Skip to main content
main-content

Über dieses Buch

This book constitutes the refereed proceedings of the International Conference on Applications and Techniques in Information Security, ATIS 2014, held in Melbourne, Australia, in November 2014. The 16 revised full papers and 8 short papers presented were carefully reviewed and selected from 56 submissions. The papers are organized in topical sections on applications; curbing cyber crimes; data privacy; digital forensics; security implementations.

Inhaltsverzeichnis

Frontmatter

Applications

System-Level Permission Management Mechanism of Android Device

Abstract
As the existing Android operating system doesn’t grant users the permission to manage system hardware. A system-level permission management mechanism of android device is proposed to solve this problem. This mechanism is based on the existing system. The existing Android system framework layer and application layer are modified and extended by using  a control terminal application to control hardware and authorization, the system boot process, SystemProperty and Camera class to implement new system-level permission management mechanism of Android device. Via the mechanism, the security of Android system is improved, a new layer of protection is increased, the control function of hardware resource access is attached, and security threat for the platform is reduced from the system level. Experimental results show that the feasibility of this system privilege management mechanism is high.
Dali Zhu, Zheming Fan, Na Pang

Enhancing Security of the Android Platform via Multi-level Security Model

Abstract
The recent trend towards interconnection of all networked objects lets smartphones consolidates its position as a global interface between user and Internet. Smartphones are getting closer to our daily life, and at the same time security threats to privacy of smartphone users continue to proliferate at a rapid rate. Android is the most popular target of attackers among other mobile platforms. Although the Android provides permission based security model, there are still many security weak points which may lead to invasion of smartphone user’s privacy. In this paper, we propose multi-level security model for enhancing Android security. Our security framework assigns security level to application at installation and performs runtime monitoring. We describe an implementation of our security framework, and finally evaluate the security and performance.
Ji-Soo Oh, Min-Woo Park, Tai-Myoung Chung

A Competitive Three-Level Pruning Technique for Information Security

Abstract
The reduction of size of ensemble classifiers is important for various security applications. The majority of known pruning algorithms belong to the following three categories: ranking based, clustering based, and optimization based methods. The present paper introduces and investigates a new pruning technique. It is called a Three-Level Pruning Technique, TLPT, because it simultaneously combines all three approaches in three levels of the process. This paper investigates the TLPT method combining the state-of-the-art ranking of the Ensemble Pruning via Individual Contribution ordering, EPIC, the clustering of the K-Means Pruning, KMP, and the optimisation method of Directed Hill Climbing Ensemble Pruning, DHCEP, for a phishing dataset. Our new experiments presented in this paper show that the TLPT is competitive in comparison to EPIC, KMP and DHCEP, and can achieve better outcomes. These experimental results demonstrate the effectiveness of the TLPT technique in this example of information security application.
Morshed Chowdhury, Jemal Abawajy, Andrei Kelarev, Kouichi Sakurai

Popularity Prediction of Tianya BBS Posts Based on User Behavior

Abstract
Predicting the popularity of online social networks information is an important task for studying the principle of the information diffusion. We here propose a popularity prediction model based on user behavior and historical information given by early popularity. Our approach is validated on datasets consisting of posts on Tianya BBS. Our experimental results show that the prediction accuracy is significantly improved with existing methods. We also analyze the influence of the temporal waveform of information diffusion for the linear prediction model.
Ge Li, Yue Hu, Yanyu Yu

Design and Implementation of Network User Behaviors Analysis Based on Hadoop for Big Data

Abstract
The network user behaviors analysis under the big data environment is attractive to network security recently for that it can discover the abnormal user behaviors to prevent the potential threats. However, the user behaviors are dynamic which is difficult to capture the users’ comprehensive behaviors in a single device by capturing or collecting the static dataset. More specially, the increase of the network users, network traffic and network services bring many challenges such as fast data collection, processing and storage. Therefore, we propose and implement a network user behaviors analysis system in this paper, which is based on the Hadoop distribution platform to capture the traffic and analyze the user behaviors in terms of the search keywords, user shopping trends, website posts and replies, and web visited history to acquire the uses’ dynamic behaviors. To evaluate our system, we capture the packets in the campus networks, and the results show that our system can capture the users’ long-term behaviors and acquire the user behaviors in detail.
Jianfeng Guan, Su Yao, Changqiao Xu, Hongke Zhang

The Research of Extraction Algorithm for Target Feature of Chest Bitmap

Abstract
The chest bitmap is the most widely used in live-firing. The target surface information extraction is the chief question need to be solved for automatic target-scoring system. Therefore, this paper proposes a new low-complexity algorithm for target surface feature information extraction according to the characteristics of the chest ring image. Based on the pre-processing for image, background interference of the image is eliminated by using regional feature elimination algorithm. Besides, target’s eye position is determined by employing gray two-way clipping projection, and all of the effective feature information of the target surface is extracted. The result of simulation shows that the target surface information extraction algorithm for chest bitmap is characterized by low-complexity, short time-consuming and high efficiency, and meets the real-time requirement.
Tianshi Liu, Ruixiang Liu, Hongwei Wang, Liumei Zhang, Cailing Wang

A Method for Detecting Trojan Based on Hidden Network Traffic Analysis

Abstract
With the development of Trojan horse detection technology, the survivability of the Trojan hidden in the space of operating systems becomes more and more weak. As a result, more kernel hidden and hardware hidden techniques have been proposed and applied to the design of new Trojans. Because of the complexity and diversity of kernel hiding technologies and the emergence of hardware Trojans, detection becomes more and more difficult. We propose a black-box model to simplify the communication processing system of a computer. The modules of complex communication processing in the kernel of the operating system and the hardware are reduced to a black box with two end points. Hidden traffic can be easily extracted regardless of the Trojan hidden technologies. After this, a special-Trojan detection system based on the extraction of the hidden traffic is present. The experimental result has demonstrated the usage of the traffic extract model.
Zhiwen Chen, Yizheng Tao, Gongliang Li

A Survey on Encrypted Traffic Classification

Abstract
With the widespread use of encryption techniques in network applications, encrypted network traffic has recently become a great challenge for network management. Studies on encrypted traffic classification not only help to improve the network service quality, but also assist in enhancing network security. In this paper, we first introduce the basic information of encrypted traffic classification, emphasizing the influences of encryption on current classification methodology. Then, we summarize the challenges and recent advances in encrypted traffic classification research. Finally, the paper is ended with some conclusions.
Zigang Cao, Gang Xiong, Yong Zhao, Zhenzhen Li, Li Guo

Curbing Cyber Crimes

An Approach to Detect the Internet Water Army via Dirichlet Process Mixture Model Based GSP Algorithm

Abstract
The Internet Water Army (IWA) brings a great threat on cyber security. How to accurately recognize the IWA has become a challenging research issue. Most work exploits the behavioral analysis to distinguish IWA and non-IWA. These approaches are mainly divided into categories: direct compute method and training learning method. The direct calculation method mainly relies on crawler, and makes multidimensional eigenvector to detect IWA. Nevertheless, it did not consider the behavior rules based on the time sequence, and just determine the user behavior by feather vector, so the results are not very accurate. The recognition rate also needs to be improved. The second method mainly relies on cluster approaches. However, cluster approaches require pre-determined the number of clustering, which will directly lead to the model over fitting and owe fitting because of inadequate unit number. In this paper we propose a sequential pattern approach based on DPMM for IWA identification. Firstly, we analyze the user behavior of potential IWA and get a feature vector of user behavior. Secondly, we use DPMM to get effective and accurate clustering results. Finally, we use the sequential pattern mining algorithms to detect navy accounts. Our clustering results with datasets come from Tianya forum show a very ideal consequence.
Dan Li, Qian Li, Yue Hu, Wenjia Niu, Jianlong Tan, Li Guo

Modeling and Analysis of Network Survivability under Attack Propagation

Abstract
Survivability of networks has emerged as a fundamental concern for network design and operation. The network physical infrastructures are vulnerable to correlated faults from the natural disasters and malicious attack. Particularly, malicious attacks attract more attention rather than natural disasters recently. This paper investigates network survivability in the presence of network attack propagation. Especially, a continuous-time Markov chain model is used to characterize the network survivability performance during the transient period that starts from the attack occurrence, in the subsequent attack propagation, and until the network has been full recovery. On the basis of the model, we compare two different schemes with the transient reward measures. Furthermore, network survivability of each scheme is exemplified for four propagation and repair strategies. The numerical results indicate the scheme with immunized state is more survivable than the scheme without immunized state, which is not only helpful to the survivability of network design but also useful to choose the suitable repair strategies.
Su Yao, Jianfeng Guan, Shuwei Ding, Hongke Zhang, Fei Song

A Scalable Approach for Vulnerability Discovery Based on Security Patches

Abstract
Software vulnerability has long been considered an important threat to the system safety. A vulnerability often gets reproduced due to the frequent code reuse by programmers. Security patches are often not propagated to all code clones, however they could be leveraged to discover unknown vulnerabilities. Static auditing approaches are frequently proposed to scan code for security flaws, unfortunately, they often generate too many false positives. While dynamic execution analysis can precisely report vulnerabilities, they are in effective in path exploration which limits them to scale to large programs. In this paper, we propose a scalable approach to discover vulnerabilities in real world programs based on released security patches. We use a fast and scalable syntax-based way to find code clones and then, we verify the code clones using concolic testing to dramatically decrease the false positives. Besides, we mitigate the path explosion problem by backward data tracing in concolic execution. We conducted experiments with real world open source projects (Linux Ubuntu OS distributions and program packages) and we reported 7 real vulnerabilities out of 63 code clones found in Ubuntu 14.04 LTS. In one step further, we have confirmed more code clone vulnerabilities in various versions of programs including Apache and Rsyslog. Meanwhile, we also tested the effectiveness of vulnerability verification with test cases from Juliet Test Suite. The result showed that our verification method achieved 98% accuracy with 0 false positives.
Hongzhe Li, Hyuckmin Kwon, Jonghoon Kwon, Heejo Lee

Modeling the Effect of Infection Time on Active Worm Propagations

Abstract
Addressing the problem overlooked by those continuous time worm propagation models, namely it must take each worm instance a certain period of time delay to completely infect a targeted vulnerable host after it has scanned the host, the paper analyzes in depth the reasons which cause the well-known discrete time AAWP model also overestimating the spread speed of active worm propagations. Then the paper puts forward a more proper states transition of vulnerable hosts during active worm propagations. Last but the most important, a new model named Optimized-AAWP is proposed with more reasonable understanding of this time delay, i.e. infection time of a worm, in each round of worm infection. The simulation results show that the Optimized-AAWP model can reflect the important effect of infection time on active worm propagations more accurately.
Hui Liu, Xiaolong Ma, Tianzuo Wang, Bo Ding, Qiang Lu

Data Privacy

Location Privacy Preserving for Semantic-Aware Applications

Abstract
With the increase use of location-based services, location privacy has recently raised serious concerns. To protect a user from being identified, a cloaked spatial region that contains other k-1 nearest neighbors of the user is used to replace the accurate position. In this paper, we consider location-aware applications that services are different among regions. To search nearest neighbors, we define a novel distance measurement that combines the semantic distance and the Euclidean distance to address the privacy preserving issue in the above-mentioned applications. We also propose an algorithm kNNH to implement our proposed method. The experimental results further suggest that the proposed distance metric and the algorithm can successfully retain the utility of the location services while preserving users’ privacy.
Lefeng Zhang, Ping Xiong, Tianqing Zhu

Analysis on the Reliability of Non-repairable and Repairable Network Storage Systems

Abstract
The reliability analysis is of great significance for assessing the performance of network storage systems. This paper aims to analyze reliability of network storage system, either with or without maintenance requirement, using quantitative calculation and simulation evaluation. When the devices were non-repairable, a FC-SAN network storage system was tested in three typical redundancy modes (i.e. simplicity, dual-FC switches, dual-server & dual-FC switches).Reliability calculation was performed with help of reliability block diagram and mathematical analytical method. For the repairable devices, Markov analysis and Monte Carlo stochastic simulation were introduced to assess the reliability of the network storage systems. In addition, simulations were carried out to measure a number of reliability indices of the network storage systems. These indices, including availability, mean time to first failure, and the mean up time, are used for analysis and comparison of simulation data. This analysis can provide useful guidance for designing future network storage systems.
MingYong Yin, Chun Wu, YiZheng Tao

Homomorphic Cryptography-Based Privacy-Preserving Network Communications

Abstract
This work presents a novel protocol for privacy preserving network communications, using homomorphic cryptography. The malleability properties of homomorphic encryption allows routing without ever disclosing the sender or receiver of a message, while resisting against basic end-to-end attacks. We first present our protocol in an abstract network model, and instantiate it for ad-hoc networks as a use-case example.
Antoine Guellier, Christophe Bidan, Nicolas Prigent

The 0-1 Knapsack Polytope – A Starting Point for Cryptanalysis of Knapsack Ciphers?

Abstract
The Knapsack Cryptosystem of Merkle and Hellman, 1978, is one of the earliest public-key cryptography schemes. The security of the method relies on the difficulty in solving Subset Sum Problems (also known as Knapsack Problems). In this paper, we first provide a brief history of knapsack-based cryptosystems and their cryptanalysis attacks. Following that, we review the advances in integer programming approaches to 0 − 1 Knapsack Problems, with a focus on the polyhedral studies of the convex hull of the integer set. Last of all, we discuss potential future research directions in applying integer programming in the cryptanalysis of knapsack ciphers.
Vicky H. Mak-Hau, Lynn M. Batten

Digital Forensics

Forensic Identification of Students Outsourcing Assignment Projects from Freelancer.com

Abstract
This paper reports the increasing popularity of outsourcing academic works by university students motivated by the lure of lucrative dividends and visa opportunities. Due to a lack of formal methods in detecting such transactions, freelance websites are thriving in facilitating the trade of outsourced assignments. This is compounded by the fact that many university staff have neither the time nor training to perform complex media analysis and forensic investigations. This paper proposes a method to aid in the identification of those who outsource assignment works on the most popular site freelancer.com . We include a recent real-world case study to demonstrate the relevancy and applicability of our methodology. In this case study, a suspect attempts to evade detection via use of anti-forensics which demonstrates the capability and awareness of evasion techniques used by students.
Michael Monnik, Lei Pan

A Novel Method for Detecting Double Compressed Facebook JPEG Images

Abstract
Images published on online social sites such as Facebook are increasingly prone to be misused for malicious purposes. However, existing image forensic research assumes that the investigator can confiscate every piece of evidence and hence overlooks the fact that the original image is difficult to obtain. Because Facebook applies a Discrete Cosine Transform (DCT)-based compression on uploaded images, we are able to detect the modified images which are re-uploaded to Facebook. Specifically, we propose a novel method to effectively detect the presence of double compression via the spatial domain of the image: We select small image patches from a given image, define a distance metric to measure the differences between compressed images, and propose an algorithm to infer whether the given image is double compressed without referring to the original image. To demonstrate the correctness of our algorithm, we correctly predict the number of compressions being applied to a Facebook image.
Allan NG, Lei Pan, Yang Xiang

Using Randomization to Attack Similarity Digests

Abstract
There has been considerable research and use of similarity digests and Locality Sensitive Hashing (LSH) schemes - those hashing schemes where small changes in a file result in small changes in the digest. These schemes are useful in security and forensic applications. We examine how well three similarity digest schemes (Ssdeep, Sdhash and TLSH) work when exposed to random change. Various file types are tested by randomly manipulating source code, Html, text and executable files. In addition, we test for similarities in modified image files that were generated by cybercriminals to defeat fuzzy hashing schemes (spam images). The experiments expose shortcomings in the Sdhash and Ssdeep schemes that can be exploited in straight forward ways. The results suggest that the TLSH scheme is more robust to the attacks and random changes considered.
Jonathan Oliver, Scott Forman, Chun Cheng

Research of Password Recovery Method for RAR Based on Parallel Random search

Abstract
Password recovery of RAR encrypted file is an important problem in computer forensics. It is difficult to deal with this problem by the traditional methods such as guess, dictionary, rainbow table and brute force. We give a new method based on parallel random search. The new method use a parallel stochastic approach on word selection in the dictionary attack. It can greatly improve the success rate of password recovery. And the experiment shows that the new approach is effective in the password recovery of RAR file.
Liang Ge, Lianhai Wang

Security Implementations

Sybil-Resist: A New Protocol for Sybil Attack Defense in Social Network

Abstract
Currently, most of the existing social networks on Internet are distributed, decentralized systems, and they are particularly vulnerable to Sybil attack in which a single malicious user introduces multiple bogus identities and pretends to be multiple and real users in the network. With these controlled identities, the malicious user can create a Byzantine failure in collaborative tasks by ‘out vote’ the real identities. This paper conducts a survey on the network security of social networks to provide the overview of the current online security of the social networks and the corresponding defend methods. Based on the survey, this paper proposes Sybil-Resist, a Random Walk-based Sybil attack defense protocol devoting to identifying the Sybil nodes and the Sybil region efficiently. The simulation results obtained by a more realistic simulation topology show that the proposed scheme outperforms existing solutions in terms of detection accuracy and running time.
Wei Ma, Sen-Zhe Hu, Qiong Dai, Ting-Ting Wang, Yin-Fei Huang

PAITS: Detecting Masquerader via Short-Lived Interventional Mouse Dynamics

Abstract
It is relatively easier for an insider attacker to steal the password of a colleague or use an unattended machine (logged in by other users) within a trusted domain to launch an attack. A simple real-time authentication by password may not work if they have the password. By comparing the stored mouse behavioral profile of the valid user, the system automatically authenticates the user. However, long verification time in existing approaches based on mouse dynamics which mostly last dozens of minutes and probably make masquerader escaped from detection mechanism. In this paper, we proposed a system called PAITS (Practical Authentication with Identity Tracing System) to do re-authentication via comparison of mouse behavior under a short-lived interventional scenario. Mouse movements under the special scenario where the cursor is a bit out of control can capture the user’s unconscious reaction, and then be used for behavioral comparison and detection of malicious masquerader. Our experiments on PAITS demonstrate best result with a FRR of 2.86% and a FAR of 3.23% under probability neural network with 71 features. That is a comparative result against the previous research results, but at the same time significantly shorten the verification time from dozens of minutes to five seconds.
Xiao-jun Chen, Jin-qiao Shi, Rui Xu, S. M. Yiu, Bing-xing Fang, Fei Xu

Social Engineering through Social Media: An Investigation on Enterprise Security

Abstract
Social engineering attacks the weakest organizational security link – the human. The influx of employees using social media throughout the working environment has presented information security professionals with an extensive array of challenges facing people, process and technology. These challenges also show enormous impact on the confidentiality, integrity and availability of information assets residing within the organization. This paper aims to provide an in-depth insight into classification and mitigation of social engineering security issues faced by enterprises in adopting social media for business use.
Heidi Wilcox, Maumita Bhattacharya, Rafiqul Islam

Efficient Key Pre-distribution for 6LoWPAN

Abstract
The Internet of Things is imposing an evolution of the capabilities of wireless sensor networks. The new IP-based 6LoWPAN standard for low power sensor networks allows an almost seamless connection of local sensor networks to the Internet. On the other hand, the connection to the Internet also opens doors for unauthorized nodes to become part of the local network. The most important challenge in preventing this, is the implementation of a key management architecture, keeping in mind that the sensor nodes are constrained in power consumption and data storage capacity. This paper builds on a previously proposed symmetric key management scheme for 6LoWPAN networks presented by Smeets et al.in [1]. The original scheme is based on wired bootstrapping for the enrollment of new nodes, while the paper at hand proposes a wireless method. We analyze the original wired scheme and propose an improved wireless scheme, elaborating on the practical implementation on Zolertia Z1 nodes running Contiki-OS. We show that it is possible to provide end-to-end security using wireless bootstrapping within the constraints of the tiny nodes at hand.
Ruben Smeets, Nele Mentens, Kris Aerts, Dave Singelée, An Braeken, Matthias Carlier, Laurent Segers, Kris Steenhaut, Abdellah Touhafi

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise