Visible to the public Biblio

Filters: Keyword is threat vectors  [Clear All Filters]
2021-01-22
Akbari, I., Tahoun, E., Salahuddin, M. A., Limam, N., Boutaba, R..  2020.  ATMoS: Autonomous Threat Mitigation in SDN using Reinforcement Learning. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—9.
Machine Learning has revolutionized many fields of computer science. Reinforcement Learning (RL), in particular, stands out as a solution to sequential decision making problems. With the growing complexity of computer networks in the face of new emerging technologies, such as the Internet of Things and the growing complexity of threat vectors, there is a dire need for autonomous network systems. RL is a viable solution for achieving this autonomy. Software-defined Networking (SDN) provides a global network view and programmability of network behaviour, which can be employed for security management. Previous works in RL-based threat mitigation have mostly focused on very specific problems, mostly non-sequential, with ad-hoc solutions. In this paper, we propose ATMoS, a general framework designed to facilitate the rapid design of RL applications for network security management using SDN. We evaluate our framework for implementing RL applications for threat mitigation, by showcasing the use of ATMoS with a Neural Fitted Q-learning agent to mitigate an Advanced Persistent Threat. We present the RL model's convergence results showing the feasibility of our solution for active threat mitigation.
2020-03-02
Ranaweera, Pasika, Jurcut, Anca Delia, Liyanage, Madhusanka.  2019.  Realizing Multi-Access Edge Computing Feasibility: Security Perspective. 2019 IEEE Conference on Standards for Communications and Networking (CSCN). :1–7.
Internet of Things (IoT) and 5G are emerging technologies that prompt a mobile service platform capable of provisioning billions of communication devices which enable ubiquitous computing and ambient intelligence. These novel approaches are guaranteeing gigabit-level bandwidth, ultra-low latency and ultra-high storage capacity for their subscribers. To achieve these limitations, ETSI has introduced the paradigm of Multi-Access Edge Computing (MEC) for creating efficient data processing architecture extending the cloud computing capabilities in the Radio Access Network (RAN). Despite the gained enhancements to the mobile network, MEC is subjected to security challenges raised from the heterogeneity of IoT services, intricacies in integrating virtualization technologies, and maintaining the performance guarantees of the mobile networks (i.e. 5G). In this paper, we are identifying the probable threat vectors in a typical MEC deployment scenario that comply with the ETSI standards. We analyse the identified threat vectors and propose solutions to mitigate them.
2020-02-26
Padmanaban, R., Thirumaran, M., Sanjana, Victoria, Moshika, A..  2019.  Security Analytics For Heterogeneous Web. 2019 IEEE International Conference on System, Computation, Automation and Networking (ICSCAN). :1–6.

In recent days, Enterprises are expanding their business efficiently through web applications which has paved the way for building good consumer relationship with its customers. The major threat faced by these enterprises is their inability to provide secure environments as the web applications are prone to severe vulnerabilities. As a result of this, many security standards and tools have been evolving to handle the vulnerabilities. Though there are many vulnerability detection tools available in the present, they do not provide sufficient information on the attack. For the long-term functioning of an organization, data along with efficient analytics on the vulnerabilities is required to enhance its reliability. The proposed model thus aims to make use of Machine Learning with Analytics to solve the problem in hand. Hence, the sequence of the attack is detected through the pattern using PAA and further the detected vulnerabilities are classified using Machine Learning technique such as SVM. Probabilistic results are provided in order to obtain numerical data sets which could be used for obtaining a report on user and application behavior. Dynamic and Reconfigurable PAA with SVM Classifier is a challenging task to analyze the vulnerabilities and impact of these vulnerabilities in heterogeneous web environment. This will enhance the former processing by analysis of the origin and the pattern of the attack in a more effective manner. Hence, the proposed system is designed to perform detection of attacks. The system works on the mitigation and prevention as part of the attack prediction.

Matin, Iik Muhamad Malik, Rahardjo, Budi.  2019.  Malware Detection Using Honeypot and Machine Learning. 2019 7th International Conference on Cyber and IT Service Management (CITSM). 7:1–4.

Malware is one of the threats to information security that continues to increase. In 2014 nearly six million new malware was recorded. The highest number of malware is in Trojan Horse malware while in Adware malware is the most significantly increased malware. Security system devices such as antivirus, firewall, and IDS signature-based are considered to fail to detect malware. This happens because of the very fast spread of computer malware and the increasing number of signatures. Besides signature-based security systems it is difficult to identify new methods, viruses or worms used by attackers. One other alternative in detecting malware is to use honeypot with machine learning. Honeypot can be used as a trap for packages that are suspected while machine learning can detect malware by classifying classes. Decision Tree and Support Vector Machine (SVM) are used as classification algorithms. In this paper, we propose architectural design as a solution to detect malware. We presented the architectural proposal and explained the experimental method to be used.

Rahman, Obaid, Quraishi, Mohammad Ali Gauhar, Lung, Chung-Horng.  2019.  DDoS Attacks Detection and Mitigation in SDN Using Machine Learning. 2019 IEEE World Congress on Services (SERVICES). 2642-939X:184–189.

Software Defined Networking (SDN) is very popular due to the benefits it provides such as scalability, flexibility, monitoring, and ease of innovation. However, it needs to be properly protected from security threats. One major attack that plagues the SDN network is the distributed denial-of-service (DDoS) attack. There are several approaches to prevent the DDoS attack in an SDN network. We have evaluated a few machine learning techniques, i.e., J48, Random Forest (RF), Support Vector Machine (SVM), and K-Nearest Neighbors (K-NN), to detect and block the DDoS attack in an SDN network. The evaluation process involved training and selecting the best model for the proposed network and applying it in a mitigation and prevention script to detect and mitigate attacks. The results showed that J48 performs better than the other evaluated algorithms, especially in terms of training and testing time.

Kaur, Gaganjot, Gupta, Prinima.  2019.  Hybrid Approach for Detecting DDOS Attacks in Software Defined Networks. 2019 Twelfth International Conference on Contemporary Computing (IC3). :1–6.

In today's time Software Defined Network (SDN) gives the complete control to get the data flow in the network. SDN works as a central point to which data is administered centrally and traffic is also managed. SDN being open source product is more prone to security threats. The security policies are also to be enforced as it would otherwise let the controller be attacked the most. The attacks like DDOS and DOS attacks are more commonly found in SDN controller. DDOS is destructive attack that normally diverts the normal flow of traffic and starts the over flow of flooded packets halting the system. Machine Learning techniques helps to identify the hidden and unexpected pattern of the network and hence helps in analyzing the network flow. All the classified and unclassified techniques can help detect the malicious flow based on certain parameters like packet flow, time duration, accuracy and precision rate. Researchers have used Bayesian Network, Wavelets, Support Vector Machine and KNN to detect DDOS attacks. As per the review it's been analyzed that KNN produces better result as per the higher precision and giving a lower falser rate for detection. This paper produces better approach of hybrid Machine Learning techniques rather than existing KNN on the same data set giving more accuracy of detecting DDOS attacks on higher precision rate. The result of the traffic with both normal and abnormal behavior is shown and as per the result the proposed algorithm is designed which is suited for giving better approach than KNN and will be implemented later on for future.

Xiong, Wenjun, Carlsson, Per, Lagerström, Robert.  2019.  Re-Using Enterprise Architecture Repositories for Agile Threat Modeling. 2019 IEEE 23rd International Enterprise Distributed Object Computing Workshop (EDOCW). :118–127.

Digitization has increased exposure and opened up for more cyber threats and attacks. To proactively handle this issue, enterprise modeling needs to include threat management during the design phase that considers antagonists, attack vectors, and damage domains. Agile methods are commonly adopted to efficiently develop and manage software and systems. This paper proposes to use an enterprise architecture repository to analyze not only shipped components but the overall architecture, to improve the traditional designs represented by legacy systems in the situated IT-landscape. It shows how the hidden structure method (with Design Structure Matrices) can be used to evaluate the enterprise architecture, and how it can contribute to agile development. Our case study uses an architectural descriptive language called ArchiMate for architecture modeling and shows how to predict the ripple effect in a damaging domain if an attacker's malicious components are operating within the network.

Al-issa, Abdulaziz I., Al-Akhras, Mousa, ALsahli, Mohammed S., Alawairdhi, Mohammed.  2019.  Using Machine Learning to Detect DoS Attacks in Wireless Sensor Networks. 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT). :107–112.

Widespread use of Wireless Sensor Networks (WSNs) introduced many security threats due to the nature of such networks, particularly limited hardware resources and infrastructure less nature. Denial of Service attack is one of the most common types of attacks that face such type of networks. Building an Intrusion Detection and Prevention System to mitigate the effect of Denial of Service attack is not an easy task. This paper proposes the use of two machine learning techniques, namely decision trees and Support Vector Machines, to detect attack signature on a specialized dataset. The used dataset contains regular profiles and several Denial of Service attack scenarios in WSNs. The experimental results show that decision trees technique achieved better (higher) true positive rate and better (lower) false positive rate than Support Vector Machines, 99.86% vs 99.62%, and 0.05% vs. 0.09%, respectively.

Sokolov, S. A., Iliev, T. B., Stoyanov, I. S..  2019.  Analysis of Cybersecurity Threats in Cloud Applications Using Deep Learning Techniques. 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). :441–446.

In this paper we present techniques based on machine learning techniques on monitoring data for analysis of cybersecurity threats in cloud environments that incorporate enterprise applications from the fields of telecommunications and IoT. Cybersecurity is a term describing techniques for protecting computers, telecommunications equipment, applications, environments and data. In modern networks enormous volume of generated traffic can be observed. We propose several techniques such as Support Vector Machines, Neural networks and Deep Neural Networks in combination for analysis of monitoring data. An approach for combining classifier results based on performance weights is proposed. The proposed approach delivers promising results comparable to existing algorithms and is suitable for enterprise grade security applications.

Tychalas, Dimitrios, Keliris, Anastasis, Maniatakos, Michail.  2019.  LED Alert: Supply Chain Threats for Stealthy Data Exfiltration in Industrial Control Systems. 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS). :194–199.

Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 20-30 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.

Naik, Nitin, Jenkins, Paul, Savage, Nick, Yang, Longzhi.  2019.  Cyberthreat Hunting - Part 2: Tracking Ransomware Threat Actors Using Fuzzy Hashing and Fuzzy C-Means Clustering. 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1–6.

Threat actors are constantly seeking new attack surfaces, with ransomeware being one the most successful attack vectors that have been used for financial gain. This has been achieved through the dispersion of unlimited polymorphic samples of ransomware whilst those responsible evade detection and hide their identity. Nonetheless, every ransomware threat actor adopts some similar style or uses some common patterns in their malicious code writing, which can be significant evidence contributing to their identification. he first step in attempting to identify the source of the attack is to cluster a large number of ransomware samples based on very little or no information about the samples, accordingly, their traits and signatures can be analysed and identified. T herefore, this paper proposes an efficient fuzzy analysis approach to cluster ransomware samples based on the combination of two fuzzy techniques fuzzy hashing and fuzzy c-means (FCM) clustering. Unlike other clustering techniques, FCM can directly utilise similarity scores generated by a fuzzy hashing method and cluster them into similar groups without requiring additional transformational steps to obtain distance among objects for clustering. Thus, it reduces the computational overheads by utilising fuzzy similarity scores obtained at the time of initial triaging of whether the sample is known or unknown ransomware. The performance of the proposed fuzzy method is compared against k-means clustering and the two fuzzy hashing methods SSDEEP and SDHASH which are evaluated based on their FCM clustering results to understand how the similarity score affects the clustering results.

Bhatnagar, Dev, Som, Subhranil, Khatri, Sunil Kumar.  2019.  Advance Persistant Threat and Cyber Spying - The Big Picture, Its Tools, Attack Vectors and Countermeasures. 2019 Amity International Conference on Artificial Intelligence (AICAI). :828–839.

Advance persistent threat is a primary security concerns to the big organizations and its technical infrastructure, from cyber criminals seeking personal and financial information to state sponsored attacks designed to disrupt, compromising infrastructure, sidestepping security efforts thus causing serious damage to organizations. A skilled cybercriminal using multiple attack vectors and entry points navigates around the defenses, evading IDS/Firewall detection and breaching the network in no time. To understand the big picture, this paper analyses an approach to advanced persistent threat by doing the same things the bad guys do on a network setup. We will walk through various steps from foot-printing and reconnaissance, scanning networks, gaining access, maintaining access to finally clearing tracks, as in a real world attack. We will walk through different attack tools and exploits used in each phase and comparative study on their effectiveness, along with explaining their attack vectors and its countermeasures. We will conclude the paper by explaining the factors which actually qualify to be an Advance Persistent Threat.

2019-03-15
Kim, D., Shin, D., Shin, D..  2018.  Unauthorized Access Point Detection Using Machine Learning Algorithms for Information Protection. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1876-1878.

With the frequent use of Wi-Fi and hotspots that provide a wireless Internet environment, awareness and threats to wireless AP (Access Point) security are steadily increasing. Especially when using unauthorized APs in company, government and military facilities, there is a high possibility of being subjected to various viruses and hacking attacks. It is necessary to detect unauthorized Aps for protection of information. In this paper, we use RTT (Round Trip Time) value data set to detect authorized and unauthorized APs in wired / wireless integrated environment, analyze them using machine learning algorithms including SVM (Support Vector Machine), C4.5, KNN (K Nearest Neighbors) and MLP (Multilayer Perceptron). Overall, KNN shows the highest accuracy.

Lin, W., Lin, H., Wang, P., Wu, B., Tsai, J..  2018.  Using Convolutional Neural Networks to Network Intrusion Detection for Cyber Threats. 2018 IEEE International Conference on Applied System Invention (ICASI). :1107-1110.

In practice, Defenders need a more efficient network detection approach which has the advantages of quick-responding learning capability of new network behavioural features for network intrusion detection purpose. In many applications the capability of Deep Learning techniques has been confirmed to outperform classic approaches. Accordingly, this study focused on network intrusion detection using convolutional neural networks (CNNs) based on LeNet-5 to classify the network threats. The experiment results show that the prediction accuracy of intrusion detection goes up to 99.65% with samples more than 10,000. The overall accuracy rate is 97.53%.

Salman, Muhammad, Husna, Diyanatul, Apriliani, Stella Gabriella, Pinem, Josua Geovani.  2018.  Anomaly Based Detection Analysis for Intrusion Detection System Using Big Data Technique with Learning Vector Quantization (LVQ) and Principal Component Analysis (PCA). Proceedings of the 2018 International Conference on Artificial Intelligence and Virtual Reality. :20-23.

Data security has become a very serious parf of any organizational information system. More and more threats across the Internet has evolved and capable to deceive firewall as well as antivirus software. In addition, the number of attacks become larger and become more dificult to be processed by the firewall or antivirus software. To improve the security of the system is usually done by adding Intrusion Detection System(IDS), which divided into anomaly-based detection and signature-based detection. In this research to process a huge amount of data, Big Data technique is used. Anomaly-based detection is proposed using Learning Vector Quantization Algorithm to detect the attacks. Learning Vector Quantization is a neural network technique that learn the input itself and then give the appropriate output according to the input. Modifications were made to improve test accuracy by varying the test parameters that present in LVQ. Varying the learning rate, epoch and k-fold cross validation resulted in a more efficient output. The output is obtained by calculating the value of information retrieval from the confusion matrix table from each attack classes. Principal Component Analysis technique is used along with Learning Vector Quantization to improve system performance by reducing the data dimensionality. By using 18-Principal Component, dataset successfully reduced by 47.3%, with the best Recognition Rate of 96.52% and time efficiency improvement up to 43.16%.

Kettani, Houssain, Cannistra, Robert M..  2018.  On Cyber Threats to Smart Digital Environments. Proceedings of the 2Nd International Conference on Smart Digital Environment. :183-188.

Cyber threats and attacks have significantly increased in complexity and quantity throughout this past year. In this paper, the top fifteen cyber threats and trends are articulated in detail to provide awareness throughout the community and raising awareness. Specific attack vectors, mitigation techniques, kill chain and threat agents addressing Smart Digital Environments (SDE), including Internet of Things (IoT), are discussed. Due to the rising number of IoT and embedded firmware devices within ubiquitous computing environments such as smart homes, smart businesses and smart cities, the top fifteen cyber threats are being used in a comprehensive manner to take advantage of vulnerabilities and launch cyber operations using multiple attack vectors. What began as ubiquitous, or pervasive, computing is now matured to smart environments where the vulnerabilities and threats are widespread.

Nicho, M., Khan, S. N..  2018.  A Decision Matrix Model to Identify and Evaluate APT Vulnerabilities at the User Plane. 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). :1155-1160.

While advances in cyber-security defensive mechanisms have substantially prevented malware from penetrating into organizational Information Systems (IS) networks, organizational users have found themselves vulnerable to threats emanating from Advanced Persistent Threat (APT) vectors, mostly in the form of spear phishing. In this respect, the question of how an organizational user can differentiate between a genuine communication and a similar looking fraudulent communication in an email/APT threat vector remains a dilemma. Therefore, identifying and evaluating the APT vector attributes and assigning relative weights to them can assist the user to make a correct decision when confronted with a scenario that may be genuine or a malicious APT vector. In this respect, we propose an APT Decision Matrix model which can be used as a lens to build multiple APT threat vector scenarios to identify threat attributes and their weights, which can lead to systems compromise.

Noor, U., Anwar, Z., Noor, U., Anwar, Z., Rashid, Z..  2018.  An Association Rule Mining-Based Framework for Profiling Regularities in Tactics Techniques and Procedures of Cyber Threat Actors. 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE). :1-6.

Tactics Techniques and Procedures (TTPs) in cyber domain is an important threat information that describes the behavior and attack patterns of an adversary. Timely identification of associations between TTPs can lead to effective strategy for diagnosing the Cyber Threat Actors (CTAs) and their attack vectors. This study profiles the prevalence and regularities in the TTPs of CTAs. We developed a machine learning-based framework that takes as input Cyber Threat Intelligence (CTI) documents, selects the most prevalent TTPs with high information gain as features and based on them mine interesting regularities between TTPs using Association Rule Mining (ARM). We evaluated the proposed framework with publicly available TTPbased CTI documents. The results show that there are 28 TTPs more prevalent than the other TTPs. Our system identified 155 interesting association rules among the TTPs of CTAs. A summary of these rules is given to effectively investigate threats in the network.

Deliu, I., Leichter, C., Franke, K..  2018.  Collecting Cyber Threat Intelligence from Hacker Forums via a Two-Stage, Hybrid Process Using Support Vector Machines and Latent Dirichlet Allocation. 2018 IEEE International Conference on Big Data (Big Data). :5008-5013.

Traditional security controls, such as firewalls, anti-virus and IDS, are ill-equipped to help IT security and response teams keep pace with the rapid evolution of the cyber threat landscape. Cyber Threat Intelligence (CTI) can help remediate this problem by exploiting non-traditional information sources, such as hacker forums and "dark-web" social platforms. Security and response teams can use the collected intelligence to identify emerging threats. Unfortunately, when manual analysis is used to extract CTI from non-traditional sources, it is a time consuming, error-prone and resource intensive process. We address these issues by using a hybrid Machine Learning model that automatically searches through hacker forum posts, identifies the posts that are most relevant to cyber security and then clusters the relevant posts into estimations of the topics that the hackers are discussing. The first (identification) stage uses Support Vector Machines and the second (clustering) stage uses Latent Dirichlet Allocation. We tested our model, using data from an actual hacker forum, to automatically extract information about various threats such as leaked credentials, malicious proxy servers, malware that evades AV detection, etc. The results demonstrate our method is an effective means for quickly extracting relevant and actionable intelligence that can be integrated with traditional security controls to increase their effectiveness.

2019-02-25
Fang, Yong, Peng, Jiayi, Liu, Liang, Huang, Cheng.  2018.  WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :170–174.

The Structured Query Language Injection Attack (SQLIA) is one of the most serious and popular threats of web applications. The results of SQLIA include the data loss or complete host takeover. Detection of SQLIA is always an intractable challenge because of the heterogeneity of the attack payloads. In this paper, a novel method to detect SQLIA based on word vector of SQL tokens and LSTM neural networks is described. In the proposed method, SQL query strings were firstly syntactically analyzed into tokens, and then likelihood ratio test is used to build the word vector of SQL tokens, ultimately, an LSTM model is trained with sequences of token word vectors. We developed a tool named WOVSQLI, which implements the proposed technique, and it was evaluated with a dataset from several sources. The results of experiments demonstrate that WOVSQLI can effectively identify SQLIA.

2018-04-11
Spanos, Georgios, Angelis, Lefteris, Toloudis, Dimitrios.  2017.  Assessment of Vulnerability Severity Using Text Mining. Proceedings of the 21st Pan-Hellenic Conference on Informatics. :49:1–49:6.

Software1 vulnerabilities are closely associated with information systems security, a major and critical field in today's technology. Vulnerabilities constitute a constant and increasing threat for various aspects of everyday life, especially for safety and economy, since the social impact from the problems that they cause is complicated and often unpredictable. Although there is an entire research branch in software engineering that deals with the identification and elimination of vulnerabilities, the growing complexity of software products and the variability of software production procedures are factors contributing to the ongoing occurrence of vulnerabilities, Hence, another area that is being developed in parallel focuses on the study and management of the vulnerabilities that have already been reported and registered in databases. The information contained in such databases includes, a textual description and a number of metrics related to vulnerabilities. The purpose of this paper is to investigate to what extend the assessment of the vulnerability severity can be inferred directly from the corresponding textual description, or in other words, to examine the informative power of the description with respect to the vulnerability severity. For this purpose, text mining techniques, i.e. text analysis and three different classification methods (decision trees, neural networks and support vector machines) were employed. The application of text mining to a sample of 70,678 vulnerabilities from a public data source shows that the description itself is a reliable and highly accurate source of information for vulnerability prioritization.

Wang, Wenhao, Chen, Guoxing, Pan, Xiaorui, Zhang, Yinqian, Wang, XiaoFeng, Bindschaedler, Vincent, Tang, Haixu, Gunter, Carl A..  2017.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :2421–2434.

Side-channel risks of Intel SGX have recently attracted great attention. Under the spotlight is the newly discovered page-fault attack, in which an OS-level adversary induces page faults to observe the page-level access patterns of a protected process running in an SGX enclave. With almost all proposed defense focusing on this attack, little is known about whether such efforts indeed raise the bar for the adversary, whether a simple variation of the attack renders all protection ineffective, not to mention an in-depth understanding of other attack surfaces in the SGX system. In the paper, we report the first step toward systematic analyses of side-channel threats that SGX faces, focusing on the risks associated with its memory management. Our research identifies 8 potential attack vectors, ranging from TLB to DRAM modules. More importantly, we highlight the common misunderstandings about SGX memory side channels, demonstrating that high frequent AEXs can be avoided when recovering EdDSA secret key through a new page channel and fine-grained monitoring of enclave programs (at the level of 64B) can be done through combining both cache and cross-enclave DRAM channels. Our findings reveal the gap between the ongoing security research on SGX and its side-channel weaknesses, redefine the side-channel threat model for secure enclaves, and can provoke a discussion on when to use such a system and how to use it securely.

Gulmezoglu, Berk, Eisenbarth, Thomas, Sunar, Berk.  2017.  Cache-Based Application Detection in the Cloud Using Machine Learning. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. :288–300.

Cross-VM attacks have emerged as a major threat on commercial clouds. These attacks commonly exploit hardware level leakages on shared physical servers. A co-located machine can readily feel the presence of a co-located instance with a heavy computational load through performance degradation due to contention on shared resources. Shared cache architectures such as the last level cache (LLC) have become a popular leakage source to mount cross-VM attack. By exploiting LLC leakages, researchers have already shown that it is possible to recover fine grain information such as cryptographic keys from popular software libraries. This makes it essential to verify implementations that handle sensitive data across the many versions and numerous target platforms, a task too complicated, error prone and costly to be handled by human beings. Here we propose a machine learning based technique to classify applications according to their cache access profiles. We show that with minimal and simple manual processing steps feature vectors can be used to train models using support vector machines to classify the applications with a high degree of success. The profiling and training steps are completely automated and do not require any inspection or study of the code to be classified. In native execution, we achieve a successful classification rate as high as 98% (L1 cache) and 78$\backslash$% (LLC) over 40 benchmark applications in the Phoronix suite with mild training. In the cross-VM setting on the noisy Amazon EC2 the success rate drops to 60$\backslash$% for a suite of 25 applications. With this initial study we demonstrate that it is possible to train meaningful models to successfully predict applications running in co-located instances.

Huang, Yunfan, Yang, Haomiao, Nie, Mengxi, Wu, Honggang.  2017.  Image Feature Extraction with Homomorphic Encryption on Integer Vector. Proceedings of the 2017 International Conference on Machine Learning and Soft Computing. :111–116.

With the amount of user-contributed image data increasing, it is a potential threat for users that everyone may have the access to gain privacy information. To reduce the possibility of the loss of real information, this paper combines homomorphic encryption scheme and image feature extraction to provide a guarantee for users' privacy. In this paper, the whole system model mainly consists of three parts, including social network service providers (SP), the Interested party (IP) and the applications. Except for the image preprocessing phase, the main operations of feature extraction are conducted in ciphertext domain, which means only SP has the access to the privacy of the users. The extraction algorithm is used to obtain a multi-dimensional histogram descriptor as image feature for each image. As a result, the histogram descriptor can be extracted correctly in encrypted domain in an acceptable time. Besides, the extracted feature can represent the image effectively because of relatively high accuracy. Additionally, many different applications can be conducted by using the encrypted features because of the support of our encryption scheme.

Kim, Y. S., Son, C. W., Lee, S. I..  2017.  A Method of Cyber Security Vulnerability Test for the DPPS and PMAS Test-Bed. 2017 17th International Conference on Control, Automation and Systems (ICCAS). :1749–1752.

Vulnerability analysis is important procedure for a cyber security evaluation process. There are two types of vulnerability analysis, which is an interview for the facility manager and a vulnerability scanning with a software tool. It is difficult to use the vulnerability scanning tool on an operating nuclear plant control system because of the possibility of giving adverse effects to the system. The purpose of this paper is to suggest a method of cyber security vulnerability test using the DPPS and PMAS test-bed. Based on functions of the test-bed, possible threats and vulnerabilities in terms of cyber security were analyzed. Attack trees and test scenarios could be established with the consideration of attack vectors. It is expected that this method can be helpful to implement adequate security controls and verify whether the security controls make adverse impact to the inherent functions of the systems.