Visible to the public Threat Vector Metrics and Privacy, 2014

SoS Newsletter- Advanced Book Block

SoS Logo

Threat Vector Metrics and Privacy, 2014


As systems become larger and more complex, the surface that hackers can attack also grows. Is this set of recent research articles, topics are explored that include smartphone malware, zero-day polymorphic worm detection, source identification, drive-by download attacks, two-factor face authentication, semantic security, and code structures.  Of particular interest to the Science of Security community are these research articles focused on measurement and on privacy.  All were presented in 2014.


Karabat, C.; Topcu, B., "How To Assess Privacy Preservation Capability Of Biohashing Methods?: Privacy Metrics," Signal Processing and Communications Applications Conference (SIU), 2014 22nd, pp. 2217, 2220, 23-25 April 2014. doi: 10.1109/SIU.2014.6830705
Abstract: In this paper, we evaluate privacy preservation capability of biometric hashing methods. Although there are some work on privacy evaluation of biometric template protection methods in the literature, they fail to cover all biometric template protection methods. To the best of our knowledge, there is no work on privacy metrics and assessment for biometric hashing methods. We use several metrics under different threat scenarios to assess privacy protection level of biometric hashing methods in this work. The simulation results demonstrate that biometric hash vectors may leak private information especially under advanced threat scenarios.
Keywords: authorisation; biometrics (access control); data protection; biometric hash vectors; biometric hashing methods; biometric template protection methods; privacy metrics; privacy preservation capability assessment; privacy preservation capability evaluation; privacy protection level assessment; private information leakage; threat scenarios; Conferences; Internet; Measurement; Privacy; Security; Signal processing; Simulation; biometric; biometric hash; metrics; privacy (ID#: 15-5392)


Leitold, F.; Arrott, A.; Colon Osorio, F.C., "Combining Commercial Consensus And Community Crowd-Sourced Categorization Of Web Sites For Integrity Against Phishing And Other Web Fraud," Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on, pp. 40, 49, 28-30 Oct. 2014. doi: 10.1109/MALWARE.2014.6999407
Abstract: Traditionally, the protection provided by 3rd party anti-Malware endpoint security products is measured using a sample set that is representative of the prevalent universe of attacks at that point in time (malicious URLs and/or malicious files in the world). The methodology used for such a selection of the Malware attack samples, the so-called Stimulus Workload (SW), has been a matter of controversy for a number of years. The reason is simple. Given a carefully crafted selection of such files or URLs, then, the results of the measurements can varied drastically favoring one vendor versus the other. In [1], Colon Osorio, argued that the selection process must be strictly regulated, and further, that such a selection must take into account the fact that amongst the samples selected, some pose a greater threat to users than others, as they are more widespread, and hence are more likely to affect a given user. Further, some Malware attack samples may only be found on specific websites, affect specific countries/regions, or only be relevant to a particular operating system version or interface languages (English, German, Chinese, and so forth). In [1], [2], the idea of a Customizable Stimulus Workloads, (CSW) was first suggested, whereas, the collection of samples selected as the Stimulus Workload is required to take into account all the elements described above. Within this context, CSWs are created by filtering attack samples base on prevalence, geographic regions, customer application environments, and other factors. Within the context of this methodology, in this manuscript we will pay special attention to one such specific application environment, primarily, Social Networks. With such a target environment in mind, a CSW was created and used to evaluate the performance of end-point security products. Basically, we examine the protection provided against Malware that uses internet Social Networks as part of the attack vector. When Social Network CSWs are used,- together with differential metrics of effectiveness, we found that amongst the Social Networks studied (Facebook, Google+, and Twitter) the amount of inherent protection provided ranged from negligible to a level that we will call modest self-protection (0% to 18% prevention rate). Further, results of our evaluation showed that the supplemental protection provided by 3rd party anti-Malware products was erratic, ranging from a low of 0% to a high of 93% depending on the product and/or Social Network combination.
Keywords: computer crime; fraud; invasive software; social networking (online);Facebook; Google; Twitter; Web fraud; Web sites; antimalware endpoint security product; commercial consensus; community crowd-sourced categorization; customizable stimulus workload; end-point security product; malicious URL; malicious files; phishing; social network; Electronic mail; Facebook; Internet; Malware; Media; Uniform resource locators (ID#: 15-5393)


Yadav, M.; Gupta, S.K.; Saket, R.K., "Experimental Security Analysis for SAODV vs SZRP in Ad-Hoc Networks," Computational Intelligence and Communication Networks (CICN), 2014 International Conference on, pp. 819, 823, 14-16 Nov. 2014. doi: 10.1109/CICN.2014.175
Abstract: Ad-hoc network, due to its fundamental characteristics like open environment operation, random topology and capability limitation, is mostly at risk from security point of view. There may be malicious threats during data transmission from one user to another user, which leads to affect the system performance and causing insecurity in data transmission. Many routing protocols consider these security issues as major point of consideration and hence try to overcome the security threats in ad-hoc networks. In this article, a scenario is set up for simulation to evaluate the performance and security issue of two secure routing protocols that are secure ad-hoc on demand vector (SAODV) and secure zone routing protocol (SZRP). In this paper, simulation has been done for number of times with different values of pause time ranging from 0 to 800 seconds for both protocols. And finally, simulation has been done for malicious environment with different numbers of malicious nodes ranging from 2 to 18 nodes for both protocols. Our analysis has been done under two performance metrics-one is packet delivery ratio and second is end to end delay. Experimental results have been obtained using NS-2 (version 2.34) mainly. We have prepared excel graphs from. Tr (trace) files. Based on experimental outcomes paper concluded, that SZRP outperforms SAODV for real time applications.
Keywords: data communication; mobile ad hoc networks; routing protocols; security of data;MANET;NS-2 version 2.34;SAODV experimental security analysis; SZRP; data transmission insecurity; excel graphs; malicious threats; mobile ad hoc network; secure ad hoc on demand vector; secure zone routing protocol; Ad hoc networks; Delays; Routing; Routing protocols; Security; Ad-hoc network; MANET; Malicious node; PDF; SAODV; SZRP; ns-2 (ID#: 15-5394)


Sang-Ho Na; Eui-Nam Huh, "A Methodology Of Assessing Security Risk Of Cloud Computing In User Perspective For Security-Service-Level Agreements," Innovative Computing Technology (INTECH), 2014 Fourth International Conference on, pp. 87, 92, 13-15 Aug. 2014. doi: 10.1109/INTECH.2014.6927759
Abstract: Underlying cloud computing feature, outsourcing of resources, makes the Service Level Agreement (SLA) is a critical factor for Quality of Service (QoS), and many researchers have addressed the question of how a SLA can be evaluated. Lately, security-SLAs have also received much attention with the Security-as-a-Service mode in cloud computing. The quantitative measurement of security metrics is a considerably difficult problem and might be considered the multi-dimensional aspects of security threats and user requirements. To address these issues, we provide a novel a methodology of security risk assessment for security-service-level agreements in the cloud service based on a multi-dimensional approach depending on services type, probabilities of threats, and network environments to reach a security-SLA evaluation.
Keywords: cloud computing; probability; risk management; security of data; QoS; cloud computing; multidimensional approach; quality of service; quantitative measurement; resource outsourcing; security metrics; security risk assessment; security threats; security-SLA evaluation; security-SLAs; security-as-a-service mode; security-service-level agreements; service level agreement; threat probability; user perspective; user requirements; Availability; Cloud computing; Measurement; Quality of service; Risk management; Security; Vectors; Personal Cloud Service; Security Risk Assessment in User Perspective; Security-SLA (ID#: 15-5395)


Xiaokuan Zhang; Haizhong Zheng; Xiaolong Li; Suguo Du; Haojin Zhu, "You Are Where You Have Been: Sybil Detection Via Geo-Location Analysis In Osns," Global Communications Conference (GLOBECOM), 2014 IEEE, pp. 698, 703, 8-12 Dec. 2014. doi: 10.1109/GLOCOM.2014.7036889
Abstract: Online Social Networks (OSNs) are facing an increasing threat of sybil attacks. Sybil detection is regarded as one of major challenges for OSN security. The existing sybil detection proposals that leverage graph theory or exploit the unique clickstream patterns are either based on unrealistic assumptions or limited to the service providers. In this study, we introduce a novel sybil detection approach by exploiting the fundamental mobility patterns that separate real users from sybil ones. The proposed approach is motivated as follows. On the one hand, OSNs including Yelp and Dianping allow us to obtain the users' mobility trajectories based on their online reviews and the locations of their visited shops/restaurants. On the other side, a real user's mobility is generally predictable and confined to a limited neighborhood while the sybils' mobility is forged based on the paid review missions. To exploit the mobility differences between the real and sybil users, we introduce an entropy based definition to capture users' mobility patterns. Then we design a new sybil detection model by incorporating the newly defined location entropy based metrics into other traditional feature sets. The proposed sybil detection model can significantly improve the performance of sybil detections, which is well demonstrated by extensive evaluations based on the data set from Dianping.
Keywords: entropy; mobile computing; mobility management (mobile radio);security of data; social networking (online);Dianping; OSN security; Yelp; geolocation analysis; graph theory; location entropy based metrics; online social network; sybil attack detection; sybil mobility forgery; user mobility trajectory; Databases; Entropy; Feature extraction; Information systems; Measurement; Security; Support vector machines; Entropy; Location-Based Feature; Minimum Covering Circle; Sybil Detection (ID#: 15-5396)


Goudar, V.; Potkonjak, M., "On Admitting Sensor Fault Tolerance While Achieving Secure Biosignal Data Sharing;" Healthcare Informatics (ICHI), 2014 IEEE International Conference on, pp. 266, 275, 15-17 Sept. 2014. doi: 10.1109/ICHI.2014.44
Abstract: Remote health monitoring BASNs promise substantive improvements in the quality of healthcare by providing access to diagnostically rich patient data in real-time. However, adoption is hindered by the threat of compromise of the diagnostic quality of the data by faults. Simultaneously, unresolved issues exist with the secure sharing of the sensitive medical data measured by automated BASNs, stemming from the need to provide the data owner (BASN user / patient) and the data consumers (healthcare providers, insurance companies, medical research facilities) secure control over the medical data as it is shared. We address these issues with a robust watermarking approach constrained to leave primary data semantic metrics unaffected and secondary metrics affected minimally. Further, the approach is coordinated with a fault tolerant sensor partitioning technique to afford high semantic accuracy together with recovery of bio signal semantics in the presence of sensor faults, while preserving the robustness of the watermark so that it is not easily corrupted, recovered or spoofed by malicious data consumers. Based on experimentally collected datasets from a gait-stability monitoring BASN, we show that our watermarking technique can robustly and effectively embed up to 1000 bit watermarks under these constraints.
Keywords: body area networks; body sensor networks; health care; medical administrative data processing; security of data; watermarking; biosignal semantic recovery; body area sensor networks; data semantic metrics; fault tolerant sensor partitioning technique; gait-stability monitoring BASN; health care; malicious data consumers; patient data; remote health monitoring BASNs; robust watermarking approach; secure biosignal data sharing; sensitive medical data secure sharing; sensor fault tolerance; Encoding; Measurement; Robustness; Semantics; Vectors; Watermarking; Body Area Networks; Fault Tolerance; Medical Data Security; Medical Data Sharing; Watermarking (ID#: 15-5397)


Narayanan, A.; Lihui Chen; Chee Keong Chan, "Addetect: Automated Detection Of Android Ad Libraries Using Semantic Analysis," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2014 IEEE Ninth International Conference on, pp. 1, 6, 21-24 April 2014. doi: 10.1109/ISSNIP.2014.6827639
Abstract: Applications that run on mobile operating systems such as Android use in-app advertisement libraries for monetization. Recent research reveals that many ad libraries, including popular ones pose threats to user privacy. Some aggressive ad libraries involve in active privacy leaks with the intention of providing targeted ads. Few intrusive ad libraries are classified as adware by commercial mobile anti-virus apps. Despite such issues, semantic detection of ad libraries from Android apps remains an unsolved problem. To this end, we have proposed and developed the AdDetect framework to perform automatic semantic detection of in-app ad libraries using semantic analysis and machine learning. A module decoupling technique based on hierarchical clustering is used to identify and recover the primary and non-primary modules of apps. Each of these modules is then represented as vectors using semantic features. A SVM classifier trained with these feature vectors is used to detect ad libraries. We have conducted an experimental study on 300 apps spread across 15 categories obtained from the official market to verify the effectiveness of AdDetect. The simulation results are promising. AdDetect achieves 95.34% accurate detection of ad libraries with very less false positives. Further analysis reveals that the proposed detection mechanism is robust against common obfuscation techniques. Detailed analysis on the detection results and semantic characteristics of different families of ad libraries is also presented.
Keywords: Android (operating system); data privacy; learning (artificial intelligence); pattern classification; pattern clustering; semantic networks; software libraries; support vector machines; AdDetect framework; Android ad libraries; Android apps; SVM classifier; active privacy leaks; adware; automatic semantic detection; commercial mobile antivirus apps; feature vectors; hierarchical clustering; in-app ad libraries; in-app advertisement libraries; intrusive ad libraries; machine learning; mobile operating systems; module decoupling technique; monetization; nonprimary modules; obfuscation techniques; semantic analysis; semantic characteristics; semantic features; user privacy; Androids; Feature extraction; Humanoid robots; Java; Libraries; Semantics; Vectors (ID#: 15-5398)


Bin Liang; Wei You; Liangkun Liu; Wenchang Shi; Heiderich, M., "Scriptless Timing Attacks on Web Browser Privacy," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp. 112, 123, 23-26 June 2014. doi: 10.1109/DSN.2014.93
Abstract: The existing Web timing attack methods are heavily dependent on executing client-side scripts to measure the time. However, many techniques have been proposed to block the executions of suspicious scripts recently. This paper presents a novel timing attack method to sniff users' browsing histories without executing any scripts. Our method is based on the fact that when a resource is loaded from the local cache, its rendering process should begin earlier than when it is loaded from a remote website. We leverage some Cascading Style Sheets (CSS) features to indirectly monitor the rendering of the target resource. Three practical attack vectors are developed for different attack scenarios and applied to six popular desktop and mobile browsers. The evaluation shows that our method can effectively sniff users' browsing histories with very high precision. We believe that modern browsers protected by script-blocking techniques are still likely to suffer serious privacy leakage threats.
Keywords: data privacy; online front-ends; CSS features; Web browser privacy; Web timing attack methods; cascading style sheets; client-side scripts; desktop browser; mobile browser; privacy leakage threats; rendering process; script-blocking techniques; scriptless timing attacks; user browsing history; Animation; Browsers; Cascading style sheets; History; Rendering (computer graphics);Timing; Web privacy; browsing history; scriptless attack; timing attack (ID#: 15-5399)


Wenhai Sun; Bing Wang; Ning Cao; Ming Li; Wenjing Lou; Hou, Y.T.; Hui Li, "Verifiable Privacy-Preserving Multi-Keyword Text Search in the Cloud Supporting Similarity-Based Ranking," Parallel and Distributed Systems, IEEE Transactions on, vol. 25, no. 11, pp. 3025, 3035, Nov. 2014. doi: 10.1109/TPDS.2013.282
Abstract: With the growing popularity of cloud computing, huge amount of documents are outsourced to the cloud for reduced management cost and ease of access. Although encryption helps protecting user data confidentiality, it leaves the well-functioning yet practically-efficient secure search functions over encrypted data a challenging problem. In this paper, we present a verifiable privacy-preserving multi-keyword text search (MTS) scheme with similarity-based ranking to address this problem. To support multi-keyword search and search result ranking, we propose to build the search index based on term frequency- and the vector space model with cosine similarity measure to achieve higher search result accuracy. To improve the search efficiency, we propose a tree-based index structure and various adaptive methods for multi-dimensional (MD) algorithm so that the practical search efficiency is much better than that of linear search. To further enhance the search privacy, we propose two secure index schemes to meet the stringent privacy requirements under strong threat models, i.e., known ciphertext model and known background model. In addition, we devise a scheme upon the proposed index tree structure to enable authenticity check over the returned search results. Finally, we demonstrate the effectiveness and efficiency of the proposed schemes through extensive experimental evaluation.
Keywords: cloud computing; cryptography; data privacy; database indexing; information retrieval; text analysis; tree data structures; ciphertext model; cloud computing; cloud supporting similarity-based ranking; cosine similarity measure;data encryption; management cost reduction; multidimensional algorithm; search privacy; secure index schemes; similarity-based ranking; term frequencyand; tree-based index structure; user data confidentiality; vector space model; verifiable privacy-preserving multikeyword text search; Encryption; Frequency measurement; Indexes; Privacy; Servers; Vectors; Cloud computing; multi-keyword search; privacy-preserving search; similarity-based ranking; verifiable search (ID#: 15-5400)


Ambusaidi, M.A.; Xiangjian He; Zhiyuan Tan; Nanda, P.; Liang Fu Lu; Nagar, U.T., "A Novel Feature Selection Approach for Intrusion Detection Data Classification," Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, pp. 82, 89, 24-26 Sept. 2014. doi: 10.1109/TrustCom.2014.15
Abstract: Intrusion Detection Systems (IDSs) play a significant role in monitoring and analyzing daily activities occurring in computer systems to detect occurrences of security threats. However, the routinely produced analytical data from computer networks are usually of very huge in size. This creates a major challenge to IDSs, which need to examine all features in the data to identify intrusive patterns. The objective of this study is to analyze and select the more discriminate input features for building computationally efficient and effective schemes for an IDS. For this, a hybrid feature selection algorithm in combination with wrapper and filter selection processes is designed in this paper. Two main phases are involved in this algorithm. The upper phase conducts a preliminary search for an optimal subset of features, in which the mutual information between the input features and the output class serves as a determinant criterion. The selected set of features from the previous phase is further refined in the lower phase in a wrapper manner, in which the Least Square Support Vector Machine (LSSVM) is used to guide the selection process and retain optimized set of features. The efficiency and effectiveness of our approach is demonstrated through building an IDS and a fair comparison with other stateof-the-art detection approaches. The experimental results show that our hybrid model is promising in detection compared to the previously reported results.
Keywords: feature selection; filtering theory; least squares approximations; pattern classification; security of data; support vector machines; IDS; LSSVM; feature selection approach; filter selection process; intrusion detection data classification ;least square support vector machine; wrapper selection process; Accuracy; Feature extraction; Intrusion detection; Mutual information; Redundancy;Support vector machines; Training; Feature selection; Floating search; Intrusion detection; Least square support vector machines; Mutual information (ID#: 15-5401)


Shatilov, K.; Boiko, V.; Krendelev, S.; Anisutina, D.; Sumaneev, A., "Solution For Secure Private Data Storage In A Cloud," Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on, pp. 885, 889, 7-10 Sept. 2014. doi: 10.15439/2014F43
Abstract: Cloud computing and, more particularly, cloud databases, is a great technology for remote centralized data managing. However, there are some drawbacks including privacy issues, insider threats and potential database thefts. Full encryption of remote database does solve the problem, but disables many operations that can be held on DBMS side; therefore problem requires much more complex solution and specific encryptions. In this paper, we propose a solution for secure private data storage that protects confidentiality of user's data, stored in cloud. Solution uses order preserving and homomorphic proprietary developed encryptions. Proposed approach includes analysis of user's SQL queries, encryption of vulnerable data and decryption of data selection, returned from DBMS. We have validated our approach through the implementation of SQL queries and DBMS replies processor, which will be discussed in this paper. Secure cloud database architecture and used encryptions also will be covered.
Keywords: cloud computing; cryptography; data privacy; distributed databases; DBMS replies processor; SQL queries; cloud computing; cloud databases; data selection; database thefts; encryption; privacy issues; remote centralized data managing; remote database; secure cloud database architecture; secure private data storage; user data; vulnerable data; Encoding; Encryption; Query processing; Vectors (ID#: 15-5402)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.