首页 > 最新文献

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography最新文献

英文 中文
Illicit Darkweb Classification via Natural-language Processing: Classifying Illicit Content of Webpages based on Textual Information 基于自然语言处理的非法暗网分类:基于文本信息的网页非法内容分类
Giuseppe Cascavilla, Gemma Catolino, Mirella Sangiovanni
This work aims at expanding previous works done in the context of illegal activities classification, performing three different steps. First, we created a heterogeneous dataset of 113995 onion sites and dark marketplaces. Then, we compared pre-trained transferable models, i.e., ULMFit (Universal Language Model Fine-tuning), Bert (Bidirectional Encoder Representations from Transformers), and RoBERTa (Robustly optimized BERT approach) with a traditional text classification approach like LSTM (Long short-term memory) neural networks. Finally, we developed two illegal activities classification approaches, one for illicit content on the Dark Web and one for identifying the specific types of drugs. Results show that Bert obtained the best approach, classifying the dark web's general content and the types of Drugs with 96.08% and 91.98% of accuracy.
:本工作旨在扩展以往在非法活动分类背景下所做的工作,执行三个不同的步骤。首先,我们创建了一个包含113995个洋葱网站和黑市的异构数据集。然后,我们比较了预训练的可转移模型,即ULMFit(通用语言模型微调),Bert(来自变形变压器的双向编码器表示)和RoBERTa(鲁棒优化的Bert方法)与传统的文本分类方法,如LSTM(长短期记忆)神经网络。最后,我们开发了两种非法活动分类方法,一种用于暗网上的非法内容,另一种用于识别特定类型的药物。结果表明,Bert获得了最好的方法,对暗网的一般内容和药物类型进行分类,准确率分别为96.08%和91.98%。
{"title":"Illicit Darkweb Classification via Natural-language Processing: Classifying Illicit Content of Webpages based on Textual Information","authors":"Giuseppe Cascavilla, Gemma Catolino, Mirella Sangiovanni","doi":"10.5220/0011298600003283","DOIUrl":"https://doi.org/10.5220/0011298600003283","url":null,"abstract":"This work aims at expanding previous works done in the context of illegal activities classification, performing three different steps. First, we created a heterogeneous dataset of 113995 onion sites and dark marketplaces. Then, we compared pre-trained transferable models, i.e., ULMFit (Universal Language Model Fine-tuning), Bert (Bidirectional Encoder Representations from Transformers), and RoBERTa (Robustly optimized BERT approach) with a traditional text classification approach like LSTM (Long short-term memory) neural networks. Finally, we developed two illegal activities classification approaches, one for illicit content on the Dark Web and one for identifying the specific types of drugs. Results show that Bert obtained the best approach, classifying the dark web's general content and the types of Drugs with 96.08% and 91.98% of accuracy.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"8 1","pages":"620-626"},"PeriodicalIF":0.0,"publicationDate":"2023-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85698176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
When the Few Outweigh the Many: Illicit Content Recognition with Few-Shot Learning 当少大于多:非法内容识别与少数镜头学习
Giuseppe Cascavilla, Gemma Catolino, M. Conti, D. Mellios, D. Tamburri
The anonymity and untraceability benefits of the Dark web account for the exponentially-increased potential of its popularity while creating a suitable womb for many illicit activities, to date. Hence, in collaboration with cybersecurity and law enforcement agencies, research has provided approaches for recognizing and classifying illicit activities with most exploiting textual dark web markets' content recognition; few such approaches use images that originated from dark web content. This paper investigates this alternative technique for recognizing illegal activities from images. In particular, we investigate label-agnostic learning techniques like One-Shot and Few-Shot learning featuring the use Siamese neural networks, a state-of-the-art approach in the field. Our solution manages to handle small-scale datasets with promising accuracy. In particular, Siamese neural networks reach 90.9% on 20-Shot experiments over a 10-class dataset; this leads us to conclude that such models are a promising and cheaper alternative to the definition of automated law-enforcing machinery over the dark web.
{"title":"When the Few Outweigh the Many: Illicit Content Recognition with Few-Shot Learning","authors":"Giuseppe Cascavilla, Gemma Catolino, M. Conti, D. Mellios, D. Tamburri","doi":"10.5220/0012049400003555","DOIUrl":"https://doi.org/10.5220/0012049400003555","url":null,"abstract":"The anonymity and untraceability benefits of the Dark web account for the exponentially-increased potential of its popularity while creating a suitable womb for many illicit activities, to date. Hence, in collaboration with cybersecurity and law enforcement agencies, research has provided approaches for recognizing and classifying illicit activities with most exploiting textual dark web markets' content recognition; few such approaches use images that originated from dark web content. This paper investigates this alternative technique for recognizing illegal activities from images. In particular, we investigate label-agnostic learning techniques like One-Shot and Few-Shot learning featuring the use Siamese neural networks, a state-of-the-art approach in the field. Our solution manages to handle small-scale datasets with promising accuracy. In particular, Siamese neural networks reach 90.9% on 20-Shot experiments over a 10-class dataset; this leads us to conclude that such models are a promising and cheaper alternative to the definition of automated law-enforcing machinery over the dark web.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"12 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74855324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SQLi Detection with ML: A data-source perspective 使用ML进行sql检测:一个数据源透视图
Balázs Pejó, Nikolett Kapui
Almost 50 years after the invention of SQL, injection attacks are still top-tier vulnerabilities of today's ICT systems. Consequently, SQLi detection is still an active area of research, where the most recent works incorporate machine learning techniques into the proposed solutions. In this work, we highlight the shortcomings of the previous ML-based results focusing on four aspects: the evaluation methods, the optimization of the model parameters, the distribution of utilized datasets, and the feature selection. Since no single work explored all of these aspects satisfactorily, we fill this gap and provide an in-depth and comprehensive empirical analysis. Moreover, we cross-validate the trained models by using data from other distributions. This aspect of ML models (trained for SQLi detection) was never studied. Yet, the sensitivity of the model's performance to this is crucial for any real-life deployment. Finally, we validate our findings on a real-world industrial SQLi dataset.
在SQL发明近50年后,注入攻击仍然是当今ICT系统的顶级漏洞。因此,SQLi检测仍然是一个活跃的研究领域,其中最新的工作将机器学习技术纳入提出的解决方案。本文着重从评价方法、模型参数优化、利用数据集分布和特征选择四个方面分析了以往基于机器学习的结果的不足。由于没有一项工作令人满意地探讨了所有这些方面,我们填补了这一空白,并提供了深入而全面的实证分析。此外,我们使用来自其他分布的数据来交叉验证训练好的模型。ML模型的这一方面(为SQLi检测而训练)从未被研究过。然而,模型性能对这一点的敏感性对于任何实际部署都是至关重要的。最后,我们在一个真实的工业SQLi数据集上验证了我们的发现。
{"title":"SQLi Detection with ML: A data-source perspective","authors":"Balázs Pejó, Nikolett Kapui","doi":"10.48550/arXiv.2304.12115","DOIUrl":"https://doi.org/10.48550/arXiv.2304.12115","url":null,"abstract":"Almost 50 years after the invention of SQL, injection attacks are still top-tier vulnerabilities of today's ICT systems. Consequently, SQLi detection is still an active area of research, where the most recent works incorporate machine learning techniques into the proposed solutions. In this work, we highlight the shortcomings of the previous ML-based results focusing on four aspects: the evaluation methods, the optimization of the model parameters, the distribution of utilized datasets, and the feature selection. Since no single work explored all of these aspects satisfactorily, we fill this gap and provide an in-depth and comprehensive empirical analysis. Moreover, we cross-validate the trained models by using data from other distributions. This aspect of ML models (trained for SQLi detection) was never studied. Yet, the sensitivity of the model's performance to this is crucial for any real-life deployment. Finally, we validate our findings on a real-world industrial SQLi dataset.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"5 1","pages":"642-648"},"PeriodicalIF":0.0,"publicationDate":"2023-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74448679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Combining Generators of Adversarial Malware Examples to Increase Evasion Rate 结合对抗性恶意软件示例生成器以提高逃避率
M. Kozák, M. Jureček
Antivirus developers are increasingly embracing machine learning as a key component of malware defense. While machine learning achieves cutting-edge outcomes in many fields, it also has weaknesses that are exploited by several adversarial attack techniques. Many authors have presented both white-box and black-box generators of adversarial malware examples capable of bypassing malware detectors with varying success. We propose to combine contemporary generators in order to increase their potential. Combining different generators can create more sophisticated adversarial examples that are more likely to evade anti-malware tools. We demonstrated this technique on five well-known generators and recorded promising results. The best-performing combination of AMG-random and MAB-Malware generators achieved an average evasion rate of 15.9% against top-tier antivirus products. This represents an average improvement of more than 36% and 627% over using only the AMG-random and MAB-Malware generators, respectively. The generator that benefited the most from having another generator follow its procedure was the FGSM injection attack, which improved the evasion rate on average between 91.97% and 1,304.73%, depending on the second generator used. These results demonstrate that combining different generators can significantly improve their effectiveness against leading antivirus programs.
反病毒开发人员越来越多地将机器学习作为恶意软件防御的关键组成部分。虽然机器学习在许多领域取得了前沿成果,但它也有一些弱点,这些弱点被几种对抗性攻击技术所利用。许多作者已经展示了对抗恶意软件示例的白盒和黑盒生成器,它们能够绕过恶意软件检测器,并取得了不同程度的成功。我们建议将现代发电机结合起来,以增加其潜力。结合不同的生成器可以创建更复杂的对抗性示例,更有可能逃避反恶意软件工具。我们在五个知名的生成器上演示了该技术,并记录了令人满意的结果。AMG-random和MAB-Malware生成器的最佳组合对顶级防病毒产品的平均逃避率为15.9%。这比只使用AMG-random和MAB-Malware生成器分别提高了36%和627%以上。从另一个生成器遵循其程序中受益最大的生成器是FGSM注入攻击,它将逃避率平均提高了91.97%至1,304.73%,具体取决于使用的第二个生成器。这些结果表明,结合不同的生成器可以显着提高其对领先的防病毒程序的有效性。
{"title":"Combining Generators of Adversarial Malware Examples to Increase Evasion Rate","authors":"M. Kozák, M. Jureček","doi":"10.48550/arXiv.2304.07360","DOIUrl":"https://doi.org/10.48550/arXiv.2304.07360","url":null,"abstract":"Antivirus developers are increasingly embracing machine learning as a key component of malware defense. While machine learning achieves cutting-edge outcomes in many fields, it also has weaknesses that are exploited by several adversarial attack techniques. Many authors have presented both white-box and black-box generators of adversarial malware examples capable of bypassing malware detectors with varying success. We propose to combine contemporary generators in order to increase their potential. Combining different generators can create more sophisticated adversarial examples that are more likely to evade anti-malware tools. We demonstrated this technique on five well-known generators and recorded promising results. The best-performing combination of AMG-random and MAB-Malware generators achieved an average evasion rate of 15.9% against top-tier antivirus products. This represents an average improvement of more than 36% and 627% over using only the AMG-random and MAB-Malware generators, respectively. The generator that benefited the most from having another generator follow its procedure was the FGSM injection attack, which improved the evasion rate on average between 91.97% and 1,304.73%, depending on the second generator used. These results demonstrate that combining different generators can significantly improve their effectiveness against leading antivirus programs.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"144 1","pages":"778-786"},"PeriodicalIF":0.0,"publicationDate":"2023-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73439043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
CAPoW: Context-Aware AI-Assisted Proof of Work based DDoS Defense CAPoW:基于上下文感知的ai辅助工作量证明的DDoS防御
Trisha Chakraborty, Shaswata Mitra, Sudip Mittal
Critical servers can be secured against distributed denial of service (DDoS) attacks using proof of work (PoW) systems assisted by an Artificial Intelligence (AI) that learns contextual network request patterns. In this work, we introduce CAPoW, a context-aware anti-DDoS framework that injects latency adaptively during communication by utilizing context-aware PoW puzzles. In CAPoW, a security professional can define relevant request context attributes which can be learned by the AI system. These contextual attributes can include information about the user request, such as IP address, time, flow-level information, etc., and are utilized to generate a contextual score for incoming requests that influence the hardness of a PoW puzzle. These puzzles need to be solved by a user before the server begins to process their request. Solving puzzles slow down the volume of incoming adversarial requests. Additionally, the framework compels the adversary to incur a cost per request, hence making it expensive for an adversary to prolong a DDoS attack. We include the theoretical foundations of the CAPoW framework along with a description of its implementation and evaluation.
使用由人工智能(AI)辅助的工作量证明(PoW)系统,可以保护关键服务器免受分布式拒绝服务(DDoS)攻击,人工智能(AI)可以学习上下文网络请求模式。在这项工作中,我们介绍了CAPoW,这是一个上下文感知的反ddos框架,通过利用上下文感知的PoW谜题,在通信过程中自适应地注入延迟。在CAPoW中,安全专业人员可以定义AI系统可以学习的相关请求上下文属性。这些上下文属性可以包括有关用户请求的信息,例如IP地址、时间、流级别信息等,并用于为影响PoW难题难度的传入请求生成上下文分数。在服务器开始处理他们的请求之前,用户需要解决这些难题。解决谜题可以减缓传入的对抗性请求的数量。此外,该框架迫使攻击者为每个请求付出代价,从而使攻击者延长DDoS攻击的代价高昂。我们包括CAPoW框架的理论基础以及对其实现和评估的描述。
{"title":"CAPoW: Context-Aware AI-Assisted Proof of Work based DDoS Defense","authors":"Trisha Chakraborty, Shaswata Mitra, Sudip Mittal","doi":"10.48550/arXiv.2301.11767","DOIUrl":"https://doi.org/10.48550/arXiv.2301.11767","url":null,"abstract":"Critical servers can be secured against distributed denial of service (DDoS) attacks using proof of work (PoW) systems assisted by an Artificial Intelligence (AI) that learns contextual network request patterns. In this work, we introduce CAPoW, a context-aware anti-DDoS framework that injects latency adaptively during communication by utilizing context-aware PoW puzzles. In CAPoW, a security professional can define relevant request context attributes which can be learned by the AI system. These contextual attributes can include information about the user request, such as IP address, time, flow-level information, etc., and are utilized to generate a contextual score for incoming requests that influence the hardness of a PoW puzzle. These puzzles need to be solved by a user before the server begins to process their request. Solving puzzles slow down the volume of incoming adversarial requests. Additionally, the framework compels the adversary to incur a cost per request, hence making it expensive for an adversary to prolong a DDoS attack. We include the theoretical foundations of the CAPoW framework along with a description of its implementation and evaluation.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"15 1","pages":"62-72"},"PeriodicalIF":0.0,"publicationDate":"2023-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88544794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Privacy Protection of Synthetic Smart Grid Data Simulated via Generative Adversarial Networks 生成对抗网络模拟合成智能电网数据的隐私保护
K. Adewole, V. Torra
: The development in smart meter technology has made grid operations more efficient based on fine-grained electricity usage data generated at different levels of time granularity. Consequently, machine learning algorithms have benefited from these data to produce useful models for important grid operations. Although machine learning algorithms need historical data to improve predictive performance, these data are not readily available for public utilization due to privacy issues. The existing smart grid data simulation frameworks generate grid data with implicit privacy concerns since the data are simulated from a few real energy consumptions that are publicly available. This paper addresses two issues in smart grid. First, it assesses the level of privacy violation with the individual household appliances based on synthetic household aggregate loads consumption. Second, based on the findings, it proposes two privacy-preserving mechanisms to reduce this risk. Three inference attacks are simulated and the results obtained confirm the efficacy of the proposed privacy-preserving mechanisms.
{"title":"Privacy Protection of Synthetic Smart Grid Data Simulated via Generative Adversarial Networks","authors":"K. Adewole, V. Torra","doi":"10.5220/0011956800003555","DOIUrl":"https://doi.org/10.5220/0011956800003555","url":null,"abstract":": The development in smart meter technology has made grid operations more efficient based on fine-grained electricity usage data generated at different levels of time granularity. Consequently, machine learning algorithms have benefited from these data to produce useful models for important grid operations. Although machine learning algorithms need historical data to improve predictive performance, these data are not readily available for public utilization due to privacy issues. The existing smart grid data simulation frameworks generate grid data with implicit privacy concerns since the data are simulated from a few real energy consumptions that are publicly available. This paper addresses two issues in smart grid. First, it assesses the level of privacy violation with the individual household appliances based on synthetic household aggregate loads consumption. Second, based on the findings, it proposes two privacy-preserving mechanisms to reduce this risk. Three inference attacks are simulated and the results obtained confirm the efficacy of the proposed privacy-preserving mechanisms.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"69 1","pages":"279-286"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75828993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SoK: Towards CCA Secure Fully Homomorphic Encryption 迈向CCA安全全同态加密
Hiroki Okada, Kazuhide Fukushima
{"title":"SoK: Towards CCA Secure Fully Homomorphic Encryption","authors":"Hiroki Okada, Kazuhide Fukushima","doi":"10.5220/0012129800003555","DOIUrl":"https://doi.org/10.5220/0012129800003555","url":null,"abstract":"","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"3 1","pages":"793-798"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74570852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards a Geometric Deep Learning-Based Cyber Security: Network System Intrusion Detection Using Graph Neural Networks 基于几何深度学习的网络安全:基于图神经网络的网络系统入侵检测
R. Zaccagnino, Antonio Cirillo, Alfonso Guarino, N. Lettieri, Delfina Malandrino, Gianluca Zaccagnino
{"title":"Towards a Geometric Deep Learning-Based Cyber Security: Network System Intrusion Detection Using Graph Neural Networks","authors":"R. Zaccagnino, Antonio Cirillo, Alfonso Guarino, N. Lettieri, Delfina Malandrino, Gianluca Zaccagnino","doi":"10.5220/0012085700003555","DOIUrl":"https://doi.org/10.5220/0012085700003555","url":null,"abstract":"","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"35 1","pages":"394-401"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84064530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ArmorDroid: A Rule-Set Customizable Plugin for Secure Android Application Development ArmorDroid:一个安全的Android应用程序开发的规则集可定制插件
Cong-Binh Le, Bao-Thi Nguyen-Le, P. Truong, Minh-Triet Tran, Anh-Duy Tran
: Although Android is a popular mobile operating system, its app ecosystem could be safer. The lack of awareness and concern for security issues in apps is one of the main reasons for this. Given the current situation, developers have yet to receive sufficient security knowledge. Therefore, we have researched and proposed a tool to support security coding. Based on the idea of DevSecOps, developers are placed at the center to optimize the solution to this problem by integrating security programming into the earlier stage in the software development process. This paper presents two main research contributions: compilation and categorization of security issues in Android application development and developing ArmorDroid, a plugin for Android Studio to support secure coding. This plugin, which can be used for Java, Kotlin, and XML files, can instantly scan and detect vulnerable code and suggest quick fixes for developers during the development phase. This plugin helps developers improve their security code and trains them to write secure code by providing security coding standards in Android applications. Furthermore, developers can customize our rule set to suit their situation and share it with different developers. Our work also presents the results of a pilot study on the effectiveness of the ArmorDroid plugin.
虽然Android是一个受欢迎的移动操作系统,但它的应用生态系统可能更安全。缺乏对应用程序安全问题的意识和关注是造成这种情况的主要原因之一。鉴于目前的情况,开发人员还没有获得足够的安全知识。因此,我们研究并提出了一种支持安全编码的工具。基于DevSecOps的思想,通过将安全编程集成到软件开发过程的早期阶段,开发人员被置于优化此问题解决方案的中心。本文介绍了两个主要的研究贡献:Android应用程序开发中的安全问题的编译和分类,以及开发Android Studio支持安全编码的插件ArmorDroid。这个插件可以用于Java、Kotlin和XML文件,可以立即扫描和检测易受攻击的代码,并在开发阶段为开发人员提供快速修复建议。这个插件可以帮助开发人员改进他们的安全代码,并通过在Android应用程序中提供安全编码标准来培训他们编写安全代码。此外,开发人员可以定制我们的规则集以适应他们的情况,并与不同的开发人员共享。我们的工作还介绍了ArmorDroid插件有效性的试点研究结果。
{"title":"ArmorDroid: A Rule-Set Customizable Plugin for Secure Android Application Development","authors":"Cong-Binh Le, Bao-Thi Nguyen-Le, P. Truong, Minh-Triet Tran, Anh-Duy Tran","doi":"10.5220/0012049500003555","DOIUrl":"https://doi.org/10.5220/0012049500003555","url":null,"abstract":": Although Android is a popular mobile operating system, its app ecosystem could be safer. The lack of awareness and concern for security issues in apps is one of the main reasons for this. Given the current situation, developers have yet to receive sufficient security knowledge. Therefore, we have researched and proposed a tool to support security coding. Based on the idea of DevSecOps, developers are placed at the center to optimize the solution to this problem by integrating security programming into the earlier stage in the software development process. This paper presents two main research contributions: compilation and categorization of security issues in Android application development and developing ArmorDroid, a plugin for Android Studio to support secure coding. This plugin, which can be used for Java, Kotlin, and XML files, can instantly scan and detect vulnerable code and suggest quick fixes for developers during the development phase. This plugin helps developers improve their security code and trains them to write secure code by providing security coding standards in Android applications. Furthermore, developers can customize our rule set to suit their situation and share it with different developers. Our work also presents the results of a pilot study on the effectiveness of the ArmorDroid plugin.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"24 1","pages":"634-641"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88723312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
One to Bind Them: Binding Verifiable Credentials to User Attributes 绑定它们的方法之一:将可验证凭据绑定到用户属性
Alexander Mühle, Katja Assaf, C. Meinel
{"title":"One to Bind Them: Binding Verifiable Credentials to User Attributes","authors":"Alexander Mühle, Katja Assaf, C. Meinel","doi":"10.5220/0012057900003555","DOIUrl":"https://doi.org/10.5220/0012057900003555","url":null,"abstract":"","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"101 1","pages":"345-352"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77331741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1