MI-LXC is a framework to simulate an internet-like infrastructure on top of LXC to practice cybersecurity on a realistic environment. MI-LXC follows the infrastructure-as-code paradigm to program the topology of the system and the provisioning of the different hosts. This construction is highly customizable, allowing to create hosts ranging from webservers to graphical desktops. Provisioning of similar subsets of features on different hosts is attained through a template mechanism. MI-LXC currently provides 28 hosts in 11 AS, allowing to simulate BGP routing, DNS, SMTP, HTTP, Certification authorities as well as attacks against these protocols. In this article, we present the MI-LXC framework, the generated infrastructure and some labs on top of it. MI-LXC is a free software (AGPL).
{"title":"MI-LXC: A Small-Scale Internet-Like Environment for Network Security Teaching","authors":"François Lesueur, Camille Noûs","doi":"10.1145/3465481.3469181","DOIUrl":"https://doi.org/10.1145/3465481.3469181","url":null,"abstract":"MI-LXC is a framework to simulate an internet-like infrastructure on top of LXC to practice cybersecurity on a realistic environment. MI-LXC follows the infrastructure-as-code paradigm to program the topology of the system and the provisioning of the different hosts. This construction is highly customizable, allowing to create hosts ranging from webservers to graphical desktops. Provisioning of similar subsets of features on different hosts is attained through a template mechanism. MI-LXC currently provides 28 hosts in 11 AS, allowing to simulate BGP routing, DNS, SMTP, HTTP, Certification authorities as well as attacks against these protocols. In this article, we present the MI-LXC framework, the generated infrastructure and some labs on top of it. MI-LXC is a free software (AGPL).","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129853912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Max van Haastrecht, I. Sarhan, Alireza Shojaifar, Louis Baumgartner, Wissam Mallouli, M. Spruit
Cybersecurity incidents are commonplace nowadays, and Small- and Medium-Sized Enterprises (SMEs) are exceptionally vulnerable targets. The lack of cybersecurity resources available to SMEs implies that they are less capable of dealing with cyber-attacks. Motivation to improve cybersecurity is often low, as the prerequisite knowledge and awareness to drive motivation is generally absent at SMEs. A solution that aims to help SMEs manage their cybersecurity risks should therefore not only offer a correct assessment but should also motivate SME users. From Self-Determination Theory (SDT), we know that by promoting perceived autonomy, competence, and relatedness, people can be motivated to take action. In this paper, we explain how a threat-based cybersecurity risk assessment approach can help to address the needs outlined in SDT. We propose such an approach for SMEs and outline the data requirements that facilitate automation. We present a practical application covering various user interfaces, showing how our threat-based cybersecurity risk assessment approach turns SME data into prioritised, actionable recommendations.
{"title":"A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs","authors":"Max van Haastrecht, I. Sarhan, Alireza Shojaifar, Louis Baumgartner, Wissam Mallouli, M. Spruit","doi":"10.1145/3465481.3469199","DOIUrl":"https://doi.org/10.1145/3465481.3469199","url":null,"abstract":"Cybersecurity incidents are commonplace nowadays, and Small- and Medium-Sized Enterprises (SMEs) are exceptionally vulnerable targets. The lack of cybersecurity resources available to SMEs implies that they are less capable of dealing with cyber-attacks. Motivation to improve cybersecurity is often low, as the prerequisite knowledge and awareness to drive motivation is generally absent at SMEs. A solution that aims to help SMEs manage their cybersecurity risks should therefore not only offer a correct assessment but should also motivate SME users. From Self-Determination Theory (SDT), we know that by promoting perceived autonomy, competence, and relatedness, people can be motivated to take action. In this paper, we explain how a threat-based cybersecurity risk assessment approach can help to address the needs outlined in SDT. We propose such an approach for SMEs and outline the data requirements that facilitate automation. We present a practical application covering various user interfaces, showing how our threat-based cybersecurity risk assessment approach turns SME data into prioritised, actionable recommendations.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122349847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Endres Puschner, Christoph Saatjohann, Markus Willing, Christian Dresen, J. Köbe, B. Rath, C. Paar, L. Eckardt, Uwe Haverkamp, Sebastian Schinzel
Modern implantable cardiologic devices communicate via radio frequency techniques and nearby gateways to a backend server on the internet. Those implanted devices, gateways, and servers form an ecosystem of proprietary hardware and protocols that process sensitive medical data and is often vital for patients’ health. This paper analyzes the security of this Ecosystem, from technical gateway aspects, via the programmer, to configure the implanted device, up to the processing of personal medical data from large cardiological device producers. Based on a real-world attacker model, we evaluated different devices and found several severe vulnerabilities. Furthermore, we could purchase a fully functional programmer for implantable cardiological devices, allowing us to re-program such devices or even induce electric shocks on untampered implanted devices. Additionally, we sent several Art. 15 and Art. 20 GDPR inquiries to manufacturers of implantable cardiologic devices, revealing non-conforming processes and a lack of awareness about patients’ rights and companies’ obligations. This, and the fact that many vulnerabilities are still to be found after many vulnerability disclosures in recent years, present a worrying security state of the whole ecosystem.
{"title":"Listen to Your Heart: Evaluation of the Cardiologic Ecosystem","authors":"Endres Puschner, Christoph Saatjohann, Markus Willing, Christian Dresen, J. Köbe, B. Rath, C. Paar, L. Eckardt, Uwe Haverkamp, Sebastian Schinzel","doi":"10.1145/3465481.3465753","DOIUrl":"https://doi.org/10.1145/3465481.3465753","url":null,"abstract":"Modern implantable cardiologic devices communicate via radio frequency techniques and nearby gateways to a backend server on the internet. Those implanted devices, gateways, and servers form an ecosystem of proprietary hardware and protocols that process sensitive medical data and is often vital for patients’ health. This paper analyzes the security of this Ecosystem, from technical gateway aspects, via the programmer, to configure the implanted device, up to the processing of personal medical data from large cardiological device producers. Based on a real-world attacker model, we evaluated different devices and found several severe vulnerabilities. Furthermore, we could purchase a fully functional programmer for implantable cardiological devices, allowing us to re-program such devices or even induce electric shocks on untampered implanted devices. Additionally, we sent several Art. 15 and Art. 20 GDPR inquiries to manufacturers of implantable cardiologic devices, revealing non-conforming processes and a lack of awareness about patients’ rights and companies’ obligations. This, and the fact that many vulnerabilities are still to be found after many vulnerability disclosures in recent years, present a worrying security state of the whole ecosystem.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"2022 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123541669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, steganographic techniques for hiding data in file system metadata gained focus. Tools for commonly used file systems were published but the exFAT file system did not get much attention – probably because its structure provides only few suitable locations to hide data. In this work we present two approaches to hide data in the exFAT file system. While the first approach is more flexible regarding embedding locations, it is rather fragile and provides a lower embedding rate. The second approach, called exHide, has stricter requirements for embedding, but is rather robust and provides a reasonable embedding rate. We describe the design of both approaches, evaluate them, and discuss their weaknesses and advantages.
{"title":"exHide: Hiding Data within the exFAT File System","authors":"J. Heeger, York Yannikos, M. Steinebach","doi":"10.1145/3465481.3470117","DOIUrl":"https://doi.org/10.1145/3465481.3470117","url":null,"abstract":"Recently, steganographic techniques for hiding data in file system metadata gained focus. Tools for commonly used file systems were published but the exFAT file system did not get much attention – probably because its structure provides only few suitable locations to hide data. In this work we present two approaches to hide data in the exFAT file system. While the first approach is more flexible regarding embedding locations, it is rather fragile and provides a lower embedding rate. The second approach, called exHide, has stricter requirements for embedding, but is rather robust and provides a reasonable embedding rate. We describe the design of both approaches, evaluate them, and discuss their weaknesses and advantages.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123720846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
While memory corruption bugs stemming from the use of unsafe programming languages are an old and well-researched problem, the resulting vulnerabilities still dominate real-world exploitation today. Various mitigations have been proposed to alleviate the problem, mainly in the form of language dialects, static program analysis, and code or binary instrumentation. Solutions like AdressSanitizer (ASan) and Softbound/CETS have proven that the latter approach is very promising, being able to achieve memory safety without requiring manual source code adaptions, albeit suffering substantial performance and memory overheads. While performance overhead can be seen as a flexible constraint, extensive memory overheads can be prohibitive for the use of such solutions in memory-constrained environments. To address this problem, we propose MESH, a highly memory-efficient safe heap for C/C++. With its constant, very small memory overhead (configurable up to 2 MB on x86-64) and constant complexity for pointer access checking, MESH offers efficient, byte-precise spatial and temporal memory safety for memory-constrained scenarios. Without jeopardizing the security of safe heap objects, MESH is fully compatible with existing code and uninstrumented libraries, making it practical to use in heterogeneous environments. We show the feasibility of our approach with a full LLVM-based prototype supporting both major architectures, i.e., x86-64 and ARM64, in a Linux runtime environment. Our prototype evaluation shows that, compared to ASan and Softbound/CETS, MESH can achieve huge memory savings while preserving similar execution performance.
{"title":"MESH: A Memory-Efficient Safe Heap for C/C++","authors":"Emanuel Q. Vintila, Philipp Zieris, Julian Horsch","doi":"10.1145/3465481.3465760","DOIUrl":"https://doi.org/10.1145/3465481.3465760","url":null,"abstract":"While memory corruption bugs stemming from the use of unsafe programming languages are an old and well-researched problem, the resulting vulnerabilities still dominate real-world exploitation today. Various mitigations have been proposed to alleviate the problem, mainly in the form of language dialects, static program analysis, and code or binary instrumentation. Solutions like AdressSanitizer (ASan) and Softbound/CETS have proven that the latter approach is very promising, being able to achieve memory safety without requiring manual source code adaptions, albeit suffering substantial performance and memory overheads. While performance overhead can be seen as a flexible constraint, extensive memory overheads can be prohibitive for the use of such solutions in memory-constrained environments. To address this problem, we propose MESH, a highly memory-efficient safe heap for C/C++. With its constant, very small memory overhead (configurable up to 2 MB on x86-64) and constant complexity for pointer access checking, MESH offers efficient, byte-precise spatial and temporal memory safety for memory-constrained scenarios. Without jeopardizing the security of safe heap objects, MESH is fully compatible with existing code and uninstrumented libraries, making it practical to use in heterogeneous environments. We show the feasibility of our approach with a full LLVM-based prototype supporting both major architectures, i.e., x86-64 and ARM64, in a Linux runtime environment. Our prototype evaluation shows that, compared to ASan and Softbound/CETS, MESH can achieve huge memory savings while preserving similar execution performance.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117253285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kabul Kurniawan, Andreas Ekelhart, Elmar Kiesling, D. Winkler, G. Quirchmayr, A. Tjoa
Security professionals rely extensively on log data to monitor IT infrastructures and investigate potentially malicious activities. Existing systems support these tasks by collecting log messages in a database, from where log events can be queried and correlated. Such centralized approaches are typically based on a relational model and store log messages as plain text, which offers limited flexibility for the representation of heterogeneous log events and the connections between them. A knowledge graph representation can overcome such limitations and enable graph pattern-based log analysis, leveraging semantic relationships between objects that appear in heterogeneous log streams. In this paper, we present a method to dynamically construct such log knowledge graphs at query time, i.e., without a priori parsing, aggregation, processing, and materialization of log data. Specifically, we propose a method that – for a given query formulated in SPARQL – dynamically constructs a virtual log knowledge graph directly from heterogeneous raw log files across multiple hosts and contextualizes the result with internal and external background knowledge. We evaluate the approach across multiple heterogeneous log sources and machines and see encouraging results that indicate that the approach is viable and facilitates ad-hoc graph-analytic queries in federated settings.
{"title":"Virtual Knowledge Graphs for Federated Log Analysis","authors":"Kabul Kurniawan, Andreas Ekelhart, Elmar Kiesling, D. Winkler, G. Quirchmayr, A. Tjoa","doi":"10.1145/3465481.3465767","DOIUrl":"https://doi.org/10.1145/3465481.3465767","url":null,"abstract":"Security professionals rely extensively on log data to monitor IT infrastructures and investigate potentially malicious activities. Existing systems support these tasks by collecting log messages in a database, from where log events can be queried and correlated. Such centralized approaches are typically based on a relational model and store log messages as plain text, which offers limited flexibility for the representation of heterogeneous log events and the connections between them. A knowledge graph representation can overcome such limitations and enable graph pattern-based log analysis, leveraging semantic relationships between objects that appear in heterogeneous log streams. In this paper, we present a method to dynamically construct such log knowledge graphs at query time, i.e., without a priori parsing, aggregation, processing, and materialization of log data. Specifically, we propose a method that – for a given query formulated in SPARQL – dynamically constructs a virtual log knowledge graph directly from heterogeneous raw log files across multiple hosts and contextualizes the result with internal and external background knowledge. We evaluate the approach across multiple heterogeneous log sources and machines and see encouraging results that indicate that the approach is viable and facilitates ad-hoc graph-analytic queries in federated settings.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116901982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The number of citations attracted by publications is a key criteria for measuring their success. To avoid discriminating newer research, such a metric is usually measured in average yearly citations. Understanding and characterizing how citations behave have been prime research topics, yet investigations targeting the cybersecurity domain seem to be particularly scarce. In this perspective, the paper aims at filling this gap by analyzing average yearly citations for 6,693 papers published in top-tier conferences and journals in cybersecurity. Results indicate the existence of three clusters, i.e., general security conferences, general security journals, and cryptography-centered publications. The analysis also suggests that the amount of conference-to-conference citations stands out compared to journal-to-journal and conference-to-journal citations. Besides, papers published at top conferences attract more citations although a direct comparison against other venues is not straightforward. To better quantify the impact of works dealing with cybersecurity aspects, the paper introduces two new metrics, namely the number of main words in the title, and the combined number of unique main words in title, abstract and keywords. Collected results show that they can be associated with average yearly citations (together with the number of cited references). Finally, the paper draws some ideas to take advantage from such findings.
{"title":"Crème de la Crème: Lessons from Papers in Security Publications","authors":"Simon L. R. Vrhovec, L. Caviglione, S. Wendzel","doi":"10.1145/3465481.3470027","DOIUrl":"https://doi.org/10.1145/3465481.3470027","url":null,"abstract":"The number of citations attracted by publications is a key criteria for measuring their success. To avoid discriminating newer research, such a metric is usually measured in average yearly citations. Understanding and characterizing how citations behave have been prime research topics, yet investigations targeting the cybersecurity domain seem to be particularly scarce. In this perspective, the paper aims at filling this gap by analyzing average yearly citations for 6,693 papers published in top-tier conferences and journals in cybersecurity. Results indicate the existence of three clusters, i.e., general security conferences, general security journals, and cryptography-centered publications. The analysis also suggests that the amount of conference-to-conference citations stands out compared to journal-to-journal and conference-to-journal citations. Besides, papers published at top conferences attract more citations although a direct comparison against other venues is not straightforward. To better quantify the impact of works dealing with cybersecurity aspects, the paper introduces two new metrics, namely the number of main words in the title, and the combined number of unique main words in title, abstract and keywords. Collected results show that they can be associated with average yearly citations (together with the number of cited references). Finally, the paper draws some ideas to take advantage from such findings.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115327104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Umberto Morelli, I. Vaccari, Silvio Ranise, E. Cambiaso
The Internet of Things is a widely adopted and pervasive technology, but also one of the most conveniently attacked given the volume of shared data and the availability of affordable but insecure products. This paper investigates two classes of denial of service (DoS) attacks that target the handling of message queues in MQTT, one of the most broadly used IoT protocols. The first attack attempts to saturate the MQTT broker resources, while the second exploits the broker to perform an amplification attack against the connected clients. We demonstrate the effectiveness of the attacks and indicate the parameters that would hinder the capabilities of a DoS attacker in three open-source MQTT implementations: Mosquitto, VerneMQ and EMQ X. To improve the security awareness in MQTT-based deployments, we integrate the attacks and mitigations in MQTTSA, a tool that detects MQTT misconfigurations and provides security-oriented recommendations and configuration snippets.
{"title":"DoS Attacks in Available MQTT Implementations: Investigating the Impact on Brokers and Devices, and supported Anti-DoS Protections","authors":"Umberto Morelli, I. Vaccari, Silvio Ranise, E. Cambiaso","doi":"10.1145/3465481.3470049","DOIUrl":"https://doi.org/10.1145/3465481.3470049","url":null,"abstract":"The Internet of Things is a widely adopted and pervasive technology, but also one of the most conveniently attacked given the volume of shared data and the availability of affordable but insecure products. This paper investigates two classes of denial of service (DoS) attacks that target the handling of message queues in MQTT, one of the most broadly used IoT protocols. The first attack attempts to saturate the MQTT broker resources, while the second exploits the broker to perform an amplification attack against the connected clients. We demonstrate the effectiveness of the attacks and indicate the parameters that would hinder the capabilities of a DoS attacker in three open-source MQTT implementations: Mosquitto, VerneMQ and EMQ X. To improve the security awareness in MQTT-based deployments, we integrate the attacks and mitigations in MQTTSA, a tool that detects MQTT misconfigurations and provides security-oriented recommendations and configuration snippets.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116922252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Mileva, L. Caviglione, Aleksandar Velinov, S. Wendzel, V. Dimitrova
The increasing application of ICT technologies to medicine opens new usage patterns. Among the various standards, the Digital Imaging and COmmunication in Medicine (DICOM) has been gaining momentum, mainly due to its complete coverage of the diagnostic pipeline, including key applications such as CT, MRI and ultrasound scanners. However, owing to its complex and multifaceted nature, DICOM is prone to many risks especially due to the vast and complex attack surface characterizing the composite interplay of services, formats and technologies at the basis of the standard. Luckily, DICOM exhibits some room for improving its security. Specifically, information hiding and steganography can be used in a twofold manner. On one hand, they can help to watermark diagnostic images to improve their resistance against tampering and alterations. On the other hand, the digital infrastructure at the basis of DICOM can lead to data leaks or malicious manipulations via artificial intelligence techniques. Therefore, in this work we introduce risks and opportunities when applying information-hiding-based techniques to the DICOM standard. Our investigation highlights some opportunities as well as introduces possibilities of exploiting DICOM images to set up covert channels, i.e., hidden communication paths that can be used to exfiltrate data or launch attacks. To prove the effectiveness of our vision, this paper also showcases the performance evaluation of a covert channel built by applying text steganography principles on realistic DICOM images.
{"title":"Risks and Opportunities for Information Hiding in DICOM Standard","authors":"A. Mileva, L. Caviglione, Aleksandar Velinov, S. Wendzel, V. Dimitrova","doi":"10.1145/3465481.3470072","DOIUrl":"https://doi.org/10.1145/3465481.3470072","url":null,"abstract":"The increasing application of ICT technologies to medicine opens new usage patterns. Among the various standards, the Digital Imaging and COmmunication in Medicine (DICOM) has been gaining momentum, mainly due to its complete coverage of the diagnostic pipeline, including key applications such as CT, MRI and ultrasound scanners. However, owing to its complex and multifaceted nature, DICOM is prone to many risks especially due to the vast and complex attack surface characterizing the composite interplay of services, formats and technologies at the basis of the standard. Luckily, DICOM exhibits some room for improving its security. Specifically, information hiding and steganography can be used in a twofold manner. On one hand, they can help to watermark diagnostic images to improve their resistance against tampering and alterations. On the other hand, the digital infrastructure at the basis of DICOM can lead to data leaks or malicious manipulations via artificial intelligence techniques. Therefore, in this work we introduce risks and opportunities when applying information-hiding-based techniques to the DICOM standard. Our investigation highlights some opportunities as well as introduces possibilities of exploiting DICOM images to set up covert channels, i.e., hidden communication paths that can be used to exfiltrate data or launch attacks. To prove the effectiveness of our vision, this paper also showcases the performance evaluation of a covert channel built by applying text steganography principles on realistic DICOM images.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126107903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nora Hofer, Pascal Schöttle, A. Rietzler, Sebastian Stabinger
The BERT model is de facto state-of-the-art for aspect-based sentiment analysis (ABSA), an important task in natural language processing. Similar to every other model based on deep learning, BERT is vulnerable to so-called adversarial examples: strategically modified inputs that cause a change in the model’s prediction of the underlying input. In this paper we propose three new methods to create character-level adversarial examples against BERT and evaluate their effectiveness on the ABSA task. Specifically, our attack methods mimic human behavior and use leetspeak, common misspellings, or misplaced commas. By concentrating these changes on important words, we are able to maximize misclassification rates with minimal changes. To the best of our knowledge, we are the first to look into adversarial examples for the ABSA task and the first to propose these attacks.
{"title":"Adversarial Examples Against a BERT ABSA Model – Fooling Bert With L33T, Misspellign, and Punctuation,","authors":"Nora Hofer, Pascal Schöttle, A. Rietzler, Sebastian Stabinger","doi":"10.1145/3465481.3465770","DOIUrl":"https://doi.org/10.1145/3465481.3465770","url":null,"abstract":"The BERT model is de facto state-of-the-art for aspect-based sentiment analysis (ABSA), an important task in natural language processing. Similar to every other model based on deep learning, BERT is vulnerable to so-called adversarial examples: strategically modified inputs that cause a change in the model’s prediction of the underlying input. In this paper we propose three new methods to create character-level adversarial examples against BERT and evaluate their effectiveness on the ABSA task. Specifically, our attack methods mimic human behavior and use leetspeak, common misspellings, or misplaced commas. By concentrating these changes on important words, we are able to maximize misclassification rates with minimal changes. To the best of our knowledge, we are the first to look into adversarial examples for the ABSA task and the first to propose these attacks.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130884979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: