Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888905
Mingchu Li, Linlin Yang, Kun Lu, S. B. H. Shah, Xiao Zheng
Direct communication with D2D (device-to-device) between resource devices can reduce the communication burden, and D2D resource devices closer to users have high computing power. Therefore, offloading tasks to D2D devices can calculate tasks faster and reduce delays to improve the user experience. Firstly, since D2D devices are usually held by users and there are certain social attributes between users, we consider the impact of social attributes on task offloading and resource allocation in the real offloading system and allocate the responsive computing resources according to the social attributes. Secondly, when D2D devices are vulnerable to attack, damage, and other uncertain factors, it will affect the strategy of task offloading. We introduce the offloading mechanism under the invalid scenario of random invalid probability to convert the uncertain offloading scenario into the offloading situation of multiple deterministic scenarios, so as to enhance the robustness of the whole offloading system. Finally, considering the conditions of social awareness, resource allocation, invalid scenario, and energy constraints, we express it as a nonlinear integer programming problem with a minimum expected time. We use the MLS(maximum-likelihood sampling) algorithm to estimate the sample space of the invalid scenarios and the meta heuristic Discrete Whale Optimization Algorithm (DWOA) to solve the optimization problem to obtain the offloading scheme and resource allocation strategy.
{"title":"Device-to-Device Task Offloading in a Stochastic Invalid-Device Scenario with Social Awareness","authors":"Mingchu Li, Linlin Yang, Kun Lu, S. B. H. Shah, Xiao Zheng","doi":"10.1109/DSC54232.2022.9888905","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888905","url":null,"abstract":"Direct communication with D2D (device-to-device) between resource devices can reduce the communication burden, and D2D resource devices closer to users have high computing power. Therefore, offloading tasks to D2D devices can calculate tasks faster and reduce delays to improve the user experience. Firstly, since D2D devices are usually held by users and there are certain social attributes between users, we consider the impact of social attributes on task offloading and resource allocation in the real offloading system and allocate the responsive computing resources according to the social attributes. Secondly, when D2D devices are vulnerable to attack, damage, and other uncertain factors, it will affect the strategy of task offloading. We introduce the offloading mechanism under the invalid scenario of random invalid probability to convert the uncertain offloading scenario into the offloading situation of multiple deterministic scenarios, so as to enhance the robustness of the whole offloading system. Finally, considering the conditions of social awareness, resource allocation, invalid scenario, and energy constraints, we express it as a nonlinear integer programming problem with a minimum expected time. We use the MLS(maximum-likelihood sampling) algorithm to estimate the sample space of the invalid scenarios and the meta heuristic Discrete Whale Optimization Algorithm (DWOA) to solve the optimization problem to obtain the offloading scheme and resource allocation strategy.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129021205","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, the Botnet attacks towards the Internet of Things have been considered to be the attacks with the most extensive impact on internet infrastructure. Many well-known enterprises or organizations have become victims. The Internet of Things Botnet uses a large number of connected devices to attack a target. For example, infected devices can be used to perform DDoS attacks on certain (critical) network servers. Before the infected hosts receive any commands, they must obtain the IP address of the control and command server. Hence, there are lots of behaviors and information of IoT Botnet hiding in the DNS traffic. Considering that situation, we utilize features captured from the DNS queries to analyze whether IoT Botnet has infected a device or not. We found that the DNS queries of an infected device will be issued in a specific periodical time frequency. Based on the features, a novel IoT Bonet detection scheme is presented in the manuscript. As compared to other works, the proposed scheme significantly reduces the computation cost by applying Shannon's entropy and the variances among the DNS queries.
{"title":"IoT Botnet Detection Based on the Behaviors of DNS Queries","authors":"Chun-I Fan, Cheng-Han Shie, Che-Ming Hsu, Tao Ban, Tomohiro Morikawa, Takeshi Takahashi","doi":"10.1109/DSC54232.2022.9888913","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888913","url":null,"abstract":"In recent years, the Botnet attacks towards the Internet of Things have been considered to be the attacks with the most extensive impact on internet infrastructure. Many well-known enterprises or organizations have become victims. The Internet of Things Botnet uses a large number of connected devices to attack a target. For example, infected devices can be used to perform DDoS attacks on certain (critical) network servers. Before the infected hosts receive any commands, they must obtain the IP address of the control and command server. Hence, there are lots of behaviors and information of IoT Botnet hiding in the DNS traffic. Considering that situation, we utilize features captured from the DNS queries to analyze whether IoT Botnet has infected a device or not. We found that the DNS queries of an infected device will be issued in a specific periodical time frequency. Based on the features, a novel IoT Bonet detection scheme is presented in the manuscript. As compared to other works, the proposed scheme significantly reduces the computation cost by applying Shannon's entropy and the variances among the DNS queries.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129036635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888795
Robert L. Freas, Heather F. Adair, Eman M. Hammad
Recent incidents and continuous cyber attacks highlight that most currently adopted cybersecurity solutions and processes remain highly reactive, with short-lived remedies. The critical need for more proactive and mature response processes has never been more critical. We look at engineering and borrow concepts from mature systematic processes such as the engineering design process to develop a new framework for activer cyber incident response processes. Currently, cybersecurity incident response structure and processes are outlined in multiple frameworks including the MITRE ATT&CK framework, NIST's Cybersecurity framework, and the traditional incident response (IR) lifecycle. Using a blend of those frameworks and the concepts from the engineering design process we propose O2I that is more adept to a more proactive and sustainable security response. With proper implementation, O2I's iterative processes could provide a sustainable and adaptable approach to assess and improve cyber security response processes. To validate the benefits and feasibility of the proposed framework, we utilize it to evaluate recent attacks using publicly available information.
{"title":"An Engineering Process Framework for Cybersecurity Incident Response Assessment","authors":"Robert L. Freas, Heather F. Adair, Eman M. Hammad","doi":"10.1109/DSC54232.2022.9888795","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888795","url":null,"abstract":"Recent incidents and continuous cyber attacks highlight that most currently adopted cybersecurity solutions and processes remain highly reactive, with short-lived remedies. The critical need for more proactive and mature response processes has never been more critical. We look at engineering and borrow concepts from mature systematic processes such as the engineering design process to develop a new framework for activer cyber incident response processes. Currently, cybersecurity incident response structure and processes are outlined in multiple frameworks including the MITRE ATT&CK framework, NIST's Cybersecurity framework, and the traditional incident response (IR) lifecycle. Using a blend of those frameworks and the concepts from the engineering design process we propose O2I that is more adept to a more proactive and sustainable security response. With proper implementation, O2I's iterative processes could provide a sustainable and adaptable approach to assess and improve cyber security response processes. To validate the benefits and feasibility of the proposed framework, we utilize it to evaluate recent attacks using publicly available information.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122224834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888825
Qiang Wen, F. Machida
Machine learning (ML) models have been widely applied to real-world systems. However, outputs of ML models are generally uncertain and sensitive to real input data, which is a big challenge in designing highly reliable ML-based software systems. Our study aims to improve the ML system reliability through a software architecture approach inspired by N-version programming. N-version ML architectures considered in our study combine multiple input data sets with multiple versions of ML models to determine the final system output by consensus. In this paper, we focus on three-version ML architectures and propose the reliability models for analyzing the system reliability by using diversity metrics for ML models and input data sets. The proposed model allows us to compare the reliability of a triple-model with triple-input (TMTI) architecture with other variants of three-version and two-version architectures. Through the numerical analysis of the proposed models, we find that i) the reliability of TMTI architecture is higher than other three-version architectures, but interestingly ii) it is generally lower than the reliability of double model with double input system (DMDI). Furthermore, we also find that a larger variance of model diversities negatively impacts the TMTI reliability, while a larger variance of input diversity has opposed impacts.
{"title":"Reliability Models and Analysis for Triple-model with Triple-input Machine Learning Systems","authors":"Qiang Wen, F. Machida","doi":"10.1109/DSC54232.2022.9888825","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888825","url":null,"abstract":"Machine learning (ML) models have been widely applied to real-world systems. However, outputs of ML models are generally uncertain and sensitive to real input data, which is a big challenge in designing highly reliable ML-based software systems. Our study aims to improve the ML system reliability through a software architecture approach inspired by N-version programming. N-version ML architectures considered in our study combine multiple input data sets with multiple versions of ML models to determine the final system output by consensus. In this paper, we focus on three-version ML architectures and propose the reliability models for analyzing the system reliability by using diversity metrics for ML models and input data sets. The proposed model allows us to compare the reliability of a triple-model with triple-input (TMTI) architecture with other variants of three-version and two-version architectures. Through the numerical analysis of the proposed models, we find that i) the reliability of TMTI architecture is higher than other three-version architectures, but interestingly ii) it is generally lower than the reliability of double model with double input system (DMDI). Furthermore, we also find that a larger variance of model diversities negatively impacts the TMTI reliability, while a larger variance of input diversity has opposed impacts.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125233451","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888899
Daniel Fraunholz, Richard Schörghofer-Vrinssen, H. König, Richard M. Zahoransky
Both attacks are valid for 4G and 5G NSA. 4G will most likely relevant for many years to come. Even if 4G networks will be deactivated in several of years (as it is with GSM or UMTS networks right now), the baseband chips on the UE side will still support 4G and will be prone to 4G-based attacks in the future. In this paper, we leverage a previously introduced vulnerability for 4G mobile communications and present new means for its exploitation. Based on the vulnerability, we introduce a fingerprinting technique and two new attacks to demonstrate how the privacy of mobile devices may be compromised during the initialization procedure of 4G and 5G NSA mobile commu-nications. For this, we exploit information that is exposed in the attach request of the attach procedure sent from a mobile device to the network. This is particularly critical because the confidentiality of this information is not cryptographically protected. In our experiments, we evaluate our attacks against a set of approximately 110 mobile phones from 22 different vendors. Please note that we use pseudonyms (Vendor A etc.) to refer to device vendors to not disadvantage vendors. We demonstrate that our attacks enable to re-identify previously observed mobile devices for tracking purposes and to identify the device vendor and model, respectively, to derive potential sensitive information for tracking their owners.
{"title":"Show Me Your Attach Request and I'll Tell You Who You Are: Practical Fingerprinting Attacks in 4G and 5G Mobile Networks","authors":"Daniel Fraunholz, Richard Schörghofer-Vrinssen, H. König, Richard M. Zahoransky","doi":"10.1109/DSC54232.2022.9888899","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888899","url":null,"abstract":"Both attacks are valid for 4G and 5G NSA. 4G will most likely relevant for many years to come. Even if 4G networks will be deactivated in several of years (as it is with GSM or UMTS networks right now), the baseband chips on the UE side will still support 4G and will be prone to 4G-based attacks in the future. In this paper, we leverage a previously introduced vulnerability for 4G mobile communications and present new means for its exploitation. Based on the vulnerability, we introduce a fingerprinting technique and two new attacks to demonstrate how the privacy of mobile devices may be compromised during the initialization procedure of 4G and 5G NSA mobile commu-nications. For this, we exploit information that is exposed in the attach request of the attach procedure sent from a mobile device to the network. This is particularly critical because the confidentiality of this information is not cryptographically protected. In our experiments, we evaluate our attacks against a set of approximately 110 mobile phones from 22 different vendors. Please note that we use pseudonyms (Vendor A etc.) to refer to device vendors to not disadvantage vendors. We demonstrate that our attacks enable to re-identify previously observed mobile devices for tracking purposes and to identify the device vendor and model, respectively, to derive potential sensitive information for tracking their owners.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132630346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888800
Heba Takruri Tamemi, Manar Rabayah, Kareem Abu Raad, Mai Kanaan, Ahmed Awad
Security and privacy of Internet of Things (IoT) data are highly essential for a wide spectrum of applications, on top of which are medical systems. In medical systems, we need to guarantee the confidentiality, integrity, and availability (CIA triad) of the data generated from IoT devices in order to investigate medical malpractices. Blockchain provides an immutable storage without relying on an external third party to build trust and transparency. Therefore, blockchain is a suitable option to securely store such data. However, the excessive reliance on IoT devices in medical applications results in producing a large amount of data periodically, and thus, makes its solely storage on blockchain extremely expensive. In this paper, we propose a cost-efficient comprehensive framework to store IoT medical devices data on the blockchain by using a data-driven classifier. The classifier in the proposed framework is driven by a range of normal data for each sensor type. All data whether normal or abnormal is stored on a typical cloud. Only data that is classified as abnormal (critical) is stored on the blockchain for cost saving purposes. Furthermore, a distributed file system (IPFS) is utilized for extra cost reduction. Experimental results show that our proposed framework reduces the cost of storing healthcare IoT data by an average of 84% if compared with solely storing all data on the blockchain.
{"title":"A Low Cost Blockchain-Based Framework for Preserving Critical Data in Health-Care IoT Systems Using Classification","authors":"Heba Takruri Tamemi, Manar Rabayah, Kareem Abu Raad, Mai Kanaan, Ahmed Awad","doi":"10.1109/DSC54232.2022.9888800","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888800","url":null,"abstract":"Security and privacy of Internet of Things (IoT) data are highly essential for a wide spectrum of applications, on top of which are medical systems. In medical systems, we need to guarantee the confidentiality, integrity, and availability (CIA triad) of the data generated from IoT devices in order to investigate medical malpractices. Blockchain provides an immutable storage without relying on an external third party to build trust and transparency. Therefore, blockchain is a suitable option to securely store such data. However, the excessive reliance on IoT devices in medical applications results in producing a large amount of data periodically, and thus, makes its solely storage on blockchain extremely expensive. In this paper, we propose a cost-efficient comprehensive framework to store IoT medical devices data on the blockchain by using a data-driven classifier. The classifier in the proposed framework is driven by a range of normal data for each sensor type. All data whether normal or abnormal is stored on a typical cloud. Only data that is classified as abnormal (critical) is stored on the blockchain for cost saving purposes. Furthermore, a distributed file system (IPFS) is utilized for extra cost reduction. Experimental results show that our proposed framework reduces the cost of storing healthcare IoT data by an average of 84% if compared with solely storing all data on the blockchain.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131949150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888802
Jason DeJesus, J. Chandy
Embedded systems are designed to have security measures in place that protect users' data from software and network attacks, but these measures can prove useless when the attacker gains physical access to the system. Research has shown that dynamic random access memory (DRAM) is vulnerable to attacks that take advantage of its remanence property where data remains in DRAM shortly after the system is powered off. In this paper, we propose a method utilizing both cache locking and encryption to secure the DRAM on any embedded system by modifying the cache architecture of the CPU. We demonstrate an implementation using a MicroBlaze CPU, but the design can be used with any FPGA soft-core CPU, even if it does not have pre-existing cache locking capabilities. The cache modifications introduce almost no impact on performance and minimal extra hardware utilization.
{"title":"Cache Locking and Encryption to Prevent Memory Snooping in Embedded Systems","authors":"Jason DeJesus, J. Chandy","doi":"10.1109/DSC54232.2022.9888802","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888802","url":null,"abstract":"Embedded systems are designed to have security measures in place that protect users' data from software and network attacks, but these measures can prove useless when the attacker gains physical access to the system. Research has shown that dynamic random access memory (DRAM) is vulnerable to attacks that take advantage of its remanence property where data remains in DRAM shortly after the system is powered off. In this paper, we propose a method utilizing both cache locking and encryption to secure the DRAM on any embedded system by modifying the cache architecture of the CPU. We demonstrate an implementation using a MicroBlaze CPU, but the design can be used with any FPGA soft-core CPU, even if it does not have pre-existing cache locking capabilities. The cache modifications introduce almost no impact on performance and minimal extra hardware utilization.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130382689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888829
Emma Scott, S. Panda, G. Loukas, E. Panaousis
Research in the context of user awareness has shown that smart-home occupants often lack cybersecurity awareness even when it comes to frequently used technologies such as online social networks and email. To cope with the risks, smart-homes must be equipped with adequate cybersecurity measures besides the knowledge and time required by smart-home occupants to implement security measures. In this paper, we explore potential threats in AI-powered smart-homes and identify a list of cybersecurity controls required to mitigate their potential impact considering attack vectors, as well as the time and knowledge required to implement a control. We use optimisation to identify the best set of controls to minimise the risk exposure considering these metrics. Our comparative analysis against a random selection approach highlight that our approach is at least 25% better at minimising risk. Finally, we show how improved knowledge or time impacts the risk.
{"title":"Optimising user security recommendations for AI-powered smart-homes","authors":"Emma Scott, S. Panda, G. Loukas, E. Panaousis","doi":"10.1109/DSC54232.2022.9888829","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888829","url":null,"abstract":"Research in the context of user awareness has shown that smart-home occupants often lack cybersecurity awareness even when it comes to frequently used technologies such as online social networks and email. To cope with the risks, smart-homes must be equipped with adequate cybersecurity measures besides the knowledge and time required by smart-home occupants to implement security measures. In this paper, we explore potential threats in AI-powered smart-homes and identify a list of cybersecurity controls required to mitigate their potential impact considering attack vectors, as well as the time and knowledge required to implement a control. We use optimisation to identify the best set of controls to minimise the risk exposure considering these metrics. Our comparative analysis against a random selection approach highlight that our approach is at least 25% better at minimising risk. Finally, we show how improved knowledge or time impacts the risk.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"198 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115285999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888873
Talal Halabi, Aawista Chaudhry, Sarra M. Alqahtani, Mohammad Zulkernine
The last decade witnessed a gradual shift from cloud-based computing towards ubiquitous computing, which has put at a greater security risk every element of the computing ecosystem including devices, data, network, and decision making. Indeed, emerging pervasive computing paradigms have introduced an un-charted territory of security vulnerabilities and a wider attack surface, mainly due to network openness, the underlying mechanics that enable intelligent functions, and the deeply integrated physical and cyber spaces. Furthermore, interconnected computing environments now enjoy many unconventional characteristics that mandate a radical change in security engineering tools. This need is further exacerbated by the rapid emergence of new Advanced Persistent Threats (APTs) that target critical infrastructures and aim to stealthily undermine their operations in innovative and intelligent ways. To enable system and network designers to be prepared to face this new wave of dangerous threats, this paper overviews recent APTs in emerging computing systems and proposes a new approach to APTs that is more tailored towards such systems compared to traditional IT infrastructures. The proposed APT lifecycle will inform security decisions and implementation choices in future pervasive networked systems.
{"title":"A Scary Peek into The Future: Advanced Persistent Threats in Emerging Computing Environments","authors":"Talal Halabi, Aawista Chaudhry, Sarra M. Alqahtani, Mohammad Zulkernine","doi":"10.1109/DSC54232.2022.9888873","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888873","url":null,"abstract":"The last decade witnessed a gradual shift from cloud-based computing towards ubiquitous computing, which has put at a greater security risk every element of the computing ecosystem including devices, data, network, and decision making. Indeed, emerging pervasive computing paradigms have introduced an un-charted territory of security vulnerabilities and a wider attack surface, mainly due to network openness, the underlying mechanics that enable intelligent functions, and the deeply integrated physical and cyber spaces. Furthermore, interconnected computing environments now enjoy many unconventional characteristics that mandate a radical change in security engineering tools. This need is further exacerbated by the rapid emergence of new Advanced Persistent Threats (APTs) that target critical infrastructures and aim to stealthily undermine their operations in innovative and intelligent ways. To enable system and network designers to be prepared to face this new wave of dangerous threats, this paper overviews recent APTs in emerging computing systems and proposes a new approach to APTs that is more tailored towards such systems compared to traditional IT infrastructures. The proposed APT lifecycle will inform security decisions and implementation choices in future pervasive networked systems.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115383302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888884
Fangwei Wang, Yuanyuan Lu, Qingru Li, Changguang Wang, Yonglei Bai
The study of adversarial attacks on malicious code detection models will help identify and improve the flaws of detection models, improve the detection ability of adversarial attacks, and enhance the security of AI (Artificial Intelligent) algorithm-based applications. To address the problems of low efficiency, long time, and low evasion rate in generating adversarial samples, we propose a co-evolutionary algorithm-based adversarial sample generation method. We decompose the adversarial sample generation problem into three sub-problems, which are minimizing the number of modification actions, injecting less content, and being detected as benign by the target model. The two sub-problems of injecting less content and being detected as benign by the target model can be completed by minimizing the fitness function through the cooperation of two populations in coevolution. Minimizing the number of actions is achieved by a selection operation in the evolutionary process. We perform attack experiments on static malicious detection models and commercial detection engines. The experimental results show the generated adversarial samples can improve the evasion rate of some detection engines while ensuring the minimum number of modification actions and injecting less content. On the two static malicious detection models, our approach achieves more than an 80% evasion rate with fewer modification actions and injected content. The evasion rate on three commercial detection engines can reach 58.9%. Uploading the generated adversarial samples to the VirusTotal platform can evade an average of 54.0% of the anti-virus programs on the platform. Our approach is also compared with the adversarial attack approach based on an evolutionary algorithm to verify the necessity of minimizing the number of modification actions and injecting less content in adversarial sample generation.
{"title":"A Co-evolutionary Algorithm-Based Malware Adversarial Sample Generation Method","authors":"Fangwei Wang, Yuanyuan Lu, Qingru Li, Changguang Wang, Yonglei Bai","doi":"10.1109/DSC54232.2022.9888884","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888884","url":null,"abstract":"The study of adversarial attacks on malicious code detection models will help identify and improve the flaws of detection models, improve the detection ability of adversarial attacks, and enhance the security of AI (Artificial Intelligent) algorithm-based applications. To address the problems of low efficiency, long time, and low evasion rate in generating adversarial samples, we propose a co-evolutionary algorithm-based adversarial sample generation method. We decompose the adversarial sample generation problem into three sub-problems, which are minimizing the number of modification actions, injecting less content, and being detected as benign by the target model. The two sub-problems of injecting less content and being detected as benign by the target model can be completed by minimizing the fitness function through the cooperation of two populations in coevolution. Minimizing the number of actions is achieved by a selection operation in the evolutionary process. We perform attack experiments on static malicious detection models and commercial detection engines. The experimental results show the generated adversarial samples can improve the evasion rate of some detection engines while ensuring the minimum number of modification actions and injecting less content. On the two static malicious detection models, our approach achieves more than an 80% evasion rate with fewer modification actions and injected content. The evasion rate on three commercial detection engines can reach 58.9%. Uploading the generated adversarial samples to the VirusTotal platform can evade an average of 54.0% of the anti-virus programs on the platform. Our approach is also compared with the adversarial attack approach based on an evolutionary algorithm to verify the necessity of minimizing the number of modification actions and injecting less content in adversarial sample generation.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129568677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: