وبلاگ بلیان

Detection of Intrusions and Malware, and Vulnerability Assessment: 18th International Conference, DIMVA 2021, Virtual Event, July 14–16, 2021, Proceedings (Security and Cryptology)

معرفی کتاب «Detection of Intrusions and Malware, and Vulnerability Assessment: 18th International Conference, DIMVA 2021, Virtual Event, July 14–16, 2021, Proceedings (Security and Cryptology)» نوشتهٔ Leyla Bilge (editor), Lorenzo Cavallaro (editor), Giancarlo Pellegrino (editor), Nuno Neves (editor)، منتشرشده توسط نشر Springer International Publishing : Imprint: Springer در سال 2021. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the proceedings of the 18th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2021, held virtually in July 2021. The 18 full papers and 1 short paper presented in this volume were carefully reviewed and selected from 65 submissions. DIMVA serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. Chapter “SPECULARIZER: Detecting Speculative Execution Attacks via Performance Tracing” is available open access under a Creative Commons Attribution 4.0 International License via link.springer.com. Preface Organization Contents You've Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures 1 Introduction 2 Related Work 3 Background 3.1 OWASP Guidelines 3.2 Attack Scenarios 4 Methodology 4.1 Measurement Setup 4.2 Data Collection Infrastructure 4.3 Password Reset Testing Methodology 4.4 Limitations 4.5 Ethical Considerations 5 Security Measurement 5.1 Account Recovery Implementation 5.2 Recovery Procedure Analysis 5.3 Weakness Analysis 5.4 Attack Scenarios 6 Conclusions References The Full Gamut of an Attack: An Empirical Analysis of OAuth CSRF in the Wild 1 Introduction 2 Background 2.1 OAuth 2.2 Login CSRF 2.3 State Parameter 3 OAuth Cross Site Request Forgery 3.1 Threat Model 3.2 Impact 3.3 Enabling Factors 4 Related Work 5 Methodology 5.1 Phase 1: Target Selection 5.2 Phase 2: Measurement Setup 5.3 Phase 3: OCSRF Discovery 5.4 Ethical Consideration 6 Analysis 6.1 Measurement Overview 6.2 state Parameter 6.3 Case Studies 6.4 Notable Observations 6.5 Limitations 7 Mitigation 8 Conclusions References Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs 1 Introduction 2 Background on IXPs 3 IXmon System 3.1 Aggregate Traffic Statistics 3.2 Online Time Series Anomaly Detection 3.3 Attack Detection 4 Analysis of In-the-Wild Attacks 4.1 IXmon Implementation and Setup 4.2 Data Collection at SoX 4.3 Attack Measurements and Analysis 4.4 Attack Mitigation 5 Related Work 6 Conclusion References Digging Deeper: An Analysis of Domain Impersonation in the Lower DNS Hierarchy 1 Introduction 2 Background and Related Work 2.1 Structure of Domains 2.2 Certificate Transparency Logs (CTLs) 2.3 Related Work 3 Measurement Setup 3.1 Input Data 3.2 Analysis Pipeline 4 Measurement Study 4.1 Reference Domain Evaluation 4.2 Analysis of Phishing Feeds 4.3 Other Domain Squatting Techniques 4.4 Certificate Transparency Logs (CTLs) 5 Limitations 6 Conclusion and Recommendations References Help, My Signal has Bad Device! 1 Introduction 1.1 Our Contribution 1.2 Responsible Disclosure 2 Background 2.1 Post-Compromise Security 3 The Signal Protocol 3.1 X3DH ch5signalprotocolspsx3dh 3.2 Double Ratchet ch5signalprotocolspsdr 3.3 Sesame ch5signalprotocolspssesame 4 Signal Implementation in the Signal Messenger 4.1 Reverse Engineering the Protocol Implementation 4.2 Device Registration 4.3 Registering a Malicious Device 4.4 Implications for Post-compromise Security 5 Countermeasures 5.1 UI Changes 5.2 Alternative Multi-device Protocols 6 Conclusion References Refined Grey-Box Fuzzing with Sivo 1 Introduction 2 Problem 3 Overview of Sivo 4 Design 4.1 The Parametrize-Optimize Paradigm 4.2 Fast Approximate Taint Inference 4.3 Solving System of Intervals 4.4 More Accurate Coverage 4.5 Design of the Whole Fuzzer Sivo 4.6 Limitations of Sivo 5 Evaluation 5.1 Experimental Setup 5.2 Coverage 5.3 Vulnerabilities 5.4 Performance of Refinements 5.5 The Cause of Observed Benefits 6 Related Work 7 Conclusion References SCRUTINIZER: Detecting Code Reuse in Malware via Decompilation and Machine Learning 1 Introduction 2 Approach 2.1 Decompilation 2.2 Func2vec Encoding 2.3 Encoding Clustering 3 Evaluation 3.1 Experimental Setting and Dataset 3.2 Function Encoding 3.3 Cluster Analysis 3.4 Real-World Deployment 4 Discussion 5 Related Work 6 Conclusion References SPECULARIZER: Detecting Speculative Execution Attacks via Performance Tracing 1 Introduction 2 Background 3 Threat Model and SPECULARIZER Overview 4 Trace Collection 5 Trace Processing 5.1 Processing Exceptions 5.2 Identifying Branch and Data Misprediction 6 Attack Detection 7 Attack Variants Generation 7.1 Exception-Based Attack Variants 7.2 BTB/PHT Misprediction Variants 7.3 RSB and STL Misprediction Variants 8 Evaluation 8.1 Evaluation of SPECULARIZER's Parameters 8.2 Evaluation of Detection Accuracy 8.3 End-to-End Evaluation 8.4 Performance Analysis 9 Discussion 10 Related Work 11 Conclusion References Aion Attacks: Manipulating Software Timers in Trusted Execution Environment 1 Introduction 2 Background and Related Work 2.1 Intel SGX and TSX 2.2 Power and Thermal Management of Intel CPU 2.3 Cache-Based Side-Channel Attacks and Defences in SGX 3 System Model 3.1 Model of Software Timers 3.2 Defender Model 3.3 Timer Countermeasures 4 Attack Design 4.1 -1: CPU Thermal and Frequency Attack 4.2 -2: Cache Eviction Attack 5 Implementation 5.1 Reference Software Timer 5.2 Implementing -1: CPU Thermal and Frequency Attack 5.3 Implementing -2: Cache Eviction Attack 6 Evaluation 6.1 Purpose and Experiment Setup 6.2 Attack Evaluation 6.3 End-to-End Attack Evaluation 7 Conclusion References Third-Eye: Practical and Context-Aware Inference of Causal Relationship Violations in Commodity Kernels 1 Introduction 2 Motivation 2.1 An Example of Violating Causal Relationship 2.2 Study of Violations in the Linux Kernel 3 Overview 4 Key Techniques 4.1 Intersection-Based Call Sequence Building 4.2 Context-Sensitive Statistical Analysis 5 Implementation 5.1 Preparation Phase 5.2 Post-processing Phase 6 Evaluation 6.1 Mine Pair Functions 6.2 Detect Bugs 6.3 False Positive and False Negative 6.4 Result Variation 6.5 Sensitivity Analysis 6.6 Performance 7 Discussion and Related Work 8 Conclusion References Find My Sloths: Automated Comparative Analysis of How Real Enterprise Computers Keep Up with the Software Update Races 1 Introduction 2 Observations on Enterprise Software Deployment 3 Design of Find My Sloths 3.1 Automated Tracking of Software Binary Information 3.2 Software Update Inference with Binary Update Lineage Graph 3.3 Software Risk Inference 4 Characteristics of Software Updates 5 Evaluation of Software Update Risk 6 Case Study 6.1 An Example of a Desirable Software Management 6.2 An Example Undesirable Software Management 7 Lessons Learned and Our Suggestions 8 Related Work 9 Discussion and Future Work 10 Conclusion References FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security 1 Introduction 2 Background and Related Work 2.1 Browser Fingerprinting 2.2 Multi-factor Authentication and Session Hijacking 3 A Dataset of Secure Web Pages 3.1 Websites Under Study 3.2 Web Page Acquisition 3.3 Fingerprinted Page Attributes 3.4 Resulting Dataset Description 4 Analysis of Secure Web Pages 4.1 Browser Fingerprinting Attributes 4.2 Origins of Browser Fingerprinting Scripts 4.3 Secured vs Non-secured Web Pages 4.4 Additional Security Mechanisms 5 Attack Models 5.1 Stolen Credentials 5.2 Cookie Hijacking 6 Discussion 7 Conclusion A Selected Search Keywords References Introspect Virtual Machines Like It Is the Linux Kernel! 1 Introduction 2 Related Work 3 Background 3.1 Xen Infrastructure 3.2 VMI Mechanics 4 Dissecting the LibVMI Hypervisor Interface 4.1 Setting a Breakpoint 4.2 Hitting a Breakpoint 4.3 Memory Access Tracers as Opposed to Breakpoints 4.4 Summary of Identified Problems 5 Hypervisor Tracers (HVT) 5.1 Hypervisor Tracers Architecture 5.2 Memory Access Tracer 5.3 Guest Physical Breakpoint 6 Using Ring Buffers for Asynchronous Tracing 7 System Evaluation and Benchmarking 7.1 Microbenchmarks: getpid() and ping localhost 7.2 Unix Benchmark Results 7.3 Performance of Real-World Applications 8 Conclusion References Calibration Done Right: Noiseless Flush+Flush Attacks 1 Introduction 2 Background 2.1 CPU Caches 2.2 CPU Uncore and Interconnect 2.3 Multi-socket Systems 2.4 Cache Side-Channel Attacks 3 Motivation 4 Experimental Setup 5 Topology Modeling 6 Improving Error Rate Accounting for Topology 6.1 Attacker Models 6.2 Experimental Results on Error Rate 6.3 The Case of Dual-Socket Machines 7 Evaluation 7.1 Building a Better Channel 7.2 AES T-Tables Attack Using Flush+Flush 8 Related Work 8.1 Cache Attacks Primitives 8.2 Attacking AES T-Tables 9 Future Work 10 Conclusion A Cache slicing functions uncovered References Zero Footprint Opaque Predicates: Synthesizing Opaque Predicates from Naturally Occurring Invariants 1 Introduction 1.1 Problem 1.2 Insight 1.3 Solution 1.4 Contributions 2 Identifying Features of Real Predicates 3 Motivating Example 4 Threat Model 5 System Overview 6 Value Sets Identifier 6.1 Source-Level vs Binary-Level Analysis 7 Opaque Predicate Builder 7.1 Program Synthesis Implementation 8 Evaluation 8.1 Benchmark Programs 8.2 Evaluation Setup 8.3 Results 9 Discussion 9.1 Limitation 9.2 Future Work 10 Related Works 11 Conclusion References PetaDroid: Adaptive Android Malware Detection Using Deep Learning 1 Introduction 1.1 Problem Statement 1.2 Proposed Solution 1.3 Contributions and Outline 2 PetaDroid 2.1 Android App Representation 2.2 Malware Detection 2.3 Malware Clustering 3 Dataset 4 Evaluation 4.1 Malware Detection 4.2 Family Clustering 4.3 Obfuscation Resiliency 4.4 Automatic Adaptation 5 Comparative Study 5.1 Detection Performance Comparison 5.2 Efficiency Comparison 5.3 Time Resiliency Comparison 5.4 PetaDroid and Maldozer Comparison 6 Related Work 7 Limitation 8 Conclusion References Spotlight on Phishing: A Longitudinal Study on Phishing Awareness Trainings 1 Introduction 2 Background and Related Work 2.1 Technical Vectors 2.2 Psychological Vectors 2.3 Phishing Surveys 3 PhishCo's Approach 3.1 E-Mail Generation 3.2 Workflow with Client 4 Results 4.1 Data Set 4.2 Send and Click Times 4.3 Distribution Among Clients 4.4 Psychological and Technical Vectors 4.5 E-Mail Timeline 4.6 Click Rate 4.7 Effect of Psychological Vectors 5 Discussion 5.1 Limitations 5.2 Ethical Considerations 6 Conclusion and Recommendations A Detailed Information References Extended Abstract: A First Large-Scale Analysis on Usage of MTA-STS 1 Introduction 2 Security-Related Extensions for E-Mail 3 Measurement Approach 4 MTA-STS on the Sender Side 5 Empirical Measurement Results 5.1 All Domains with MTA-STS Support 5.2 Most Recent Measurement (M6) 5.3 Trend Analysis of Measurements 5.4 STARTTLS 6 Discussion 7 Related Work 8 Conclusion References Centy: Scalable Server-Side Web Integrity Verification System Based on Fuzzy Hashes 1 Introduction 2 Background 2.1 Document Object Model (DOM) Integrity 2.2 Abstract Syntax Tree (AST) 2.3 MinHashing and LSH 2.4 DOM Monitoring 2.5 System and Attacker Model 3 Approach 3.1 DOM Monitor 3.2 HTML DOM Parser 3.3 Online Clustering System 3.4 Labeling Cluster Representatives 3.5 System Limitations 4 Evaluation 4.1 Datasets 4.2 Performance Metrics 4.3 Accuracy and Efficiency 4.4 Scalability 4.5 Discussion and Threats to Validity 5 Related Work 6 Conclusions References Author Index
دانلود کتاب Detection of Intrusions and Malware, and Vulnerability Assessment: 18th International Conference, DIMVA 2021, Virtual Event, July 14–16, 2021, Proceedings (Security and Cryptology)