Visible to the public Biblio

Found 180 results

Filters: Keyword is Testing  [Clear All Filters]
2021-07-02
Yao, Xiaoyong, Pei, Yuwen, Wu, Pingdong, Huang, Man-ling.  2020.  Study on Integrative Control between the Stereoscopic Image and the Tactile Feedback in Augmented Reality. 2020 IEEE 3rd International Conference on Electronics and Communication Engineering (ICECE). :177—180.
The precise integrative control between the stereoscopic image and the tactile feedback is very essential in augmented reality[1]-[4]. In order to study this question, this paper will introduce a stereoscopic-imaging and tactile integrative augmented-reality system, and a stereoscopic-imaging and tactile integrative algorithm. The system includes a stereoscopic-imaging part and a string-based tactile part. The integrative algorithm is used to precisely control the interaction between the two parts. The results for testing the system and the algorithm demonstrate the system to be perfect through 5 testers' operation and will be presented in the last part of the paper.
2021-06-30
Solomon Doss, J. Kingsleen, Kamalakkannan, S..  2020.  IoT System Accomplishment using BlockChain in Validating and Data Security with Cloud. 2020 Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :60—64.
In a block channel IoT system, sensitive details can be leaked by means of the proof of work or address check, as data or application Validation data is applied on the blockchain. In this, the zero-knowledge evidence is applied to a smart metering system to show how to improve the anonymity of the blockchain for privacy safety without disclosing information as a public key. Within this article, a blockchain has been implemented to deter security risks such as data counterfeiting by utilizing intelligent meters. Zero-Knowledge Proof, an anonymity blockchain technology, has been implemented through block inquiry to prevent threats to security like personal information infringement. It was suggested that intelligent contracts would be used to avoid falsification of intelligent meter data and abuse of personal details.
2021-06-24
Liu, Zhibin, Liu, Ziang, Huang, Yuanyuan, Liu, Xin, Zhou, Xiaokang, Zhou, Rui.  2020.  A Research of Distributed Security and QoS Testing Framework. 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :174—181.
Since the birth of the Internet, the quality of network service has been a widespread concerned problem. With the continuous development of communication and information technology, people gradually realized that the contradiction between the limited resources and the business requirements of network cannot be fundamentally solved. In this paper, we design and develop a distributed security quality of service testing framework called AweQoS(AwesomeQoS), to adapt to the current complex network environment. This paper puts forward the necessity that some security tests should be closely combined with quality of service testing, and further discusses the basic methods of distributed denial of service attack and defense. We introduce the design idea and working process of AweQoS in detail, and introduce a bandwidth test method based on user datagram protocol. Experimental results show that this new test method has better test performance and potential under the AweQoS framework.
2021-05-25
Susilo, Willy, Duong, Dung Hoang, Le, Huy Quoc.  2020.  Efficient Post-quantum Identity-based Encryption with Equality Test. 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS). :633—640.
Public key encryption with equality test (PKEET) enables the testing whether two ciphertexts encrypt the same message. Identity-based encryption with equality test (IBEET) simplify the certificate management of PKEET, which leads to many potential applications such as in smart city applications or Wireless Body Area Networks. Lee et al. (ePrint 2016) proposed a generic construction of IBEET scheme in the standard model utilising a 3-level hierachy IBE together with a one-time signature scheme, which can be instantiated in lattice setting. Duong et al. (ProvSec 2019) proposed the first direct construction of IBEET in standard model from lattices. However, their scheme achieve CPA security only. In this paper, we improve the Duong et al.'s construction by proposing an IBEET in standard model which achieves CCA2 security and with smaller ciphertext and public key size.
2021-05-18
Wei, Hanlin, Bai, Guangdong, Luo, Zongwei.  2020.  Foggy: A New Anonymous Communication Architecture Based on Microservices. 2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS). :135–144.
This paper presents Foggy, an anonymous communication system focusing on providing users with anonymous web browsing. Foggy provides a microservice-based proxy for web browsing and other low-latency network activities without exposing users' metadata and browsed content to adversaries. It is designed with decentralized information management, web caching, and configurable service selection. Although Foggy seems to be more centralized compared with Tor, it gains an advantage in manageability while retaining anonymity. Foggy can be deployed by several agencies to become more decentralized. We prototype Foggy and test its performance. Our experiments show Foggy's low latency and deployability, demonstrating its potential to be a commercial solution for real-world deployment.
Chen, Haibo, Chen, Junzuo, Chen, Jinfu, Yin, Shang, Wu, Yiming, Xu, Jiaping.  2020.  An Automatic Vulnerability Scanner for Web Applications. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1519–1524.
With the progressive development of web applications and the urgent requirement of web security, vulnerability scanner has been particularly emphasized, which is regarded as a fundamental component for web security assurance. Various scanners are developed with the intention of that discovering the possible vulnerabilities in advance to avoid malicious attacks. However, most of them only focus on the vulnerability detection with single target, which fail in satisfying the efficiency demand of users. In this paper, an effective web vulnerability scanner that integrates the information collection with the vulnerability detection is proposed to verify whether the target web application is vulnerable or not. The experimental results show that, by guiding the detection process with the useful collected information, our tool achieves great web vulnerability detection capability with a large scanning scope.
Zhang, Chi, Chen, Jinfu, Cai, Saihua, Liu, Bo, Wu, Yiming, Geng, Ye.  2020.  iTES: Integrated Testing and Evaluation System for Software Vulnerability Detection Methods. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1455–1460.
To find software vulnerabilities using software vulnerability detection technology is an important way to ensure the system security. Existing software vulnerability detection methods have some limitations as they can only play a certain role in some specific situations. To accurately analyze and evaluate the existing vulnerability detection methods, an integrated testing and evaluation system (iTES) is designed and implemented in this paper. The main functions of the iTES are:(1) Vulnerability cases with source codes covering common vulnerability types are collected automatically to form a vulnerability cases library; (2) Fourteen methods including static and dynamic vulnerability detection are evaluated in iTES, involving the Windows and Linux platforms; (3) Furthermore, a set of evaluation metrics is designed, including accuracy, false positive rate, utilization efficiency, time cost and resource cost. The final evaluation and test results of iTES have a good guiding significance for the selection of appropriate software vulnerability detection methods or tools according to the actual situation in practice.
2021-05-13
Sardar, Muhammad Usama, Quoc, Do Le, Fetzer, Christof.  2020.  Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX. 2020 23rd Euromicro Conference on Digital System Design (DSD). :604—607.

Vulnerabilities in privileged software layers have been exploited with severe consequences. Recently, Trusted Execution Environments (TEEs) based technologies have emerged as a promising approach since they claim strong confidentiality and integrity guarantees regardless of the trustworthiness of the underlying system software. In this paper, we consider one of the most prominent TEE technologies, referred to as Intel Software Guard Extensions (SGX). Despite many formal approaches, there is still a lack of formal proof of some critical processes of Intel SGX, such as remote attestation. To fill this gap, we propose a fully automated, rigorous, and sound formal approach to specify and verify the Enhanced Privacy ID (EPID)-based remote attestation in Intel SGX under the assumption that there are no side-channel attacks and no vulnerabilities inside the enclave. The evaluation indicates that the confidentiality of attestation keys is preserved against a Dolev-Yao adversary in this technology. We also present a few of the many inconsistencies found in the existing literature on Intel SGX attestation during formal specification.

Jain, Harsh, Vikram, Aditya, Mohana, Kashyap, Ankit, Jain, Ayush.  2020.  Weapon Detection using Artificial Intelligence and Deep Learning for Security Applications. 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC). :193—198.
Security is always a main concern in every domain, due to a rise in crime rate in a crowded event or suspicious lonely areas. Abnormal detection and monitoring have major applications of computer vision to tackle various problems. Due to growing demand in the protection of safety, security and personal properties, needs and deployment of video surveillance systems can recognize and interpret the scene and anomaly events play a vital role in intelligence monitoring. This paper implements automatic gun (or) weapon detection using a convolution neural network (CNN) based SSD and Faster RCNN algorithms. Proposed implementation uses two types of datasets. One dataset, which had pre-labelled images and the other one is a set of images, which were labelled manually. Results are tabulated, both algorithms achieve good accuracy, but their application in real situations can be based on the trade-off between speed and accuracy.
2021-05-05
Đuranec, A., Gruičić, S., Žagar, M..  2020.  Forensic analysis of Windows 10 Sandbox. 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO). :1224—1229.

With each Windows operating system Microsoft introduces new features to its users. Newly added features present a challenge to digital forensics examiners as they are not analyzed or tested enough. One of the latest features, introduced in Windows 10 version 1909 is Windows Sandbox; a lightweight, temporary, environment for running untrusted applications. Because of the temporary nature of the Sandbox and insufficient documentation, digital forensic examiners are facing new challenges when examining this newly added feature which can be used to hide different illegal activities. Throughout this paper, the focus will be on analyzing different Windows artifacts and event logs, with various tools, left behind as a result of the user interaction with the Sandbox feature on a clear virtual environment. Additionally, the setup of testing environment will be explained, the results of testing and interpretation of the findings will be presented, as well as open-source tools used for the analysis.

Nienhuis, Kyndylan, Joannou, Alexandre, Bauereiss, Thomas, Fox, Anthony, Roe, Michael, Campbell, Brian, Naylor, Matthew, Norton, Robert M., Moore, Simon W., Neumann, Peter G. et al..  2020.  Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process. 2020 IEEE Symposium on Security and Privacy (SP). :1003—1020.

The root causes of many security vulnerabilities include a pernicious combination of two problems, often regarded as inescapable aspects of computing. First, the protection mechanisms provided by the mainstream processor architecture and C/C++ language abstractions, dating back to the 1970s and before, provide only coarse-grain virtual-memory-based protection. Second, mainstream system engineering relies almost exclusively on test-and-debug methods, with (at best) prose specifications. These methods have historically sufficed commercially for much of the computer industry, but they fail to prevent large numbers of exploitable bugs, and the security problems that this causes are becoming ever more acute.In this paper we show how more rigorous engineering methods can be applied to the development of a new security-enhanced processor architecture, with its accompanying hardware implementation and software stack. We use formal models of the complete instruction-set architecture (ISA) at the heart of the design and engineering process, both in lightweight ways that support and improve normal engineering practice - as documentation, in emulators used as a test oracle for hardware and for running software, and for test generation - and for formal verification. We formalise key intended security properties of the design, and establish that these hold with mechanised proof. This is for the same complete ISA models (complete enough to boot operating systems), without idealisation.We do this for CHERI, an architecture with hardware capabilities that supports fine-grained memory protection and scalable secure compartmentalisation, while offering a smooth adoption path for existing software. CHERI is a maturing research architecture, developed since 2010, with work now underway on an Arm industrial prototype to explore its possible adoption in mass-market commercial processors. The rigorous engineering work described here has been an integral part of its development to date, enabling more rapid and confident experimentation, and boosting confidence in the design.

2021-04-27
Agirre, I., Onaindia, P., Poggi, T., Yarza, I., Cazorla, F. J., Kosmidis, L., Grüttner, K., Abuteir, M., Loewe, J., Orbegozo, J. M. et al..  2020.  UP2DATE: Safe and secure over-the-air software updates on high-performance mixed-criticality systems. 2020 23rd Euromicro Conference on Digital System Design (DSD). :344–351.
Following the same trend of consumer electronics, safety-critical industries are starting to adopt Over-The-Air Software Updates (OTASU) on their embedded systems. The motivation behind this trend is twofold. On the one hand, OTASU offer several benefits to the product makers and users by improving or adding new functionality and services to the product without a complete redesign. On the other hand, the increasing connectivity trend makes OTASU a crucial cyber-security demand to download latest security patches. However, the application of OTASU in the safety-critical domain is not free of challenges, specially when considering the dramatic increase of software complexity and the resulting high computing performance demands. This is the mission of UP2DATE, a recently launched project funded within the European H2020 programme focused on new software update architectures for heterogeneous high-performance mixed-criticality systems. This paper gives an overview of UP2DATE and its foundations, which seeks to improve existing OTASU solutions by considering safety, security and availability from the ground up in an architecture that builds around composability and modularity.
2021-04-09
Fadhilah, D., Marzuki, M. I..  2020.  Performance Analysis of IDS Snort and IDS Suricata with Many-Core Processor in Virtual Machines Against Dos/DDoS Attacks. 2020 2nd International Conference on Broadband Communications, Wireless Sensors and Powering (BCWSP). :157—162.
The rapid development of technology makes it possible for a physical machine to be converted into a virtual machine, which can operate multiple operating systems that are running simultaneously and connected to the internet. DoS/DDoS attacks are cyber-attacks that can threaten the telecommunications sector because these attacks cause services to be disrupted and be difficult to access. There are several software tools for monitoring abnormal activities on the network, such as IDS Snort and IDS Suricata. From previous studies, IDS Suricata is superior to IDS Snort version 2 because IDS Suricata already supports multi-threading, while IDS Snort version 2 still only supports single-threading. This paper aims to conduct tests on IDS Snort version 3.0 which already supports multi-threading and IDS Suricata. This research was carried out on a virtual machine with 1 core, 2 core, and 4 core processor settings for CPU, memory, and capture packet attacks on IDS Snort version 3.0 and IDS Suricata. The attack scenario is divided into 2 parts: DoS attack scenario using 1 physical computer, and DDoS attack scenario using 5 physical computers. Based on overall testing, the results are: In general, IDS Snort version 3.0 is better than IDS Suricata. This is based on the results when using a maximum of 4 core processor, in which IDS Snort version 3.0 CPU usage is stable at 55% - 58%, a maximum memory of 3,000 MB, can detect DoS attacks with 27,034,751 packets, and DDoS attacks with 36,919,395 packets. Meanwhile, different results were obtained by IDS Suricata, in which CPU usage is better compared to IDS Snort version 3.0 with only 10% - 40% usage, and a maximum memory of 1,800 MB. However, the capabilities of detecting DoS attacks are smaller with 3,671,305 packets, and DDoS attacks with a total of 7,619,317 packets on a TCP Flood attack test.
2021-04-08
Feng, X., Wang, D., Lin, Z., Kuang, X., Zhao, G..  2020.  Enhancing Randomization Entropy of x86-64 Code while Preserving Semantic Consistency. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1–12.

Code randomization is considered as the basis of mitigation against code reuse attacks, fundamentally supporting some recent proposals such as execute-only memory (XOM) that aims at dynamic return-oriented programming (ROP) attacks. However, existing code randomization methods are hard to achieve a good balance between high-randomization entropy and semantic consistency. In particular, they always ignore code semantic consistency, incurring performance loss and incompatibility with current security schemes, e.g., control flow integrity (CFI). In this paper, we present an enhanced code randomization method termed as HCRESC, which can improve the randomization entropy significantly, meanwhile ensure the semantic consistency between variants and the original code. HCRESC reschedules instructions within the range of functions rather than basic blocks, thus producing more variants of the original code and preserving the code's semantic. We implement HCRESC on Linux platform of x86-64 architecture and demonstrate that HCRESC can increase the randomization entropy of x86-64 code over than 120% compared with existing methods while ensuring control flow and size of the code unaltered.

2021-03-30
Tai, J., Alsmadi, I., Zhang, Y., Qiao, F..  2020.  Machine Learning Methods for Anomaly Detection in Industrial Control Systems. 2020 IEEE International Conference on Big Data (Big Data). :2333—2339.

This paper examines multiple machine learning models to find the model that best indicates anomalous activity in an industrial control system that is under a software-based attack. The researched machine learning models are Random Forest, Gradient Boosting Machine, Artificial Neural Network, and Recurrent Neural Network classifiers built-in Python and tested against the HIL-based Augmented ICS dataset. Although the results showed that Random Forest, Gradient Boosting Machine, Artificial Neural Network, and Long Short-Term Memory classification models have great potential for anomaly detection in industrial control systems, we found that Random Forest with tuned hyperparameters slightly outperformed the other models.

Kuchar, K., Fujdiak, R., Blazek, P., Martinasek, Z., Holasova, E..  2020.  Simplified Method for Fast and Efficient Incident Detection in Industrial Networks. 2020 4th Cyber Security in Networking Conference (CSNet). :1—3.

This article is focused on industrial networks and their security. An industrial network typically works with older devices that do not provide security at the level of today's requirements. Even protocols often do not support security at a sufficient level. It is necessary to deal with these security issues due to digitization. It is therefore required to provide other techniques that will help with security. For this reason, it is possible to deploy additional elements that will provide additional security and ensure the monitoring of the network, such as the Intrusion Detection System. These systems recognize identified signatures and anomalies. Methods of detecting security incidents by detecting anomalies in network traffic are described. The proposed methods are focused on detecting DoS attacks in the industrial Modbus protocol and operations performed outside the standard interval in the Distributed Network Protocol 3. The functionality of the performed methods is tested in the IDS system Zeek.

2021-03-17
Huo, T., Wang, W., Zhao, P., Li, Y., Wang, T., Li, M..  2020.  TEADS: A Defense-Aware Framework for Synthesizing Transient Execution Attacks. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :320—327.

Since 2018, a broad class of microarchitectural attacks called transient execution attacks (e.g., Spectre and Meltdown) have been disclosed. By abusing speculative execution mechanisms in modern CPUs, these attacks enable adversaries to leak secrets across security boundaries. A transient execution attack typically evolves through multiple stages, termed the attack chain. We find that current transient execution attacks usually rely on static attack chains, resulting in that any blockage in an attack chain may cause the failure of the entire attack. In this paper, we propose a novel defense-aware framework, called TEADS, for synthesizing transient execution attacks dynamically. The main idea of TEADS is that: each attacking stage in a transient execution attack chain can be implemented in several ways, and the implementations used in different attacking stages can be combined together under certain constraints. By constructing an attacking graph representing combination relationships between the implementations and testing available paths in the attacking graph dynamically, we can finally synthesize transient execution attacks which can bypass the imposed defense techniques. Our contributions include: (1) proposing an automated defense-aware framework for synthesizing transient execution attacks, even though possible combinations of defense strategies are enabled; (2) presenting an attacking graph extension algorithm to detect potential attack chains dynamically; (3) implementing TEADS and testing it on several modern CPUs with different protection settings. Experimental results show that TEADS can bypass the defenses equipped, improving the adaptability and durability of transient execution attacks.

2021-03-16
Ullah, A., Chen, X., Yang, J..  2020.  Design and Implementation of MobilityFirst Future Internet Testbed. 2020 3rd International Conference on Hot Information-Centric Networking (HotICN). :170—174.

Recently, Future Internet research has attracted enormous attentions towards the design of clean slate Future Internet Architecture. A large number of research projects has been established by National Science Foundation's (NSF), Future Internet Architecture (FIA) program in this area. One of these projects is MobilityFirst, which recognizes the predominance of mobile networking and aims to address the challenges of this paradigm shift. Future Internet Architecture Projects, are usually deploying on large scale experimental networks for testing and evaluating the properties of new architecture and protocols. Currently only some specific experiments, like routing and name resolution scalability in MobilityFirst architecture has been performed over the ORBIT and GENI platforms. However, to move from this experimental networking to technology trials with real-world users and applications deployment of alternative testbeds are necessary. In this paper, MobilityFirst Future Internet testbed is designed and deployed on Future Networks Laboratory, University of Science and Technology of China, China. Which provides a realistic environment for MobilityFirst experiments. Next, in this paper, for MF traffic transmission between MobilityFirst networks through current networking protocols (TCP), MobilityFirst Proxies are designed and implemented. Furthermore, the results and experience obtained from experiments over proposed testbed are presented.

2021-03-15
Staicu, C.-A., Torp, M. T., Schäfer, M., Møller, A., Pradel, M..  2020.  Extracting Taint Specifications for JavaScript Libraries. 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). :198—209.

Modern JavaScript applications extensively depend on third-party libraries. Especially for the Node.js platform, vulnerabilities can have severe consequences to the security of applications, resulting in, e.g., cross-site scripting and command injection attacks. Existing static analysis tools that have been developed to automatically detect such issues are either too coarse-grained, looking only at package dependency structure while ignoring dataflow, or rely on manually written taint specifications for the most popular libraries to ensure analysis scalability. In this work, we propose a technique for automatically extracting taint specifications for JavaScript libraries, based on a dynamic analysis that leverages the existing test suites of the libraries and their available clients in the npm repository. Due to the dynamic nature of JavaScript, mapping observations from dynamic analysis to taint specifications that fit into a static analysis is non-trivial. Our main insight is that this challenge can be addressed by a combination of an access path mechanism that identifies entry and exit points, and the use of membranes around the libraries of interest. We show that our approach is effective at inferring useful taint specifications at scale. Our prototype tool automatically extracts 146 additional taint sinks and 7 840 propagation summaries spanning 1 393 npm modules. By integrating the extracted specifications into a commercial, state-of-the-art static analysis, 136 new alerts are produced, many of which correspond to likely security vulnerabilities. Moreover, many important specifications that were originally manually written are among the ones that our tool can now extract automatically.

Shekhawat, G. K., Yadav, R. P..  2020.  Sparse Code Multiple Access based Cooperative Spectrum Sensing in 5G Cognitive Radio Networks. 2020 5th International Conference on Computing, Communication and Security (ICCCS). :1–6.
Fifth-generation (5G) network demands of higher data rate, massive user connectivity and large spectrum can be achieve using Sparse Code Multiple Access (SCMA) scheme. The integration of cognitive feature spectrum sensing with SCMA can enhance the spectrum efficiency in a heavily dense 5G wireless network. In this paper, we have investigated the primary user detection performance using SCMA in Centralized Cooperative Spectrum Sensing (CCSS). The developed model can support massive user connectivity, lower latency and higher spectrum utilization for future 5G networks. The simulation study is performed for AWGN and Rayleigh fading channel. Log-MPA iterative receiver based Log-Likelihood Ratio (LLR) soft test statistic is passed to Fusion Center (FC). The Wald-hypothesis test is used at FC to finalize the PU decision.
2021-03-09
THIGA, M. M..  2020.  Increasing Participation and Security in Student Elections through Online Voting: The Case of Kabarak University. 2020 IST-Africa Conference (IST-Africa). :1—7.

Electronic voting systems have enhanced efficiency in student elections management in universities, supporting such elections to become less expensive, logistically simple, with higher accuracy levels as compared to manually conducted elections. However, e-voting systems that are confined to campus hall voting inhibits access to eligible voters who are away from campus. This study examined the challenges of lack of wide access and impersonation of voter in the student elections of 2018 in Kabarak University. The main objective of this study was therefore to upgrade the offline electronic voting system through developing a secure online voting system and deploying the system for use in the 2019 student elections at Kabarak University. The resultant system and development process employed demonstrate the applicability of a secure online voting not only in the higher education context, but also in other democracies where infusion of online access and authentication in the voting processes is a requisite.

Oakley, I..  2020.  Solutions to Black Hole Attacks in MANETs. 2020 12th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP). :1–6.
Self-organising networks, such as mobile ad-hoc networks (MANETs), are growing more and more in importance each day. However, due to their nature and constraints MANETs are vulnerable to a wide array of attacks, such as black hole attacks. Furthermore, there are numerous routing protocols in use in MANETs, and what works for one might not for another. In this paper, we present a review of previous surveys of black hole attack solutions, followed by a collation of recently published papers categorised by original routing protocol and evaluated on a set of common metrics. Finally, we suggest areas for further research.
Mashhadi, M. J., Hemmati, H..  2020.  Hybrid Deep Neural Networks to Infer State Models of Black-Box Systems. 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE). :299–311.
Inferring behavior model of a running software system is quite useful for several automated software engineering tasks, such as program comprehension, anomaly detection, and testing. Most existing dynamic model inference techniques are white-box, i.e., they require source code to be instrumented to get run-time traces. However, in many systems, instrumenting the entire source code is not possible (e.g., when using black-box third-party libraries) or might be very costly. Unfortunately, most black-box techniques that detect states over time are either univariate, or make assumptions on the data distribution, or have limited power for learning over a long period of past behavior. To overcome the above issues, in this paper, we propose a hybrid deep neural network that accepts as input a set of time series, one per input/output signal of the system, and applies a set of convolutional and recurrent layers to learn the non-linear correlations between signals and the patterns, over time. We have applied our approach on a real UAV auto-pilot solution from our industry partner with half a million lines of C code. We ran 888 random recent system-level test cases and inferred states, over time. Our comparison with several traditional time series change point detection techniques showed that our approach improves their performance by up to 102%, in terms of finding state change points, measured by F1 score. We also showed that our state classification algorithm provides on average 90.45% F1 score, which improves traditional classification algorithms by up to 17%.
2021-03-04
Sun, H., Liu, L., Feng, L., Gu, Y. X..  2014.  Introducing Code Assets of a New White-Box Security Modeling Language. 2014 IEEE 38th International Computer Software and Applications Conference Workshops. :116—121.

This paper argues about a new conceptual modeling language for the White-Box (WB) security analysis. In the WB security domain, an attacker may have access to the inner structure of an application or even the entire binary code. It becomes pretty easy for attackers to inspect, reverse engineer, and tamper the application with the information they steal. The basis of this paper is the 14 patterns developed by a leading provider of software protection technologies and solutions. We provide a part of a new modeling language named i-WBS (White-Box Security) to describe problems of WB security better. The essence of White-Box security problem is code security. We made the new modeling language focus on code more than ever before. In this way, developers who are not security experts can easily understand what they need to really protect.

2021-02-23
Alshamrani, A..  2020.  Reconnaissance Attack in SDN based Environments. 2020 27th International Conference on Telecommunications (ICT). :1—5.
Software Defined Networking (SDN) is a promising network architecture that aims at providing high flexibility through the separation between network logic (control plane) and forwarding functions (data plane). This separation provides logical centralization of controllers, global network overview, ease of programmability, and a range of new SDN-compliant services. In recent years, the adoption of SDN in enterprise networks has been constantly increasing. In the meantime, new challenges arise in different levels such as scalability, management, and security. In this paper, we elaborate on complex security issues in the current SDN architecture. Especially, reconnaissance attack where attackers generate traffic for the goal of exploring existing services, assets, and overall network topology. To eliminate reconnaissance attack in SDN environment, we propose SDN-based solution by utilizing distributed firewall application, security policy, and OpenFlow counters. Distributed firewall application is capable of tracking the flow based on pre-defined states that would monitor the connection to sensitive nodes toward malicious activity. We utilize Mininet to simulate the testing environment. We are able to detect and mitigate this type of attack at early stage and in average around 7 second.