Electronic mail (email) is universally used by businesses, government agencies, and individual users. Out of necessity, users trust their email systems to keep their emails safe and secure. However, email systems are often complex and exhaustive testing is almost impossible for such systems. As a result, email systems often contain bugs and security vulnerabilities. In this paper, we analyze the security and usability of five popular public email systems. Our analysis shows that there are several security vulnerabilities in multiple sign-in and password composition and recovery policy of some of the email systems.
{"title":"Security Analysis of Email Systems","authors":"Tianlin Li, Amish Mehta, Ping Yang","doi":"10.1109/CSCloud.2017.20","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.20","url":null,"abstract":"Electronic mail (email) is universally used by businesses, government agencies, and individual users. Out of necessity, users trust their email systems to keep their emails safe and secure. However, email systems are often complex and exhaustive testing is almost impossible for such systems. As a result, email systems often contain bugs and security vulnerabilities. In this paper, we analyze the security and usability of five popular public email systems. Our analysis shows that there are several security vulnerabilities in multiple sign-in and password composition and recovery policy of some of the email systems.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"37 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133021380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the introduction of Web 2.0, there has been an extreme increase in the popularity of social bookmarking systems and folksonomies. In this paper, our motive is to develop a recommender system that is based on user assigned tags and content present on web pages. Although the tag recommendations in social tagging systems can be very accurate and personalized, there exists an issue of risk to the privacy of user's profile, since the social tags are given by a user expose his preferences to other users in contact. To overcome this problem, we have incorporated obfuscation privacy strategies with the well-known Delicious dataset in social tagging based recommender system. We have applied the popular supervised machine-learning algorithm, K-Nearest Neighbours classifier to the dataset that recommends relevant tags to the user. Privacy has been introduced in our tag-based recommender system by hiding some of the necessary tags, bookmarks of a user and replacing them with some random tags and bookmarks. Our experiment results indicate that the recommender system being implemented is highly efficient in terms recall and privacy measure for different values of k. The results and comparisons indicate that we have successfully employed an effective tag recommender system, which also protects the user's privacy without any significant fall in the quality of recommendation.
{"title":"Privacy-Preserving and Secure Recommender System Enhance with K-NN and Social Tagging","authors":"R. Katarya, O. Verma","doi":"10.1109/CSCloud.2017.24","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.24","url":null,"abstract":"With the introduction of Web 2.0, there has been an extreme increase in the popularity of social bookmarking systems and folksonomies. In this paper, our motive is to develop a recommender system that is based on user assigned tags and content present on web pages. Although the tag recommendations in social tagging systems can be very accurate and personalized, there exists an issue of risk to the privacy of user's profile, since the social tags are given by a user expose his preferences to other users in contact. To overcome this problem, we have incorporated obfuscation privacy strategies with the well-known Delicious dataset in social tagging based recommender system. We have applied the popular supervised machine-learning algorithm, K-Nearest Neighbours classifier to the dataset that recommends relevant tags to the user. Privacy has been introduced in our tag-based recommender system by hiding some of the necessary tags, bookmarks of a user and replacing them with some random tags and bookmarks. Our experiment results indicate that the recommender system being implemented is highly efficient in terms recall and privacy measure for different values of k. The results and comparisons indicate that we have successfully employed an effective tag recommender system, which also protects the user's privacy without any significant fall in the quality of recommendation.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133319131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Using genetic data to infer relatedness has been crucial for genetics studies for decades. In a previously published paper together with the KING software, we demonstrated that the kinship coefficient, a measure of relatedness between a pair of individuals, can be accurately estimated using their genome-wide SNP data, without estimating the allele frequencies at each SNP in the whole dataset. The computational efficiency of this algorithm has been substantially improved in the second generation of KING. Three levels of computational speed-up are implemented in KING 2.0, including: 1) bit-level parallelism; 2) multiple-core parallelism using OpenMP; and 3) a multi-stage procedure to eliminate unrelated or distantly related pairs of individuals. The efficient implementation in KING 2.0 allows instant relationship inference in a matter of seconds in a typical dataset (with 10,000s individuals). To demonstrate the computational performance and scalability of KING 2.0, we use the Knights Landing platform to infer relatedness in a dataset consisting of 303,750 individuals each typed at 168,749 autosome SNPs. The computational time to identify all first-degree relatives by scanning 46 billion pairs of individuals is ∼10 minutes using 256 threads, a noticeable speed-up comparing to the general-purpose CPU. Algorithm improvement in the second generation of KING and the use of the latest computing system such as the Knights Landing platform makes it feasible for researchers to infer relatedness in their genetic datasets in the largest size up-to-date on a single computer.
{"title":"Family Relationship Inference Using Knights Landing Platform","authors":"Yuxiang Gao, Wei-Min Chen","doi":"10.1109/CSCloud.2017.41","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.41","url":null,"abstract":"Using genetic data to infer relatedness has been crucial for genetics studies for decades. In a previously published paper together with the KING software, we demonstrated that the kinship coefficient, a measure of relatedness between a pair of individuals, can be accurately estimated using their genome-wide SNP data, without estimating the allele frequencies at each SNP in the whole dataset. The computational efficiency of this algorithm has been substantially improved in the second generation of KING. Three levels of computational speed-up are implemented in KING 2.0, including: 1) bit-level parallelism; 2) multiple-core parallelism using OpenMP; and 3) a multi-stage procedure to eliminate unrelated or distantly related pairs of individuals. The efficient implementation in KING 2.0 allows instant relationship inference in a matter of seconds in a typical dataset (with 10,000s individuals). To demonstrate the computational performance and scalability of KING 2.0, we use the Knights Landing platform to infer relatedness in a dataset consisting of 303,750 individuals each typed at 168,749 autosome SNPs. The computational time to identify all first-degree relatives by scanning 46 billion pairs of individuals is ∼10 minutes using 256 threads, a noticeable speed-up comparing to the general-purpose CPU. Algorithm improvement in the second generation of KING and the use of the latest computing system such as the Knights Landing platform makes it feasible for researchers to infer relatedness in their genetic datasets in the largest size up-to-date on a single computer.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130794659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present direct performance measurement for eight popular HPC applications on the Knights Landing (KNL) platform. Performance numbers for Haswell processors are provided for contrast. The applications (DGEMM. SGEMM, STREAM, IOR, HPCG, Quantum Espresso, WRF and HPL) were selected from among the ten most used in the QCT developer cloud as well as good representative of workloads used by large number of users and, given their diversity, should be representative of typical HPC workloads. All runs were performed with publicly available codes without modification and so results should be expected to improve as developers gain access to KNL. Current results are promising, with execution on a single KNL processor showing speedups up to 1.7x with respect to a dual socket Haswell.
{"title":"Power and Performance Study of HPC Applications on QCT Developer Cloud","authors":"P. Young, Probha Madhavan, Gong-Do Hwang","doi":"10.1109/CSCloud.2017.50","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.50","url":null,"abstract":"We present direct performance measurement for eight popular HPC applications on the Knights Landing (KNL) platform. Performance numbers for Haswell processors are provided for contrast. The applications (DGEMM. SGEMM, STREAM, IOR, HPCG, Quantum Espresso, WRF and HPL) were selected from among the ten most used in the QCT developer cloud as well as good representative of workloads used by large number of users and, given their diversity, should be representative of typical HPC workloads. All runs were performed with publicly available codes without modification and so results should be expected to improve as developers gain access to KNL. Current results are promising, with execution on a single KNL processor showing speedups up to 1.7x with respect to a dual socket Haswell.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"527 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123903161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
IoT (Internet of Things) devices such as sensors have been actively used in 'fogs' to provide critical data during e.g., disaster response scenarios or in-home healthcare. Since IoT devices typically operate in resource-constrained computing environments at the network-edge, data transfer performance to the cloud as well as end-to-end security have to be robust and customizable. In this paper, we present the design and implementation of a middleware featuring "intermittent" and "flexible" end-to-end security for cloud-fog communications. Intermittent security copes with unreliable network connections, and flexibility is achieved through security configurations that are tailored to application needs. Our experiment results show how our middleware that leverages static pre-shared keys forms a promising solution for delivering light-weight, fast and resource-aware security for a variety of IoT-based applications.
{"title":"End-to-End IoT Security Middleware for Cloud-Fog Communication","authors":"B. Mukherjee, R. Neupane, P. Calyam","doi":"10.1109/CSCloud.2017.62","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.62","url":null,"abstract":"IoT (Internet of Things) devices such as sensors have been actively used in 'fogs' to provide critical data during e.g., disaster response scenarios or in-home healthcare. Since IoT devices typically operate in resource-constrained computing environments at the network-edge, data transfer performance to the cloud as well as end-to-end security have to be robust and customizable. In this paper, we present the design and implementation of a middleware featuring \"intermittent\" and \"flexible\" end-to-end security for cloud-fog communications. Intermittent security copes with unreliable network connections, and flexibility is achieved through security configurations that are tailored to application needs. Our experiment results show how our middleware that leverages static pre-shared keys forms a promising solution for delivering light-weight, fast and resource-aware security for a variety of IoT-based applications.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"155 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116455679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we first define a new security problem, named mPSI (many-to-one private set interaction), which can find applications in many scenarios where the host of a big database may be queried by a large number of clients who have small-size queries and want to prevent both the intentions and results of their queries from being exposed to others. We also propose a new scheme to solve the mPSI problem. The scheme extends the state-of-the-art oblivious transfer-based one-to-one PSI schemes, but also embeds the innovative ideas of (1) leveraging the collaborations between clients to achieve high computational and communication efficiency, and (2) relying on server-aided secret encryption to hide each client's private information from being exposed to either the server or any other client. Extensive theoretical analysis and experiments have been conducted to evaluate the proposed scheme and compare the scheme with the state of the art, and the results verify the security and efficiency of our proposed scheme.
{"title":"mPSI: Many-to-one Private Set Intersection","authors":"Keji Hu, Wensheng Zhang","doi":"10.1109/CSCloud.2017.35","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.35","url":null,"abstract":"In this paper, we first define a new security problem, named mPSI (many-to-one private set interaction), which can find applications in many scenarios where the host of a big database may be queried by a large number of clients who have small-size queries and want to prevent both the intentions and results of their queries from being exposed to others. We also propose a new scheme to solve the mPSI problem. The scheme extends the state-of-the-art oblivious transfer-based one-to-one PSI schemes, but also embeds the innovative ideas of (1) leveraging the collaborations between clients to achieve high computational and communication efficiency, and (2) relying on server-aided secret encryption to hide each client's private information from being exposed to either the server or any other client. Extensive theoretical analysis and experiments have been conducted to evaluate the proposed scheme and compare the scheme with the state of the art, and the results verify the security and efficiency of our proposed scheme.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123786864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Foxmail client is one of the most popular tools to send and receive e-mail, and the mail data files preserved in it become an important target of computer investigation and forensics, from which the useful clues can be mined out and analyzed. In this paper, a visual Foxmail forensics system is designed to extract the information from the mail evidence file and display the association between the contacts by graphic and search the mail body and the attachment by full-text retrieval. The system can assist the investigating and forensic officers to analyze the correlation between the sender and the receiver, and find some useful clues to provide the necessary reference for handling the cases.
{"title":"Email Visualization Correlation Analysis Forensics Research","authors":"Zhenya Chen, Ying Yang, Lijuan Chen, Liqiang Wen, Jizhi Wang, Guang Yang, Meng Guo","doi":"10.1109/CSCloud.2017.28","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.28","url":null,"abstract":"Foxmail client is one of the most popular tools to send and receive e-mail, and the mail data files preserved in it become an important target of computer investigation and forensics, from which the useful clues can be mined out and analyzed. In this paper, a visual Foxmail forensics system is designed to extract the information from the mail evidence file and display the association between the contacts by graphic and search the mail body and the attachment by full-text retrieval. The system can assist the investigating and forensic officers to analyze the correlation between the sender and the receiver, and find some useful clues to provide the necessary reference for handling the cases.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124565737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Levy, Hardik A. Gohel, Himanshu Upadhyay, A. Perez-Pons, Leonel E. Lagos
In today's software and systems environments, security frameworks and models are evolving exponentially. Many traditional host-based frameworks are currently available to detect cyber threats in Linux environment. But there have been many challenges in detecting rootkits that modify the Linux Operating System (OS) kernel to avoid detection. These limitations have lead us to design a virtualization framework for detection of cyber threats in Linux environment. Instead of relying on the Linux Operating System kernel which is now a common victim of cyber-attacks, this virtualization framework will rely on the virtual machine hypervisor which is a more secure software layer that runs the OS kernel and the hardware. The paper proposed a virtualization framework based on well-known hypervisors, to detect cyber threats. The proposed work allowed for a more robust cyber threat detection method than traditional host-based frameworks. It can also possess self-healing properties since it will not only detect compromised servers but also suspend their operation by replacing them with uncompromised versions. This innovative framework promises to secure large scale IT infrastructure with minimum maintenance cost.
{"title":"Design of Virtualization Framework to Detect Cyber Threats in Linux Environment","authors":"D. Levy, Hardik A. Gohel, Himanshu Upadhyay, A. Perez-Pons, Leonel E. Lagos","doi":"10.1109/CSCloud.2017.18","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.18","url":null,"abstract":"In today's software and systems environments, security frameworks and models are evolving exponentially. Many traditional host-based frameworks are currently available to detect cyber threats in Linux environment. But there have been many challenges in detecting rootkits that modify the Linux Operating System (OS) kernel to avoid detection. These limitations have lead us to design a virtualization framework for detection of cyber threats in Linux environment. Instead of relying on the Linux Operating System kernel which is now a common victim of cyber-attacks, this virtualization framework will rely on the virtual machine hypervisor which is a more secure software layer that runs the OS kernel and the hardware. The paper proposed a virtualization framework based on well-known hypervisors, to detect cyber threats. The proposed work allowed for a more robust cyber threat detection method than traditional host-based frameworks. It can also possess self-healing properties since it will not only detect compromised servers but also suspend their operation by replacing them with uncompromised versions. This innovative framework promises to secure large scale IT infrastructure with minimum maintenance cost.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114264374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Intrusion detection systems do not perform well when it comes to detecting zero-day attacks, therefore improving their performance in that regard is an active research topic. In this study, to detect zero-day attacks with high accuracy, we proposed two deep learning based anomaly detection models using autoencoder and denoising autoencoder respectively. The key factor that directly affects the accuracy of the proposed models is the threshold value which was determined using a stochastic approach rather than the approaches available in the current literature. The proposed models were tested using the KDDTest+ dataset contained in NSL-KDD, and we achieved an accuracy of 88.28% and 88.65% respectively. The obtained results show that, as a singular model, our proposed anomaly detection models outperform any other singular anomaly detection methods and they perform almost the same as the newly suggested hybrid anomaly detection models.
{"title":"Network Anomaly Detection with Stochastically Improved Autoencoder Based Models","authors":"R. C. Aygun, A. Yavuz","doi":"10.1109/CSCloud.2017.39","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.39","url":null,"abstract":"Intrusion detection systems do not perform well when it comes to detecting zero-day attacks, therefore improving their performance in that regard is an active research topic. In this study, to detect zero-day attacks with high accuracy, we proposed two deep learning based anomaly detection models using autoencoder and denoising autoencoder respectively. The key factor that directly affects the accuracy of the proposed models is the threshold value which was determined using a stochastic approach rather than the approaches available in the current literature. The proposed models were tested using the KDDTest+ dataset contained in NSL-KDD, and we achieved an accuracy of 88.28% and 88.65% respectively. The obtained results show that, as a singular model, our proposed anomaly detection models outperform any other singular anomaly detection methods and they perform almost the same as the newly suggested hybrid anomaly detection models.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"780 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123284277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Malware detection and classification is critical for the security of IT infrastructure. Legacy detection of malware has been highly reliant on static signatures, so malware authors have evolved code polymorphic techniques to counteract these tools, thus rendering static malware detectors ineffective. While malware writers may easily use code rewriting techniques to scramble binary images; malware processes at runtime still must conduct a sequence of operational steps to achieve its design goal, indicating an approach based on behavioral analysis where the captured invariants form a new type of forensic fingerprint. Moreover these operational steps are constrained to occur within the computers' or mobile devices' abstract system interface - a finite basis of activities that submit to effective monitoring with a variety of tools. In this work, we propose a formalism for expressing these behaviors, learning them and analyzing them to form automated malware analysis tools. Thus motivated by a need to detect and classify malware, we root its foundation in formal verification, as well as methodology from statistical and machine learning. Specifically using trace data from malware we leverage formal verification methods (such as probabilistic model checking) to construct classifiers and evaluate their efficacy in supervised learning and cross-fold validation experiments. The results inform how a fully automated reasoning mechanism may be applied to unknown software by posing its system trace as a query to various classifiers as hypothesis testing, the outputs informing belief of membership. Finally, we demonstrate the method and results on real malware data.
{"title":"Malware Fingerprinting under Uncertainty","authors":"Krishnendu Ghosh, W. Casey, J. Morales, B. Mishra","doi":"10.1109/CSCloud.2017.63","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.63","url":null,"abstract":"Malware detection and classification is critical for the security of IT infrastructure. Legacy detection of malware has been highly reliant on static signatures, so malware authors have evolved code polymorphic techniques to counteract these tools, thus rendering static malware detectors ineffective. While malware writers may easily use code rewriting techniques to scramble binary images; malware processes at runtime still must conduct a sequence of operational steps to achieve its design goal, indicating an approach based on behavioral analysis where the captured invariants form a new type of forensic fingerprint. Moreover these operational steps are constrained to occur within the computers' or mobile devices' abstract system interface - a finite basis of activities that submit to effective monitoring with a variety of tools. In this work, we propose a formalism for expressing these behaviors, learning them and analyzing them to form automated malware analysis tools. Thus motivated by a need to detect and classify malware, we root its foundation in formal verification, as well as methodology from statistical and machine learning. Specifically using trace data from malware we leverage formal verification methods (such as probabilistic model checking) to construct classifiers and evaluate their efficacy in supervised learning and cross-fold validation experiments. The results inform how a fully automated reasoning mechanism may be applied to unknown software by posing its system trace as a query to various classifiers as hypothesis testing, the outputs informing belief of membership. Finally, we demonstrate the method and results on real malware data.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129421526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: