وبلاگ بلیان

Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings ... Notes in Computer Science Book 12223)

معرفی کتاب «Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings ... Notes in Computer Science Book 12223)» نوشتهٔ Clémentine Maurice, Leyla Bilge, Gianluca Stringhini, Nuno Neves, Lorenzo Cavallaro, Giancarlo Pellegrino، منتشرشده توسط نشر Springer International Publishing : Imprint: Springer در سال 1222. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the proceedings of the 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2020, held in Lisbon, Portugal, in June 2020.\* The 13 full papers presented in this volume were carefully reviewed and selected from 45 submissions. The contributions were organized in topical sections named: vulnerability discovery and analysis; attacks; web security; and detection and containment. ​\*The conference was held virtually due to the COVID-19 pandemic. Preface 6 Organization 7 Contents 11 Vulnerability Discovery and Analysis 13 Automated CPE Labeling of CVE Summaries with Machine Learning 14 1 Introduction 14 2 Background 16 2.1 Vulnerability Data 16 2.2 Natural Language Processing and Named Entity Recognition 17 3 Data and Labels 17 4 Problem Statement and Evaluation 19 5 Modeling 20 5.1 Feature Engineering 20 5.2 Neural Network 22 6 Results and Discussion 26 6.1 Training 26 6.2 Main Results 27 6.3 Performance over CPE-product, -vendor, and -version 27 6.4 Feature Analysis 28 6.5 Increasing Performance on Rare Labels 30 6.6 Error Analysis 30 7 Related Research 30 8 Conclusion 31 References 32 Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks 34 1 Introduction 34 2 Related Work 35 3 Methodology 36 4 Background: Supply Chain Attacks 38 4.1 Open Source Development Projects 38 4.2 Injection of Malicious Code 39 4.3 Execution of Malicious Code 41 5 Description of the Dataset 42 5.1 Composition and Structure 42 5.2 Temporal Aspects 43 5.3 Trigger of Malicious Behavior 44 5.4 Conditional Execution 44 5.5 Injection of Malicious Package 45 5.6 Primary Objective 46 5.7 Targeted Operating System 47 5.8 Obfuscation 48 5.9 Clusters 48 5.10 Code Review of Two Malicious Packages 50 6 Discussion and Conclusions 50 References 52 Putting Attacks in Context: A Building Automation Testbed for Impact Assessment from the Victim's Perspective 55 1 Introduction 55 2 Related Work and Background 57 3 Business Processes and BACSs 59 4 Testbed for Business Continuity Impact Assessment 60 4.1 Requirements 60 4.2 Design 61 4.3 Implementation 63 5 Empirical Analysis of BACS Attacks 65 5.1 Attacks 67 5.2 BACRank Scoring 69 6 Conclusion 71 A Ventilation Rate 72 B BACRank Centrality Measure 72 References 73 Attacks 76 Fast and Furious: Outrunning Windows Kernel Notification Routines from User-Mode 77 1 Introduction 77 2 Background 79 2.1 Notification Routines 80 2.2 Protection via Callback 82 3 Vulnerability 83 3.1 Exploit Using Job Object (hFromJob) 84 3.2 Exploit Using PID Guessing (hThemAll) 84 4 Case Studies 85 4.1 Bypassing Our Own Protection Driver 85 4.2 Disabling Anti-malware 87 4.3 Bypassing Virtualisation Defences 88 4.4 Bypassing Video Game Anti-cheat Defences 88 5 Related Work 89 5.1 Other Windows Security Mechanisms 89 5.2 Research Efforts and Patents 90 6 Discussion 91 6.1 Discovery 91 6.2 Vulnerability Time Period Measurement 92 6.3 Implications 93 6.4 Responsible Disclosure 94 6.5 Microsoft's Response 95 6.6 Possible Solutions 95 7 Conclusions 96 References 97 HAEPG: An Automatic Multi-hop Exploitation Generation Framework 99 1 Introduction 99 2 Motivational Example 101 3 Methodology 102 3.1 Heap Interaction Modeling 103 3.2 Vulnerability Analysis 104 3.3 Template-Guided Exploit Generation 105 4 Implementation 108 4.1 Static Analysis 108 4.2 Dependency of Function Paths 109 4.3 Templating Engine 110 5 Evaluation 111 5.1 Effectiveness 111 5.2 Performance 112 5.3 A Multi-hop Exploitation Case Study 114 5.4 Failed Cases 115 6 Related Work 116 7 Discussion 117 8 Conclusion 118 References 118 Understanding Android VoIP Security: A System-Level Vulnerability Assessment 120 1 Introduction 120 2 Background 122 2.1 VoIP Background 122 2.2 Android Background 123 3 Demystifying Android VoIP 123 3.1 Android VoIP's Protocol Stack 123 3.2 Android VoIP's Attack Surfaces 125 4 Methodology 126 4.1 On-Device Intent/API Fuzzing 126 4.2 Network-Side Packet Fuzzing 127 4.3 Targeted Code Auditing 129 5 Evaluation 130 5.1 Vulnerabilities Discovered via On-Device Fuzzing 130 5.2 Vulnerabilities Discovered via Network-Side Fuzzing 131 5.3 Vulnerabilities Discovered via Code Auditing 134 6 A New Root Cause 136 7 Related Work 137 8 Conclusion 138 References 139 Web Security 142 Web Runner 2049: Evaluating Third-Party Anti-bot Services 143 1 Introduction 143 2 Background 144 3 Analysis of Anti-bot Services 146 3.1 Fingerprinting and Automation Detection Mechanisms 148 3.2 Anti-bot Service Integration with Websites 149 4 Available Tools for Building Bots 150 5 Experimental Setup 150 5.1 Gray Box Experiments 151 5.2 Black Box Experiments 152 5.3 Ethical Considerations 154 6 Analysis of Results 154 6.1 Gray Box Testing Results 155 6.2 Overall Content Scraping Results 157 6.3 Overall Account Fraud Results 158 7 Discussion 161 8 Responsible Disclosure 162 9 Related Work 163 10 Conclusion 164 References 164 Short Paper - Taming the Shape Shifter: Detecting Anti-fingerprinting Browsers 168 1 Introduction 168 2 Background 169 3 Anti-fingerprinting Browsers 170 4 Detecting the Anti-fingerprinting Tools 173 5 Related Work 175 6 Conclusion 176 References 177 It Never Rains but It Pours: Analyzing and Detecting Fake Removal Information Advertisement Sites 179 1 Introduction 179 2 Background 181 3 Method 182 3.1 Web Crawling 182 3.2 Classification 183 4 Data Collection 185 4.1 Collecting Cyber Threats 185 4.2 Web Search 185 4.3 Creating the Dataset 186 5 Evaluation 186 5.1 Detection Accuracy 187 5.2 Detecting Unknown FRAD Sites 187 6 Measurement Study 189 6.1 Incoming Traffic to FRAD Sites 189 6.2 Downloads and Page Transitions from FRAD Sites 192 6.3 Search Poisoning 194 7 Discussion 195 8 Related Work 196 9 Conclusion 197 References 197 On the Security of Application Installers and Online Software Repositories 200 1 Introduction 200 2 Online Software Repositories 202 3 Methodology 203 4 Repositories Evaluation Results 205 4.1 Dataset Description 205 4.2 Repositories Dynamics 206 4.3 Installers' Dynamics 209 4.4 Comparison of Installers Versions 214 4.5 Trojanization Evidences 215 5 Discussion 217 6 Related Work 219 7 Conclusions 219 References 220 Detection and Containment 223 Distributed Heterogeneous N-Variant Execution 224 1 Introduction 224 2 Background 226 2.1 System Calls and I/O Replication 226 2.2 ISA and ABI Heterogeneity 226 3 Threat Model 227 4 DMON Design 227 4.1 Platform-Independent State Canonicalization 229 4.2 Distributed Monitor Design 231 4.3 Inter-Monitor Communication 231 4.4 Optimizations 232 5 Implementation 233 6 Security Analysis 233 6.1 Code Layout Diversity 234 6.2 Structure Layout Diversity 236 7 Performance Evaluation 237 7.1 Microbenchmarks 237 7.2 Server Benchmarks 239 7.3 Comparison with Other NVX Systems 240 8 Discussion 240 9 Related Work 241 10 Conclusion 241 References 242 Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data 245 1 Introduction 245 2 The Sec2graph Approach 247 2.1 Building Security Object Graphs from Network Events 247 2.2 Encoding the Graph for Machine Learning 249 2.3 Novelty Detection with an Auto-Encoder 253 3 Implementation and Experimental Results 253 3.1 Experimental Setup 254 3.2 Defining an Optimal Threshold for Detection 256 3.3 Comparison with Other Anomaly Detection Algorithms on the Same Dataset 258 4 Discussion 260 5 Related Work 260 5.1 Using Graph Structures for Anomaly Detection 261 5.2 Using Auto-Encoders for Anomaly Detection 261 6 Conclusion and Future Work 262 References 263 Efficient Context-Sensitivepg CFI Enforcement Throughpg a Hardware Monitor 266 1 Introduction and Motivation 266 2 Background 269 2.1 Intel PT 269 2.2 PHMon 269 2.3 CFI 270 3 PHMon-Based CFI 272 3.1 Design 272 3.2 Implementation 273 4 Evaluation 276 4.1 Evaluation Framework 276 4.2 Evaluation Benchmarks 278 4.3 Evaluation Results 278 5 Discussion 280 6 Related Work 281 6.1 Reusing Deployed Hardware Features 281 6.2 New Hardware Designs 283 7 Conclusion 283 References 284 Author Index 287 Front Matter ....Pages i-xii Front Matter ....Pages 1-1 Automated CPE Labeling of CVE Summaries with Machine Learning (Emil Wåreus, Martin Hell)....Pages 3-22 Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks (Marc Ohm, Henrik Plate, Arnold Sykosch, Michael Meier)....Pages 23-43 Putting Attacks in Context: A Building Automation Testbed for Impact Assessment from the Victim’s Perspective (Herson Esquivel-Vargas, Marco Caselli, Geert Jan Laanstra, Andreas Peter)....Pages 44-64 Front Matter ....Pages 65-65 Fast and Furious: Outrunning Windows Kernel Notification Routines from User-Mode (Pierre Ciholas, Jose Miguel Such, Angelos K. Marnerides, Benjamin Green, Jiajie Zhang, Utz Roedig)....Pages 67-88 HAEPG: An Automatic Multi-hop Exploitation Generation Framework (Zixuan Zhao, Yan Wang, Xiaorui Gong)....Pages 89-109 Understanding Android VoIP Security: A System-Level Vulnerability Assessment (En He, Daoyuan Wu, Robert H. Deng)....Pages 110-131 Front Matter ....Pages 133-133 Web Runner 2049: Evaluating Third-Party Anti-bot Services (Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, Nick Nikiforakis)....Pages 135-159 Short Paper - Taming the Shape Shifter: Detecting Anti-fingerprinting Browsers (Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, Nick Nikiforakis)....Pages 160-170 It Never Rains but It Pours: Analyzing and Detecting Fake Removal Information Advertisement Sites (Takashi Koide, Daiki Chiba, Mitsuaki Akiyama, Katsunari Yoshioka, Tsutomu Matsumoto)....Pages 171-191 On the Security of Application Installers and Online Software Repositories (Marcus Botacin, Giovanni Bertão, Paulo de Geus, André Grégio, Christopher Kruegel, Giovanni Vigna)....Pages 192-214 Front Matter ....Pages 215-215 Distributed Heterogeneous N-Variant Execution (Alexios Voulimeneas, Dokyung Song, Fabian Parzefall, Yeoul Na, Per Larsen, Michael Franz et al.)....Pages 217-237 Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data (Laetitia Leichtnam, Eric Totel, Nicolas Prigent, Ludovic Mé)....Pages 238-258 Efficient Context-Sensitive CFI Enforcement Through a Hardware Monitor (Sadullah Canakci, Leila Delshadtehrani, Boyou Zhou, Ajay Joshi, Manuel Egele)....Pages 259-279 Back Matter ....Pages 281-281
دانلود کتاب Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings ... Notes in Computer Science Book 12223)