Pub Date : 2021-12-01DOI: 10.1186/s13635-021-00126-1
Michele Russo, Nedim Srndic, P. Laskov
{"title":"Detection of illicit cryptomining using network metadata","authors":"Michele Russo, Nedim Srndic, P. Laskov","doi":"10.1186/s13635-021-00126-1","DOIUrl":"https://doi.org/10.1186/s13635-021-00126-1","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":" ","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47592104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-29DOI: 10.1186/s13635-021-00123-4
Christian Kraetzer, A. Makrushin, J. Dittmann, M. Hildebrandt
{"title":"Potential advantages and limitations of using information fusion in media forensics—a discussion on the example of detecting face morphing attacks","authors":"Christian Kraetzer, A. Makrushin, J. Dittmann, M. Hildebrandt","doi":"10.1186/s13635-021-00123-4","DOIUrl":"https://doi.org/10.1186/s13635-021-00123-4","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"2021 1","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-021-00123-4","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"65684150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.21203/RS.3.RS-607598/V1
M. Russo, Nedim Srndic, P. Laskov
Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims’ computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs.Illicit mining crucially relies on communication between compromised systems and remote mining pools using the de facto standard protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper, we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using only mining traffic and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration.In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.
{"title":"Detection of illicit cryptomining using network metadata","authors":"M. Russo, Nedim Srndic, P. Laskov","doi":"10.21203/RS.3.RS-607598/V1","DOIUrl":"https://doi.org/10.21203/RS.3.RS-607598/V1","url":null,"abstract":"Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims’ computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs.Illicit mining crucially relies on communication between compromised systems and remote mining pools using the de facto standard protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper, we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using only mining traffic and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration.In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"2021 1","pages":"1-20"},"PeriodicalIF":3.6,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47933683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-06-28DOI: 10.1186/s13635-021-00120-7
Sebastiano Battiato, Oliver Giudice, Francesco Guarnera, Giovanni Puglisi
The JPEG compression algorithm has proven to be efficient in saving storage and preserving image quality thus becoming extremely popular. On the other hand, the overall process leaves traces into encoded signals which are typically exploited for forensic purposes: for instance, the compression parameters of the acquisition device (or editing software) could be inferred. To this aim, in this paper a novel technique to estimate “previous” JPEG quantization factors on images compressed multiple times, in the aligned case by analyzing statistical traces hidden on Discrete Cosine Transform (DCT) histograms is exploited. Experimental results on double, triple and quadruple compressed images, demonstrate the effectiveness of the proposed technique while unveiling further interesting insights.
{"title":"Estimating Previous Quantization Factors on Multiple JPEG Compressed Images","authors":"Sebastiano Battiato, Oliver Giudice, Francesco Guarnera, Giovanni Puglisi","doi":"10.1186/s13635-021-00120-7","DOIUrl":"https://doi.org/10.1186/s13635-021-00120-7","url":null,"abstract":"The JPEG compression algorithm has proven to be efficient in saving storage and preserving image quality thus becoming extremely popular. On the other hand, the overall process leaves traces into encoded signals which are typically exploited for forensic purposes: for instance, the compression parameters of the acquisition device (or editing software) could be inferred. To this aim, in this paper a novel technique to estimate “previous” JPEG quantization factors on images compressed multiple times, in the aligned case by analyzing statistical traces hidden on Discrete Cosine Transform (DCT) histograms is exploited. Experimental results on double, triple and quadruple compressed images, demonstrate the effectiveness of the proposed technique while unveiling further interesting insights.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"60 2 1","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138536921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-06-26DOI: 10.1186/s13635-021-00122-5
T. Rama Reddy, P. V. G. D. Prasad Reddy, Rayudu Srinivas, Ch. V. Raghavendran, R. V. S. Lalitha, B. Annapurna
Education acts as a soul in the overall societal development, in one way or the other. Aspirants, who gain their degrees genuinely, will help society with their knowledge and skills. But, on the other side of the coin, the problem of fake certificates is alarming and worrying. It has been prevalent in different forms from paper-based dummy certificates to replicas backed with database tampering and has increased to astronomic levels in this digital era. In this regard, an overlay mechanism using blockchain technology is proposed to store the genuine certificates in digital form and verify them firmly whenever needed without delay. The proposed system makes sure that the certificates, once verified, can be present online in an immutable form for further reference and provides a tamper-proof concealment to the existing certification system. To confirm the credibility of the proposed method, a prototype of blockchain-based credential securing and verification system is developed in ethereum test network. The implementation and test results show that it is a secure and feasible solution to online credential management system.
{"title":"Proposing a reliable method of securing and verifying the credentials of graduates through blockchain","authors":"T. Rama Reddy, P. V. G. D. Prasad Reddy, Rayudu Srinivas, Ch. V. Raghavendran, R. V. S. Lalitha, B. Annapurna","doi":"10.1186/s13635-021-00122-5","DOIUrl":"https://doi.org/10.1186/s13635-021-00122-5","url":null,"abstract":"Education acts as a soul in the overall societal development, in one way or the other. Aspirants, who gain their degrees genuinely, will help society with their knowledge and skills. But, on the other side of the coin, the problem of fake certificates is alarming and worrying. It has been prevalent in different forms from paper-based dummy certificates to replicas backed with database tampering and has increased to astronomic levels in this digital era. In this regard, an overlay mechanism using blockchain technology is proposed to store the genuine certificates in digital form and verify them firmly whenever needed without delay. The proposed system makes sure that the certificates, once verified, can be present online in an immutable form for further reference and provides a tamper-proof concealment to the existing certification system. To confirm the credibility of the proposed method, a prototype of blockchain-based credential securing and verification system is developed in ethereum test network. The implementation and test results show that it is a secure and feasible solution to online credential management system.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"85 1","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138536920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-06-03DOI: 10.1186/s13635-021-00121-6
Samuel Fernández-Menduiña, Fernando Pérez-González
Camera fingerprints based on sensor PhotoResponse Non-Uniformity (PRNU) have gained broad popularity in forensic applications due to their ability to univocally identify the camera that captured a certain image. The fingerprint of a given sensor is extracted through some estimation method that requires a few images known to be taken with such sensor. In this paper, we show that the fingerprints extracted in this way leak a considerable amount of information from those images used in the estimation, thus constituting a potential threat to privacy. We propose to quantify the leakage via two measures: one based on the Mutual Information, and another based on the output of a membership inference test. Experiments with practical fingerprint estimators on a real-world image dataset confirm the validity of our measures and highlight the seriousness of the leakage and the importance of implementing techniques to mitigate it. Some of these techniques are presented and briefly discussed.
{"title":"On the information leakage quantification of camera fingerprint estimates","authors":"Samuel Fernández-Menduiña, Fernando Pérez-González","doi":"10.1186/s13635-021-00121-6","DOIUrl":"https://doi.org/10.1186/s13635-021-00121-6","url":null,"abstract":"Camera fingerprints based on sensor PhotoResponse Non-Uniformity (PRNU) have gained broad popularity in forensic applications due to their ability to univocally identify the camera that captured a certain image. The fingerprint of a given sensor is extracted through some estimation method that requires a few images known to be taken with such sensor. In this paper, we show that the fingerprints extracted in this way leak a considerable amount of information from those images used in the estimation, thus constituting a potential threat to privacy. We propose to quantify the leakage via two measures: one based on the Mutual Information, and another based on the output of a membership inference test. Experiments with practical fingerprint estimators on a real-world image dataset confirm the validity of our measures and highlight the seriousness of the leakage and the importance of implementing techniques to mitigate it. Some of these techniques are presented and briefly discussed.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"35 1","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138536909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-05-01DOI: 10.1186/s13635-021-00117-2
Cecilia Pasquini, Irene Amerini, Giulia Boato
The dependability of visual information on the web and the authenticity of digital media appearing virally in social media platforms has been raising unprecedented concerns. As a result, in the last years the multimedia forensics research community pursued the ambition to scale the forensic analysis to real-world web-based open systems. This survey aims at describing the work done so far on the analysis of shared data, covering three main aspects: forensics techniques performing source identification and integrity verification on media uploaded on social networks, platform provenance analysis allowing to identify sharing platforms, and multimedia verification algorithms assessing the credibility of media objects in relation to its associated textual information. The achieved results are highlighted together with current open issues and research challenges to be addressed in order to advance the field in the next future.
{"title":"Media forensics on social media platforms: a survey","authors":"Cecilia Pasquini, Irene Amerini, Giulia Boato","doi":"10.1186/s13635-021-00117-2","DOIUrl":"https://doi.org/10.1186/s13635-021-00117-2","url":null,"abstract":"The dependability of visual information on the web and the authenticity of digital media appearing virally in social media platforms has been raising unprecedented concerns. As a result, in the last years the multimedia forensics research community pursued the ambition to scale the forensic analysis to real-world web-based open systems. This survey aims at describing the work done so far on the analysis of shared data, covering three main aspects: forensics techniques performing source identification and integrity verification on media uploaded on social networks, platform provenance analysis allowing to identify sharing platforms, and multimedia verification algorithms assessing the credibility of media objects in relation to its associated textual information. The achieved results are highlighted together with current open issues and research challenges to be addressed in order to advance the field in the next future.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"29 1","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138536887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-20DOI: 10.1186/s13635-021-00118-1
Chen Ye, Wenyu Shi, Rui Zhang
{"title":"Research on gray correlation analysis and situation prediction of network information security","authors":"Chen Ye, Wenyu Shi, Rui Zhang","doi":"10.1186/s13635-021-00118-1","DOIUrl":"https://doi.org/10.1186/s13635-021-00118-1","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"2021 1","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-021-00118-1","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"65684118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-06DOI: 10.1186/s13635-021-00116-3
Clara Borrelli, Paolo Bestagini, F. Antonacci, A. Sarti, S. Tubaro
{"title":"Synthetic speech detection through short-term and long-term prediction traces","authors":"Clara Borrelli, Paolo Bestagini, F. Antonacci, A. Sarti, S. Tubaro","doi":"10.1186/s13635-021-00116-3","DOIUrl":"https://doi.org/10.1186/s13635-021-00116-3","url":null,"abstract":"","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"2021 1","pages":""},"PeriodicalIF":3.6,"publicationDate":"2021-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1186/s13635-021-00116-3","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"65684088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}