Visible to the public Biblio

Found 108 results

Filters: Keyword is Fingerprint recognition  [Clear All Filters]
2023-01-05
Ebrahimabadi, Mohammad, Younis, Mohamed, Lalouani, Wassila, Karimi, Naghmeh.  2022.  An Attack Resilient PUF-based Authentication Mechanism for Distributed Systems. 2022 35th International Conference on VLSI Design and 2022 21st International Conference on Embedded Systems (VLSID). :108–113.
In most PUF-based authentication schemes, a central server is usually engaged to verify the response of the device’s PUF to challenge bit-streams. However, the server availability may be intermittent in practice. To tackle such an issue, this paper proposes a new protocol for supporting distributed authentication while avoiding vulnerability to information leakage where CRPs could be retrieved from hacked devices and collectively used to model the PUF. The main idea is to provision for scrambling the challenge bit-stream in a way that is dependent on the verifier. The scrambling pattern varies per authentication round for each device and independently across devices. In essence, the scrambling function becomes node- and packetspecific and the response received by two verifiers of one device for the same challenge bit-stream could vary. Thus, neither the scrambling function can be reverted, nor the PUF can be modeled even by a collusive set of malicious nodes. The validation results using data of an FPGA-based implementation demonstrate the effectiveness of our approach in thwarting PUF modeling attacks by collusive actors. We also discuss the approach resiliency against impersonation, Sybil, and reverse engineering attacks.
2022-12-01
Oh, Mi-Kyung, Lee, Sangjae, Kang, Yousung.  2021.  Wi-SUN Device Authentication using Physical Layer Fingerprint. 2021 International Conference on Information and Communication Technology Convergence (ICTC). :160–162.
This paper aims to identify Wi-SUN devices using physical layer fingerprint. We first extract physical layer features based on the received Wi-SUN signals, especially focusing on device-specific clock skew and frequency deviation in FSK modulation. Then, these physical layer fingerprints are used to train a machine learning-based classifier and the resulting classifier finally identifies the authorized Wi-SUN devices. Preliminary experiments on Wi-SUN certified chips show that the authenticator with the proposed physical layer fingerprints can distinguish Wi-SUN devices with 100 % accuracy. Since no additional computational complexity for authentication is involved on the device side, our approach can be applied to any Wi-SUN based IoT devices with security requirements.
2022-09-30
Wüstrich, Lars, Schröder, Lukas, Pahl, Marc-Oliver.  2021.  Cyber-Physical Anomaly Detection for ICS. 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM). :950–955.
Industrial Control Systems (ICS) are complex systems made up of many components with different tasks. For a safe and secure operation, each device needs to carry out its tasks correctly. To monitor a system and ensure the correct behavior of systems, anomaly detection is used.Models of expected behavior often rely only on cyber or physical features for anomaly detection. We propose an anomaly detection system that combines both types of features to create a dynamic fingerprint of an ICS. We present how a cyber-physical anomaly detection using sound on the physical layer can be designed, and which challenges need to be overcome for a successful implementation. We perform an initial evaluation for identifying actions of a 3D printer.
2022-09-20
Dong, Xingbo, Jin, Zhe, Zhao, Leshan, Guo, Zhenhua.  2021.  BioCanCrypto: An LDPC Coded Bio-Cryptosystem on Fingerprint Cancellable Template. 2021 IEEE International Joint Conference on Biometrics (IJCB). :1—8.
Biometrics as a means of personal authentication has demonstrated strong viability in the past decade. However, directly deriving a unique cryptographic key from biometric data is a non-trivial task due to the fact that biometric data is usually noisy and presents large intra-class variations. Moreover, biometric data is permanently associated with the user, which leads to security and privacy issues. Cancellable biometrics and bio-cryptosystem are two main branches to address those issues, yet both approaches fall short in terms of accuracy performance, security, and privacy. In this paper, we propose a Bio-Crypto system on fingerprint Cancellable template (Bio-CanCrypto), which bridges cancellable biometrics and bio-cryptosystem to achieve a middle-ground for alleviating the limitations of both. Specifically, a cancellable transformation is applied on a fixed-length fingerprint feature vector to generate cancellable templates. Next, an LDPC coding mechanism is introduced into a reusable fuzzy extractor scheme and used to extract the stable cryptographic key from the generated cancellable templates. The proposed system can achieve both cancellability and reusability in one scheme. Experiments are conducted on a public fingerprint dataset, i.e., FVC2002. The results demonstrate that the proposed LDPC coded reusable fuzzy extractor is effective and promising.
Sreemol, R, Santosh Kumar, M B, Sreekumar, A.  2021.  Improvement of Security in Multi-Biometric Cryptosystem by Modulus Fuzzy Vault Algorithm. 2021 International Conference on Advances in Computing and Communications (ICACC). :1—7.
Numerous prevalent techniques build a Multi-Modal Biometric (MMB) system that struggles in offering security and also revocability onto the templates. This work proffered a MMB system centred on the Modulus Fuzzy Vault (MFV) aimed at resolving these issues. The methodology proposed includes Fingerprint (FP), Palmprint (PP), Ear and also Retina images. Utilizing the Boosted Double Plateau Histogram Equalization (BDPHE) technique, all images are improved. Aimed at removing the unnecessary things as of the ear and the blood vessels are segmented as of the retina images utilizing the Modified Balanced Iterative Reducing and Clustering using Hierarchy (MBIRCH) technique. Next, the input traits features are extracted; then the essential features are chosen as of the features extracted utilizing the Bidirectional Deer Hunting optimization Algorithm (BDHOA). The features chosen are merged utilizing the Normalized Feature Level and Score Level (NFLSL) fusion. The features fused are saved securely utilizing Modulus Fuzzy Vault. Upto fusion, the procedure is repeated aimed at the query image template. Next, the de-Fuzzy Vault procedure is executed aimed at the query template, and then the key is detached by matching the query template’s and input biometric template features. The key separated is analogized with the threshold that categorizes the user as genuine or else imposter. The proposed BDPHE and also MFV techniques function efficiently than the existent techniques.
2022-08-26
Liu, Nathan, Moreno, Carlos, Dunne, Murray, Fischmeister, Sebastian.  2021.  vProfile: Voltage-Based Anomaly Detection in Controller Area Networks. 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE). :1142–1147.
Modern cars are becoming more accessible targets for cyberattacks due to the proliferation of wireless communication channels. The intra-vehicle Controller Area Network (CAN) bus lacks authentication, which exposes critical components to interference from less secure, wirelessly compromised modules. To address this issue, we propose vProfile, a sender authentication system based on voltage fingerprints of Electronic Control Units (ECUs). vProfile exploits the physical properties of ECU output voltages on the CAN bus to determine the authenticity of bus messages, which enables the detection of both hijacked ECUs and external devices connected to the bus. We show the potential of vProfile using experiments on two production vehicles with precision and recall scores of over 99.99%. The improved identification rates and more straightforward design of vProfile make it an attractive improvement over existing methods.
2022-07-29
Sharma, Kavya, Chakravarti, Praveen Kumar, Sharma, Rohan, Parashar, Kanishq, Pal, Nisha.  2021.  A Review on Internet of Things Based Door Security. 2021 4th Biennial International Conference on Nascent Technologies in Engineering (ICNTE). :1—4.
{On considering workplace thefts as a major problem, there is a requirement of designing a vandal proof door hardware and locking mechanism for ensuring the security of our property. So the door lock system with extra security features with a user friendly cost is suggested in this paper. When a stranger comes at the door, he/she has to pass three security levels for unlocking the solenoid locks present at the door and if he fails to do so, the door will remain locked. These three levels are of three extraordinary security features as one of them is using Fingerprint sensor, second is using a knocking pattern, and the last lock is unlocked by the preset pin/pattern entered by the user. Since, in addition to these features, there is one more option for the case of appearing of guest at the door and that is the Image capturing using web-camera present at the door and here the owner of the house is able to unlock all the locks if he wants the guest to enter the home. This all will be monitored by Node MCU}.
2022-07-13
Dolev, Shlomi, Kalma, Arseni.  2021.  Verifiable Computing Using Computation Fingerprints Within FHE. 2021 IEEE 20th International Symposium on Network Computing and Applications (NCA). :1—9.
We suggest using Fully Homomorphic Encryption (FHE) to be used, not only to keep the privacy of information but also, to verify computations with no additional significant overhead, using only part of the variables length for verification. This method supports the addition of encrypted values as well as multiplication of encrypted values by the addition of their logarithmic representations and is based on a separation between hardware functionalities. The computer/server performs blackbox additions and is based on the separation of server/device/hardware, such as the enclave, that may deal with additions of logarithmic values and exponentiation. The main idea is to restrict the computer operations and to use part of the variable for computation verification (computation fingerprints) and the other for the actual calculation. The verification part holds the FHE value, of which the calculated result is known (either due to computing locally once or from previously verified computations) and will be checked against the returned FHE value. We prove that a server with bit computation granularity can return consistent encrypted wrong results even when the public key is not provided. For the case of computer word granularity the verification and the actual calculation parts are separated, the verification part (the consecutive bits from the LSB to the MSB of the variables) is fixed across all input vectors. We also consider the case of Single Instruction Multiple Data (SIMD) where the computation fingerprints index in the input vectors is fixed across all vectors.
2022-07-12
Lachtar, Nada, Elkhail, Abdulrahman Abu, Bacha, Anys, Malik, Hafiz.  2021.  An Application Agnostic Defense Against the Dark Arts of Cryptojacking. 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :314—325.
The popularity of cryptocurrencies has garnered interest from cybercriminals, spurring an onslaught of cryptojacking campaigns that aim to hijack computational resources for the purpose of mining cryptocurrencies. In this paper, we present a cross-stack cryptojacking defense system that spans the hardware and OS layers. Unlike prior work that is confined to detecting cryptojacking behavior within web browsers, our solution is application agnostic. We show that tracking instructions that are frequently used in cryptographic hash functions serve as reliable signatures for fingerprinting cryptojacking activity. We demonstrate that our solution is resilient to multi-threaded and throttling evasion techniques that are commonly employed by cryptojacking malware. We characterize the robustness of our solution by extensively testing a diverse set of workloads that include real consumer applications. Finally, an evaluation of our proof-of-concept implementation shows minimal performance impact while running a mix of benchmark applications.
2022-06-15
Zou, Kexin, Shi, Jinqiao, Gao, Yue, Wang, Xuebin, Wang, Meiqi, Li, Zeyu, Su, Majing.  2021.  Bit-FP: A Traffic Fingerprinting Approach for Bitcoin Hidden Service Detection. 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC). :99–105.
Bitcoin is a virtual encrypted digital currency based on a peer-to-peer network. In recent years, for higher anonymity, more and more Bitcoin users try to use Tor hidden services for identity and location hiding. However, previous studies have shown that Tor are vulnerable to traffic fingerprinting attack, which can identify different websites by identifying traffic patterns using statistical features of traffic. Our work shows that traffic fingerprinting attack is also effective for the Bitcoin hidden nodes detection. In this paper, we proposed a novel lightweight Bitcoin hidden service traffic fingerprinting, using a random decision forest classifier with features from TLS packet size and direction. We test our attack on a novel dataset, including a foreground set of Bitcoin hidden node traffic and a background set of different hidden service websites and various Tor applications traffic. We can detect Bitcoin hidden node from different Tor clients and website hidden services with a precision of 0.989 and a recall of 0.987, which is higher than the previous model.
2022-06-14
Gvozdov, Roman, Poddubnyi, Vadym, Sieverinov, Oleksandr, Buhantsov, Andrey, Vlasov, Andrii, Sukhoteplyi, Vladyslav.  2021.  Method of Biometric Authentication with Digital Watermarks. 2021 IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T). :569–571.
This paper considers methods of fingerprint protection in biometric authentication systems. Including methods of protecting fingerprint templates using zero digital watermarks and cryptography techniques. The paper considers a secure authentication model using cryptography and digital watermarks.
Dhane, Harshad, Manikandan, V. M..  2021.  A New Framework for Secure Biometric Data Transmission using Block-wise Reversible Data Hiding Through Encryption. 2021 Fifth International Conference On Intelligent Computing in Data Sciences (ICDS). :1–8.
Reversible data hiding (RDH) is an emerging area in the field of information security. The RDH schemes are widely explored in the field of cloud computing for data authentication and in medical image transmission for clinical data transmission along with medical images. The RDH schemes allow the data hider to embed sensitive information in digital content in such a way that later it can be extracted while recovering the original image. In this research, we explored the use of the RDH through the encryption scheme in a biometric authentication system. The internet of things (IoT) enabled biometric authentication systems are very common nowadays. In general, in biometric authentication, computationally complex tasks such as feature extraction and feature matching will be performed in a cloud server. The user-side devices will capture biometric data such as the face, fingerprint, or iris and it will be directly communicated to the cloud server for further processing. Since the confidentiality of biometric data needs to be maintained during the transmission, the original biometric data will be encrypted using any one of the data encryption techniques. In this manuscript, we propose the use of RDH through encryption approach to transmit two different biometric data as a single file without compromising confidentiality. The proposed scheme will ensure the integrity of the biometric data during transmission. For data hiding purposes, we have used a block-wise RDH through encryption scheme. The experimental study of the proposed scheme is carried out by embedding fingerprint data in the face images. The validation of the proposed scheme is carried out by extracting the fingerprint details from the face images during image decryption. The scheme ensures the exact recovery of face image images and fingerprint data at the receiver site.
2022-06-09
Obaidat, Muath, Brown, Joseph, Alnusair, Awny.  2021.  Blind Attack Flaws in Adaptive Honeypot Strategies. 2021 IEEE World AI IoT Congress (AIIoT). :0491–0496.
Adaptive honeypots are being widely proposed as a more powerful alternative to the traditional honeypot model. Just as with typical honeypots, however, one of the most important concerns of an adaptive honeypot is environment deception in order to make sure an adversary cannot fingerprint the honeypot. The threat of fingerprinting hints at a greater underlying concern, however; this being that honeypots are only effective because an adversary does not know that the environment on which they are operating is a honeypot. What has not been widely discussed in the context of adaptive honeypots is that they actually have an inherently increased level of susceptibility to this threat. Honeypots not only bear increased risks when an adversary knows they are a honeypot rather than a native system, but they are only effective as adaptable entities if one does not know that the honeypot environment they are operating on is adaptive as wekk. Thus, if adaptive honeypots become commonplace - or, instead, if attackers even have an inkling that an adaptive honeypot may exist on any given network, a new attack which could develop is a “blind confusion attack”; a form of connection which simply makes an assumption all environments are adaptive honeypots, and instead of attempting to perform a malicious strike on a given entity, opts to perform non-malicious behavior in specified and/or random patterns to confuse an adaptive network's learning.
Mangino, Antonio, Bou-Harb, Elias.  2021.  A Multidimensional Network Forensics Investigation of a State-Sanctioned Internet Outage. 2021 International Wireless Communications and Mobile Computing (IWCMC). :813–818.
In November 2019, the government of Iran enforced a week-long total Internet blackout that prevented the majority of Internet connectivity into and within the nation. This work elaborates upon the Iranian Internet blackout by characterizing the event through Internet-scale, near realtime network traffic measurements. Beginning with an investigation of compromised machines scanning the Internet, nearly 50 TB of network traffic data was analyzed. This work discovers 856,625 compromised IP addresses, with 17,182 attributed to the Iranian Internet space. By the second day of the Internet shut down, these numbers dropped by 18.46% and 92.81%, respectively. Empirical analysis of the Internet-of-Things (IoT) paradigm revealed that over 90% of compromised Iranian hosts were fingerprinted as IoT devices, which saw a significant drop throughout the shutdown (96.17% decrease by the blackout's second day). Further examination correlates BGP reachability metrics and related data with geolocation databases to statistically evaluate the number of reachable Iranian ASNs (dropping from approximately 1100 to under 200 reachable networks). In-depth investigation reveals the top affected ASNs, providing network forensic evidence of the longitudinal unplugging of such key networks. Lastly, the impact's interruption of the Bitcoin cryptomining market is highlighted, disclosing a massive spike in unsuccessful (i.e., pending) transactions. When combined, these network traffic measurements provide a multidimensional perspective of the Iranian Internet shutdown.
2022-05-06
Lokhande, Trupti, Sonekar, Shrikant, Wani, Aachal.  2021.  Development of an Algorithmic Approach for Hiding Sensitive Data and Recovery of Data based on Fingerprint Identification for Secure Cloud Storage. 2021 8th International Conference on Signal Processing and Integrated Networks (SPIN). :800–805.
Information Security is a unified piece of information technology that has emerged as vibrant technology in the last two decades. To manage security, authentication assumes a significant part. Biometric is the physical unique identification as well as authentication for the third party. We have proposed the security model for preventing many attacks so we are used the innermost layer as a 3DES (Triple Encryption standard) cryptography algorithm that is providing 3- key protection as 64-bit and the outermost layer used the MD5 (Message Digest) algorithm. i. e. providing 128-bit protection as well as we is using fingerprint identification as physical security that is used in third-party remote integrity auditing. Remote data integrity auditing is proposed to ensure the uprightness of the information put away in the cloud. Data Storage of cloud services has expanded paces of acknowledgment because of their adaptability and the worry of the security and privacy levels. The large number of integrity and security issues that arise depends on the difference between the customer and the service provider in the sense of an external auditor. The remote data integrity auditing is at this point prepared to be viably executed. In the meantime, the proposed scheme is depending on identity-based cryptography, which works on the convoluted testament of the executives. The safety investigation and the exhibition assessment show that the planned property is safe and productive.
Wani, Aachal, Sonekar, Shrikant, Lokhande, Trupti.  2021.  Design and Development of Collaborative Approach for Integrity Auditing and Data Recovery based on Fingerprint Identification for Secure Cloud Storage. 2021 2nd Global Conference for Advancement in Technology (GCAT). :1–6.
In a Leading field of Information Technology moreover make information Security a unified piece of it. To manage security, Authentication assumes a significant part. Biometric is the physical unique identification as well as Authentication for third party. We are proposed the Security model for preventing many attacks so we are used Inner most layer as a 3DES (Triple Encryption standard) Cryptography algorithm that is providing 3-key protection as 64-bit And the outer most layer used the MD5 (Message Digest) Algorithm. i. e. Providing 128 – bit protection. As well as we are using Fingerprint Identification as a physical Security that used in third party remote integrity auditing, and remote data integrity auditing is proposed to ensure the uprightness of the information put away in the cloud. Data Storage of cloud services has expanded paces of acknowledgment because of their adaptability and the worry of the security and privacy levels. The large number of integrity and security issues that arise depends on the difference between the customer and the service provider in the sense of an external auditor. The remote data integrity auditing is at this point prepared to be viably executed. In the meantime, the proposed scheme is depends on identity-based cryptography, which works on the convoluted testament the executives. The safety investigation and the exhibition assessment show that the planned property is safe and productive.
2022-04-22
Xu, Chengtao, He, Fengyu, Chen, Bowen, Jiang, Yushan, Song, Houbing.  2021.  Adaptive RF Fingerprint Decomposition in Micro UAV Detection based on Machine Learning. ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). :7968—7972.
Radio frequency (RF) signal classification has significantly been used for detecting and identifying the features of unknown unmanned aerial vehicles (UAVs). This paper proposes a method using empirical mode decomposition (EMD) and ensemble empirical mode decomposition (EEMD) on extracting the communication channel characteristics of intruding UAVs. The decomposed intrinsic mode functions (IMFs) except noise components are selected for RF signal pattern recognition based on machine learning (ML). The classification results show that the denoising effects introduced by EMD and EEMD could both fit in improving the detection accuracy with different features of RF communication channel, especially on identifying time-varying RF signal sources.
2022-04-19
Thushara, G A, Bhanu, S. Mary Saira.  2021.  A Survey on Secured Data Sharing Using Ciphertext Policy Attribute Based Encryption in Cloud. 2021 8th International Conference on Smart Computing and Communications (ICSCC). :170–177.
Cloud computing facilitates the access of applications and data from any location by using any device with an internet connection. It enables multiple applications and users to access the same data resources. Cloud based information sharing is a technique that allows researchers to communicate and collaborate, that leads to major new developments in the field. It also enables users to access data over the cloud easily and conveniently. Privacy, authenticity and confidentiality are the three main challenges while sharing data in cloud. There are many methods which support secure data sharing in cloud environment such as Attribute Based Encryption(ABE), Role Based Encryption, Hierarchical Based Encryption, and Identity Based Encryption. ABE provides secure access control mechanisms for integrity. It is classified as Key Policy Attribute Based Encryption(KP-ABE) and Ciphertext Policy Attribute Based Encryption(CP-ABE) based on access policy integration. In KPABE, access structure is incorporated with user's private key, and data are encrypted over a defined attributes. Moreover, in CPABE, access structure is embedded with ciphertext. This paper reviews CP-ABE methods that have been developed so far for achieving secured data sharing in cloud environment.
2022-03-09
Barannik, Vladimir, Shulgin, Sergii, Holovchenko, Serhii, Hurzhiy, Pavlo, Sidchenko, Sergy, Gennady, Pris.  2021.  Method of Hierarchical Protection of Biometric Information. 2021 IEEE 4th International Conference on Advanced Information and Communication Technologies (AICT). :277—281.
This paper contains analysis of methods of increasing the information protection from unauthorized access using a multifactor authentication algorithm; figuring out the best, most efficient and secure method of scanning biometric data; development of a method to store and compare a candidate’s and existisng system user’s information in steganographic space. The urgency of the work is confirmed by the need to increase information security of special infocommunication systems with the help of biometric information and protection of this information from intruders by means of steganographic transformation.
2022-02-25
Wittek, Kevin, Wittek, Neslihan, Lawton, James, Dohndorf, Iryna, Weinert, Alexander, Ionita, Andrei.  2021.  A Blockchain-Based Approach to Provenance and Reproducibility in Research Workflows. 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). :1–6.
The traditional Proof of Existence blockchain service on the Bitcoin network can be used to verify the existence of any research data at a specific point of time, and to validate the data integrity, without revealing its content. Several variants of the blockchain service exist to certify the existence of data relying on cryptographic fingerprinting, thus enabling an efficient verification of the authenticity of such certifications. However, nowadays research data is continuously changing and being modified through different processing steps in most scientific research workflows such that certifications of individual data objects seem to be constantly outdated in this setting. This paper describes how the blockchain and distributed ledger technology can be used to form a new certification model, that captures the research process as a whole in a more meaningful way, including the description of the used data through its different stages and the associated computational pipeline, code for analysis and the experimental design. The scientific blockchain infrastructure bloxberg, together with a deep learning based analysis from the behavioral science field are used to show the applicability of the approach.
Sebastian-Cardenas, D., Gourisetti, S., Mylrea, M., Moralez, A., Day, G., Tatireddy, V., Allwardt, C., Singh, R., Bishop, R., Kaur, K. et al..  2021.  Digital data provenance for the power grid based on a Keyless Infrastructure Security Solution. 2021 Resilience Week (RWS). :1–10.
In this work a data provenance system for grid-oriented applications is presented. The proposed Keyless Infrastructure Security Solution (KISS) provides mechanisms to store and maintain digital data fingerprints that can later be used to validate and assert data provenance using a time-based, hash tree mechanism. The developed solution has been designed to satisfy the stringent requirements of the modern power grid including execution time and storage necessities. Its applicability has been tested using a lab-scale, proof-of-concept deployment that secures an energy management system against the attack sequence observed on the 2016 Ukrainian power grid cyberattack. The results demonstrate a strong potential for enabling data provenance in a wide array of applications, including speed-sensitive applications such as those found in control room environments.
2022-01-31
Li, Xigao, Azad, Babak Amin, Rahmati, Amir, Nikiforakis, Nick.  2021.  Good Bot, Bad Bot: Characterizing Automated Browsing Activity. 2021 IEEE Symposium on Security and Privacy (SP). :1589—1605.
As the web keeps increasing in size, the number of vulnerable and poorly-managed websites increases commensurately. Attackers rely on armies of malicious bots to discover these vulnerable websites, compromising their servers, and exfiltrating sensitive user data. It is, therefore, crucial for the security of the web to understand the population and behavior of malicious bots.In this paper, we report on the design, implementation, and results of Aristaeus, a system for deploying large numbers of "honeysites", i.e., websites that exist for the sole purpose of attracting and recording bot traffic. Through a seven-month-long experiment with 100 dedicated honeysites, Aristaeus recorded 26.4 million requests sent by more than 287K unique IP addresses, with 76,396 of them belonging to clearly malicious bots. By analyzing the type of requests and payloads that these bots send, we discover that the average honeysite received more than 37K requests each month, with more than 50% of these requests attempting to brute-force credentials, fingerprint the deployed web applications, and exploit large numbers of different vulnerabilities. By comparing the declared identity of these bots with their TLS handshakes and HTTP headers, we uncover that more than 86.2% of bots are claiming to be Mozilla Firefox and Google Chrome, yet are built on simple HTTP libraries and command-line tools.
Sjösten, Alexander, Hedin, Daniel, Sabelfeld, Andrei.  2021.  EssentialFP: Exposing the Essence of Browser Fingerprinting. 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :32—48.
Web pages aggressively track users for a variety of purposes from targeted advertisements to enhanced authentication. As browsers move to restrict traditional cookie-based tracking, web pages increasingly move to tracking based on browser fingerprinting. Unfortunately, the state-of-the-art to detect fingerprinting in browsers is often error-prone, resorting to imprecise heuristics and crowd-sourced filter lists. This paper presents EssentialFP, a principled approach to detecting fingerprinting on the web. We argue that the pattern of (i) gathering information from a wide browser API surface (multiple browser-specific sources) and (ii) communicating the information to the network (network sink) captures the essence of fingerprinting. This pattern enables us to clearly distinguish fingerprinting from similar types of scripts like analytics and polyfills. We demonstrate that information flow tracking is an excellent fit for exposing this pattern. To implement EssentialFP we leverage, extend, and deploy JSFlow, a state-of-the-art information flow tracker for JavaScript, in a browser. We illustrate the effectiveness of EssentialFP to spot fingerprinting on the web by evaluating it on two categories of web pages: one where the web pages perform analytics, use polyfills, and show ads, and one where the web pages perform authentication, bot detection, and fingerprinting-enhanced Alexa top pages.
2022-01-25
Taspinar, Samet, Mohanty, Manoranjan, Memon, Nasir.  2021.  Effect of Video Pixel-Binning on Source Attribution of Mixed Media. ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). :2545–2549.
Photo Response Non-Uniformity (PRNU) noise obtained from images or videos is used as a camera fingerprint to attribute visual objects captured by a camera. The PRNU-based source attribution method, however, fails when there is misalignment between the fingerprint and the query object. One example of such a misalignment, which has been overlooked in the field, is caused by the in-camera resizing technique that a video may have been subjected to. This paper investigates the attribution of visual media in the context of matching a video query object to an image fingerprint or vice versa. Specifically this paper focuses on improving camera attribution performance by taking into account the effects of binning, a commonly used in-camera resizing technique applied to video. We experimentally show that the True Positive Rate (TPR) obtained when binning is considered is approximately 3% higher.
2022-01-11
Li, Xiaolong, Zhao, Tengteng, Zhang, Wei, Gan, Zhiqiang, Liu, Fugang.  2021.  A Visual Analysis Framework of Attack Paths Based on Network Traffic. 2021 IEEE International Conference on Power Electronics, Computer Applications (ICPECA). :232–237.
With the rapid development of the Internet, cyberspace security has become a potentially huge problem. At the same time, the disclosure of cyberspace vulnerabilities is getting faster and faster. Traditional protection methods based on known features cannot effectively defend against new network attacks. Network attack is no more a single vulnerability exploit, but an APT attack based on multiple complicated methods. Cyberspace attacks have become ``rationalized'' on the surface. Currently, there are a lot of researches about visualization of attack paths, but there is no an overall plan to reproduce the attack path. Most researches focus on the detection and characterization individual based on single behavior cyberspace attacks, which loose it's abilities to help security personnel understand the complete attack behavior of attackers. The key factors of this paper is to collect the attackers' aggressive behavior by reverse retrospective method based on the actual shooting range environment. By finding attack nodes and dividing offensive behavior into time series, we can characterize the attacker's behavior path vividly and comprehensively.