Pub Date : 2023-04-14DOI: https://dl.acm.org/doi/10.1145/3575797
Sijie Zhuo, Robert Biddle, Yun Sing Koh, Danielle Lottridge, Giovanni Russello
Phishing is recognized as a serious threat to organizations and individuals. While there have been significant technical advances in blocking phishing attacks, end-users remain the last line of defence after phishing emails reach their email inboxes. Most of the existing literature on this subject has focused on the technical aspects related to phishing. The factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and systematically categorized the phishing susceptibility variables studied. We classify variables based on their temporal scope, which led us to propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are vulnerable to phishing attacks. This model reveals several research gaps that need to be addressed to understand and improve protection against phishing susceptibility. Our review also systematizes existing studies by their sample size and generalizability and further suggests a practical impact assessment of the value of studying variables: Some more easily lead to improvements than others. We believe that this article can provide guidelines for future phishing susceptibility research to improve experiment design and the quality of findings.
{"title":"SoK: Human-centered Phishing Susceptibility","authors":"Sijie Zhuo, Robert Biddle, Yun Sing Koh, Danielle Lottridge, Giovanni Russello","doi":"https://dl.acm.org/doi/10.1145/3575797","DOIUrl":"https://doi.org/https://dl.acm.org/doi/10.1145/3575797","url":null,"abstract":"<p>Phishing is recognized as a serious threat to organizations and individuals. While there have been significant technical advances in blocking phishing attacks, end-users remain the last line of defence after phishing emails reach their email inboxes. Most of the existing literature on this subject has focused on the technical aspects related to phishing. The factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and systematically categorized the phishing susceptibility variables studied. We classify variables based on their temporal scope, which led us to propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are vulnerable to phishing attacks. This model reveals several research gaps that need to be addressed to understand and improve protection against phishing susceptibility. Our review also systematizes existing studies by their sample size and generalizability and further suggests a practical impact assessment of the value of studying variables: Some more easily lead to improvements than others. We believe that this article can provide guidelines for future phishing susceptibility research to improve experiment design and the quality of findings.</p>","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"11 1","pages":""},"PeriodicalIF":2.3,"publicationDate":"2023-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138540661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Multi-user (mu) security considers large-scale attackers that, given access to a number of cryptosystem instances, attempt to compromise at least one of them. We initiate the study of mu security of the so-called GGM tree that stems from the pseudorandom generator to pseudorandom function transformation of Goldreich, Goldwasser, and Micali, with a goal to provide references for its recently popularized use in applied cryptography. We propose a generalized model for GGM trees and analyze its mu prefix-constrained pseudorandom function security in the random oracle model. Our model allows to derive concrete bounds and improvements for various protocols, and we showcase on the Bitcoin-Improvement-Proposal standard Bip32 hierarchical wallets and function secret sharing protocols. In both scenarios, we propose improvements with better performance and concrete security bounds at the same time. Compared with the state-of-the-art designs, our SHACAL3- and Keccak-p-based Bip32 variants reduce the communication cost of MPC-based implementations by 73.3% to 93.8%, whereas our AES-based function secret sharing substantially improves mu security while reducing computations by 50%.
{"title":"The Multi-User Constrained Pseudorandom Function Security of Generalized GGM Trees for MPC and Hierarchical Wallets","authors":"Chun Guo, Xiao Wang, Xiang Xie, Yu Yu","doi":"10.1145/3592608","DOIUrl":"https://doi.org/10.1145/3592608","url":null,"abstract":"Multi-user (mu) security considers large-scale attackers that, given access to a number of cryptosystem instances, attempt to compromise at least one of them. We initiate the study of mu security of the so-called GGM tree that stems from the pseudorandom generator to pseudorandom function transformation of Goldreich, Goldwasser, and Micali, with a goal to provide references for its recently popularized use in applied cryptography. We propose a generalized model for GGM trees and analyze its mu prefix-constrained pseudorandom function security in the random oracle model. Our model allows to derive concrete bounds and improvements for various protocols, and we showcase on the Bitcoin-Improvement-Proposal standard Bip32 hierarchical wallets and function secret sharing protocols. In both scenarios, we propose improvements with better performance and concrete security bounds at the same time. Compared with the state-of-the-art designs, our SHACAL3- and Keccak-p-based Bip32 variants reduce the communication cost of MPC-based implementations by 73.3% to 93.8%, whereas our AES-based function secret sharing substantially improves mu security while reducing computations by 50%.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"26 1","pages":"1 - 38"},"PeriodicalIF":2.3,"publicationDate":"2023-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45417490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Anushka Vidanage, P. Christen, Thilina Ranbaduge, R. Schnell
The linkage of records to identify common entities across multiple data sources has gained increasing interest over the last few decades. In the absence of unique entity identifiers, quasi-identifying attributes such as personal names and addresses are generally used to link records. Due to privacy concerns that arise when such sensitive information is used, privacy-preserving record linkage (PPRL) methods have been proposed to link records without revealing any sensitive or confidential information about these records. Popular PPRL methods such as Bloom filter encoding, however, are known to be susceptible to various privacy attacks. Therefore, a systematic analysis of the privacy risks associated with sensitive databases as well as PPRL methods used in linkage projects is of great importance. In this article we present a novel framework to assess the vulnerabilities of sensitive databases and existing PPRL encoding methods. We discuss five types of vulnerabilities: frequency, length, co-occurrence, similarity, and similarity neighborhood, of both plaintext and encoded values that an adversary can exploit in order to reidentify sensitive plaintext values from encoded data. In an experimental evaluation we assess the vulnerabilities of two databases using five existing PPRL encoding methods. This evaluation shows that our proposed framework can be used in real-world linkage applications to assess the vulnerabilities associated with sensitive databases to be linked, as well as with PPRL encoding methods.
{"title":"A Vulnerability Assessment Framework for Privacy-preserving Record Linkage","authors":"Anushka Vidanage, P. Christen, Thilina Ranbaduge, R. Schnell","doi":"10.1145/3589641","DOIUrl":"https://doi.org/10.1145/3589641","url":null,"abstract":"The linkage of records to identify common entities across multiple data sources has gained increasing interest over the last few decades. In the absence of unique entity identifiers, quasi-identifying attributes such as personal names and addresses are generally used to link records. Due to privacy concerns that arise when such sensitive information is used, privacy-preserving record linkage (PPRL) methods have been proposed to link records without revealing any sensitive or confidential information about these records. Popular PPRL methods such as Bloom filter encoding, however, are known to be susceptible to various privacy attacks. Therefore, a systematic analysis of the privacy risks associated with sensitive databases as well as PPRL methods used in linkage projects is of great importance. In this article we present a novel framework to assess the vulnerabilities of sensitive databases and existing PPRL encoding methods. We discuss five types of vulnerabilities: frequency, length, co-occurrence, similarity, and similarity neighborhood, of both plaintext and encoded values that an adversary can exploit in order to reidentify sensitive plaintext values from encoded data. In an experimental evaluation we assess the vulnerabilities of two databases using five existing PPRL encoding methods. This evaluation shows that our proposed framework can be used in real-world linkage applications to assess the vulnerabilities associated with sensitive databases to be linked, as well as with PPRL encoding methods.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":" ","pages":"1 - 31"},"PeriodicalIF":2.3,"publicationDate":"2023-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45700570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is well known that most users do not read privacy policies but almost always tick the box to agree with them. While the length and readability of privacy policies have been well studied and many approaches for policy analysis based on natural language processing have been proposed, existing studies are limited in their depth and scope, often focusing on a small number of data practices at single point in time. In this article, we fill this gap by analyzing the 25-year history of privacy policies using machine learning and natural language processing and presenting a comprehensive analysis of policy contents. Specifically, we collect a large-scale longitudinal corpus of privacy policies from 1996 to 2021 and analyze their content in terms of the data practices they describe, the rights they grant to users, and the rights they reserve for their organizations. We pay particular attention to changes in response to recent privacy regulations such as the GDPR and CCPA. We observe some positive changes, such as reductions in data collection post-GDPR, but also a range of concerning data practices, such as widespread implicit data collection for which users have no meaningful choices or access rights. Our work is an important step toward making privacy policies machine readable on the user side, which would help users match their privacy preferences against the policies offered by web services.
{"title":"Privacy Policies across the Ages: Content of Privacy Policies 1996–2021","authors":"Isabel Wagner","doi":"10.1145/3590152","DOIUrl":"https://doi.org/10.1145/3590152","url":null,"abstract":"It is well known that most users do not read privacy policies but almost always tick the box to agree with them. While the length and readability of privacy policies have been well studied and many approaches for policy analysis based on natural language processing have been proposed, existing studies are limited in their depth and scope, often focusing on a small number of data practices at single point in time. In this article, we fill this gap by analyzing the 25-year history of privacy policies using machine learning and natural language processing and presenting a comprehensive analysis of policy contents. Specifically, we collect a large-scale longitudinal corpus of privacy policies from 1996 to 2021 and analyze their content in terms of the data practices they describe, the rights they grant to users, and the rights they reserve for their organizations. We pay particular attention to changes in response to recent privacy regulations such as the GDPR and CCPA. We observe some positive changes, such as reductions in data collection post-GDPR, but also a range of concerning data practices, such as widespread implicit data collection for which users have no meaningful choices or access rights. Our work is an important step toward making privacy policies machine readable on the user side, which would help users match their privacy preferences against the policies offered by web services.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"26 1","pages":"1 - 32"},"PeriodicalIF":2.3,"publicationDate":"2023-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45873610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Pierre-Yves Strub
In this work, we enhance the EasyCrypt proof assistant to reason about the computational complexity of adversaries. The key technical tool is a Hoare logic for reasoning about computational complexity (execution time and oracle calls) of adversarial computations. Our Hoare logic is built on top of the module system used by EasyCrypt for modeling adversaries. We prove that our logic is sound w.r.t. the semantics of EasyCrypt programs—we also provide full semantics for the EasyCrypt module system, which was lacking previously. We showcase (for the first time in EasyCrypt and in other computer-aided cryptographic tools) how our approach can express precise relationships between the probability of adversarial success and their execution time. In particular, we can quantify existentially over adversaries in a complexity class and express general composition statements in simulation-based frameworks. Moreover, such statements can be composed to derive standard concrete security bounds for cryptographic constructions whose security is proved in a modular way. As a main benefit of our approach, we revisit security proofs of some well-known cryptographic constructions and present a new formalization of universal composability.
{"title":"Mechanized Proofs of Adversarial Complexity and Application to Universal Composability","authors":"Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Pierre-Yves Strub","doi":"10.1145/3589962","DOIUrl":"https://doi.org/10.1145/3589962","url":null,"abstract":"In this work, we enhance the EasyCrypt proof assistant to reason about the computational complexity of adversaries. The key technical tool is a Hoare logic for reasoning about computational complexity (execution time and oracle calls) of adversarial computations. Our Hoare logic is built on top of the module system used by EasyCrypt for modeling adversaries. We prove that our logic is sound w.r.t. the semantics of EasyCrypt programs—we also provide full semantics for the EasyCrypt module system, which was lacking previously. We showcase (for the first time in EasyCrypt and in other computer-aided cryptographic tools) how our approach can express precise relationships between the probability of adversarial success and their execution time. In particular, we can quantify existentially over adversaries in a complexity class and express general composition statements in simulation-based frameworks. Moreover, such statements can be composed to derive standard concrete security bounds for cryptographic constructions whose security is proved in a modular way. As a main benefit of our approach, we revisit security proofs of some well-known cryptographic constructions and present a new formalization of universal composability.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"26 1","pages":"1 - 34"},"PeriodicalIF":2.3,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47577285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Lateral movement is a key stage of system compromise used by advanced persistent threats. Detecting it is no simple task. When network host logs are abstracted into discrete temporal graphs, the problem can be reframed as anomalous edge detection in an evolving network. Research in modern deep graph learning techniques has produced many creative and complicated models for this task. However, as is the case in many machine learning fields, the generality of models is of paramount importance for accuracy and scalability during training and inference. In this article, we propose a formalized approach to this problem with a framework we call Euler. It consists of a model-agnostic graph neural network stacked upon a model-agnostic sequence encoding layer such as a recurrent neural network. Models built according to the Euler framework can easily distribute their graph convolutional layers across multiple machines for large performance improvements. Additionally, we demonstrate that Euler-based models are as good, or better, than every state-of-the-art approach to anomalous link detection and prediction that we tested. As anomaly-based intrusion detection systems, our models efficiently identified anomalous connections between entities with high precision and outperformed all other unsupervised techniques for anomalous lateral movement detection. Additionally, we show that as a piece of a larger anomaly detection pipeline, Euler models perform well enough for use in real-world systems. With more advanced, yet still lightweight, alerting mechanisms ingesting the embeddings produced by Euler models, precision is boosted from 0.243, to 0.986 on real-world network traffic.
{"title":"Euler: Detecting Network Lateral Movement via Scalable Temporal Link Prediction","authors":"I. J. King, Huimin Huang","doi":"10.1145/3588771","DOIUrl":"https://doi.org/10.1145/3588771","url":null,"abstract":"Lateral movement is a key stage of system compromise used by advanced persistent threats. Detecting it is no simple task. When network host logs are abstracted into discrete temporal graphs, the problem can be reframed as anomalous edge detection in an evolving network. Research in modern deep graph learning techniques has produced many creative and complicated models for this task. However, as is the case in many machine learning fields, the generality of models is of paramount importance for accuracy and scalability during training and inference. In this article, we propose a formalized approach to this problem with a framework we call Euler. It consists of a model-agnostic graph neural network stacked upon a model-agnostic sequence encoding layer such as a recurrent neural network. Models built according to the Euler framework can easily distribute their graph convolutional layers across multiple machines for large performance improvements. Additionally, we demonstrate that Euler-based models are as good, or better, than every state-of-the-art approach to anomalous link detection and prediction that we tested. As anomaly-based intrusion detection systems, our models efficiently identified anomalous connections between entities with high precision and outperformed all other unsupervised techniques for anomalous lateral movement detection. Additionally, we show that as a piece of a larger anomaly detection pipeline, Euler models perform well enough for use in real-world systems. With more advanced, yet still lightweight, alerting mechanisms ingesting the embeddings produced by Euler models, precision is boosted from 0.243, to 0.986 on real-world network traffic.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":" ","pages":"1 - 36"},"PeriodicalIF":2.3,"publicationDate":"2023-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44216238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The use of voice-controlled virtual assistants (VAs) is significant, and user numbers increase every year. Extensive use of VAs has provided the large, cash-rich technology companies who sell them with another way of consuming users’ data, providing a lucrative revenue stream. Whilst these companies are legally obliged to treat users’ information “fairly and responsibly,” artificial intelligence techniques used to process data have become incredibly sophisticated, leading to users’ concerns that a lack of clarity is making it hard to understand the nature and scope of data collection and use. There has been little work undertaken on a self-contained user awareness tool targeting VAs. PrivExtractor, a novel web-based awareness dashboard for VA users, intends to redress this imbalance of understanding between the data “processors” and the user. It aims to achieve this using the four largest VA vendors as a case study and providing a comparison function that examines the four companies’ privacy practices and their compliance with data protection law. As a result of this research, we conclude that the companies studied are largely compliant with the law, as expected. However, the user remains disadvantaged due to the ineffectiveness of current data regulation that does not oblige the companies to fully and transparently disclose how and when they use, share, or profit from the data. Furthermore, the software tool developed during the research is, we believe, the first that is capable of a comparative analysis of VA privacy with a visual demonstration to increase ease of understanding for the user.
{"title":"PrivExtractor: Toward Redressing the Imbalance of Understanding between Virtual Assistant Users and Vendors","authors":"T. Bolton, T. Dargahi, Sana Belguith, C. Maple","doi":"10.1145/3588770","DOIUrl":"https://doi.org/10.1145/3588770","url":null,"abstract":"The use of voice-controlled virtual assistants (VAs) is significant, and user numbers increase every year. Extensive use of VAs has provided the large, cash-rich technology companies who sell them with another way of consuming users’ data, providing a lucrative revenue stream. Whilst these companies are legally obliged to treat users’ information “fairly and responsibly,” artificial intelligence techniques used to process data have become incredibly sophisticated, leading to users’ concerns that a lack of clarity is making it hard to understand the nature and scope of data collection and use. There has been little work undertaken on a self-contained user awareness tool targeting VAs. PrivExtractor, a novel web-based awareness dashboard for VA users, intends to redress this imbalance of understanding between the data “processors” and the user. It aims to achieve this using the four largest VA vendors as a case study and providing a comparison function that examines the four companies’ privacy practices and their compliance with data protection law. As a result of this research, we conclude that the companies studied are largely compliant with the law, as expected. However, the user remains disadvantaged due to the ineffectiveness of current data regulation that does not oblige the companies to fully and transparently disclose how and when they use, share, or profit from the data. Furthermore, the software tool developed during the research is, we believe, the first that is capable of a comparative analysis of VA privacy with a visual demonstration to increase ease of understanding for the user.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"26 1","pages":"1 - 29"},"PeriodicalIF":2.3,"publicationDate":"2023-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46678769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent advances of consensus control have made it significant in multi-agent systems such as in distributed machine learning, distributed multi-vehicle cooperative systems. However, during its application it is crucial to achieve resilience and privacy; specifically, when there are adversary/faulty nodes in a general topology structure, normal agents can also reach consensus while keeping their actual states unobserved. In this article, we modify the state-of-the-art Q-consensus algorithm by introducing predefined noise or well-designed cryptography to guarantee the privacy of each agent state. In the former case, we add specified noise on agent state before it is transmitted to the neighbors and then gradually decrease the value of noise so the exact agent state cannot be evaluated. In the latter one, the Paillier cryptosystem is applied for reconstructing reward function in two consecutive interactions between each pair of neighboring agents. Therefore, multi-agent privacy-preserving resilient consensus (MAPPRC) can be achieved in a general topology structure. Moreover, in the modified version, we reconstruct reward function and credibility function so both convergence rate and stability of the system are improved. The simulation results indicate the algorithms’ tolerance for constant and/or persistent faulty agents as well as their protection of privacy. Compared with the previous studies that consider both resilience and privacy-preserving requirements, the proposed algorithms in this article greatly relax the topological conditions. At the end of the article, to verify the effectiveness of the proposed algorithms, we conduct two sets of experiments, i.e., a smart-car hardware platform consisting of four vehicles and a distributed machine learning platform containing 10 workers and a server.
{"title":"Privacy-preserving Resilient Consensus for Multi-agent Systems in a General Topology Structure","authors":"Jian Hou, Jing Wang, Mingyue Zhang, Zhi Jin, Chunlin Wei, Zuohua Ding","doi":"10.1145/3587933","DOIUrl":"https://doi.org/10.1145/3587933","url":null,"abstract":"Recent advances of consensus control have made it significant in multi-agent systems such as in distributed machine learning, distributed multi-vehicle cooperative systems. However, during its application it is crucial to achieve resilience and privacy; specifically, when there are adversary/faulty nodes in a general topology structure, normal agents can also reach consensus while keeping their actual states unobserved. In this article, we modify the state-of-the-art Q-consensus algorithm by introducing predefined noise or well-designed cryptography to guarantee the privacy of each agent state. In the former case, we add specified noise on agent state before it is transmitted to the neighbors and then gradually decrease the value of noise so the exact agent state cannot be evaluated. In the latter one, the Paillier cryptosystem is applied for reconstructing reward function in two consecutive interactions between each pair of neighboring agents. Therefore, multi-agent privacy-preserving resilient consensus (MAPPRC) can be achieved in a general topology structure. Moreover, in the modified version, we reconstruct reward function and credibility function so both convergence rate and stability of the system are improved. The simulation results indicate the algorithms’ tolerance for constant and/or persistent faulty agents as well as their protection of privacy. Compared with the previous studies that consider both resilience and privacy-preserving requirements, the proposed algorithms in this article greatly relax the topological conditions. At the end of the article, to verify the effectiveness of the proposed algorithms, we conduct two sets of experiments, i.e., a smart-car hardware platform consisting of four vehicles and a distributed machine learning platform containing 10 workers and a server.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"26 1","pages":"1 - 22"},"PeriodicalIF":2.3,"publicationDate":"2023-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43575658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-13DOI: https://dl.acm.org/doi/10.1145/3579822
Nada Lachtar, Duha Ibdah, Hamza Khan, Anys Bacha
The unprecedented growth in mobile systems has transformed the way we approach everyday computing. Unfortunately, the emergence of a sophisticated type of malware known as ransomware poses a great threat to consumers of this technology. Traditional research on mobile malware detection has focused on approaches that rely on analyzing bytecode for uncovering malicious apps. However, cybercriminals can bypass such methods by embedding malware directly in native machine code, making traditional methods inadequate. Another challenge that detection solutions face is scalability. The sheer number of malware variants released every year makes it difficult for solutions to efficiently scale their coverage.
To address these concerns, this work presents RansomShield, an energy-efficient solution that leverages CNNs to detect ransomware. We evaluate CNN architectures that have been known to perform well on computer vision tasks and examine their suitability for ransomware detection. We show that systematically converting native instructions from Android apps into images using space-filling curve visualization techniques enable CNNs to reliably detect ransomware with high accuracy. We characterize the robustness of this approach across ARM and x86 architectures and demonstrate the effectiveness of this solution across heterogeneous platforms including smartphones and chromebooks. We evaluate the suitability of different models for mobile systems by comparing their energy demands using different platforms. In addition, we present a CNN introspection framework that determines the important features that are needed for ransomware detection. Finally, we evaluate the robustness of this solution against adversarial machine learning (AML) attacks using state-of-the-art Android malware dataset.
{"title":"RansomShield: A Visualization Approach to Defending Mobile Systems Against Ransomware","authors":"Nada Lachtar, Duha Ibdah, Hamza Khan, Anys Bacha","doi":"https://dl.acm.org/doi/10.1145/3579822","DOIUrl":"https://doi.org/https://dl.acm.org/doi/10.1145/3579822","url":null,"abstract":"<p>The unprecedented growth in mobile systems has transformed the way we approach everyday computing. Unfortunately, the emergence of a sophisticated type of malware known as ransomware poses a great threat to consumers of this technology. Traditional research on mobile malware detection has focused on approaches that rely on analyzing bytecode for uncovering malicious apps. However, cybercriminals can bypass such methods by embedding malware directly in native machine code, making traditional methods inadequate. Another challenge that detection solutions face is scalability. The sheer number of malware variants released every year makes it difficult for solutions to efficiently scale their coverage. </p><p>To address these concerns, this work presents RansomShield, an energy-efficient solution that leverages CNNs to detect ransomware. We evaluate CNN architectures that have been known to perform well on computer vision tasks and examine their suitability for ransomware detection. We show that systematically converting native instructions from Android apps into images using space-filling curve visualization techniques enable CNNs to reliably detect ransomware with high accuracy. We characterize the robustness of this approach across ARM and x86 architectures and demonstrate the effectiveness of this solution across heterogeneous platforms including smartphones and chromebooks. We evaluate the suitability of different models for mobile systems by comparing their energy demands using different platforms. In addition, we present a CNN introspection framework that determines the important features that are needed for ransomware detection. Finally, we evaluate the robustness of this solution against adversarial machine learning (AML) attacks using state-of-the-art Android malware dataset. </p><p></p>","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"224 1","pages":""},"PeriodicalIF":2.3,"publicationDate":"2023-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138540720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Viktor Engström, Pontus Johnson, Robert Lagerström, Erik Ringdahl, Max Wällstedt
Migrating enterprises and business capabilities to cloud platforms like Amazon Web Services (AWS) has become increasingly common. However, securing cloud operations, especially at large scales, can quickly become intractable. Customer-side issues such as service misconfigurations, data breaches, and insecure changes are prevalent. Furthermore, cloud-specific tactics and techniques paired with application vulnerabilities create a large and complex search space. Various solutions and modeling languages for cloud security assessments exist. However, no single one appeared sufficiently cloud-centered and holistic. Many also did not account for tactical security dimensions. This article, therefore, presents a domain-specific modeling language for AWS environments. When used to model AWS environments, manually or automatically, the language automatically constructs and traverses attack graphs to assess security. Assessments, therefore, require minimal security expertise from the user. The modeling language was primarily tested on four third-party AWS environments through securiCAD Vanguard, a commercial tool built around the AWS modeling language. The language was validated further by measuring performance on models provided by anonymous end users and a comparison with a similar open source assessment tool. As of March 2020, the modeling language could represent essential AWS structures, cloud tactics, and threats. However, the tests highlighted certain shortcomings. Data collection steps, such as planted credentials, and some missing tactics were obvious. Nevertheless, the issues covered by the DSL were already reminiscent of common issues with real-world precedents. Future additions to attacker tactics and addressing data collection should yield considerable improvements.
{"title":"Automated Security Assessments of Amazon Web Services Environments","authors":"Viktor Engström, Pontus Johnson, Robert Lagerström, Erik Ringdahl, Max Wällstedt","doi":"10.1145/3570903","DOIUrl":"https://doi.org/10.1145/3570903","url":null,"abstract":"Migrating enterprises and business capabilities to cloud platforms like Amazon Web Services (AWS) has become increasingly common. However, securing cloud operations, especially at large scales, can quickly become intractable. Customer-side issues such as service misconfigurations, data breaches, and insecure changes are prevalent. Furthermore, cloud-specific tactics and techniques paired with application vulnerabilities create a large and complex search space. Various solutions and modeling languages for cloud security assessments exist. However, no single one appeared sufficiently cloud-centered and holistic. Many also did not account for tactical security dimensions. This article, therefore, presents a domain-specific modeling language for AWS environments. When used to model AWS environments, manually or automatically, the language automatically constructs and traverses attack graphs to assess security. Assessments, therefore, require minimal security expertise from the user. The modeling language was primarily tested on four third-party AWS environments through securiCAD Vanguard, a commercial tool built around the AWS modeling language. The language was validated further by measuring performance on models provided by anonymous end users and a comparison with a similar open source assessment tool. As of March 2020, the modeling language could represent essential AWS structures, cloud tactics, and threats. However, the tests highlighted certain shortcomings. Data collection steps, such as planted credentials, and some missing tactics were obvious. Nevertheless, the issues covered by the DSL were already reminiscent of common issues with real-world precedents. Future additions to attacker tactics and addressing data collection should yield considerable improvements.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"26 1","pages":"1 - 31"},"PeriodicalIF":2.3,"publicationDate":"2023-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42337773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号