Pub Date : 2022-11-25DOI: 10.48550/arXiv.2212.01254
A. Schaad, Dominik Binder
The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification of vulnerabilities on basis of a binary executable without the corresponding source code is more challenging. Recent research [1] has shown, how such detection can be achieved by deep learning methods. However, that particular approach is limited to the identification of only 4 types of vulnerabilities. Subsequently, we analyze to what extent we could cover the identification of a larger variety of vulnerabilities. Therefore, a supervised deep learning approach using recurrent neural networks for the application of vulnerability detection based on binary executables is used. The underlying basis is a dataset with 50,651 samples of vulnerable code in the form of a standardized LLVM Intermediate Representation. The vectorised features of a Word2Vec model are used to train different variations of three basic architectures of recurrent neural networks (GRU, LSTM, SRNN). A binary classification was established for detecting the presence of an arbitrary vulnerability, and a multi-class model was trained for the identification of the exact vulnerability, which achieved an out-of-sample accuracy of 88% and 77%, respectively. Differences in the detection of different vulnerabilities were also observed, with non-vulnerable samples being detected with a particularly high precision of over 98%. Thus, the methodology presented allows an accurate detection of 23 (compared to 4 [1]) vulnerabilities.
{"title":"Deep-Learning-based Vulnerability Detection in Binary Executables","authors":"A. Schaad, Dominik Binder","doi":"10.48550/arXiv.2212.01254","DOIUrl":"https://doi.org/10.48550/arXiv.2212.01254","url":null,"abstract":"The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification of vulnerabilities on basis of a binary executable without the corresponding source code is more challenging. Recent research [1] has shown, how such detection can be achieved by deep learning methods. However, that particular approach is limited to the identification of only 4 types of vulnerabilities. Subsequently, we analyze to what extent we could cover the identification of a larger variety of vulnerabilities. Therefore, a supervised deep learning approach using recurrent neural networks for the application of vulnerability detection based on binary executables is used. The underlying basis is a dataset with 50,651 samples of vulnerable code in the form of a standardized LLVM Intermediate Representation. The vectorised features of a Word2Vec model are used to train different variations of three basic architectures of recurrent neural networks (GRU, LSTM, SRNN). A binary classification was established for detecting the presence of an arbitrary vulnerability, and a multi-class model was trained for the identification of the exact vulnerability, which achieved an out-of-sample accuracy of 88% and 77%, respectively. Differences in the detection of different vulnerabilities were also observed, with non-vulnerable samples being detected with a particularly high precision of over 98%. Thus, the methodology presented allows an accurate detection of 23 (compared to 4 [1]) vulnerabilities.","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131193660","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-07DOI: 10.48550/arXiv.2210.03441
Sahar Salimpour, Farhad Keramat, J. P. Queralta, Tomi Westerlund
Multiple opportunities lie at the intersection of multi-robot systems and distributed ledger technologies (DLTs). In this work, we investigate the potential of new DLT solutions such as IOTA, for detecting anomalies and byzantine agents in multi-robot systems in a decentralized manner. Traditional blockchain approaches are not applicable to real-world networked and decentralized robotic systems where connectivity conditions are not ideal. To address this, we leverage recent advances in partition-tolerant and byzantine-tolerant collaborative decision-making processes with IOTA smart contracts. We show how our work in vision-based anomaly and change detection can be applied to detecting byzantine agents within multiple robots operating in the same environment. We show that IOTA smart contracts add a low computational overhead while allowing to build trust within the multi-robot system. The proposed approach effectively enables byzantine robot detection based on the comparison of images submitted by the different robots and detection of anomalies and changes between them.
{"title":"Decentralized Vision-Based Byzantine Agent Detection in Multi-Robot Systems with IOTA Smart Contracts","authors":"Sahar Salimpour, Farhad Keramat, J. P. Queralta, Tomi Westerlund","doi":"10.48550/arXiv.2210.03441","DOIUrl":"https://doi.org/10.48550/arXiv.2210.03441","url":null,"abstract":"Multiple opportunities lie at the intersection of multi-robot systems and distributed ledger technologies (DLTs). In this work, we investigate the potential of new DLT solutions such as IOTA, for detecting anomalies and byzantine agents in multi-robot systems in a decentralized manner. Traditional blockchain approaches are not applicable to real-world networked and decentralized robotic systems where connectivity conditions are not ideal. To address this, we leverage recent advances in partition-tolerant and byzantine-tolerant collaborative decision-making processes with IOTA smart contracts. We show how our work in vision-based anomaly and change detection can be applied to detecting byzantine agents within multiple robots operating in the same environment. We show that IOTA smart contracts add a low computational overhead while allowing to build trust within the multi-robot system. The proposed approach effectively enables byzantine robot detection based on the comparison of images submitted by the different robots and detection of anomalies and changes between them.","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132817766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-20DOI: 10.1007/978-3-031-30122-3_25
Conner Bradley, David Barrera
{"title":"Towards Characterizing IoT Software Update Practices","authors":"Conner Bradley, David Barrera","doi":"10.1007/978-3-031-30122-3_25","DOIUrl":"https://doi.org/10.1007/978-3-031-30122-3_25","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115758654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-02-15DOI: 10.1007/978-3-031-30122-3_7
Julian Hohm, A. Heinemann, A. Wiesmaier
{"title":"Towards a maturity model for crypto-agility assessment","authors":"Julian Hohm, A. Heinemann, A. Wiesmaier","doi":"10.1007/978-3-031-30122-3_7","DOIUrl":"https://doi.org/10.1007/978-3-031-30122-3_7","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115377869","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-01DOI: 10.1007/978-3-031-08147-7_14
Montassar Naghmouchi, Hella Kaffel, M. Laurent-Maknavicius
{"title":"An automatized Identity and Access Management system for IoT combining Self-Sovereign Identity and smart contracts","authors":"Montassar Naghmouchi, Hella Kaffel, M. Laurent-Maknavicius","doi":"10.1007/978-3-031-08147-7_14","DOIUrl":"https://doi.org/10.1007/978-3-031-08147-7_14","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"54 12","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132069717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-25DOI: 10.1007/978-3-031-08147-7_13
João Vitorino, Rui Andrade, Isabel Praça, Orlando Sousa, Eva Maia
{"title":"A Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection","authors":"João Vitorino, Rui Andrade, Isabel Praça, Orlando Sousa, Eva Maia","doi":"10.1007/978-3-031-08147-7_13","DOIUrl":"https://doi.org/10.1007/978-3-031-08147-7_13","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"176 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120864994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-02DOI: 10.1007/978-3-031-08147-7_24
Vanessa Barnekow, Dominik Binder, Niclas Kromrey, Pascal Munaretto, A. Schaad, Felix Schmieder
{"title":"Creation and Detection of German Voice Deepfakes","authors":"Vanessa Barnekow, Dominik Binder, Niclas Kromrey, Pascal Munaretto, A. Schaad, Felix Schmieder","doi":"10.1007/978-3-031-08147-7_24","DOIUrl":"https://doi.org/10.1007/978-3-031-08147-7_24","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131532860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-05DOI: 10.1007/978-3-030-45371-8_2
Routa Moussaileb, N. Cuppens-Boulahia, Jean-Louis Lanet, Hélène Le Bouder
{"title":"Ransomware Network Traffic Analysis for Pre-encryption Alert","authors":"Routa Moussaileb, N. Cuppens-Boulahia, Jean-Louis Lanet, Hélène Le Bouder","doi":"10.1007/978-3-030-45371-8_2","DOIUrl":"https://doi.org/10.1007/978-3-030-45371-8_2","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125038866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-05DOI: 10.1007/978-3-030-45371-8_16
G. Gong, Morgan He, R. Rohit, Yunjie Yi
{"title":"U-EPS: An Ultra-small and Efficient Post-quantum Signature Scheme","authors":"G. Gong, Morgan He, R. Rohit, Yunjie Yi","doi":"10.1007/978-3-030-45371-8_16","DOIUrl":"https://doi.org/10.1007/978-3-030-45371-8_16","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115470566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-05DOI: 10.1007/978-3-030-45371-8_7
Maël Nogues, David Brosset, Hanan Hindy, X. Bellekens, Y. Kermarrec
{"title":"Labelled Network Capture Generation for Anomaly Detection","authors":"Maël Nogues, David Brosset, Hanan Hindy, X. Bellekens, Y. Kermarrec","doi":"10.1007/978-3-030-45371-8_7","DOIUrl":"https://doi.org/10.1007/978-3-030-45371-8_7","url":null,"abstract":"","PeriodicalId":337718,"journal":{"name":"Foundations and Practice of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130549714","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: