Visible to the public Threat Vectors

SoS Newsletter- Advanced Book Block

Threat Vectors

As systems become larger and more complex, the surface that hackers can attack also grows. Is this set of recent research articles, topics are explored that include smartphone malware, zero-day polymorphic worm detection, source identification, drive-by download attacks, two-factor face authentication, semantic security, and code structures.

  • Peng, Sancheng; Yu, Shui; Yang, Aimin, "Smartphone Malware and Its Propagation Modeling: A Survey," Communications Surveys & Tutorials, IEEE , vol.16, no.2, pp.925,941, Second Quarter 2014. (ID#:14-1459) Available at: Smartphones are pervasively used in society, and have been both the target and victim of malware writers. Motivated by the significant threat that presents to legitimate users, we survey the current smartphone malware status and their propagation models. The content of this paper is presented in two parts. In the first part, we review the short history of mobile malware evolution since 2004, and then list the classes of mobile malware and their infection vectors. At the end of the first part, we enumerate the possible damage caused by smartphone malware. In the second part, we focus on smartphone malware propagation modeling. In order to understand the propagation behavior of smartphone malware, we recall generic epidemic models as a foundation for further exploration. We then extensively survey the smartphone malware propagation models. At the end of this paper, we highlight issues of the current smartphone malware propagation models and discuss possible future trends based on our understanding of this topic. Keywords: Bluetooth; Grippers; Mobile communication; Mobile handsets; Software; Trojan horses; mobile malware; propagation modeling; simulator; smartphone
  • Kaur, R.; Singh, M., "A Survey on Zero-Day Polymorphic Worm Detection Techniques," Communications Surveys & Tutorials, IEEE , vol.PP, no.99, pp.1,30 14 March 2014. (ID#:14-1460) Available at: Zero-day polymorphic worms pose a serious threat to the Internet security. With their ability to rapidly propagate, these worms increasingly threaten the Internet hosts and services. Not only can they exploit unknown vulnerabilities but can also change their own representations on each new infection or can encrypt their payloads using a different key per infection. They have many variations in the signatures of the same worm thus, making their fingerprinting very difficult. Therefore, signature-based defenses and traditional security layers miss these stealthy and persistent threats. This paper provides a detailed survey to outline the research efforts in relation to detection of modern zero-day malware in form of zero-day polymorphic worms. Keywords: Grippers; Internet; Malware; Monitoring; Payloads; Vectors; Detection Systems; Polymorphic worms; Signature Generation; Zero-day attacks; Zero-day malware
  • Murvay, P.-S.; Groza, B., "Source Identification Using Signal Characteristics in Controller Area Networks," Signal Processing Letters, IEEE , vol.21, no.4, pp.395,399, April 2014 (ID#:14-1461) Available at: The CAN (Controller Area Network) bus, i.e., the de facto standard for connecting ECUs inside cars, is increasingly becoming exposed to some of the most sophisticated security threats. Due to its broadcast nature and ID oriented communication, each node is sightless in regards to the source of the received messages and assuring source identification is an uneasy challenge. While recent research has focused on devising security in CAN networks by the use of cryptography at the protocol layer, such solutions are not always an alternative due to increased communication and computational overheads, not to mention backward compatibility issues. In this work we set steps for a distinct approach, namely, we try to take authentication up to unique physical characteristics of the frames that are placed by each node on the bus. For this we analyze the frames by taking measurements of the voltage, filtering the signal and examining mean square errors and convolutions in order to uniquely identify each potential sender. Our experimental results show that distinguishing between certain nodes is clearly possible and by clever choices of transceivers and frame IDs each message can be precisely linked to its sender. Keywords: controller area networks; convolution; cryptography ;filtering theory; mean square error methods; transceivers; CAN networks; ID oriented communication; communication overhead; computational overhead; controller area networks; convolution; cryptography; mean square errors; protocol layer; security threats; signal filtering; source identification; transceivers; Authentication; Convolution; Cryptography; Physical layer; Transceivers; Vectors; CAN bus; physical fingerprinting; source identification
  • Gaya K. Jayasinghe, J. Shane Culpepper, Peter Bertok, "Efficient and Effective Realtime Prediction Of Drive-By Download Attacks," Journal of Network and Computer Applications, Volume 38, February, 2014, ( Pages 135-149). (ID#:14-1462) Available at: This article recognizes the flaws on current mitigation techniques for drive-by download attacks, techniques which are constrained to static and semi-dynamic analysis and are vulnerable to evasion methods. The authors of this paper present an original drive-by downloading detection method that minimizes the resource drain other methods have previously required. This proposed method operates by inspecting the bytecode stream for web browsers at runtime. Keywords: Anomaly detection, Drive-by downloads, Dynamic analysis, Machine learning, Web client exploits
  • Andrew F. Tappenden, James Miller, "Automated Cookie Collection Testing," ACM Transactions on Software Engineering and Methodology (TOSEM) Volume 23 Issue 1, February 2014, Article No. 3. (ID#:14-1463) Available at: Cookies are used by over 80% of Web applications utilizing dynamic Web application frameworks. Applications deploying cookies must be rigorously verified to ensure that the application is robust and secure. Given the intense time-to-market pressures faced by modern Web applications, testing strategies that are low cost and automatable are required. Automated Cookie Collection Testing (CCT) is presented, and is empirically demonstrated to be a low-cost and highly effective automated testing solution for modern Web applications. Automatable test oracles and evaluation metrics specifically designed for Web applications are presented, and are shown to be significant diagnostic tests. Automated CCT is shown to detect faults within five real-world Web applications. A case study of over 580 test results for a single application is presented demonstrating that automated CCT is an effective testing strategy. Moreover, CCT is found to detect security bugs in a Web application released into full production. Keywords: Cookies, Web application testing, adaptive random testing, automated testing, software testing, test generation, test strategies
  • Christos Kalloniatis, Haralambos Mouratidis, Manousakis Vassilis, Shareeful Islam, Stefanos Gritzalis, Evangelia Kavakli, " Towards the Design Of Secure And Privacy-Oriented Information Systems In The Cloud: Identifying The Major Concepts," Computer Standards & Interfaces, Volume 36 Issue 4, June, 2014, (Pages 759-775). (ID#:14-1464) Available at: This paper discusses the imperative nature of fully understanding the security challenges of cloud environments, as well as how cloud architecture differs from common distributed systems. Comprehensive consideration of all threats, best practices, and security measures supports the design of a secure cloud system. Keywords: Cloud computing, Concepts, Privacy, Requirements, Security, Security and Privacy Issues
  • Jeonil Kang, Daehun Nyang, Kyunghee Lee, "Two-factor Face Authentication Using Matrix Permutation Transformation and a User Password," Information Sciences: an International Journal, Volume 269, June, 2014, (Pages 1-20). (ID#:14-1465) Available at: This article sheds light on the use of biometrics for authentication, and accompanying challenges such as inevitable inconsistencies in bio-information per authentication attempt. The authors of this paper suggest a two-factor face authentication, in which matrix transformations and a password are integrated. Possible attacks, suggestions for bolstered security, and experimental results are discussed. Keywords: Biometrics security, Face authentication, User privacy
  • Ruixuan Li, Zhiyong Xu, Wanshang Kang, Kin Choong Yow, Cheng-Zhong Xu, "Efficient Multi-Keyword Ranked Query Over Encrypted Data in Cloud Computing," Future Generation Computer Systems, Volume 30, January, 2014, (Pages 179-190). (ID#:14-1466) Available at: This article considers the accessibility obstacles for secure cloud storage, particularly challenges in applying keyword-based queries and result-ranking on the encrypted data. As a solution to the aforementioned difficulties, this paper presents a flexible multi-keyword query scheme (MKQE). MKQE decreases maintenance overhead for a dynamic keyword dictionary, and considers user access history. Experimental process and results are discussed. Keywords: Cloud computing, Data encryption, Multi-keyword query, Privacy preserving, Ranked query, Top-k query
  • Abdul Razzaq, Khalid Latif, H. Farooq Ahmad, Ali Hur, Zahid Anwar, Peter Charles Bloodsworth, "Semantic Security Against Web Application Attacks," Information Sciences: an International Journal, Volume 254, January, 2014, (Pages 19-38). (ID#:14-1467) Available at: This paper presents a web application detection and classification method, relying on ontology-based techniques in lieu of traditional signature-based methodology. Semantic rules used in this proposed method identifies application context, possible attacks, and protocol. Processes and experimental results for this fully platform-and-technology-independent method. Keywords: Application security, Semantic rule engine, Semantic security
  • Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, Jorge Blasco, "Dendroid: A Text Mining Approach to Analyzing and Classifying Code Structures In Android Malware Families," Expert Systems with Applications: An International Journal, Volume 41 Issue 4, March, 2014, (Pages 1104-1117). (ID#:14-1468) Available at: The authors of this paper present Dendroid as a solution to help automate phases of the malware analysis process. With the widespread dependence on smartphones, it has become increasingly difficult to analyze the accompanying new strains of malicious apps. Dendroid utilizes text mining and information retrieval techniques to help identify similarities between malware specimen, which are then subject to automated classification and groupings. Process and results are discussed. Keywords: Android OS, Information retrieval, Malware analysis, Smartphones, Software similarity and classification, Text mining
  • Andrei Giurgiu, Rachid Guerraoui, Kevin Huguenin, Anne-Marie Kermarrec, "Computing in Social Networks," Information and Computation, Volume 234, February, 2014, (Pages 3-16). (ID#:14-1469) Available at: This paper discusses the challenge of S^3,Scalable Secure computing in a Social Network. A novel protocol is presented, which makes use of the social component of the network -- recognizing that nodes are conscious of their reputation and are careful of being isolated as untrusted. Keywords: Distributed computing, Privacy, Security, Social networks
  • Chun Guo, Yajian Zhou, Yuan Ping, Zhongkun Zhang, Guole Liu, Yixian Yang, "A Distance Sum-Based Hybrid Method for Intrusion Detection," Applied Intelligence, Volume 40 Issue 1, January 2014, (Pages 178-188). (ID#:14-1470) Available at: The authors of this paper discuss the complexity and high cost of hybrid intrusion detection systems, and present distance sum-based vector machine (DSSVM), a novel hybrid learning method. Conducted tests verify the effectiveness of DSSVM as an intrusion detection model. Results are discussed. Keywords: Euclidean distance function, Hybrid classifiers, Intrusion detection, Pattern recognition, Support vector machine
  • Matthew Brown, Bo An, Christopher Kiekintveld, Fernando Ordonez, Milind Tambe, "An Extended Study On Multi-Objective Security Games ," Autonomous Agents and Multi-Agent Systems ,Volume 28 Issue 1, January 2014, (Pages 31-71). (ID#:14-1471) Available at: This paper addresses security games, derived from real mission-critical security operations against dynamic, malicious opponents. The difficulty lies in weighing many different factors when considering an appropriate security strategy. Considering this, the authors of this paper present multi-objective security games (MOSGs), which challenges the decision-maker to consider the opportunity costs between varying objectives. Results and methods are discussed. Keywords: Game theory, Multi-objective optimization, Security
  • Hien Thi Thu Truong, Eemil Lagerspetz, Petteri Nurmi, Adam J. Oliner, Sasu Tarkoma, N. Asokan, Sourav Bhattacharya, "The Company You Keep: Mobile Malware Infection Rates And Inexpensive Risk Indicators," Proceedings of the 23rd International Conference On World Wide Web, April 2014, (Pages 39-50). (ID#:14-1473) Available at: This paper recognizes the lack of public information about mobile malware infection rates, and introduces a pioneer independent study of malware infection rates. The authors of this paper hypothesized that advertising potentially malicious applications offered by some application stores may be considered as infection vectors. This technique is argued to be a counterpart for malware scanning, and process and results are discussed. Keywords: android, infection rate, malware detection, mobile malware
  • Chang Liu, Liehuang Zhu, Mingzhong Wang, Yu-An Tan, "Search Pattern Leakage In Searchable Encryption: Attacks And New Construction," Information Sciences: an International Journal,Volume 265, May, 2014, (Pages 176-188). (ID#:14-1474) Available at: This paper addresses the challenges of searchable encryption, recognizing that several searchable encryption alternatives reveal information about user search. The authors of this paper present two attack methods that validate the inevitable consequence of leaking user search information, and propose a grouping-based construction (GBC) solution. Keywords: Cloud computing, Fake query, Grouping-based construction, Search pattern, Searchable encryption
  • John Criswell, Nathan Dautenhahn, Vikram Adve, "Virtual Ghost: Protecting Applications From Hostile Operating Systems," ASPLOS '14 Proceedings of the 19th International Conference On Architectural Support For Programming Languages And Operating Systems, March 2014, (Pages 81-96). (ID#:14-1475) Available at: Applications that process sensitive data can be carefully designed and validated to be difficult to attack, but they are usually run on monolithic, commodity operating systems, which may be less secure. An OS compromise gives the attacker complete access to all of an application's data, regardless of how well the application is built. We propose a new system, Virtual Ghost, that protects applications from a compromised or even hostile OS. Virtual Ghost is the first system to do so by combining compiler instrumentation and run-time checks on operating system code, which it uses to create ghost memory that the operating system cannot read or write. Virtual Ghost interposes a thin hardware abstraction layer between the kernel and the hardware that provides a set of operations that the kernel must use to manipulate hardware, and provides a few trusted services for secure applications such as ghost memory management, encryption and signing services, and key management. Unlike previous solutions, Virtual Ghost does not use a higher privilege level than the kernel. Virtual Ghost performs well compared to previous approaches; it outperforms InkTag on five out of seven of the LMBench microbenchmarks with improvements between 1.3x and 14.3x. For network downloads, Virtual Ghost experiences a 45% reduction in bandwidth at most for small files and nearly no reduction in bandwidth for large files and web traffic. An application we modified to use ghost memory shows a maximum additional overhead of 5% due to the Virtual Ghost protections. We also demonstrate Virtual Ghost's efficacy by showing how it defeats sophisticated rootkit attacks. Keywords: control-flow integrity, inlined reference monitors, malicious operating systems, software fault isolation, software security


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.