Visible to the public Vulnerability Detection (2014 Year in Review), Part 3

SoS Newsletter- Advanced Book Block


SoS Logo

Vulnerability Detection
(2014 Year in Review)
Part 3


Vulnerability detection is a topic for which a great deal of research is being done.  In 2014, more than one hundred major research presentations relevant to the Science of Security were made and published.  To facilitate finding articles, we will present these in four parts. In Part 3, we will cite the next 25.


Chou, H.-M.; Hsiao, M.-Y.; Chen, Y.-C.; Yang, K.-H.; Tsao, J.; Lung, C.-L.; Chang, S.-C.; Jone, W.-B.; Chen, T.-F., "Soft-Error-Tolerant Design Methodology for Balancing Performance, Power, and Reliability," Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol. PP, no.99, pp.1,1, September 2014. doi: 10.1109/TVLSI.2014.2348872 Soft error has become an important reliability issue in advanced technologies. To tolerate soft errors, solutions suggested in previous works incur significant performance and power penalties, especially when a design with fault-tolerant structures is overprotected. In this paper, we present a soft-error-tolerant design methodology to tradeoff performance, power, and reliability for different applications. First, four novel detection and correction flip-flop (FF) structures are proposed to provide different levels of tolerance capability against soft errors. Second, architecture-level vulnerability and logic-level susceptibility analyses are employed to identify weak FFs that can easily cause program execution errors. Third, an optimization framework is developed to synthesize the proposed four novel FF structures into weak and highly observable storage bits with the flexibility of trading off performance, power, and reliability. A five-stage pipeline RISC core (UniRISC) is adopted to demonstrate the usefulness of our methodology. Experimental results show that the proposed method can accomplish design goals by balancing performance, power, and reliability. For example, we can not only satisfy the reliability requirement that no more than five errors occur per one billion hours in a design but also reduce up to 87% performance overhead and 91% power overhead when compared with previous works.
Keywords: Clocks; Delays; Estimation; Integrated circuit reliability; Latches; Reliability engineering; Power consumption; reliability; soft error; susceptibility; vulnerability (ID#: 15-4138)


Lodhi, F.K.; Hasan, S.R.; Hasan, O.; Awwad, F., "Low Power Soft Error Tolerant Macro Synchronous Micro Asynchronous (MSMA) Pipeline," VLSI (ISVLSI), 2014 IEEE Computer Society Annual Symposium on, pp. 601, 606, 9-11 July 2014. doi: 10.1109/ISVLSI.2014.59 Advancement in deep submicron (DSM) technologies led to miniaturization. However, it also increased the vulnerability against some electrical and device non-idealities, including the soft errors. These errors are significant threat to the reliable functionality of digital circuits. Several techniques for the detection and deterrence of soft errors (to improve the reliability) have been proposed, both in synchronous and asynchronous domain. In this paper we propose a low power and soft error tolerant solution for synchronous systems that leverages the asynchronous pipeline within a synchronous framework. We named our technique as macro synchronous micro asynchronous (MSMA) pipeline. We provided a framework along with timing analysis of the MSMA technique. MSMA is implemented using a macro synchronous system and soft error tolerant and low power version of null convention logic (NCL) asynchronous circuit. It is found out that this solution can easily replace the intermediate stages of synchronous and asynchronous pipelines without changing its interface protocol. Such NCL asynchronous circuits can be used as a standard cell in the synchronous ASIC design flow. Power and performance analysis is done using electrical simulations, which shows that this techniques consumes at least 22% less power and 45% less energy delay product (EDP) compared to state-of-the-art solutions.
Keywords: asynchronous circuits; circuit simulation; integrated circuit design; integrated logic circuits; low-power electronics; radiation hardening (electronics); deep submicron technologies; electrical simulations; energy delay product; low power soft error tolerant MSMA pipeline; macrosynchronous microasynchronous; null convention logic asynchronous circuit; synchronous ASIC design flow; Adders; Asynchronous circuits; Delays; Logic gates; Pipelines; Rails; Registers; Low power Aynshronous circuits; NCL pipeline; SE tolerant circuits; Soft Error (ID#: 15-4139)


Chingovska, I.; Anjos, A.R.d.; Marcel, S., "Biometrics Evaluation Under Spoofing Attacks," Information Forensics and Security, IEEE Transactions on, vol.9, no.12, pp.2264, 2276, Dec. 2014. doi: 10.1109/TIFS.2014.2349158 While more accurate and reliable than ever, the trustworthiness of biometric verification systems is compromised by the emergence of spoofing attacks. Responding to this threat, numerous research publications address isolated spoofing detection, resulting in efficient counter-measures for many biometric modes. However, an important, but often overlooked issue regards their engagement into a verification task and how to measure their impact on the verification systems themselves. A novel evaluation framework for verification systems under spoofing attacks, called expected performance and spoofability framework, is the major contribution of this paper. Its purpose is to serve for an objective comparison of different verification systems with regards to their verification performance and vulnerability to spoofing, taking into account the system’s application-dependent susceptibility to spoofing attacks and cost of the errors. The convenience of the proposed open-source framework is demonstrated for the face mode, by comparing the security guarantee of four baseline face verification systems before and after they are secured with antispoofing algorithms.
Keywords: Biological system modeling; Biometrics (access control); Databases; Error analysis; Face; Measurement; Training; Attack; biometric verification;counter-measures;counter-spoofing;disguise;dishonest acts;evaluation; face recognition; forgery; liveness detection; replay; spoofing (ID#: 15-4140)


Rosich, Albert; Voos, Holger; Darouach, Mohamed, "Cyber-Attack Detection Based On Controlled Invariant Sets," Control Conference (ECC), 2014 European, pp. 2176, 2181, 24-27 June 2014. doi: 10.1109/ECC.2014.6862206 This paper explores a new method for detecting cyber-attacks on a controller. Specifically, the proposed detector is based on invariant sets in order to determine whether an attacker has hijacked the controller and perpetrated a cyber-attack. One particularity of this detection method is that few information about the controller is required. Thus, the detector becomes useful for a large range of control laws and its vulnerability can be reduced by limiting its accessibility. Finally, a simple but significant example is presented in order to show the benefits and the flaws of the proposed methodology.
Keywords: Control systems; Detectors; Optimization; Reachability analysis; Robustness; Safety; Security (ID#: 15-4141)


Rocha, T.S.; Souto, E., "ETSSDetector: A Tool to Automatically Detect Cross-Site Scripting Vulnerabilities," Network Computing and Applications (NCA), 2014 IEEE 13th International Symposium on, pp.306,309, 21-23 Aug. 2014. doi: 10.1109/NCA.2014.53 The inappropriate use of features intended to improve usability and interactivity of web applications has resulted in the emergence of various threats, including Cross-Site Scripting(XSS) attacks. In this work, we developed ETSS Detector, a generic and modular web vulnerability scanner that automatically analyzes web applications to find XSS vulnerabilities. ETSS Detector is able to identify and analyze all data entry points of the application and generate specific code injection tests for each one. The results shows that the correct filling of the input fields with only valid information ensures a better effectiveness of the tests, increasing the detection rate of XSS attacks.
Keywords: Internet; interactive systems; security of data; ETSS Detector; Web applications; XSS attacks; cross-site scripting vulnerabilities; interactivity; Browsers; Data mining; Databases; Filling; Qualifications; Security; Testing; Cross-Site Scripting; ETSS Detector; vulnerabilities (ID#: 15-4142)


Jeyapaul, R.; Fei Hong; Rhisheekesan, A.; Shrivastava, A.; Kyoungwoo Lee, "UnSync-CMP: Multicore CMP Architecture for Energy-Efficient Soft-Error Reliability," Parallel and Distributed Systems, IEEE Transactions on, vol.25, no.1, pp. 254, 263, Jan. 2014. doi: 10.1109/TPDS.2013.14 Reducing device dimensions, increasing transistor densities, and smaller timing windows, expose the vulnerability of processors to soft errors induced by charge carrying particles. Since these factors are only consequences of the inevitable advancement in processor technology, the industry has been forced to improve reliability on general purpose chip multiprocessors (CMPs). With the availability of increased hardware resources, redundancy-based techniques are the most promising methods to eradicate soft-error failures in CMP systems. In this work, we propose a novel customizable and redundant CMP architecture (UnSync) that utilizes hardware-based detection mechanisms (most of which are readily available in the processor), to reduce overheads during error-free executions. In the presence of errors (which are infrequent), the always forward execution enabled recovery mechanism provides for resilience in the system. The inherent nature of our architecture framework supports customization of the redundancy, and thereby provides means to achieve possible performance-reliability tradeoffs in many-core systems. We provide a redundancy-based soft-error resilient CMP architecture for both write-through and write-back cache configurations. We design a detailed RTL model of our UnSync architecture and perform hardware synthesis to compare the hardware (power/area) overheads incurred. We compare the same with those of the Reunion technique, a state-of-the-art redundant multicore architecture. We also perform cycle-accurate simulations over a wide range of SPEC2000, and MiBench benchmarks to evaluate the performance efficiency achieved over that of the Reunion architecture. Experimental results show that, our UnSync architecture reduces power consumption by 34.5 percent and improves performance by up to 20 percent with 13.3 percent less area overhead, when compared to the Reunion architecture for the same level of reliability achieved.
Keywords: cache storage; computer architecture; multiprocessing systems; performance evaluation; CMPs; MiBench benchmark; SPEC2000 benchmark; UnSync architecture; UnSync-CMP; architecture framework; charge carrying particles; cycle-accurate simulations; device dimension reduction; energy-efficient soft-error reliability; error-free executions; forward execution enabled recovery mechanism; general purpose chip multiprocessors ;hardware resources; hardware synthesis; hardware-based detection mechanisms; many-core systems; multicore CMP architecture; performance evaluation; performance-reliability tradeoffs; processor technology; redundancy-based soft-error resilient CMP architecture; redundancy-based techniques; redundant CMP architecture; reunion architecture; soft errors; soft-error failures; timing windows; transistor densities; write-back cache configuration; write-through cache configuration; Hardware; Instruction sets; Multicore processing; Redundancy; CMP; Multicore architecture; power efficiency; reliability; soft error (ID#: 15-4143)


Kebande, V.R.; Venter, H.S., "A Cognitive Approach For Botnet Detection Using Artificial Immune System In The Cloud," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on,pp.52,57, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913971 The advent of cloud computing has given a provision for both good and malicious opportunities. Virtualization itself as a component of Cloud computing, has provided users with an immediate way of accessing limitless resource infrastructures. Botnets have evolved to be the most dangerous group of remote-operated zombie computers given the open cloud environment. They happen to be the dark side of computing due to the ability to run illegal activities through remote installations, attacks and propagations through exploiting vulnerabilities. The problem that this paper addresses is that botnet technology is advancing each day and detection in the cloud is becoming hard. In this paper, therefore, the authors' presents an approach for detecting an infection of a robot network in the cloud environment. The authors proposed a detection mechanism using Artificial Immune System (AIS). The results show that this research is significant.
Keywords: artificial immune systems; cloud computing; invasive software; virtualisation; AIS; artificial immune system; botnet detection; cloud computing; cognitive approach; directed graph network; resource infrastructure access; virtualization; Cloud computing; Computers; Detectors; Immune system; Monitoring; Pattern matching; Artificial immune system; Botnet; Cloud; Detection; Negative selection (ID#: 15-4144)


Gabrielsson, Bjorn; Fors, Karina; Eliardsson, Patrik; Alexandersson, Mikael; Stenumgaard, Peter, "A Portable System For Autonomous Detection And Classification Of Electromagnetic Interference In The GPS Band," Electromagnetic Compatibility (EMC Europe), 2014 International Symposium on, pp.152,157, 1-4 Sept. 2014. doi: 10.1109/EMCEurope.2014.6930894 The rapidly increasing use of wireless technology in critical systems has led to an increased vulnerability to radio interference. Radio interference is produced both naturally of all electronic systems but also through illegal jammers currently sold at low cost via the Internet. To continuously monitor the radio noise environment in critical systems are becoming increasingly important and in this paper an example of how low cost commercially available off-the-shelf equipment can be adapted to cost effectively implement a qualified detection and classification of radio noise environment at societal critical infrastructure.
Keywords: Electromagnetic compatibility; Electromagnetic interference; Global Positioning System; Receivers; Signal to noise ratio; GNSS; detection; intentional EMI; interference; jamming; safety; security (ID#: 15-4145)


Lounis, O.; Bouhouita Guermeche, S.E.; Saoudi, L.; Benaicha, S.E., "A New Algorithm For Detecting SQL Injection Attack In Web Application," Science and Information Conference (SAI), 2014, pp.589,594, 27-29 Aug. 2014. doi: 10.1109/SAI.2014.6918246 Nowadays, the security of applications and Web servers is a new trend that finds its need on the Web. The number of vulnerabilities identified in this type of applications is constantly increasing especially SQL injection attack. It is therefore necessary to regularly audit Web applications to verify the presence of exploitable vulnerabilities. Web vulnerability scanner WASAPY is one of the audit tool, it uses an algorithm which bases on a classification techniques of pages obtained by sending HTTP requests especially formatted. We propose in this paper a new algorithm which was built in a vision to improve rather to supplement the logic followed in modeling WASAPY tool. The tool was supplemented by a new class reflecting the legitimate appearance or referential, therefore, the detection mechanism was solidly built on a statistic in a fairly clear mathematical framework described by a simple geometric representation or interpretation.
Keywords: Internet; SQL; auditing; classification; hypermedia; security of data; HTTP requests; SQL injection attack detection; WASAPY; Web application; Web server security; Web vulnerability scanner; audit tool; geometric representation; page classification technique; Couplings; Navigation; Safety; Security; Syntactics; Vectors; Web pages; SQL injection attack; Web Application; Web vulnerabilities; scanner Web; security (ID#: 15-4146)


Zhong, Hongye; Xiao, Jitian, "Design for Integrated Wifi Defence Strategy In Mordern Enterprise Context," Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on, pp.748,753, 27-29 June 2014. doi: 10.1109/ICSESS.2014.6933675 WiFi has been adopted into enterprise production environment in larger scale, yet the flexibility of WiFi network also exposes more vulnerability to current security defense systems and introduces greater challenges to network security for modern enterprises. In wireless world, there are many dead corners that traditional firewall and intrusion detection system cannot cover. Modern enterprises are calling for more efficient defense approaches to guarantee the safety of the information on their wireless network. Upon probing to the weaknesses of current enterprise WiFi security, this paper proposes a defense strategy with the capacities of intelligent planning and integrated reactions to remedy the weaknesses of conventional enterprise security mechanism of WiFi network. A security defense system is designed to monitor WiFi security on Physical Layer, Data-link Layer and Internet Layer of the enterprise WiFi network, and provide attack defense mechanism to minimize the damage to enterprises when their WiFi network is under attack.
Keywords: Communication system security; Firewalls (computing); IEEE 802.11 Standards; Sensors; Wireless networks; Wireless sensor networks; Enterprise Network; Security; WiFi; Wireless Network (ID#: 15-4147)


Jiang, Rong; Lu, Rongxing; Wang, Ye; Luo, Jun; Shen, Changxiang; Shen, Xuemin Sherman, "Energy-theft Detection Issues For Advanced Metering Infrastructure In Smart Grid," Tsinghua Science and Technology, vol. 19, no. 2, pp.105, 120, April 2014. doi: 10.1109/TST.2014.6787363 With the proliferation of smart grid research, the Advanced Metering Infrastructure (AMI) has become the first ubiquitous and fixed computing platform. However, due to the unique characteristics of AMI, such as complex network structure, resource-constrained smart meter, and privacy-sensitive data, it is an especially challenging issue to make AMI secure. Energy theft is one of the most important concerns related to the smart grid implementation. It is estimated that utility companies lose more than $25 billion every year due to energy theft around the world. To address this challenge, in this paper, we discuss the background of AMI and identify major security requirements that AMI should meet. Specifically, an attack tree based threat model is first presented to illustrate the energy-theft behaviors in AMI. Then, we summarize the current AMI energy-theft detection schemes into three categories, i.e., classification-based, state estimation-based, and game theory-based ones, and make extensive comparisons and discussions on them. In order to provide a deep understanding of security vulnerabilities and solutions in AMI and shed light on future research directions, we also explore some open challenges and potential solutions for energy-theft detection.
Keywords: Companies; Electricity; Power system reliability; Reliability; Security; Smart grids; Wide area networks; Advanced Metering Infrastructure (AMI); energy-theft detection; security; smart grid (ID#: 15-4148)


Rahimi, A.; Cesarini, D.; Marongiu, A.; Gupta, R.K.; Benini, L., "Improving Resilience to Timing Errors by Exposing Variability Effects to Software in Tightly-Coupled Processor Clusters," Emerging and Selected Topics in Circuits and Systems, IEEE Journal on, vol.4, no.2, pp.216,229, June 2014. doi: 10.1109/JETCAS.2014.2315883 Manufacturing and environmental variations cause timing errors in microelectronic processors that are typically avoided by ultra-conservative multi-corner design margins or corrected by error detection and recovery mechanisms at the circuit-level. In contrast, we present here runtime software support for cost-effective countermeasures against hardware timing failures during system operation. We propose a variability-aware OpenMP (VOMP) programming environment, suitable for tightly-coupled shared memory processor clusters, that relies upon modeling across the hardware/software interface. VOMP is implemented as an extension to the OpenMP v3.0 programming model that covers various parallel constructs, including task, sections, and for. Using the notion of work-unit vulnerability (WUV) proposed here, we capture timing errors caused by circuit-level variability as high-level software knowledge. WUV consists of descriptive metadata to characterize the impact of variability on different work-unit types running on various cores. As such, WUV provides a useful abstraction of hardware variability to efficiently allocate a given work-unit to a suitable core for execution. VOMP enables hardware/software collaboration with online variability monitors in hardware and runtime scheduling in software. The hardware provides online per-core characterization of WUV metadata. This metadata is made available by carefully placing key data structures in a shared L1 memory and is used by VOMP schedulers. Our results show that VOMP greatly reduces the cost of timing error recovery compared to the baseline schedulers of OpenMP, yielding speedup of 3%-36% for tasks, and 26%-49% for sections. Further, VOMP reaches energy saving of 2%-46% and 15%-50% for tasks, and sections, respectively.
Keywords: meta data; parallel programming; scheduling; shared memory systems; timing circuits; circuit level variability; error detection; hardware timing failures; high level software knowledge; microelectronic processors; online variability monitors; recovery mechanisms; tightly coupled processor clusters; timing errors; variability aware OpenMP programming environment; variability effects; work unit vulnerability; Hardware; Integrated circuit interconnections; Robustness; Runtime; Software; Synchronization; Cross-layer variability management; OpenMP; processor clusters; recovery; robust system design; scheduling; timing errors; variations (ID#: 15-4149)


Barrere, M.; Badonnel, R.; Festor, O., "Vulnerability Assessment in Autonomic Networks and Services: A Survey," Communications Surveys & Tutorials, IEEE, vol.16, no.2, pp.988, 1004, Second Quarter 2014. doi: 10.1109/SURV.2013.082713.00154 Autonomic networks and services are exposed to a large variety of security risks. The vulnerability management process plays a crucial role for ensuring their safe configurations and preventing security attacks. We focus in this survey on the assessment of vulnerabilities in autonomic environments. In particular, we analyze current methods and techniques contributing to the discovery, the description and the detection of these vulnerabilities. We also point out important challenges that should be faced in order to fully integrate this process into the autonomic management plane.
Keywords: computer network security; fault tolerant computing; autonomic management plane; autonomic networks; autonomic services; security attacks; security risks; vulnerability assessment; vulnerability management process; Autonomic systems; Business; Complexity theory; Computers; Monitoring; Security; Vulnerability assessment; autonomic computing; computer security; vulnerability management (ID#: 15-4150)


Szott, S., "Selfish Insider Attacks In IEEE 802.11s Wireless Mesh Networks," Communications Magazine, IEEE, vol.52, no.6, pp.227, 233, June 2014. doi: 10.1109/MCOM.2014.6829968 The IEEE 802.11s amendment for wireless mesh networks does not provide incentives for stations to cooperate and is particularly vulnerable to selfish insider attacks in which a legitimate network participant hopes to increase its QoS at the expense of others. In this tutorial we describe various attacks that can be executed against 802.11s networks and also analyze existing attacks and identify new ones. We also discuss possible countermeasures and detection methods and attempt to quantify the threat of the attacks to determine which of the 802.11s vulnerabilities need to be secured with the highest priority.
Keywords: telecommunication security; wireless LAN; wireless mesh networks; IEEE 802.11s wireless mesh networks; selfish insider attacks; Ad hoc networks; IEEE 802.11 Standards; Logic gates; Protocols; Quality of service; Routing; Wireless mesh networks (ID#: 15-4151)


Kaur, R.; Singh, M., "A Survey on Zero-Day Polymorphic Worm Detection Techniques," Communications Surveys & Tutorials, IEEE , vol.16, no.3, pp.1520,1549, Third Quarter 2014. doi: 10.1109/SURV.2014.022714.00160 Zero-day polymorphic worms pose a serious threat to the Internet security. With their ability to rapidly propagate, these worms increasingly threaten the Internet hosts and services. Not only can they exploit unknown vulnerabilities but can also change their own representations on each new infection or can encrypt their payloads using a different key per infection. They have many variations in the signatures of the same worm thus, making their fingerprinting very difficult. Therefore, signature-based defenses and traditional security layers miss these stealthy and persistent threats. This paper provides a detailed survey to outline the research efforts in relation to detection of modern zero-day malware in form of zero-day polymorphic worms.
Keywords: Internet; invasive software; Internet security; fingerprinting; key per infection; payload encryption; security layers; signature-based defenses; zero-day malware; zero-day polymorphic worm detection techniques; Grippers; Internet; Malware; Monitoring; Payloads; Vectors; Detection Systems; Polymorphic worms; Signature Generation; Zero-day attacks; Zero-day malware (ID#: 15-4152)


Sundhari, A; Bevish Jinila, Y., "A novel approach to detect Sybil attacks in Vehicular Ad Hoc Networks," Electronics and Communication Systems (ICECS), 2014 International Conference on, pp.1,5, 13-14 Feb. 2014. doi: 10.1109/ECS.2014.6892622 Vehicular Ad-Hoc Networks(VANETs) are vehicle to vehicle and vehicle to road side infrastructure networks which make this possible by providing support to numerous applications aimed towards improving safety and driving experience on the road such as traffic control, accident avoidance, and a variety of other applications. The two major concerns in VANETs are Security and privacy. VANETs are subject to attacks due to their vulnerabilities; one of the most compromising attacks is called Sybil nodes attack (a malicious vehicle pretends to be multiple other vehicles). Reported data from a Sybil attacker will appear to arrive from a large number of distinct vehicles, and hence will be credible. This paper proposes a light-weight and scalable framework to detect Sybil attacks. Importantly, The detection of Sybil attacks done in distributed manner that does not require any vehicle in the network to disclose its identity; hence privacy is preserved at all times.
Keywords: IEEE Xplore; Portable document format; Certified Authority(CA); Coarse-grained hash; Fine-grained hash; Introduction (Heading 1); Sybil Attack; VANET (ID#: 15-4153)


Tehranipoor, Mohammad; Knapp, Charles, "T1A: Opportunities and Challenges for Secure Hardware and Verifying Trust in Integrated Circuits," System-on-Chip Conference (SOCC), 2014 27th IEEE International, pp. xxxiii, xxxiv, 2-5 Sept. 2014. doi: 10.1109/SOCC.2014.6948881 The migration from a vertical to horizontal business model has made it easier to introduce many vulnerabilities to electronic component design and supply chain. In the first part of this tutorial, we discuss the major issues that must be addressed including securing hardware, verifying trustworthiness of integrated circuits, unique key generation, side-channel attacks and more. In the latter two parts of this tutorial, we will place more emphasis on detection and prevention of hardware Trojans and counterfeit electronic parts and discuss how test can help. In this tutorial, we will cover (i) An introduction to hardware security and trust (physically unclonable functions, true random number generation, hardware Trojans, counterfeit ICs, sidechannel attacks, supply chain vulnerabilities, etc.), (ii) Background and motivation for hardware Trojan and counterfeit prevention/detection; (iii) Taxonomies related to both topics; (iv) Existing solutions; (v) Open test challenges; (vi) Design for security and trust, (vii) New and unified solutions to address these challenges.
Keywords: integrated circuits; invasive software; electronic component design; hardware Trojan detection; hardware Trojan prevention; hardware security; horizontal business model; integrated circuits; key generation; side-channel attacks; supply chain; trustworthiness verification; vertical business model; Engineering profession (ID#: 15-4154)


Corbett, C.; Uher, J.; Cook, J.; Dalton, A., "Countering Intelligent Jamming with Full Protocol Stack Agility," Security & Privacy, IEEE, vol.12, no.2, pp.44,50, Mar.-Apr. 2014. doi: 10.1109/MSP.2013.136 Intelligent jamming (IJ) attacks go beyond applying brute-force power at the physical link, exploiting vulnerabilities specific to protocols or configurations. IJ attackers who can gain a foothold into a network by understanding and exploiting vulnerabilities can operate with a much lower chance of detection and a greater impact on the network. For example, one IJ technique exploits media access control (MAC) layer packet structure to selectively jam packets originating from or destined to a specific user. This project aims to create a moving target in the network protocol stack to mitigate IJ attacks. It introduces protocol agility at all layers of the stack to make such protocol-driven attacks infeasible.
Keywords: access protocols; computer network security; jamming; IJ attacks; IJ technique ;MAC layer packet structure; brute-force power; intelligent jamming; media access control layer packet structure; network protocol stack; physical link; protocol agility; protocol stack agility; protocol-driven attacks; Computer crime; Computer security; Jamming; Protocols; Software architecture; Target tracking; Wireless communication; MTD;SDN; SDR; intelligent jamming; moving-target defense; security; software-defined networking; software-defined radio (ID#: 15-4155)


Biggio, B.; Fumera, G.; Roli, F., "Security Evaluation of Pattern Classifiers under Attack," Knowledge and Data Engineering, IEEE Transactions on, vol. 26, no. 4, pp.984, 996, April 2014. doi: 10.1109/TKDE.2013.57 Pattern classification systems are commonly used in adversarial applications, like biometric authentication, network intrusion detection, and spam filtering, in which data can be purposely manipulated by humans to undermine their operation. As this adversarial scenario is not taken into account by classical design methods, pattern classification systems may exhibit vulnerabilities, whose exploitation may severely affect their performance, and consequently limit their practical utility. Extending pattern classification theory and design methods to adversarial settings is thus a novel and very relevant research direction, which has not yet been pursued in a systematic way. In this paper, we address one of the main open issues: evaluating at design phase the security of pattern classifiers, namely, the performance degradation under potential attacks they may incur during operation. We propose a framework for empirical evaluation of classifier security that formalizes and generalizes the main ideas proposed in the literature, and give examples of its use in three real applications. Reported results show that security evaluation can provide a more complete understanding of the classifier's behavior in adversarial environments, and lead to better design choices.
Keywords: biometrics (access control);pattern classification; security of data; adversarial environments; biometric authentication; classical design methods; design phase; network intrusion detection; pattern classification systems; pattern classification theory; pattern classifiers; security evaluation; spam filtering; Algorithm design and analysis; Analytical models; Data models; Performance evaluation; Security; Testing; Training; Pattern classification; adversarial classification; performance evaluation; robustness evaluation; security evaluation (ID#: 15-4156)


Sandeep Kumar, E.; Kusuma, S.M.; Vijaya Kumar, B.P., "An Intelligent Defense Mechanism For Security In Wireless Sensor Networks," Communications and Signal Processing (ICCSP), 2014 International Conference on, pp.275,279, 3-5 April 2014. doi: 10.1109/ICCSP.2014.6949844 Wireless sensor networks are associated with risk due to the threats of security vulnerabilities. In this context, we have proposed an Intruder Detection System (IDS) that uses sophisticated data fusion technique, which incorporates game theoretic modeling for the interaction between an attacker node and a victim sensor node, with neural networks as a decision making tool and a timer as an attack monitor. The combined effect of all these aspects of IDS makes a robust combat against the packets attempting to hack the critical information residing in the node. To our knowledge, this is a novel work, which combines game theory and artificial neural networks for defending against intruder attack. The obtained simulation results prove to be convincing with respect to the defense mechanism and its security concern.
Keywords: Artificial neural networks; Computer hacking; Game theory; Games; Knowledge engineering; Robustness; data fusion; game theory; intruder detection system; neural networks (ID#: 15-4157)


Ramdas, A.; Saeed, S.M.; Sinanoglu, O., "Slack Removal For Enhanced Reliability And Trust," Design & Technology of Integrated Systems In Nanoscale Era (DTIS), 2014 9th IEEE International Conference On, pp.1,4, 6-8 May 2014. doi: 10.1109/DTIS.2014.6850660 Timing slacks possibly lead to reliability issues and/or security vulnerabilities, as they may hide small delay defects and malicious circuitries injected during fabrication, namely, hardware Trojans. While possibly harmless immediately after production, small delay defects may trigger reliability problems as the part is being used in field, presenting a significant threat for mission-critical applications. Hardware Trojans remain dormant while the part is tested and validated, but then get activated to launch an attack when the chip is deployed in security-critical applications. In this paper, we take a deeper look into these problems and their underlying reasons, and propose a design technique to maximize the detection of small delay defects as well as the hardware Trojans. The proposed technique eliminates all slacks by judiciously inserting delay units in a small set of locations in the circuit, thereby rendering a simple set of transition fault patterns quite effective in catching parts with small delay defects or Trojans. Experimental results also justify the efficacy of the proposed technique in improving the quality of test while retaining the pattern count and care bit density intact.
Keywords: design for testability; integrated circuit reliability; logic circuits; logic testing; security of data; care bit density intact; delay defect detection; delay defects; delay unit insertion; design technique ;fabrication; hardware Trojans; malicious circuitries; mission-critical application; pattern count; reliability enhancement; security vulnerabilities; security-critical application; slack removal; test quality; timing slacks; transition fault patterns; trust enhancement; Circuit faults; Delays; Hardware; Logic gates ;Testing; Trojan horses; Wires; At-speed Testing; Hardware Trojan; Slacks; Small Delay Defects (ID#: 15-4158)


Adhikari, Uttam; Morris, Thomas H.; Pan, Shengyi, "A Cyber-Physical Power System Test Bed For Intrusion Detection Systems," PES General Meeting | Conference & Exposition, 2014 IEEE, pp.1,5, 27-31 July 2014. doi: 10.1109/PESGM.2014.6939262 The rapid advancement of technology used in operation, monitoring, and control introduces several threats against power system. Cyber-physical power system vulnerabilities are increasing and the consequences of attack can be catastrophic. Understanding power system phenomena and attacks is vital to identifying and detecting such events. Researchers require a suitable power system test bed that can provide a platform for simulation of power system events and attacks. An essential part of such a test bed is the ability to provide software and hardware interaction to mimic real world scenarios. This paper presents a test bed for the development of an intrusion detection system (IDS) for power systems. The test bed consists of a power system modeled on a real time digital simulator (RTDS), a data collection and processing engine, and a MATLAB/RSCAD parameter calculation engine. This test bed provides a platform for hardware in the loop (HIL) simulation, power system attacks, and generates data sets required by cyber security researchers. Coordinated distance protection and overcurrent protection schemes are implemented on the IEEE 9 bus system and a 3-generator 4 bus system [11]. Fault, contingency and cyber-attack scenarios have been developed for both power systems. Selected relevant simulation results are presented.
Keywords: Circuit faults; Generators; Phasor measurement units; Power system stability; Power transmission lines; Relays; IDS; attacks; contingencies; data; faults; power system; test bed (ID#: 15-4159)


Patil, R.; Tahiliani, M.P., "Detecting Packet Modification Attack By Misbehaving Router," Networks & Soft Computing (ICNSC), 2014 First International Conference on, pp.113,118, 19-20 Aug. 2014. doi: 10.1109/CNSC.2014.6906649 The next generation Internet supports dynamic deployment of different protocols and heterogeneous applications. To support this, routers in next generation computer networks use general purpose programmable packet processors. The customization of routers introduces increased vulnerabilities and attacks that allow potential attackers to compromise the router. Since network routers play a key role in todays network data transport, they became an interesting targets for attackers. An attacker can mount different attacks like denial-of-service or man-in-the-middle by intelligently dropping, modifying or diverting packets arriving at a compromised router. In this paper, we considered the problem of detecting packet modification attack which is performed by an attacker through misbehaving router. Since it is necessary to differentiate malicious packet modification from regular packet modification, detecting such an attack is challenging task. We proposed a controller-based packet modification misbehavior detection technique that excellently detects malicious packet modification by using a hash-based comparison of incoming and outgoing packets of the router. Experiments were carried out using Mininet Simulator and based on the results obtained, we observe that our proposed technique unambiguously detects the malicious packet modification.
Keywords: Internet; computer network security; cryptographic protocols; routing protocols; Internet supports; Mininet simulator; computer networks; controller-based packet modification misbehavior detection technique; denial of service attacks; diverting packets; dropping packets; hash-based comparison; heterogeneous applications; malicious packet modification; man-in-the-middle; misbehaving router; modifying packets; network data transport; network routers; packet modification attack detection; programmable packet processors; protocols applications; regular packet modification; IP networks; Monitoring; Network topology; Routing protocols; Software; Switches (ID#: 15-4160)


Al-Dalky, R.; Abduljaleel, O.; Salah, K.; Otrok, H.; Al-Qutayri, M., "A Modbus traffic generator for evaluating the security of SCADA systems," Communication Systems, Networks & Digital Signal Processing (CSNDSP), 2014 9th International Symposium on, pp.809,814, 23-25 July 2014. doi: 10.1109/CSNDSP.2014.6923938 Supervisory control and data acquisition (SCADA) systems are used to monitor and control several industrial functions such as: oil & gas, electricity, water, nuclear fusion, etc. Recently, the Internet connectivity to SCADA systems introduced new vulnerabilities to these systems and made it a target for immense amount of attacks. In the literature, several solutions have been developed to secure SCADA systems; however; the literature is lacking work directed at the development of tools to evaluate the effectiveness of such solutions. An essential requirement of such tools is the generation of normal and malicious SCADA traffic. In this paper, we present an automated tool to generate a malicious SCADA traffic to be used to evaluate such systems. We consider the traffic generation of the popular SCADA Modbus protocol. The characteristics of the generated traffic are derived from Snort network intrusion detection system (NIDS) Modbus rules. The tool uses Scapy to generate packets based on the extracted traffic features. We present the testing results for our tool. The tool is used to read a Snort rule file that contains Modbus rules to extract the required traffic features.
Keywords: SCADA systems; computer network security; protocols; Modbus traffic generator; NIDS Modbus rules; SCADA Modbus protocol; SCADA systems security evaluation; Scapy; Snort network intrusion detection system; malicious SCADA traffic; supervisory control and data acquisition system; Feature extraction; IP networks; Payloads; Ports (Computers); Protocols; Receivers; SCADA systems; Modbus; Network security; SCADA System; Scapy; Snort (ID#: 15-4161)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.