Visible to the public Vulnerability Detection (2014 Year in Review), Part 2

SoS Newsletter- Advanced Book Block


SoS Logo

Vulnerability Detection
(2014 Year in Review)
Part 2


Vulnerability detection is a topic for which a great deal of research is being done.  In 2014, more than one hundred major research presentations relevant to the Science of Security were made and published.  To facilitate finding articles, we will present these in four parts. In Part 2, we will cite the next 25.


Liban, A.; Hilles, S.M.S., "Enhancing Mysql Injector Vulnerability Checker Tool (Mysql Injector) Using Inference Binary Search Algorithm For Blind Timing-Based Attack," Control and System Graduate Research Colloquium (ICSGRC), 2014 IEEE 5th, pp.47, 52, 11-12 Aug. 2014. doi: 10.1109/ICSGRC.2014.6908694 Securing the database against frequent attacks is a big concern; attackers usually intend to snitch private information and damage databases. These days, web applications are widely used as a meddler between computer users. Web applications are also used mostly by e-commerce companies, and these types of applications need a secured database in order to keep sensitive and confidential information. Since Blind SQL injection attacks occurred as a new way of accessing database through the application rather than directly through the database itself, they have become popular among hackers and malicious users. Many detection tools are developed to handle this problem but they have limitations. This study enhances SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks (MYSQL Injector) using time-based attack with Inference Binary Search Algorithm. It covers four types of blind SQL injection attacks, true/false, true error, time-based and order by attacks. This tool will automate the process of the blind SQL injection attacks to check the blind SQL injection vulnerability in the PHP-based websites that use MySQL databases. Forty four vulnerable websites and thirty non vulnerable websites were tested to ensure the accuracy of the tool. The result shows 93% accuracy for detecting the vulnerability while MySQL injector performs 84%.
Keywords: Internet; SQL; Web sites; computer crime; electronic commerce; formal verification;search problems; MySQL databases; MySQL injector vulnerability checker tool; PHP-based Web sites; SQL-injection vulnerability scanning tool; Web applications; blind SQL injection attacks; blind timing-based attack; confidential information; e-commerce companies; hackers; inference binary search algorithm; malicious users; sensitive information; Accuracy; Control systems; Databases; HTML; Inference algorithms; Servers; Testing; SQL Injection; Web Security; blind Sql Injection (ID#: 15-4117)


Gersch, J.; Massey, D.; Papadopoulos, C., "Incremental Deployment Strategies for Effective Detection and Prevention of BGP Origin Hijacks," Distributed Computing Systems (ICDCS), 2014 IEEE 34th International Conference on, pp.670, 679, June 30 2014-July 3 2014. doi: 10.1109/ICDCS.2014.74 A variety of solutions have been proposed for detecting and preventing IP hijack attacks. Despite potentially serious consequences these solutions have not been widely deployed, partially because many ISPs do not view their risk as large enough to warrant investment. Nevertheless, a number of organizations such as critical national infrastructure are at a very high risk level and require a deployed solution. Is it possible for these sites to be protected despite the majority apathy, given that a critical mass of ISPs is generally required to participate in the solution? We examine this conflict by presenting an approach which determines AS vulnerability based on topological location. We next examine the effectiveness of incremental security deployment. We separately examine BGP hijack detection which, if improperly peered, may completely miss a hijack. Finally, we address a pessimistic view with respect to deployment and propose an approach in which an autonomous system can act in its own self-interest to determine a minimal threshold for hijack detection or prevention.
Keywords: Internet; computer network security; AS vulnerability; BGP origin hijacks; IP hijack attacks; Internet protocol; Internet service providers; border gateway protocol; critical national infrastructure; hijack detection; hijack prevention; incremental deployment strategies ;incremental security deployment; topological location; Analytical models; IP networks; Internet; Measurement Resistance; Routing; Security; BGP; BGP Security; BGP hijack prevention; IP Hijacking; ROVER; Routing; Security; simulation (ID#: 15-4118)


Strobl, Christian, "Arc Fault Detection - a Model-based Approach," ICEC 2014; The 27th International Conference on Electrical Contacts; Proceedings on pp.1,6, 22-26 June 2014. Abstract: Especially in electrical networks with distributed sources and a large variety of possible loads it makes sense to combine models of the components in a modular conception in order to analyze the vulnerability to arc faults and to develop reliable arc fault detection referring to the specific system characteristics. Therefore it is appropriate to analyze the small-signal behavior of the sources, the lines and the loads at a great variety of operating points and to consider the inherent characteristics in the time and frequency domain (e.g. switching frequencies of converters), if normal operation is to be distinguished from operation with arc fault and its typical broadband noise. This model-based approach allows a system-adapted design of pre-processing analogue filters in LF- or VLF-sensors and precise feature selection in pattern recognition algorithms for the purpose of arc fault detection and classification. After a generalized description the model-based methods are specified for the application field of photovoltaics and for lithium-ion-batteries.
Keywords:  (not provided) (ID#: 15-4119)


Qinghai Liu; Hong Shen; Hui Tian; Yingpeng Sang, "Using Symmetry Dicke State as Security Detection Particle in Quantum "Ping-Pong" Protocol," Parallel Architectures, Algorithms and Programming (PAAP), 2014 Sixth International Symposium on, pp.244,249, 13-15 July 2014. doi: 10.1109/PAAP.2014.58 Quantum Mechanics is one of the basic theories in modern physics, which has been widely used in many modern applications. In order to transmit a secure message, the deterministic secure quantum direct communication protocol was proposed. It has attracted great interest of researchers afterwards. But the protocol was proved to have many vulnerabilities, and can be attacked by eavesdropper. Many researchers have tried to improve it, with the concentration on the security detection strategy. In this paper, the symmetry Dicke state is used to detect eavesdropper. The quantum direct communication protocol that uses symmetry Dicke state as security detection particle and the method of entropy theory are introduced, and three detection strategies are compared. During the security analysis, we found that the efficiency of the proposed mothed is higher than the original "Ping-Pong" Protocol and the mothed that use two particles of EPR pair.
Keywords: entropy; protocols; quantum communication; telecommunication security; deterministic secure quantum direct communication protocol; eavesdropper detection; entropy theory; modern physics; quantum mechanics; quantum ping-pong protocol; secure message; security analysis; security detection particle; security detection strategy; symmetry Dicke state; Atmospheric measurements; Encoding; Particle measurements; Photonics; Protocols; Quantum mechanics; Security; "Ping-Pong" Protocol; Security Detection Strategy; Symmetry Dicke state; protocol security (ID#: 15-4120)


Bou-Harb, E.; Debbabi, M.; Assi, C., "Cyber Scanning: A Comprehensive Survey," Communications Surveys & Tutorials, IEEE, vol.16, no.3, pp.1496, 1519, Third Quarter 2014. doi: 10.1109/SURV.2013.102913.00020 Cyber scanning refers to the task of probing enterprise networks or Internet wide services, searching for vulnerabilities or ways to infiltrate IT assets. This misdemeanor is often the primarily methodology that is adopted by attackers prior to launching a targeted cyber attack. Hence, it is of paramount importance to research and adopt methods for the detection and attribution of cyber scanning. Nevertheless, with the surge of complex offered services from one side and the proliferation of hackers' refined, advanced, and sophisticated techniques from the other side, the task of containing cyber scanning poses serious issues and challenges. Furthermore recently, there has been a flourishing of a cyber phenomenon dubbed as cyber scanning campaigns - scanning techniques that are highly distributed, possess composite stealth capabilities and high coordination - rendering almost all current detection techniques unfeasible. This paper presents a comprehensive survey of the entire cyber scanning topic. It categorizes cyber scanning by elaborating on its nature, strategies and approaches. It also provides the reader with a classification and an exhaustive review of its techniques. Moreover, it offers a taxonomy of the current literature by focusing on distributed cyber scanning detection methods. To tackle cyber scanning campaigns, this paper uniquely reports on the analysis of two recent cyber scanning incidents. Finally, several concluding remarks are discussed.
Keywords: Internet; security of data ;Internet wide services; cyber scanning technique; distributed cyber scanning detection method; enterprise networks; targeted cyber attack; Cyberspace; Internet; Monitoring; Ports (Computers); Probes; Protocols; Servers; Cyber scanning; Network reconnaissance; Probing; Probing campaigns; Scanning events (ID#: 15-4121)


Alegre, Federico; Soldi, Giovanni; Evans, Nicholas; Fauve, Benoit; Liu, Jasmin, "Evasion and Obfuscation In Speaker Recognition Surveillance And Forensics," Biometrics And Forensics (IWBF), 2014 International Workshop on, pp. 1, 6, 27-28 March 2014. doi: 10.1109/IWBF.2014.6914244 This paper presents the first investigation of evasion and obfuscation in the context of speaker recognition surveillance and forensics. In contrast to spoofing, which aims to provoke false acceptances in authentication applications, evasion and obfuscation target detection and recognition modules in order to provoke missed detections. The paper presents our analysis of each vulnerability and the potential for countermeasures using standard NIST datasets and protocols and six different speaker recognition systems (from a standard GMM-UBM system to a state-of-the-art i-vector system). Results show that all systems are vulnerable to both evasion and obfuscation attacks and that a new generalised countermeasure shows promising detection performance. While all evasion attacks and almost all obfuscation attacks are detected in the case of this particular setup, the work nonetheless highlights the need for further research.
Keywords: Biometrics (access control);Forensics; Speaker recognition; Speech; Speech recognition; Standards; Surveillance; biometrics; evasion; forensics; obfuscation; speaker recognition; spoofing; surveillance (ID#: 15-4122)


Goseva-Popstojanova, K.; Dimitrijevikj, A., "Distinguishing between Web Attacks and Vulnerability Scans Based on Behavioral Characteristics," Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on, pp.42, 48, 13-16 May 2014. doi: 10.1109/WAINA.2014.15 The number of vulnerabilities and reported attacks on Web systems are showing increasing trends, which clearly illustrate the need for better understanding of malicious cyber activities. In this paper we use clustering to classify attacker activities aimed at Web systems. The empirical analysis is based on four datasets, each in duration of several months, collected by high-interaction honey pots. The results show that behavioral clustering analysis can be used to distinguish between attack sessions and vulnerability scan sessions. However, the performance heavily depends on the dataset. Furthermore, the results show that attacks differ from vulnerability scans in a small number of features (i.e., session characteristics). Specifically, for each dataset, the best feature selection method (in terms of the high probability of detection and low probability of false alarm) selects only three features and results into three to four clusters, significantly improving the performance of clustering compared to the case when all features are used. The best subset of features and the extent of the improvement, however, also depend on the dataset.
Keywords: Internet; computer network security; Web attacks; Web systems; behavioral characteristics; behavioral clustering analysis; feature selection method; high-interaction honey pots; malicious cyber activities; vulnerability scans; Blogs; Encyclopedias; Feature extraction; Radio access networks; Support vector machines; Web 2.0;Web applications; attacks; classification of malicious cyber activities; honeypots; vulnerability scans (ID#: 15-4123)


Salman, A.; Elhajj, I.H.; Chehab, A.; Kayssi, A., "DAIDS: An Architecture for Modular Mobile IDS," Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on, pp. 328, 333, 13-16 May 2014. doi: 10.1109/WAINA.2014.54 The popularity of mobile devices and the enormous number of third party mobile applications in the market have naturally lead to several vulnerabilities being identified and abused. This is coupled with the immaturity of intrusion detection system (IDS) technology targeting mobile devices. In this paper we propose a modular host-based IDS framework for mobile devices that uses behavior analysis to profile applications on the Android platform. Anomaly detection can then be used to categorize malicious behavior and alert users. The proposed system accommodates different detection algorithms, and is being tested at a major telecom operator in North America. This paper highlights the architecture, findings, and lessons learned.
Keywords: Android (operating system); mobile computing; mobile radio; security of data; Android platform; DAIDS; North America; anomaly detection ;behavior analysis; detection algorithms; intrusion detection system; malicious behavior; mobile devices; modular mobile IDS; profile applications; telecom operator; third party mobile applications; Androids; Databases; Detectors; Humanoid robots; Intrusion detection; Malware; Monitoring; behavior profiling; dynamic analysis; intrusion detection (ID#: 15-4124)


Upasani, G.; Vera, X.; Gonzalez, A., "Framework for Economical Error Recovery In Embedded Cores," On-Line Testing Symposium (IOLTS), 2014 IEEE 20th International, pp.146, 153, 7-9 July 2014. doi: 10.1109/IOLTS.2014.6873687 The vulnerability of the current and future processors towards transient errors caused by particle strikes is expected to increase rapidly because of exponential growth rate of on-chip transistors, the lower voltages and the shrinking feature size. This encourages innovation in the direction of finding new techniques for providing robustness in logic and memories that allow meeting the desired failures in-time (FIT) budget in future chip multiprocessors (CMPs) present in embedded systems. In embedded systems two aspects of robustness, error detection and containment, are of paramount importance. This paper proposes a light-weight and scalable architecture that uses acoustic wave detectors for error detection and contains errors at the core level. We show how selectively applying error containment can reduce the number of detectors required for error containment. We observe that by using 17 detectors we can achieve error containment coverage of 97.8%.
Keywords: acoustic transducers; embedded systems; error detection; failure analysis; integrated logic circuits; microprocessor chips; radiation hardening (electronics);storage management chips; CMPs; FIT budget; acoustic wave detectors; chip multiprocessors; core level; economical error recovery; embedded cores; embedded systems; error containment ;error detection; exponential growth rate; failures in-time; future processors; memories; on-chip transistors; particle strikes; transient errors; Acoustic waves; Checkpointing; Detectors; Embedded systems; Memory management; Program processors; Robustness (ID#: 15-4125)


Cam, H.; Mouallem, P.; Yilin Mo; Sinopoli, B.; Nkrumah, B., "Modeling Impact Of Attacks, Recovery, And Attackability Conditions For Situational Awareness," Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2014 IEEE International Inter-Disciplinary Conference on , vol., no., pp.181,187, 3-6 March 2014. doi: 10.1109/CogSIMA.2014.6816560 A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.
Keywords: {Petri nets; distributed processing; security of data; actuators; anomaly-based intrusion detection system; assets influence; control theory; controllers; distributed control system; distributed cyber control system; dynamic analysis; linear time-invariant system; modeling impact; numerical evaluation; scanners; situational awareness; time Petri nets; timing relationships; topological attackability condition; Analytical models; Decentralized control; Fires; Intrusion detection; Linear systems; Sensors (ID#: 15-4126)


Chen, Lin; Chen, Xingshu; Jiang, Junfang; Yin, Xueyuan; Shao, Guolin, "Research and Practice Of Dynamic Network Security Architecture For Iaas Platforms," Tsinghua Science and Technology, vol. 19, no. 5, pp.496, 507, Oct. 2014. doi: 10.1109/TST.2014.6919826 Network security requirements based on virtual network technologies in IaaS platforms and corresponding solutions were reviewed. A dynamic network security architecture was proposed, which was built on the technologies of software defined networking, Virtual Machine (VM) traffic redirection, network policy unified management, software defined isolation networks, vulnerability scanning, and software updates. The proposed architecture was able to obtain the capacity for detection and access control for VM traffic by redirecting it to configurable security appliances, and ensured the effectiveness of network policies in the total life cycle of the VM by configuring the policies to the right place at the appropriate time, according to the impacts of VM state transitions. The virtual isolation domains for tenants' VMs could be built flexibly based on VLAN policies or Netfilter/Iptables firewall appliances, and vulnerability scanning as a service and software update as a service were both provided as security supports. Through cooperation with IDS appliances and automatic alarm mechanisms, the proposed architecture could dynamically mitigate a wide range of network-based attacks. The experimental results demonstrate the effectiveness of the proposed architecture.
Keywords: Access control; Communication networks; Computer architecture; Home appliances; Software; Switches;IaaS; cloud computing; life cycle; network policy; network security (ID#: 15-4127)


Orini, M.; Hanson, B.; Monasterio, V.; Martinez, J.P.; Hayward, M.; Taggart, P.; Lambiase, P., "Comparative Evaluation of Methodologies for T-Wave Alternans Mapping in Electrograms," Biomedical Engineering, IEEE Transactions on, vol. 61, no. 2, pp.308,316, Feb. 2014. doi: 10.1109/TBME.2013.2289304 Electrograms (EGM) recorded from the surface of the myocardium are becoming more and more accessible. T-wave alternans (TWA) is associated with increased vulnerability to ventricular tachycardia/fibrillation and it occurs before the onset of ventricular arrhythmias. Thus, accurate methodologies for time-varying alternans estimation/detection in EGM are needed. In this paper, we perform a simulation study based on epicardial EGM recorded in vivo in humans to compare the accuracy of four methodologies: the spectral method (SM), modified moving average method, laplacian likelihood ratio method (LLR), and a novel method based on time-frequency distributions. A variety of effects are considered, which include the presence of wide band noise, respiration, and impulse artifacts. We found that 1) EGM-TWA can be detected accurately when the standard deviation of wide-band noise is equal or smaller than ten times the magnitude of EGM-TWA. 2) Respiration can be critical for EGM-TWA analysis, even at typical respiratory rates. 3) Impulse noise strongly reduces the accuracy of all methods, except LLR. 4) If depolarization time is used as a fiducial point, the localization of the T-wave is not critical for the accuracy of EGM-TWA detection. 5) According to this study, all methodologies provided accurate EGM-TWA detection/quantification in ideal conditions, while LLR was the most robust, providing better detection-rates in noisy conditions. Application on epicardial mapping of the in vivo human heart shows that EGM-TWA has heterogeneous spatio-temporal distribution.
Keywords: electrocardiography; impulse noise; medical signal detection; moving average processes; pneumodynamics; spectral analysis; time-frequency analysis; EGM-TWA detection; T-wave alternans mapping; T-wave localization; depolarization time; electrograms; epicardial EGM; epicardial mapping; heterogeneous spatiotemporal distribution; impulse artifacts; impulse noise ;in vivo human heart; laplacian likelihood ratio method; modified moving average method; myocardium; respiration; spectral method; time-frequency distributions; ventricular arrhythmia; ventricular fibrillation; ventricular tachycardia; wide band noise; Accuracy; Electrodes; Estimation; Heart beat; Morphology; Noise; Standards; Electrograms (EGM); T-wave alternans; intracardiac ECG; repolarization; ventricular arrhythmia (ID#: 15-4128)


Yajuan Tang; Xiapu Luo; Qing Hui; Chang, R.K.C., "Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate DoS Attacks," Information Forensics and Security, IEEE Transactions on, vol. 9, no. 3, pp. 339, 353, March 2014. doi: 10.1109/TIFS.2013.2291970 Feedback control is a critical element in many Internet services (e.g., quality-of-service aware applications). Recent research has demonstrated the vulnerability of some feedback-control based applications to low-rate denial-of-service (LRDoS) attacks, which send high-intensity requests in an ON/OFF pattern to degrade the victim's performance and evade the detection designed for traditional DoS attacks. However, the intricate interaction between LRDoS attacks and the feedback control mechanism remains largely unknown. In this paper, we address two fundamental questions: 1) what is the impact of an LRDoS attack on a general feedback-control based system and 2) how to conduct a systematic evaluation of the impact of an LRDoS attack on specific feedback-control based systems. To tackle these problems, we model the system under attack as a switched system and then examine its properties. We conduct the first theoretical investigation on the impact of the LRDoS attack on a general feedback control system. We formally show that the attack can make the system's steady-state error oscillate along with the attack period, and prove the existence of LRDoS attacks that can force the system to be far off the desired state. In addition, we propose a novel methodology to systematically characterize the impact of an LRDoS attack on specific systems, and apply it to a web server and an IBM Notes server. This investigation obtains many new insights, such as new attack scenarios, the bound of the system's states, the relationship between the bound and the LRDoS attacks, the close-formed equations for quantifying the impact, and so on. The extensive experimental results are congruent with the theoretical analysis.
Keywords: Internet; computer network security; quality of service; IBM Notes server; Internet services; LRDoS attacks; Web server; feedback control mechanism; low-rate DoS attacks; low-rate denial-of-service; quality-of-service aware applications; switched system; Computer crime; Feedback control; Steady-state; Switched systems; Switches; Web servers; Feedback control ;low-rate DoS attack; performance degradation; stability; switched system (ID#: 15-4129)


Hari, S.K.S.; Venkatagiri, R.; Adve, S.V.; Naeimi, H., "GangES: Gang Error Simulation For Hardware Resiliency Evaluation," Computer Architecture (ISCA), 2014 ACM/IEEE 41st International Symposium on, pp.61,72, 14-18 June 2014. doi: 10.1109/ISCA.2014.6853212 As technology scales, the hardware reliability challenge affects a broad computing market, rendering traditional redundancy based solutions too expensive. Software anomaly based hardware error detection has emerged as a low cost reliability solution, but suffers from Silent Data Corruptions (SDCs). It is crucial to accurately evaluate SDC rates and identify SDC producing software locations to develop software-centric low-cost hardware resiliency solutions.A recent tool, called Relyzer, systematically analyzes an entire application's resiliency to single bit soft-errors using a small set of carefully selected error injection sites. Relyzer provides a practical resiliency evaluation mechanism but still requires significant evaluation time, most of which is spent on error simulations. This paper presents a new technique called GangES (Gang Error Simulator) that aims to reduce error simulation time. GangES observes that a set or gang of error simulations that result in the same intermediate execution state (after their error injections) will produce the same error outcome; therefore, only one simulation of the gang needs to be completed, resulting in significant overall savings in error simulation time. GangES leverages program structure to carefully select when to compare simulations and what state to compare. For our workloads, GangES saves 57% of the total error simulation time with an overhead ofjust 1.6%. This paper also explores pure program analyses based techniques that could obviate the needfor tools such as GangES altogether. The availability of Relyzer+GangES allows us to perform a detailed evaluation of such techniques. We evaluate the accuracy of several previously proposed program metrics. We find that the metrics we considered and their various linear combinations are unable to adequately predict an instruction's vulnerability to SDCs, further motivating the use of Relyzer+GangES style techniques as valuable solutions for the hardware error resiliency - valuation problem.
Keywords: error detection; fault tolerant computing; program diagnostics; redundancy; software reliability; GangES; Relyzer; SDC producing software location; SDC rates; computing market; error injection site; error simulation time; gang error simulation; hardware error resiliency evaluation problem; hardware reliability challenge; hardware resiliency evaluation; program metrics; redundancy based solution; reliability solution; resiliency evaluation mechanism; silent data corruptions; soft-error; software anomaly based hardware error detection; software-centric low-cost hardware resiliency solution; Accuracy; Analytical models; Error analysis; Hardware; Registers; Software; Transient analysis (ID#: 15-4130)


Kui Wu; Wenyin Tang; Mao, K.Z.; Gee-Wah Ng; Lee Onn Mak, "Semantic-Level Fusion Of Heterogenous Sensor Network And Other Sources Based On Bayesian Network," Information Fusion (FUSION), 2014 17th International Conference on, pp. 1, 7, 7-10 July 2014. Information fusion systems that involve the use of heterogeneous sensor networks often face the problems of loss of data and uncertainty in data caused by vulnerability of networks where sensor nodes may be attacked or break down, limited bandwidth which may cause network congestion, and urban environments which may affect the sensor measurements. In this paper, we propose to address the above mentioned problem by employing information from other sources (e.g., textual situation reports, open-source web information, news reports and social media etc.) to augment estimation from physical sensors (e.g., video, acoustic, seismic, radar and multispectral data). A semantic-level information fusion (SELF) framework is developed based on Bayesian network, which is capable of (i) integrating information of different types (hard and soft data); (ii) incorporating contextual information and prior knowledge into the process; and (iii) dealing with loss of data and uncertainties inherent in all data sources. An adversarial event detection problem is used as an example to illustrate the effectiveness of the proposed system.
Keywords: belief networks; semantic networks; sensor fusion; wireless sensor networks; Bayesian network; contextual information; heterogeneous sensor networks; heterogeneous sensor network; information fusion systems; network congestion; physical sensors; semantic level fusion; semantic level information fusion framework; sensor measurements; Bayes methods; Computational modeling; Context; Event detection; Semantics; Taxonomy; Uncertainty; Bayesian network; contextual information; hard and soft information fusion; semantic-level fusion (ID#: 15-4131)


Pin-Yu Chen; Shin-Ming Cheng; Kwang-Cheng Chen, "Information Fusion to Defend Intentional Attack in Internet of Things," Internet of Things Journal, IEEE, vol. 1, no. 4, pp.337, 348, Aug. 2014. doi: 10.1109/JIOT.2014.2337018 Robust network design against attacks is one of the most fundamental issues in Internet of Things (IoT) architecture as IoT operations highly rely on the support of the underlaying communication infrastructures. In this paper, the vulnerability of IoT infrastructure under intentional attacks is investigated by relating the network resilience to the percolation-based connectivity. Intentional attacks impose severe threats on the network operations as it can effectively disrupt a network by paralyzing a small fraction of nodes, and therefore deteriorating IoT operations. A fusion-based defense mechanism is proposed to mitigate the damage caused by such attacks, where each node feedbacks minimum (one-bit) local decision to the fusion center for attack inference. By formulating the attack and defense strategy as a zero-sum game, the outcome of the game equilibrium is used to evaluate the effectiveness of the proposed mechanism. The robustness of the Internet-oriented and the cyber-physical system (CPS)-oriented networks are specifically analyzed to illustrate the foundation of future IoT infrastructure. Both analytical and empirical results show that the proposed mechanism greatly enhances the robustness of IoT, even in the weak local detection capability and fragile network structure regime.
Keywords: Internet of Things; computer network security; game theory; Internet of Things ;IoT; cyber-physical system-oriented networks; fusion-based defense mechanism; game equilibrium; information fusion; Intentional attack; network design; percolation-based connectivity; zero-sum game; Game theory; Games; Internet of Things; Network topology; Resilience; Robustness; Attack and defense; connectivity; cyber-physical system (CPS);machine-to-machine (M2M) communications; network vulnerability; zero-sum game (ID#: 15-4132)


Alegre, F.; Soldi, G.; Evans, N., "Evasion and Obfuscation In Automatic Speaker Verification," Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on, pp.749, 753, 4-9 May 2014. doi: 10.1109/ICASSP.2014.6853696 The potential for biometric systems to be manipulated through some form of subversion is well acknowledged. One such approach known as spoofing relates to the provocation of false accepts in authentication applications. Another approach referred to as obfuscation relates to the provocation of missed detections in surveillance applications. While the automatic speaker verification research community is now addressing spoofing and countermeasures, vulnerabilities to obfuscation remain largely unknown. This paper reports the first study. Our work with standard NIST datasets and protocols shows that the equal error rate of a standard GMM-UBM system is increased from 9% to 48% through obfuscation, whereas that of a state-of-the-art i-vector system increases from 3% to 20%. We also present a generalised approach to obfuscation detection which succeeds in detecting almost all attempts to evade detection.
Keywords: biometrics (access control);cryptographic protocols; speaker recognition; surveillance; GMM-UBM system; NIST datasets; authentication applications; automatic speaker verification; biometric systems; i-vector system; obfuscation; protocols; spoofing; surveillance; Authentication; Conferences; Speaker recognition; Speech; Speech processing; Standards; Surveillance; biometrics; evasion; obfuscation; speaker recognition; speaker verification; spoofing; surveillance (ID#: 15-4133)


Hussain, A.; Saqib, N.A.; Qamar, U.; Zia, M.; Mahmood, H., "Protocol-Aware Radio Frequency Jamming In Wi-Fi And Commercial Wireless Networks," Communications and Networks, Journal of, vol. 16, no. 4, pp.397,406, Aug. 2014. doi: 10.1109/JCN.2014.000069 Radio frequency (RF) jamming is a denial of service attack targeted at wireless networks. In resource-hungry scenarios with constant traffic demand, jamming can create connectivity problems and seriously affect communication. Therefore, the vulnerabilities of wireless networks must be studied. In this study, we investigate a particular type of RF jamming that exploits the semantics of physical (PHY) and medium access control (MAC) layer protocols. This can be extended to any wireless communication network whose protocol characteristics and operating frequencies are known to the attacker. We propose two efficient jamming techniques: A low-data-rate random jamming and a shot-noise based protocol-aware RF jamming. Both techniques use shot-noise pulses to disrupt ongoing transmission ensuring they are energy efficient, and they significantly reduce the detection probability of the jammer. Further, we derived the tight upper bound on the duration and the number of shot-noise pulses for Wi-Fi, GSM, and WiMax networks. The proposed model takes consider the channel access mechanism employed at the MAC layer, data transmission rate, PHY/MAC layer modulation and channel coding schemes. Moreover, we analyze the effect of different packet sizes on the proposed jamming methodologies. The proposed jamming attack models have been experimentally evaluated for 802.11b networks on an actual testbed environment by transmitting data packets of varying sizes. The achieved results clearly demonstrate a considerable increase in the overall jamming efficiency of the proposed protocol-aware jammer in terms of packet delivery ratio, energy expenditure and detection probabilities over contemporary jamming methods provided in the literature.
Keywords: WiMax; access protocols; cellular radio; channel coding; computer network security; jamming; probability; telecommunication traffic; wireless LAN;802.11b networks; GSM network; MAC layer modulation; PHY layer modulation; Wi-Fi network; WiMax network; channel access mechanism; channel coding schemes; commercial wireless networks; connectivity problems; constant traffic demand; data transmission rate; denial-of-service attack; detection probabilities; detection probability reduction; energy expenditure; jamming attack models; low-data-rate random jamming; medium access control layer protocol; packet delivery ratio; physical layer protocol; protocol-aware radio frequency jamming; shot-noise based protocol-aware RF jamming; shot-noise pulses; GSM; IEEE 802.11 Standards; Jamming; Noise; Radio frequency; WiMAX; Jamming detection; network allocation vector (NAV);protocol-aware jamming; random jamming; shot-noise (ID#: 15-4134)


Nader, P.; Honeine, P.; Beauseroy, P., "lp-norms in One-Class Classification for Intrusion Detection in SCADA Systems," Industrial Informatics, IEEE Transactions on, vol. 10, no. 4, pp.2308,2317, Nov. 2014. doi: 10.1109/TII.2014.2330796 The massive use of information and communication technologies in supervisory control and data acquisition (SCADA) systems opens new ways for carrying out cyberattacks against critical infrastructures relying on SCADA networks. The various vulnerabilities in these systems and the heterogeneity of cyberattacks make the task extremely difficult for traditional intrusion detection systems (IDS). Modeling cyberattacks has become nearly impossible and their potential consequences may be very severe. The primary objective of this work is to detect malicious intrusions once they have already bypassed traditional IDS and firewalls. This paper investigates the use of machine learning for intrusion detection in SCADA systems using one-class classification algorithms. Two approaches of one-class classification are investigated: 1) the support vector data description (SVDD); and 2) the kernel principle component analysis. The impact of the considered metric is examined in detail with the study of ${mbi {l_p}}$-norms in radial basis function (RBF) kernels. A heuristic is proposed to find an optimal choice of the bandwidth parameter in these kernels. Tests are conducted on real data with several types of cyberattacks.
Keywords: Intrusion detection; Kernel; Machine learning; Optimization; SCADA systems; ${mbi {l_p}}$ -norms; Intrusion detection; kernel methods; one-class classification; supervisory control and data acquisition (SCADA) systems (ID#: 15-4135)


Anjos, A.; Chakka, M.M.; Marcel, S., "Motion-Based Counter-Measures To Photo Attacks In Face Recognition," Biometrics, IET, vol.3, no.3, pp.147, 158, Sept. 2014. doi: 10.1049/iet-bmt.2012.0071 Identity spoofing is a contender for high-security face-recognition applications. With the advent of social media and globalised search, peoples face images and videos are wide-spread on the Internet and can be potentially used to attack biometric systems without previous user consent. Yet, research to counter these threats is just on its infancy - the authors lack public standard databases, protocols to measure spoofing vulnerability and baseline methods to detect these attacks. The contributions of this work to the area are 3-fold: first, the authors a publicly available PHOTO-ATTACK database with associated protocols to measure the effectiveness of counter-measures is introduced. Based on the data available, a study is conducted on current state-of-the-art spoofing detection algorithms based on motion analysis, showing they fail under the light of this new dataset. By last, the authors propose a new technique of counter-measure solely based on foreground/background motion correlation using optical flow that outperforms all other algorithms achieving nearly perfect scoring with an equal-error rate of 1.52% on the available test data. The source code leading to the reported results is made available for the replicability of findings in this study.
Keywords: authorisation; face recognition; image motion analysis; image sequences; background motion correlation; baseline methods; biometric system attack; equal-error rate; face images; face videos; foreground motion correlation; globalised search; high-security face-recognition applications; motion-based photo attack counter-measures; optical flow; public standard databases; publicly available photo-attack database; social media; source code; spooling detection algorithms; spooling vulnerability measurement protocols (ID#: 15-4136)


Erdogmus, N.; Marcel, S., "Spoofing Face Recognition With 3D Masks," Information Forensics and Security, IEEE Transactions on, vol. 9, no. 7, pp.1084,1097, July 2014. doi: 10.1109/TIFS.2014.2322255 Spoofing is the act of masquerading as a valid user by falsifying data to gain an illegitimate access. Vulnerability of recognition systems to spoofing attacks (presentation attacks) is still an open security issue in biometrics domain and among all biometric traits, face is exposed to the most serious threat, since it is particularly easy to access and reproduce. In this paper, many different types of face spoofing attacks have been examined and various algorithms have been proposed to detect them. Mainly focusing on 2D attacks forged by displaying printed photos or replaying recorded videos on mobile devices, a significant portion of these studies ground their arguments on the flatness of the spoofing material in front of the sensor. However, with the advancements in 3D reconstruction and printing technologies, this assumption can no longer be maintained. In this paper, we aim to inspect the spoofing potential of subject-specific 3D facial masks for different recognition systems and address the detection problem of this more complex attack type. In order to assess the spoofing performance of 3D masks against 2D, 2.5D, and 3D face recognition and to analyze various texture-based countermeasures using both 2D and 2.5D data, a parallel study with comprehensive experiments is performed on two data sets: the Morpho database which is not publicly available and the newly distributed 3D mask attack database.
Keywords: face recognition; image texture; security of data;2.5D face recognition; 2D attacks; 2D face recognition;3D face recognition;3D facial masks;3D mask attack database; 3D reconstruction technology; Morpho database; biometric traits; biometrics domain; face spoofing attacks; presentation attacks; printing technology; spoofing face recognition; texture-based countermeasures; Databases; Face; Face recognition; Materials; Solid modeling; Three-dimensional displays; Videos; Spoofing; face recognition; mask attack; presentation attack (ID#: 15-4137)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.