Leqian Zheng, Zheng Zhang, Wentao Dong, Yao Zhang, Ye Wu, Cong Wang
The combination of Oblivious RAM (ORAM) with Trusted Execution Environments�(TEE) has found numerous real-world applications due to their complementary�nature. TEEs alleviate the performance bottlenecks of ORAM, such as network�bandwidth and roundtrip latency, and ORAM provides general-purpose protection�for TEE applications against attacks exploiting memory access patterns. The�defining property of this combination, which sets it apart from traditional�ORAM designs, is its ability to ensure that memory accesses, both inside and�outside of TEEs, are made oblivious, thus termed doubly oblivious RAM�(O$_2$RAM). Efforts to develop O$_2$RAM with enhanced performance are ongoing. In this work, we propose H$_2$O$_2$RAM, a high-performance doubly oblivious�RAM construction. The distinguishing feature of our approach, compared to the�existing tree-based doubly oblivious designs, is its first adoption of the�hierarchical framework that enjoys inherently better data locality and�parallelization. While the latest hierarchical solution, FutORAMa, achieves�concrete efficiency in the classic client-server model by leveraging a relaxed�assumption of sublinear-sized client-side private memory, adapting it to our�scenario poses challenges due to the conflict between this relaxed assumption�and our doubly oblivious requirement. To this end, we introduce several new�efficient oblivious components to build a high-performance hierarchical�O$_2$RAM (H$_2$O$_2$RAM). We implement our design and evaluate it on various�scenarios. The results indicate that H$_2$O$_2$RAM reduces execution time by up�to $sim 10^3$ times and saves memory usage by $5sim44$ times compared to�state-of-the-art solutions.
{"title":"H$_2$O$_2$RAM: A High-Performance Hierarchical Doubly Oblivious RAM","authors":"Leqian Zheng, Zheng Zhang, Wentao Dong, Yao Zhang, Ye Wu, Cong Wang","doi":"arxiv-2409.07167","DOIUrl":"https://doi.org/arxiv-2409.07167","url":null,"abstract":"The combination of Oblivious RAM (ORAM) with Trusted Execution Environments\u0000(TEE) has found numerous real-world applications due to their complementary\u0000nature. TEEs alleviate the performance bottlenecks of ORAM, such as network\u0000bandwidth and roundtrip latency, and ORAM provides general-purpose protection\u0000for TEE applications against attacks exploiting memory access patterns. The\u0000defining property of this combination, which sets it apart from traditional\u0000ORAM designs, is its ability to ensure that memory accesses, both inside and\u0000outside of TEEs, are made oblivious, thus termed doubly oblivious RAM\u0000(O$_2$RAM). Efforts to develop O$_2$RAM with enhanced performance are ongoing. In this work, we propose H$_2$O$_2$RAM, a high-performance doubly oblivious\u0000RAM construction. The distinguishing feature of our approach, compared to the\u0000existing tree-based doubly oblivious designs, is its first adoption of the\u0000hierarchical framework that enjoys inherently better data locality and\u0000parallelization. While the latest hierarchical solution, FutORAMa, achieves\u0000concrete efficiency in the classic client-server model by leveraging a relaxed\u0000assumption of sublinear-sized client-side private memory, adapting it to our\u0000scenario poses challenges due to the conflict between this relaxed assumption\u0000and our doubly oblivious requirement. To this end, we introduce several new\u0000efficient oblivious components to build a high-performance hierarchical\u0000O$_2$RAM (H$_2$O$_2$RAM). We implement our design and evaluate it on various\u0000scenarios. The results indicate that H$_2$O$_2$RAM reduces execution time by up\u0000to $sim 10^3$ times and saves memory usage by $5sim44$ times compared to\u0000state-of-the-art solutions.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"44 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Khiem Ton, Nhi Nguyen, Mahmoud Nazzal, Abdallah Khreishah, Cristian Borcea, NhatHai Phan, Ruoming Jin, Issa Khalil, Yelong Shen
This paper introduces SGCode, a flexible prompt-optimizing system to generate�secure code with large language models (LLMs). SGCode integrates recent�prompt-optimization approaches with LLMs in a unified system accessible through�front-end and back-end APIs, enabling users to 1) generate secure code, which�is free of vulnerabilities, 2) review and share security analysis, and 3)�easily switch from one prompt optimization approach to another, while providing�insights on model and system performance. We populated SGCode on an AWS server�with PromSec, an approach that optimizes prompts by combining an LLM and�security tools with a lightweight generative adversarial graph neural network�to detect and fix security vulnerabilities in the generated code. Extensive�experiments show that SGCode is practical as a public tool to gain insights�into the trade-offs between model utility, secure code generation, and system�cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is�available at: http://3.131.141.63:8501/.
{"title":"Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code","authors":"Khiem Ton, Nhi Nguyen, Mahmoud Nazzal, Abdallah Khreishah, Cristian Borcea, NhatHai Phan, Ruoming Jin, Issa Khalil, Yelong Shen","doi":"arxiv-2409.07368","DOIUrl":"https://doi.org/arxiv-2409.07368","url":null,"abstract":"This paper introduces SGCode, a flexible prompt-optimizing system to generate\u0000secure code with large language models (LLMs). SGCode integrates recent\u0000prompt-optimization approaches with LLMs in a unified system accessible through\u0000front-end and back-end APIs, enabling users to 1) generate secure code, which\u0000is free of vulnerabilities, 2) review and share security analysis, and 3)\u0000easily switch from one prompt optimization approach to another, while providing\u0000insights on model and system performance. We populated SGCode on an AWS server\u0000with PromSec, an approach that optimizes prompts by combining an LLM and\u0000security tools with a lightweight generative adversarial graph neural network\u0000to detect and fix security vulnerabilities in the generated code. Extensive\u0000experiments show that SGCode is practical as a public tool to gain insights\u0000into the trade-offs between model utility, secure code generation, and system\u0000cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is\u0000available at: http://3.131.141.63:8501/.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201646","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Microarchitectural timing channels exploit information leakage between�security domains that should be isolated, bypassing the operating system's�security boundaries. These channels result from contention for shared�microarchitectural state. In the RISC-V instruction set, the temporal fence�instruction (fence.t) was proposed to close timing channels by providing an�operating system with the means to temporally partition microarchitectural�state inexpensively in simple in-order cores. This work explores challenges�with fence.t in superscalar out-of-order cores featuring large and pervasive�microarchitectural state. To overcome these challenges, we propose a novel�SW-supported temporal fence (fence.t.s), which reuses existing mechanisms and�supports advanced microarchitectural features, enabling full timing channel�protection of an exemplary out-of-order core (OpenC910) at negligible hardware�costs and a minimal performance impact of 1.0 %.
{"title":"fence.t.s: Closing Timing Channels in High-Performance Out-of-Order Cores through ISA-Supported Temporal Partitioning","authors":"Nils Wistoff, Gernot Heiser, Luca Benini","doi":"arxiv-2409.07576","DOIUrl":"https://doi.org/arxiv-2409.07576","url":null,"abstract":"Microarchitectural timing channels exploit information leakage between\u0000security domains that should be isolated, bypassing the operating system's\u0000security boundaries. These channels result from contention for shared\u0000microarchitectural state. In the RISC-V instruction set, the temporal fence\u0000instruction (fence.t) was proposed to close timing channels by providing an\u0000operating system with the means to temporally partition microarchitectural\u0000state inexpensively in simple in-order cores. This work explores challenges\u0000with fence.t in superscalar out-of-order cores featuring large and pervasive\u0000microarchitectural state. To overcome these challenges, we propose a novel\u0000SW-supported temporal fence (fence.t.s), which reuses existing mechanisms and\u0000supports advanced microarchitectural features, enabling full timing channel\u0000protection of an exemplary out-of-order core (OpenC910) at negligible hardware\u0000costs and a minimal performance impact of 1.0 %.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Large Language Models (LLMs) have shown great promise in vulnerability�identification. As C/C++ comprises half of the Open-Source Software (OSS)�vulnerabilities over the past decade and updates in OSS mainly occur through�commits, enhancing LLMs' ability to identify C/C++ Vulnerability-Contributing�Commits (VCCs) is essential. However, current studies primarily focus on�further pre-training LLMs on massive code datasets, which is resource-intensive�and poses efficiency challenges. In this paper, we enhance the ability of�BERT-based LLMs to identify C/C++ VCCs in a lightweight manner. We propose�CodeLinguaNexus (CLNX) as a bridge facilitating communication between C/C++�programs and LLMs. Based on commits, CLNX efficiently converts the source code�into a more natural representation while preserving key details. Specifically,�CLNX first applies structure-level naturalization to decompose complex�programs, followed by token-level naturalization to interpret complex symbols.�We evaluate CLNX on public datasets of 25,872 C/C++ functions with their�commits. The results show that CLNX significantly enhances the performance of�LLMs on identifying C/C++ VCCs. Moreover, CLNX-equipped CodeBERT achieves new�state-of-the-art and identifies 38 OSS vulnerabilities in the real world.
{"title":"CLNX: Bridging Code and Natural Language for C/C++ Vulnerability-Contributing Commits Identification","authors":"Zeqing Qin, Yiwei Wu, Lansheng Han","doi":"arxiv-2409.07407","DOIUrl":"https://doi.org/arxiv-2409.07407","url":null,"abstract":"Large Language Models (LLMs) have shown great promise in vulnerability\u0000identification. As C/C++ comprises half of the Open-Source Software (OSS)\u0000vulnerabilities over the past decade and updates in OSS mainly occur through\u0000commits, enhancing LLMs' ability to identify C/C++ Vulnerability-Contributing\u0000Commits (VCCs) is essential. However, current studies primarily focus on\u0000further pre-training LLMs on massive code datasets, which is resource-intensive\u0000and poses efficiency challenges. In this paper, we enhance the ability of\u0000BERT-based LLMs to identify C/C++ VCCs in a lightweight manner. We propose\u0000CodeLinguaNexus (CLNX) as a bridge facilitating communication between C/C++\u0000programs and LLMs. Based on commits, CLNX efficiently converts the source code\u0000into a more natural representation while preserving key details. Specifically,\u0000CLNX first applies structure-level naturalization to decompose complex\u0000programs, followed by token-level naturalization to interpret complex symbols.\u0000We evaluate CLNX on public datasets of 25,872 C/C++ functions with their\u0000commits. The results show that CLNX significantly enhances the performance of\u0000LLMs on identifying C/C++ VCCs. Moreover, CLNX-equipped CodeBERT achieves new\u0000state-of-the-art and identifies 38 OSS vulnerabilities in the real world.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"7 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mohammed Mahyoub, Ashraf Matrawy, Kamal Isleem, Olakunle Ibitoye
Many organizations were forced to quickly transition to the�work-from-anywhere (WFA) model as a necessity to continue with their operations�and remain in business despite the restrictions imposed during the COVID-19�pandemic. Many decisions were made in a rush, and cybersecurity decency tools�were not in place to support this transition. In this paper, we first attempt�to uncover some challenges and implications related to the cybersecurity of the�WFA model. Secondly, we conducted an online user study to investigate the�readiness and cybersecurity awareness of employers and their employees who�shifted to work remotely from anywhere. The user study questionnaire addressed�different resilience perspectives of individuals and organizations. The�collected data includes 45 responses from remotely working employees of�different organizational types: universities, government, private, and�non-profit organizations. Despite the importance of security training and�guidelines, it was surprising that many participants had not received them. A�robust communication strategy is necessary to ensure that employees are�informed and updated on security incidents that the organization encounters.�Additionally, there is an increased need to pay attention to the�security-related attributes of employees, such as their behavior, awareness,�and compliance. Finally, we outlined best practice recommendations and�mitigation tips guided by the study results to help individuals and�organizations resist cybercrime and fraud and mitigate WFA-related�cybersecurity risks.
{"title":"Cybersecurity Challenge Analysis of Work-from-Anywhere (WFA) and Recommendations guided by a User Study","authors":"Mohammed Mahyoub, Ashraf Matrawy, Kamal Isleem, Olakunle Ibitoye","doi":"arxiv-2409.07567","DOIUrl":"https://doi.org/arxiv-2409.07567","url":null,"abstract":"Many organizations were forced to quickly transition to the\u0000work-from-anywhere (WFA) model as a necessity to continue with their operations\u0000and remain in business despite the restrictions imposed during the COVID-19\u0000pandemic. Many decisions were made in a rush, and cybersecurity decency tools\u0000were not in place to support this transition. In this paper, we first attempt\u0000to uncover some challenges and implications related to the cybersecurity of the\u0000WFA model. Secondly, we conducted an online user study to investigate the\u0000readiness and cybersecurity awareness of employers and their employees who\u0000shifted to work remotely from anywhere. The user study questionnaire addressed\u0000different resilience perspectives of individuals and organizations. The\u0000collected data includes 45 responses from remotely working employees of\u0000different organizational types: universities, government, private, and\u0000non-profit organizations. Despite the importance of security training and\u0000guidelines, it was surprising that many participants had not received them. A\u0000robust communication strategy is necessary to ensure that employees are\u0000informed and updated on security incidents that the organization encounters.\u0000Additionally, there is an increased need to pay attention to the\u0000security-related attributes of employees, such as their behavior, awareness,\u0000and compliance. Finally, we outlined best practice recommendations and\u0000mitigation tips guided by the study results to help individuals and\u0000organizations resist cybercrime and fraud and mitigate WFA-related\u0000cybersecurity risks.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"18 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pedro Beltrán López, Manuel Gil Pérez, Pantaleone Nespoli
The growing interest in cybersecurity has significantly increased articles�designing and implementing various Cyber Deception (CYDEC) mechanisms. This�trend reflects the urgent need for new strategies to address cyber threats�effectively. Since its emergence, CYDEC has established itself as an innovative�defense against attackers, thanks to its proactive and reactive capabilities,�finding applications in numerous real-life scenarios. Despite the considerable�work devoted to CYDEC, the literature still presents significant gaps. In�particular, there has not been (i) a comprehensive analysis of the main�components characterizing CYDEC, (ii) a generic classification covering all�types of solutions, nor (iii) a survey of the current state of the literature�in various contexts. This article aims to fill these gaps through a detailed�review of the main features that comprise CYDEC, developing a comprehensive�classification taxonomy. In addition, the different frameworks used to generate�CYDEC are reviewed, presenting a more comprehensive one. Existing solutions in�the literature using CYDEC, both without Artificial Intelligence (AI) and with�AI, are studied and compared. Finally, the most salient trends of the current�state of the art are discussed, offering a list of pending challenges for�future research.
{"title":"Cyber Deception: State of the art, Trends and Open challenges","authors":"Pedro Beltrán López, Manuel Gil Pérez, Pantaleone Nespoli","doi":"arxiv-2409.07194","DOIUrl":"https://doi.org/arxiv-2409.07194","url":null,"abstract":"The growing interest in cybersecurity has significantly increased articles\u0000designing and implementing various Cyber Deception (CYDEC) mechanisms. This\u0000trend reflects the urgent need for new strategies to address cyber threats\u0000effectively. Since its emergence, CYDEC has established itself as an innovative\u0000defense against attackers, thanks to its proactive and reactive capabilities,\u0000finding applications in numerous real-life scenarios. Despite the considerable\u0000work devoted to CYDEC, the literature still presents significant gaps. In\u0000particular, there has not been (i) a comprehensive analysis of the main\u0000components characterizing CYDEC, (ii) a generic classification covering all\u0000types of solutions, nor (iii) a survey of the current state of the literature\u0000in various contexts. This article aims to fill these gaps through a detailed\u0000review of the main features that comprise CYDEC, developing a comprehensive\u0000classification taxonomy. In addition, the different frameworks used to generate\u0000CYDEC are reviewed, presenting a more comprehensive one. Existing solutions in\u0000the literature using CYDEC, both without Artificial Intelligence (AI) and with\u0000AI, are studied and compared. Finally, the most salient trends of the current\u0000state of the art are discussed, offering a list of pending challenges for\u0000future research.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Konrad Weiss, Christof Ferreira Torres, Florian Wendland
Ethereum smart contracts are executable programs deployed on a blockchain.�Once deployed, they cannot be updated due to their inherent immutability.�Moreover, they often manage valuable assets that are worth millions of dollars,�making them attractive targets for attackers. The introduction of�vulnerabilities in programs due to the reuse of vulnerable code posted on Q&A�websites such as Stack Overflow is not a new issue. However, little effort has�been made to analyze the extent of this issue on deployed smart contracts. In�this paper, we conduct a study on the impact of vulnerable code reuse from Q&A�websites during the development of smart contracts and provide tools uniquely�fit to detect vulnerable code patterns in complete and incomplete Smart�Contract code. This paper proposes a pattern-based vulnerability detection tool�that is able to analyze code snippets (i.e., incomplete code) as well as full�smart contracts based on the concept of code property graphs. We also propose a�methodology that leverages fuzzy hashing to quickly detect code clones of�vulnerable snippets among deployed smart contracts. Our results show that our�vulnerability search, as well as our code clone detection, are comparable to�state-of-the-art while being applicable to code snippets. Our large-scale study�on 18,660 code snippets reveals that 4,596 of them are vulnerable, out of which�616 can be found in 7,852 deployed smart contracts. These results highlight�that the reuse of vulnerable code snippets is indeed an issue in currently�deployed smart contracts.
{"title":"Analyzing the Impact of Copying-and-Pasting Vulnerable Solidity Code Snippets from Question-and-Answer Websites","authors":"Konrad Weiss, Christof Ferreira Torres, Florian Wendland","doi":"arxiv-2409.07586","DOIUrl":"https://doi.org/arxiv-2409.07586","url":null,"abstract":"Ethereum smart contracts are executable programs deployed on a blockchain.\u0000Once deployed, they cannot be updated due to their inherent immutability.\u0000Moreover, they often manage valuable assets that are worth millions of dollars,\u0000making them attractive targets for attackers. The introduction of\u0000vulnerabilities in programs due to the reuse of vulnerable code posted on Q&A\u0000websites such as Stack Overflow is not a new issue. However, little effort has\u0000been made to analyze the extent of this issue on deployed smart contracts. In\u0000this paper, we conduct a study on the impact of vulnerable code reuse from Q&A\u0000websites during the development of smart contracts and provide tools uniquely\u0000fit to detect vulnerable code patterns in complete and incomplete Smart\u0000Contract code. This paper proposes a pattern-based vulnerability detection tool\u0000that is able to analyze code snippets (i.e., incomplete code) as well as full\u0000smart contracts based on the concept of code property graphs. We also propose a\u0000methodology that leverages fuzzy hashing to quickly detect code clones of\u0000vulnerable snippets among deployed smart contracts. Our results show that our\u0000vulnerability search, as well as our code clone detection, are comparable to\u0000state-of-the-art while being applicable to code snippets. Our large-scale study\u0000on 18,660 code snippets reveals that 4,596 of them are vulnerable, out of which\u0000616 can be found in 7,852 deployed smart contracts. These results highlight\u0000that the reuse of vulnerable code snippets is indeed an issue in currently\u0000deployed smart contracts.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"34 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The increasing reliance on machine learning (ML) in computer security,�particularly for malware classification, has driven significant advancements.�However, the replicability and reproducibility of these results are often�overlooked, leading to challenges in verifying research findings. This paper�highlights critical pitfalls that undermine the validity of ML research in�Android malware detection, focusing on dataset and methodological issues. We�comprehensively analyze Android malware detection using two datasets and assess�offline and continual learning settings with six widely used ML models. Our�study reveals that when properly tuned, simpler baseline methods can often�outperform more complex models. To address reproducibility challenges, we�propose solutions for improving datasets and methodological practices, enabling�fairer model comparisons. Additionally, we open-source our code to facilitate�malware analysis, making it extensible for new models and datasets. Our paper�aims to support future research in Android malware detection and other security�domains, enhancing the reliability and reproducibility of published results.
计算机安全领域对机器学习(ML)的依赖与日俱增,尤其是在恶意软件分类方面,推动了计算机安全领域的重大进步。然而,这些成果的可复制性和可再现性往往被忽视,导致在验证研究成果方面面临挑战。本文重点讨论了数据集和方法问题,指出了影响安卓恶意软件检测中人工智能研究有效性的关键陷阱。我们使用两个数据集对 Android 恶意软件检测进行了全面分析,并对六种广泛使用的 ML 模型的离线和持续学习设置进行了评估。我们的研究表明,如果调整得当,较简单的基线方法往往能胜过较复杂的模型。为了应对可重复性挑战,我们提出了改进数据集和方法实践的解决方案,从而能够进行更公平的模型比较。此外,我们还将代码开源,以方便软件分析,使其可扩展到新的模型和数据集。我们的论文旨在支持未来在安卓恶意软件检测和其他安全领域的研究,提高已发布结果的可靠性和可重复性。
{"title":"Revisiting Static Feature-Based Android Malware Detection","authors":"Md Tanvirul Alam, Dipkamal Bhusal, Nidhi Rastogi","doi":"arxiv-2409.07397","DOIUrl":"https://doi.org/arxiv-2409.07397","url":null,"abstract":"The increasing reliance on machine learning (ML) in computer security,\u0000particularly for malware classification, has driven significant advancements.\u0000However, the replicability and reproducibility of these results are often\u0000overlooked, leading to challenges in verifying research findings. This paper\u0000highlights critical pitfalls that undermine the validity of ML research in\u0000Android malware detection, focusing on dataset and methodological issues. We\u0000comprehensively analyze Android malware detection using two datasets and assess\u0000offline and continual learning settings with six widely used ML models. Our\u0000study reveals that when properly tuned, simpler baseline methods can often\u0000outperform more complex models. To address reproducibility challenges, we\u0000propose solutions for improving datasets and methodological practices, enabling\u0000fairer model comparisons. Additionally, we open-source our code to facilitate\u0000malware analysis, making it extensible for new models and datasets. Our paper\u0000aims to support future research in Android malware detection and other security\u0000domains, enhancing the reliability and reproducibility of published results.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"6 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Introduced in [CG24], pseudorandom error-correcting codes (PRCs) are a new�cryptographic primitive with applications in watermarking generative AI models.�These are codes where a collection of polynomially many codewords is�computationally indistinguishable from random, except to individuals with the�decoding key. In this work, we examine the assumptions under which PRCs with�robustness to a constant error rate exist. 1. We show that if both the planted hyperloop assumption introduced in�[BKR23] and security of a version of Goldreich's PRG hold, then there exist�public-key PRCs for which no efficient adversary can distinguish a polynomial�number of codewords from random with better than $o(1)$ advantage. 2. We revisit the construction of [CG24] and show that it can be based on a�wider range of assumptions than presented in [CG24]. To do this, we introduce a�weakened version of the planted XOR assumption which we call the weak planted�XOR assumption and which may be of independent interest. 3. We initiate the study of PRCs which are secure against space-bounded�adversaries. We show how to construct secret-key PRCs of length $O(n)$ which�are $textit{unconditionally}$ indistinguishable from random by�$text{poly}(n)$ time, $O(n^{1.5-varepsilon})$ space adversaries.
{"title":"New constructions of pseudorandom codes","authors":"Surendra Ghentiyala, Venkatesan Guruswami","doi":"arxiv-2409.07580","DOIUrl":"https://doi.org/arxiv-2409.07580","url":null,"abstract":"Introduced in [CG24], pseudorandom error-correcting codes (PRCs) are a new\u0000cryptographic primitive with applications in watermarking generative AI models.\u0000These are codes where a collection of polynomially many codewords is\u0000computationally indistinguishable from random, except to individuals with the\u0000decoding key. In this work, we examine the assumptions under which PRCs with\u0000robustness to a constant error rate exist. 1. We show that if both the planted hyperloop assumption introduced in\u0000[BKR23] and security of a version of Goldreich's PRG hold, then there exist\u0000public-key PRCs for which no efficient adversary can distinguish a polynomial\u0000number of codewords from random with better than $o(1)$ advantage. 2. We revisit the construction of [CG24] and show that it can be based on a\u0000wider range of assumptions than presented in [CG24]. To do this, we introduce a\u0000weakened version of the planted XOR assumption which we call the weak planted\u0000XOR assumption and which may be of independent interest. 3. We initiate the study of PRCs which are secure against space-bounded\u0000adversaries. We show how to construct secret-key PRCs of length $O(n)$ which\u0000are $textit{unconditionally}$ indistinguishable from random by\u0000$text{poly}(n)$ time, $O(n^{1.5-varepsilon})$ space adversaries.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"10 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper proposes a novel Perturb-ability Score (PS) that can be used to�identify Network Intrusion Detection Systems (NIDS) features that can be easily�manipulated by attackers in the problem-space. We demonstrate that using PS to�select only non-perturb-able features for ML-based NIDS maintains detection�performance while enhancing robustness against adversarial attacks.
本文提出了一种新颖的可扰动性评分(Perturb-ability Score,PS),可用于识别问题空间中容易被攻击者操纵的网络入侵检测系统(NIDS)特征。我们证明,使用 PS 只为基于 ML 的网络入侵检测系统选择不可扰动特征,既能保持检测性能,又能增强对抗恶意攻击的鲁棒性。
{"title":"Introducing Perturb-ability Score (PS) to Enhance Robustness Against Evasion Adversarial Attacks on ML-NIDS","authors":"Mohamed elShehaby, Ashraf Matrawy","doi":"arxiv-2409.07448","DOIUrl":"https://doi.org/arxiv-2409.07448","url":null,"abstract":"This paper proposes a novel Perturb-ability Score (PS) that can be used to\u0000identify Network Intrusion Detection Systems (NIDS) features that can be easily\u0000manipulated by attackers in the problem-space. We demonstrate that using PS to\u0000select only non-perturb-able features for ML-based NIDS maintains detection\u0000performance while enhancing robustness against adversarial attacks.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"2 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: