Security, Privacy, and Anonymity in Computation, Communication, and Storage

Table of Contents

1. Frontmatter

2. The 9th IEEE International Symposium on UbiSafe Computing (UbiSafe 2017)

   1. Frontmatter

   2. MTIV: A Trustworthiness Determination Approach for Threat Intelligence

      Lei Li, Xiaoyong Li, Yali Gao

      Abstract

      With the gradually sharing of threat intelligences, users concern more about their trustworthiness, which is difficult to be judged. Some threat intelligence sharing platforms choose to show the risk or credibility, and inform users the trustworthiness of the threat intelligence. Several researchers have proposed the requirements and techniques for threat intelligence trust assessment. However, they do not present any tool-based or model solutions. In this paper, we present a Trustworthiness Determination Approach for Threat Intelligence (MTIV) to make up these shortcomings. First, we propose a framework to excavate threat intelligence via multiple sharing platforms, and extract multidimensional trustful features of the threat intelligence. Based on these, contributions of dimensional trustful features to the trustworthiness determination can be derived. Then we introduce Deep Belief Network (DBN) to determine the trustworthiness of the threat intelligence. The experimental results verify that MTIV is more effective than traditional methods. Our work will be of benefit to build a more credible threat intelligence sharing platform, and enhance the capability of real-time detection and resisting the cyberspace attacks.

   3. Distributed Caching Based Memory Optimizing Technology for Stream Data of IoV

      Xiaoli Hu, Chao Li, Huibing Zhang, Hongbo Zhang, Ya Zhou

      Abstract

      With the expansion of the Internet of Vehicle’s system size, traditional storage architecture has encountered performance bottleneck in terms of throughput and scalability. To address these issues, the essay builds a distributed caching system by using cache node, major node and query interface. To implement storage logic, vehicular terminal dynamically sends data, and the distributed business process of stream data is achieved by using cache system and compressed function in protocol server. Protocol server also assists database server in compression storage. Data from our IoV platform is adopted for testing, and experimental results show that memory optimizing system effectively improves throughput and scalability.

   4. Secure Transfer Protocol Between App and Device of Internet of Things

      Zhaojie Xu, Xiaoyong Li

      Abstract

      Communication security is one of the key component of Internet of Things. Now we can communicate with smart device, such as microwave oven, camera, and control it using App in our smart phone, but due to the poor computing power of smart device, it tends to be intractable to protect this communication from attack. By analyzing the security threats faced during the process of smart device and App authenticating each other’s identity, this paper proposed a lightweight transfer protocol for smart device, and introduced “Authentication Center” to help with authentication for smart device and App. In consideration of poor computing power of smart device, the lightweight protocol achieves effective reduction of network resource usage. Acting as a hub, the Authentication Center does the heavy certification and authorization work as well as the management of smart device. This protocol can protect data confidentiality, data integrity against replay attack, man-in-the-middle attack by ensuring the identities of device and App with the help of Authentication Center.

   5. Rogue Access Points Detection Based on Theory of Semi-Supervised Learning

      Xiaoyan Li, Xiaoyong Li

      Abstract

      It is very dangerous for wireless client to connect with rogue access point. Attackers could eavesdrop or modify client’s information via rogue access point, therefore, rogue access point can be seen as the most serious threats in wireless local area network (WLAN). In this paper, we proposed a novel approach that can detect rogue access points (AP) quickly and accurately. We take advantage of Time-stamp field and signal field in the 802.11 beacon frame as the data in Gaussian distribution algorithm and Native Bayes Classify to generate the fingerprint of access point. The fingerprint is unique to each access point, which cannot be spoofed. In the detection process, we add sliding window and Semi-Supervised Learning, that give our method the ability to take dynamic self-adjustment. Experimental results indicated that the proposed approach could detect rogue access points more quickly and accurately compare with existing methods.

   6. Phishing Detection Method Based on Borderline-Smote Deep Belief Network

      Jiahua Zhang, Xiaoyong Li

      Abstract

      With the rapid development of Internet, phishing and other frauds are becoming more and more serious. Criminals posing as banks, electricity providers, social networking sites to send fraudulent information to induce users to log on, steal user information, so that the vast numbers of users and financial institutions suffered property and economic losses. How to accurately and effectively identify phishing related Internet risks has been a major concern of the Internet. This paper analyzes the development history of phishing prevention and control, and presents a Borderline-Smote (Synthetic Minority Over-sampling Technique) DBN (Deeping Belief Network) method to detect phishing. The method uses deep learning phishing detection method based on web documents content and other features to improve 1% on the recognition accuracy. Furthermore the paper uses Borderline-Smote to solve the imbalanced data problem in the training of phishing detection, and further improve 2% on the F-value and recall rate.

   7. Research on Similarity Record Detection of Device Status Information Based on Multiple Encoding Field

      Ziwen Liu, Liang Fang, Lihua Yin, Yunchuan Guo, Fenghua Li

      Abstract

      Security management center needs to detect and delete many similar records of the device status information to reduce the data redundancy before analyzing the status of the supervised device. Most similarity record detection algorithms are based on the “sort-merge” model. Detection algorithms usually sort data set with keywords before detection of similar data. Existing methods of generating keywords tend to have the following problems: the keywords is not accurate, or multiple keywords are generated for sorting of multiple keywords. The paper proposes a method of synthesizing keywords by multiple encoding fields, and it is verified that this method can significantly optimize the performance of algorithm through experiment. We also compare the performance of each common detection algorithm through experiment.

   8. Security Review and Study of DoS Attack on DNS in the International Roaming EPC_LTE Network

      Ya’nan Tian, Wen’an Zhou, Wenlong Liu

      Abstract

      The communication standard Long Term Evolution (LTE) developed by 3GPP is becoming the mainstream technology of the next generation mobile communication, the new features meet the business needs and improve the user experience, but also bring some security threats. In this paper, we introduce the LTE roaming architecture, the attach procedure and the DNS resolution procedure. Then we analyze that MME initiate the DNS request before the authentication is completed based on the procedures and OpenAirInterface (OAI) code, which will lead to a large load on DNS server, this scheme is very vulnerable to DoS/DDoS attacks on DNS server. Finally, according to the characteristics of LTE, we propose a enhancement scheme in MME and analyze the feasibility.

   9. A SYN Flood Detection Method Based on Self – similarity in Network Traffic

      Daxiu Zhang, Xiaojuan Zhu, Lu Wang

      Abstract

      Since the normal data fail to be transmitted under the SYN Flood attack, the paper proposes a detection method which can rapidly and accurately detect the SYN Flood attack. First, it takes a real - time intercept of network traffic, and selects network traffic to discrete. Second, the fitting function can be achieved by fitting the discrete network traffic repeatedly. Finally, the integral value of the fitting function is calculated, which is used to compare with the Hurst value. The SYN Flood attack can be effectively detected by comparing the integral value, which calculated by the fitting function curve, with the Hurst value of the network traffic.

   10. Annotating Network Service Fault Based on Temporal Interval Relations

       Leonard Kok, Sook-Ling Chua, Chin-Kuan Ho, Lee Kien Foo, Mohd Rizal Bin Mohd Ramly

       Abstract

       The internet has greatly revolutionized the communication and has undoubtedly affects our everyday life from work to entertainment. In order to uphold the quality of network service, Communication Service Providers (CSPs) are striving to keep network service faults to a minimum. To achieve this, they need to detect early of any potential network problems and resolve service incidents promptly before customers are impacted. However, to train a supervised learning algorithm to automatically detect service disruptions, the training data needs to be labeled. It is certainly costly and time consuming process to rely on domain experts to annotate the data. This paper addresses the data annotation problem based on temporal interval relations. We evaluated our method on real-world data and compared it with baseline method.

3. The 9th IEEE International Workshop on Security in e-Science and e-Research (ISSR 2017)

   1. Frontmatter

   2. An Anonymous Identity-Based Authentication Scheme in Vector Network

      Jie Yu, Mangui Liang

      Abstract

      Vector Network is a new type of network, which is light connection and enables QoS. Vector Network provides two types of services: best effort and QoS guaranteed. The latter requires strict access authentication, which should be not only safe and convenient for use, but also able to protect the user’s privacy, and prevent hackers from tracking. Therefore, this paper proposes an improved scheme for a hierarchical identity based on signature and authentication, which is used to meet the requirements of Vector Network authentication. At last we achieve the scheme in experiment and point out that it has advantages in terms of efficiency and security over traditional network.