Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2022 | Book

Encrypted Malicious Traffic Detection Based on Ensemble Learning Read chapter Read first chapter

Cyberspace Safety and Security

13th International Symposium, CSS 2021, Virtual Event, November 9–11, 2021, Proceedings

Editors: Dr. Weizhi Meng, Prof. Mauro Conti

Publisher: Springer International Publishing

Book Series : Lecture Notes in Computer Science

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

The LNCS 13172 constitute the proceedings of the 13th International Symposium on Cyberspace Safety and Security, CSS 2021, held online, in November 2021.

The 9 full papers and 5 short papers presented in this book were carefully reviewed and selected from 35 submissions. The conference focuses on Cyberspace Safety and Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability issues of cyberspace.

Table of Contents

Frontmatter
Encrypted Malicious Traffic Detection Based on Ensemble Learning
Abstract
Nowadays, network traffic detection plays a very important role in protecting cyberspace security, and more and more applications realize data privacy protection through encryption technology. Regular expression matching based methods, such as deep packet inspection that relies on plaintext traffic cannot be applied to detecting encrypted random communication content, and the existing detecting methods based on time-series features often ignore the encryption protocol features. In this work, we design an ensemble learning system based on stack algorithms to identify encrypted malicious traffic, which can detect the interactive behavior and the encryption protocols simultaneously. In detail, we construct a deep learning classifier based on Long Short-Term Memory (LSTM) for time-series features, and a machine learning classifier based on random forests for encryption protocol features. Then, we use the stacking algorithm in ensemble learning to combine them to form a new classifier. Finally, relying on the Datacon2020 dataset, extensive experiments are conducted. The experimental results indicate that the proposed method improves the detection rate of encrypted malicious traffic while keeping a low false positive rate.
Fengrui Xiao, Feng Yang, Shuangwu Chen, Jian Yang
A Federated Learning Assisted Conditional Privacy Preserving Scheme for Vehicle Networks
Abstract
As the development of mobile communication technologies, Vehicle Networks can not only improve the efficiency of traffic operation, but also enhance the intelligent management level of traffic services. However, Vehicle Networks also bring a series of challenges, such as information leakage and message manipulation. In this paper, we introduce a novel federated learning assisted privacy preserving scheme for Vehicle Networks. In the proposed scheme, pseudonym is employed to hide the real identity of the vehicle, and homomorphic encryption is used to protect the private information in the training and aggregation processes. Moreover, the system is assisted with federated learning and fog computing. This not only improves efficiency in data integration and transmission, but also contributes to a more flexible and controllable traffic system. Security analyses demonstrate that the scheme meets the desirable security requirements, such as correctness, conditional privacy preserving and message authentication. And compared with some existing schemes, our proposed scheme enjoys better efficiency in both computation and communication.
Zhe Xia, Yifeng Shu, Hua Shen, Mingwu Zhang
Dissecting Membership Inference Risk in Machine Learning
Abstract
Membership inference attacks (MIA) have been identified as a distinct threat to privacy when sensitive personal data are used to train the machine learning (ML) models. This work is aimed at deepening our understanding with respect to the existing black-box MIAs while introducing a new label only MIA model. The proposed MIA model can successfully exploit the well generalized models challenging the conventional wisdom that states generalized models are immune to membership inference. Through systematic experimentation, we show that the proposed MIA model can outperform the existing attack models while being more resilient towards manipulations to the membership inference results caused by the selection of membership validation data.
Navoda Senavirathne, Vicenç Torra
Webshell Detection Based on Explicit Duration Recurrent Network
Abstract
Webshell is a malicious script, it can be written in multiple languages. Through the webshell, attackers can escalate and maintain persistent access on compromised web applications. With the growth of the demand for interactive web applications, the webshell timely detection in web applications are essential to ensure security of web server. Although there are some existing methods for webshell detection, these methods need a large number of samples to achieve higher accuracy rate. In this paper, we proposed an new webshell detection method based on Explicit Duration Recurrent Network (EDRN). In this method, the opcode sequence of samples is considered as input using word2vec. Comparing with other Recurrent Neural Networks, such as LSTM and GRU, the experimental results illustrate that our model can achieve the better performance, especially when the training set is small.
Bailin Xie, Qi Li
A Practical Botnet Traffic Detection System Using GNN
Abstract
Botnet attacks have now become a major source of cyberattacks. How to detect botnet traffic quickly and efficiently is a current problem for most enterprises. To solve this, we have built a plug-and-play botnet detection system using graph neural network algorithms. The system detects botnets by identifying the network topology and is very good at detecting botnets with different structures. Moreover, the system helps researchers to visualise which nodes in the network are at risk of botnets through a graphical interface.
Bonan Zhang, Jingjin Li, Chao Chen, Kyungmi Lee, Ickjai Lee
Vulnerability and Transaction Behavior Based Detection of Malicious Smart Contracts
Abstract
Smart Contracts (SCs) in Ethereum can automate tasks and provide different functionalities to a user. Such automation is enabled by the ‘Turing-complete’ nature of the programming language (Solidity) in which SCs are written. This also opens up different vulnerabilities and bugs in SCs that malicious actors exploit to carry out malicious or illegal activities on the cryptocurrency platform. In this work, we study the correlation between malicious activities and the vulnerabilities present in SCs and find that some malicious activities are correlated with certain types of vulnerabilities. We then develop and study the feasibility of a scoring mechanism that corresponds to the severity of the vulnerabilities present in SCs to determine if it is a relevant feature to identify suspicious SCs. We analyze the utility of the severity score towards detection of suspicious SCs using unsupervised machine learning (ML) algorithms across different temporal granularities and identify behavioral changes. In our experiments with on-chain SCs, we were able to find a total of 1094 benign SCs across different granularities which behave similar to malicious SCs, with the inclusion of the smart contract vulnerability scores in the feature set.
Rachit Agarwal, Tanmay Thapliyal, Sandeep Kumar Shukla
A Novel Method of Template Protection and Two-Factor Authentication Protocol Based on Biometric and PUF
Abstract
With the development of Internet technology and the change of network environment, it is particularly important to ensure the security and privacy of biometrics in the process of biometrics authentication. In this regard, we propose a novel identity authentication protocol based on cancelable biometric and Physical Unclonable Function (PUF) which uses the properties of PUF to generate the cancelable biometric and adds it to the complete authentication protocol, so as to realize the two-way authentication between the user and the server. Our authentication protocol makes full use of the characteristics of what users bring in and who users are, overcomes the shortcomings of the traditional key-based protocol, and connecting with the supervised learning algorithm SVM and elliptic curve Pedersen commitment, construct an effective, unique and cancelable biometric identity to replace original biometrics, thus improving the security and privacy protection of the biometrics template. At the same time, we analyze the accuracy of classification algorithms, the revocability and unlinkability of templates through experiments, which further ensures the security and legitimacy of the authentication protocol.
Hui Zhang, Weixin Bian, Biao Jie, Shuwan Sun
Realizing Information Flow Control in ABAC Mining
Abstract
Attribute-Based Access Control (ABAC) is an emerging access control model. It is increasingly gaining popularity, mainly because of its flexible and fine-grained access control. As a result, many Role-Based Access Control (RBAC) systems are migrating to ABAC. In such migrations, ABAC mining is used to create ABAC policies from existing RBAC policies. Although ABAC has several advantages, it lacks one of the crucial features required for reliable security, which is information flow control. Due to the complex nature of ABAC policies, it is challenging to analyze the information flows caused by them. In this paper, we address this problem and present an approach for realizing effective information flow control in ABAC systems. With this approach, we can create flow-secure ABAC policies using exiting RBAC policies and associated attributes. With such a flow-secure policy, we can ensure that there are no unintended information flows in the system.
B. S. Radhika, R. K. Shyamasundar
Weak Password Scanning System for Penetration Testing
Abstract
Nowadays, many network security related personnel are accustomed to using simple passwords or default passwords set by system. Based on this kind of weak password vulnerabilities, the hackers can gain access to the systems easily. Weak password scanning is an important part of penetration testing. In order to enable penetration testers to discover weak passwords in the system more conveniently, this paper proposes a system for weak password scanning. This system includes five modules, namely the interface module, data reading processing module, IP address survival detection module, task scheduling module, and the weak password scanning plugin module. Furthermore, this system is developed based on the Go language, which has the characteristics of supporting high concurrency from the language level. We test this system by using the environment built by Docker. The experimental results validate the effectiveness of this system. In the actual penetration testing, this system can save a lot of time and energy for personnel, and has a certain practical value.
Bailin Xie, Qi Li, Hao Qian
Environmental Adaptive Privacy Preserving Contact Tracing System for Respiratory Infectious Diseases
Abstract
The COVID-19 pandemic has made the scientific community devise means to implement “contact tracing” mechanisms to mitigate the spread of the infection. The crucial idea is to scan and record close contacts between users using mobile devices, in order to notify persons when their close contact(s) is diagnosed positive. Current contact tracing systems’ false-positive rate is too high to be practical as they do not filter Bluetooth scan results outside range of infection. Furthermore current systems neglect airborne transmission other than droplet transmission. Moreover, the ability granted to service providers of the contact tracing systems to access user data violates user privacy. Finally, attackers can modify, remove or fabricate contact records in their devices, which harms the integrity of the system. In this paper, we propose and develop a new contact tracing system which uses environmental factors to filter out results outside estimated effective transmission distance, and also take airborne transmission into consideration. In addition, we implement a rerandomizable signature scheme with blockchain bulletin board to provide confidentiality and integrity. We also evaluate the performance of our theory by implementing our algorithm on mobile devices.
Pengfei Wang, Xiangyu Su, Maxim Jourenko, Zixian Jiang, Mario Larangeira, Keisuke Tanaka
A Privacy-Preserving Logistics Information System with Traceability
Abstract
Logistics Information System (LIS) is an interactive system that provides information for logistics managers to monitor and track logistics business. In recent years, with the rise of online shopping, LIS is becoming increasingly important. However, since the lack of effective protection of personal information, privacy protection issue has become the most problem concerned by users. Some data breach events in LIS released users’ personal information, including address, phone number, transaction details, etc. In this paper, to protect users’ privacy in LIS, a privacy-preserving LIS with traceability (PPLIST) is proposed by combining multi-signature with pseudonym. In our PPLIST scheme, to protect privacy, each user can generate and use different pseudonyms in different logistics services. The processing of one logistics is recorded and unforgeable. Additionally, if the logistics information is abnormal, a trace party can de-anonymize users, and find their real identities. Therefore, our PPLIST efficiently balances the relationship between privacy and traceability.
Quanru Chen, Jinguang Han, Jiguo Li, Liquan Chen, Song Li
Post-quantum Key Escrow for Supervised Secret Data Sharing on Consortium Blockchain
Abstract
Consortium blockchain has been widely used in different management scenarios (i.e., digital finance), where normal members want to keep their on-chain data private while supervision peers want to reveal the on-chain private data under certain circumstances like financial regulation and judicial forensics, and key escrow is an idea to solve the problem. Since current key escrow schemes heavily rely on traditional asymmetric encryption and decryption algorithms that are vulnerable to attacks from quantum computers, we design and implement the first post-quantum (PQ) key escrow system for consortium blockchains (i.e., PQ-KES4Chain), which is integrated with all the PQ public-key encryption/KEM candidate algorithms in the current round of NIST call for national standard. Furthermore, we provide chaincodes, related APIs together with client codes for further development. And we perform a detailed security analysis on the system design and a full evaluation on the performance of PQ-KES4Chain including the time of chaincodes execution and the on-chain storage space. We further discuss the implications of our findings, which could be helpful for the developers of PQ KEM algorithms and applications.
Xiaowen Cai, Wenjing Cheng, Minghui Zhang, Chen Qian, Zhengwei Ren, Shiwei Xu, Jianying Zhou
Flexible and Survivable Single Sign-On
Abstract
Single sign-on (SSO) is a popular authentication method that is vulnerable to attacks exploiting the single points of failure of its centralized design. This problem is addressed by survivable SSO protocols relying on distributed architectures that enable a set of servers to collectively authenticate a user. However, existing survivable SSO protocols have limitations because they do not allow service providers to modify security parameters after protocol setup. This paper introduces the first survivable SSO protocol that guarantees flexibility. This property is of utmost importance for SSO because it allows service providers to tailor the trade-off between performance overhead and security requirements of multiple services and even to preserve compatibility with non-survivable SSO.
Federico Magnanini, Luca Ferretti, Michele Colajanni
The Analysis and Implication of Data Deduplication in Digital Forensics
Abstract
Data deduplication is a file storage system method that is available on various operating systems such as Windows Server, MacOS, and Linux distributions. However, rehydration of deduplicated files is not yet a functionality supported in forensic tools. With the increasing cost of cybercrimes each year, and more users looking for ways to save storage space on ever growing file sizes, developing forensic tools to support detection and recovery of deduplicated files is more important than ever. To address this issue, in this paper, we first give a comprehensive analysis of data deduplication and its implementation in modern Operating Systems. Then, we examine how data deduplication techniques affect digital forensic investigation tools, particularly, TSK, a widely used open-source forensic tool for volume and file system analysis. We then propose a solution to restore deduplicated files from an acquired deduplicated file system volume and implement it into TSK to extend TSK for supporting data deduplication. Furthermore, we also study the positive forensic implications of data deduplication techniques, which are seldom considered in existing studies. Specially, we also investigate new sources of evidence or new artifacts generated during data deduplication.
Izabela Savić, Xiaodong Lin
Backmatter
Metadata
Title
Cyberspace Safety and Security
Editors
Dr. Weizhi Meng
Prof. Mauro Conti
Copyright Year
2022
Electronic ISBN
978-3-030-94029-4
Print ISBN
978-3-030-94028-7
DOI
https://doi.org/10.1007/978-3-030-94029-4

Premium Partner

    Image Credits