Bloom filter. Efficient in memory consumption, Bloom filters provide a fast membership check, allowing to confirm a presence of set elements in a data structure with a constant false positive probability. With the increased usage of IP reputation check and an increasing adoption of IPv6 protocol, Bloom filters quickly gained popularity. In spite of their wide application, the question of what hash functions to use in practice remains open. In this work, we investigate a 10 cryptographic and non-cryptographic functions for on their suitability for Bloom filter analysis for IP reputation lookup. Experiments are performed with controlled, randomly generated IP addresses as well as a real dataset containing blacklisted IP addresses. Based on our results we recommend two hash functions for their performance and acceptably low false positive rate.
{"title":"A Performance Evaluation of Hash Functions for IP Reputation Lookup Using Bloom Filters","authors":"Marc Antoine Gosselin-Lavigne, Hugo Gonzalez, Natalia Stakhanova, A. Ghorbani","doi":"10.1109/ARES.2015.101","DOIUrl":"https://doi.org/10.1109/ARES.2015.101","url":null,"abstract":"IP reputation lookup is one of the traditional methods for recognition of blacklisted IPs, i.e., IP addresses known to be sources of spam and malware-related threats. Its use however has been rapidly increasing beyond its traditional domain reaching various IP filtering tasks. One of the solutions able to provide a necessary scalability is a Bloom filter. Efficient in memory consumption, Bloom filters provide a fast membership check, allowing to confirm a presence of set elements in a data structure with a constant false positive probability. With the increased usage of IP reputation check and an increasing adoption of IPv6 protocol, Bloom filters quickly gained popularity. In spite of their wide application, the question of what hash functions to use in practice remains open. In this work, we investigate a 10 cryptographic and non-cryptographic functions for on their suitability for Bloom filter analysis for IP reputation lookup. Experiments are performed with controlled, randomly generated IP addresses as well as a real dataset containing blacklisted IP addresses. Based on our results we recommend two hash functions for their performance and acceptably low false positive rate.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115093763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Richard M. Zahoransky, C. Brenig, Thomas G. Koslowski
The turbulent organizational environment and the intensive use of interconnected, complex IT-systems incur operational risks with increasingly severe and uncertain disruptive effects. The increasing reliance on Information Systems (IS)such as Business Process Management (BPM) systems brought up an urgent need to ensure continuous business operations despite unexpected challenging conditions. In contrast to well-established risk-aware BPM which mainly addresses risk mitigation at design-time and only for known risks, we propose resilient BPM as a complementary approach focusing either at run-time or off-time. Such approaches seek the adjustment and maintenance of operations under disruption. We report on our ongoing work towards the development of a decision support framework to realize resilience in the BPM context. For this approach, measuring resilience on a process level is crucial, since it provides information that allow for better decision-making, learning, and improvement. Nevertheless, there are no suitable holistic measurement systems for resilient BPM available by now. Specifically, this paper motivates the need for operational resilience measurement at the level of processes. It presents the components and operation of our measurement framework, which helps to detect resilience properties of processes based on measures by analyzing process-logs. This information is then exploited to drive a resilience-oriented decision support to increase process resilience.
{"title":"Towards a Process-Centered Resilience Framework","authors":"Richard M. Zahoransky, C. Brenig, Thomas G. Koslowski","doi":"10.1109/ARES.2015.68","DOIUrl":"https://doi.org/10.1109/ARES.2015.68","url":null,"abstract":"The turbulent organizational environment and the intensive use of interconnected, complex IT-systems incur operational risks with increasingly severe and uncertain disruptive effects. The increasing reliance on Information Systems (IS)such as Business Process Management (BPM) systems brought up an urgent need to ensure continuous business operations despite unexpected challenging conditions. In contrast to well-established risk-aware BPM which mainly addresses risk mitigation at design-time and only for known risks, we propose resilient BPM as a complementary approach focusing either at run-time or off-time. Such approaches seek the adjustment and maintenance of operations under disruption. We report on our ongoing work towards the development of a decision support framework to realize resilience in the BPM context. For this approach, measuring resilience on a process level is crucial, since it provides information that allow for better decision-making, learning, and improvement. Nevertheless, there are no suitable holistic measurement systems for resilient BPM available by now. Specifically, this paper motivates the need for operational resilience measurement at the level of processes. It presents the components and operation of our measurement framework, which helps to detect resilience properties of processes based on measures by analyzing process-logs. This information is then exploited to drive a resilience-oriented decision support to increase process resilience.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129784652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
G. Canfora, F. Mercaldo, G. Moriano, C. A. Visaggio
We present a novel model of malware for Android, named composition-malware, which consists of composing fragments of code hosted on different and scattered locations at run time. An key feature of the model is that the malicious behavior could dynamically change and the payload could be activated under logic or temporal conditions. These characteristics allow a malware written according to this model to evade current malware detection technologies for Android platform, as the evaluation has demonstrated. The aim of the paper is to propose new approaches to malware detection that should be adopted in anti-malware tools for blocking a composition-malware.
{"title":"Composition-Malware: Building Android Malware at Run Time","authors":"G. Canfora, F. Mercaldo, G. Moriano, C. A. Visaggio","doi":"10.1109/ARES.2015.64","DOIUrl":"https://doi.org/10.1109/ARES.2015.64","url":null,"abstract":"We present a novel model of malware for Android, named composition-malware, which consists of composing fragments of code hosted on different and scattered locations at run time. An key feature of the model is that the malicious behavior could dynamically change and the payload could be activated under logic or temporal conditions. These characteristics allow a malware written according to this model to evade current malware detection technologies for Android platform, as the evaluation has demonstrated. The aim of the paper is to propose new approaches to malware detection that should be adopted in anti-malware tools for blocking a composition-malware.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133568356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: