Ubiquitous Security : Third International Conference, UbiSec 2023, Exeter, UK, November 1–3, 2023, Revised Selected Papers
معرفی کتاب «Ubiquitous Security : Third International Conference, UbiSec 2023, Exeter, UK, November 1–3, 2023, Revised Selected Papers» نوشتهٔ Guojun Wang; Haozhe Wang; Geyong Min; Nektarios Georgalas; Weizhi Meng، منتشرشده توسط نشر Springer Nature در سال 2024. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
This book constitutes the proceedings of the Third International Conference, UbiSec 2023, held in Exeter, UK, during November 1–3, 2023.The 29 full papers were carefully reviewed and selected from 91 submissions. They were organized in following topical sections: Cyberspace Security, Cyberspace Privacy, Cyberspace Anonymity Preface Organization Contents Cyberspace Security Bilateral Personalized Information Fusion in Mobile Crowdsensing 1 Introduction 2 Related Works 3 Preliminaries 3.1 Differential Privacy 3.2 Personalized Differential Privacy 4 Problem Definition 5 Bilateral Personalized Information Fusion Mechanism 5.1 Overview of BPIF 5.2 Parameter Computation 5.3 Personalized Privacy Sample 5.4 Personalized Data-Quality Sample 5.5 Aggregation and Perturbation 6 Experiment 6.1 Parameter Computation 6.2 BPIF for Mean 6.3 BPIF for Linear Regression 7 Conclusion References BiBERT-AV: Enhancing Authorship Verification Through Siamese Networks with Pre-trained BERT and Bi-LSTM 1 Introduction 2 Background 2.1 Bidirectional Encoder Representations from Transformers (BERT) 2.2 Long and Bidirectional Short-Term Memory (LSTM) and (Bi-LSTM) 2.3 Siamese Network 3 Related Works 4 Proposed Model: BiBERT-AV 5 Experiment 5.1 Experimental Setup 5.2 Step 1 - Dataset Preprocessing 5.3 Step 2- Training 5.4 Step 3-Evaluate the Performance of Our Proposed Model 5.5 Step 4 - Adding More BiLSTM Layers in BiBERT-AV Model 5.6 Step 5 - Comparing Against Existing Method 6 Discussion 7 Conclusions References Impact of Library Code in Binary Similarity Systems 1 Introduction 2 Related Work 3 Invalid Code Hash Selection 3.1 General Observations 3.2 Selecting Threshold for Code Hash Invalidation 3.3 Clustering Highly Similar Binary Files 3.4 Improved Similarity Computing 4 Experimental Results 4.1 Experiments Data Sets 4.2 Performance Assessment 4.3 Result Quality Assessment 5 Conclusions References How Does Post-quantum Cryptography Affect Central Bank Digital Currency? 1 Introduction 2 Classical Cryptographic Algorithms 2.1 Security Requirements for Cash and Digital Assets 2.2 Classification of Cryptographic Primitives for Digital Assets 3 Post-quantum Cryptography 3.1 Threats to Digital Assets 3.2 Classical Mitigation Measures 3.3 NIST Competition 4 Cryptographic Inventory 4.1 Public-Key Infrastructure 4.2 Algorithm Choice in the CBDC Ecosystem 5 Rolling Upgrades 5.1 Design Decisions that May Influence Upgrade Strategy 5.2 Wallet Identification 5.3 Token Upgrade Strategies 5.4 Hardware Upgrade Strategies 6 Conclusion References FRAD: Front-Running Attacks Detection on Ethereum Using Ternary Classification Model 1 Introduction 2 Related Work 3 Design and Implementation of FRAD 3.1 Framework 3.2 Data Processing 3.3 Model Selection and Training 3.4 Evaluation 4 Evaluation of FRAD 4.1 Performance Measure 4.2 Experimental Results and Analysis 5 Conclusion References A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models 1 Introduction 1.1 Review of Existing Surveys 2 Background 2.1 Large Language Models Structure 2.2 Information Security 3 Attacks on Large Language Models 3.1 Attacks on the Large Language Models Applications 3.2 Attacks on the Large Language Models Themselves 4 Conclusion and Future Work References Process Mining with Programmable Logic Controller Memory States 1 Introduction 2 Preliminaries 2.1 Properties of PLC 2.2 Process Mining 3 Related Works 4 Contribution of This Research 5 Proposed Methodology 6 Experimental Setup 6.1 Traffic Light System 6.2 Memory Address Identification 6.3 Memory State Capture 6.4 Conversion of Memory States into Event Log 6.5 Process Discovery 6.6 Visualization Process Model 6.7 Detecting Abnormal Operations or Attacks 7 Discussion 7.1 Limitation and Workarounds 8 Conclusion References Honey-Gauge: Enabling User-Centric Honeypot Classification 1 Introduction 1.1 Motivation and Problem Statement 1.2 Approach Overview 2 Related Work 3 Honey-Gauge: Our Approach 3.1 Categories 3.2 Attributes 3.3 Factors 4 Evaluation and Deployability 4.1 Tpot 4.2 Dionaea 4.3 Conpot 4.4 Cowrie 4.5 Sshesame 4.6 Chameleon 4.7 DDoSPot 5 Scoring, Usability and Discussion 5.1 Scoring of Honeypot 5.2 Usability of Honeypot 5.3 Discussion 6 Conclusion References Improving DNS Data Exfiltration Detection Through Temporal Analysis 1 Introduction 2 Literature Review 2.1 Payload Analysis 2.2 Traffic Analysis 2.3 Hybrid Analysis 3 DNS Exfiltration Analysis 4 Comparison of Common Methods and Features 5 Temporal Analysis Approach 6 Evaluation 7 Conclusions References Deploying Post-quantum Algorithms in Existing Applications and Embedded Devices 1 Introduction 2 Background 2.1 Post-quantum Algorithm Libraries 2.2 Post-quantum ASN.1 Structures 2.3 Post-quantum JSON Web Algorithms 2.4 Hybrid Mode 3 Post-quantum Implementation Challenges 3.1 Identifying Relevant Locations 3.2 Technological and Computational Constraints 3.3 Implementing PQ Algorithms in the Codebase 4 Practical Results 4.1 Architecture 4.2 Authentication Data Flow 4.3 Authentication Device 4.4 Post-quantum Implementations 5 Benchmarks 5.1 Chosen Algorithms 5.2 Digital Signature Creation Duration 5.3 User Experience Considerations 6 Conclusions and Further Work References SCORD: Shuffling Column-Oriented Relational Database to Enhance Security 1 Introduction 2 Related Work 3 Background Information and Previous Work 3.1 Column-Oriented Database 3.2 Previous Work 4 System Design 4.1 Threat Model 4.2 Deranged Permutation Generation 4.3 Data Storage 4.4 Shuffling and Restoring 5 Implementation and Performance Evaluation 5.1 Parameter Settings 5.2 Improve the Security 5.3 Datasets and Implementation 5.4 Shuffling Overhead 6 Security Analysis 6.1 Key Space Analysis 6.2 Key Sensitivity Analysis 7 Conclusion and Future Work References A SLAHP in the Face of DLL Search Order Hijacking 1 Introduction 2 What Is DLL Search Order Hijacking? 2.1 Exploitation 2.2 Mitigations Proposed by the Windows OS 3 Survey of Software Currently Vulnerable to DLL Search Order Hijacking 4 The Shared Library Anti Hijack Protector 4.1 General Principle 4.2 Security Policy 4.3 Configuration Options 4.4 Integration Possibilities 4.5 Solution Evaluation 5 Related Works 6 Conclusion and Future Work References Poison Egg: Scrambling Federated Learning with Delayed Backdoor Attack 1 Introduction 2 Related Work 2.1 Federated Averaging 2.2 Backdoor Attack 2.3 Backdoor Attack in FL 2.4 Defense Methods Against FL Backdoor Attacks 3 Practical Feedback-Based Defense 4 Proposal 4.1 Assumption Underlying Feedback-Based Defenses 4.2 Backdoor Revival 4.3 Poison Egg 5 Experiments 5.1 Experimental Setup 5.2 Results 6 Discussion on Defense Mechanisms Against Poison Egg 7 Conclusion References Channel Spatio-Temporal Convolutional Network for Trajectory Prediction 1 Introduction 2 Related Works 2.1 Pedestrian Trajectory Prediction Method Based on Deep Learning 2.2 Environmental Clues for Pedestrian Trajectory Prediction 2.3 Channel Attention 3 Problem Description 4 The CSTCN Model 4.1 Overall Framework 4.2 Data Embedding 4.3 Group-SE Module 4.4 Spatiotemporal Feature Convolution Module 5 Experiments and Analysis 5.1 Datasets and Evaluation Metrics 5.2 Baselines 5.3 Model Configuration 5.4 Ablation Experiment 5.5 Prediction Result Analysis 6 Conclusion References Multi-NetDroid: Multi-layer Perceptron Neural Network for Android Malware Detection 1 Introduction 2 Related Work 2.1 Static, Dynamic and Hybrid Malware Analysis 2.2 Android Malware Detection Based on Machine Learning Techniques 2.3 Malware Detection with Deep Learning Techniques 3 Our Proposed Method 3.1 Feature Attributes 3.2 Neural Network Selection and Classification 4 Multi-NetDroid Framework 4.1 Mathematical Definition of Methodology 4.2 Dataset Description 5 Experimental Results and Discussion 5.1 Experimental Setup 5.2 Multi-NetDroid Performance for Drebin-215 5.3 Multi-NetDroid Performance for Malgenome-215 5.4 Further Comparison of Model with Different Machine Learning Classifiers 5.5 Comparison with Existing Deep Learning Methods 5.6 Limitations and Future Work 6 Conclusion References SmartBuoy: A Machine Learning-Based Detection Method for Interest Flooding Attacks in VNDN 1 Introduction 2 Related Work 2.1 IFA in VNDN 2.2 IFA Detection Methods 3 Traffic Collection and Processing 3.1 Traffic Collection 3.2 Data Processing 4 Feature Optimization 4.1 IFA Detection Framework 4.2 Feature Extraction 4.3 Feature Selection 5 Experiments and Analysis 5.1 Experiment Settings 5.2 Results Analysis 6 Conclusion References Cyberspace Privacy Loft: An Architecture for Lifetime Management of Privacy Data in Service Cooperation 1 Introduction 2 Related Work 2.1 Data Erasing 2.2 Blockchain 3 Privacy Data Lifecycle Model 3.1 Definition of Privacy Data Lifecycle 3.2 Metrics for Privacy Data Lifecycle 3.3 Highlighting the Application Ecosystem of Private Data Lifecycle Management 4 System Design 4.1 System Overview 4.2 Blockchain-Based Multi-service Collaboration Negotiation 4.3 Privacy Data Control in Serverless Computing Architecture 5 System Evaluation 5.1 System Implementation 5.2 Workload Overview 5.3 System Assessment 6 Discuss 7 Conclusion References Privacy-Preserving Blockchain-Based Traceability System with Decentralized Ciphertext-Policy Attribute-Based Encryption 1 Introduction 2 Privacy-Preserving Blockchain-Based Traceability System 3 Preliminaries 3.1 One-Way Anonymous Key Agreement ch1810sps1007sps978sps3sps540sps75551sps7sps7 3.2 DCP-ABE with Delegation and Hidden Access Policy 4 Our Scheme 4.1 Construction 4.2 Security Proof 5 Implementation 5.1 Overview 5.2 Case Study on Product Recall 6 Related Works 6.1 Attribute-Based Encryption 6.2 Blockchain-Based Traceability System 7 Limitation and Conclusion References A Probability Mapping-Based Privacy Preservation Method for Social Networks 1 Introduction 2 Related Work 2.1 Edge Differential Privacy 2.2 Node Differential Privacy 3 Preliminaries 3.1 Social Network Graph 3.2 Differential Privacy 3.3 Multi-armed Bandit 4 Proposed Method 4.1 The Probability Selection Algorithm Based on Multi-armed Bandit 4.2 Probability Mapping Algorithm 4.3 Probability Projection Algorithm 4.4 Publishing Algorithm for Triangle Counting Histogram 4.5 Publishing Algorithm for Cumulative Triangle Counting Histogram 5 Experimental Results and Analysis 5.1 Datasets 5.2 Performance Indicators 5.3 Experimental Results and Analysis 6 Conclusions References TruFaaS - Trust Verification Framework for FaaS 1 Introduction 2 Related Work 2.1 Trust and Trusted Computing 2.2 Security in FaaS 3 TruFaaS Design 3.1 Overview 3.2 Design Considerations and Assumptions 3.3 TruFaaS Internal Component 3.4 TruFaaS External Component 3.5 Trust Calculation, Storage and Verification 3.6 Trust Protocol 3.7 Summary 4 TruFaaS Implementation 4.1 Fission Background 4.2 TruFaaS Internal Component 4.3 TruFaaS External Component 4.4 Trust Protocol Implementation 5 Evaluation 5.1 Attack Scenario 5.2 Performance Evaluation 5.3 Experimental Results 6 Conclusion 7 Limitations and Future Work References Detection of Cyberbullying in Social Media Texts Using Explainable Artificial Intelligence 1 Introduction 2 Related Work 3 Cyberbullying Text Detection Methodology 3.1 Dataset 3.2 Text Pre-processing Layer 3.3 Text Training Layer 3.4 Decision Explanation Layer 4 Evaluation Results 4.1 Binary vs Multiclass Performance 4.2 Explanation of Multiclass Classification 5 Conclusion References Privacy Preserving Elder Fall Detection Using Deep Learning 1 Introduction 2 Related Work 3 System Model 3.1 Image Pre-processing 3.2 Resizing 3.3 Grayscale 3.4 Denoising 3.5 Augmentation 3.6 Convolutional Neural Network 3.7 Background Subtraction 4 Simulation Results 4.1 Simulation Method 4.2 Simulation Results 5 Performance Analysis 6 Conclusion References Research on Authorization Model of Attribute Access Control Based on Knowledge Graph 1 Introduction 2 Relate Work 3 Access Control Policy Authorization Model 4 Knowledge Graph Construction Algorithm 4.1 Classification of Attributes 4.2 Access Control Knowledge Graph Composition Algorithm 5 Implementation of the Access Control Authorization Knowledge Graph Model 5.1 Access Control Knowledge Graph Construction 5.2 Example of Using the Access Control Knowledge Graph 6 Conclusion References Cyberspace Anonymity Simulation of Mixmining Reward Parameters for the Nym Mixnet 1 Introduction 2 Background 3 Nym: A Continuous-Time, Stratified Mixnet 3.1 Technical Design 3.2 NYM Token 4 Token Simulations 4.1 Reference Mix Node 4.2 Private Bandwidth Market Assumptions 4.3 User Growth Models 4.4 Mixmining Rewards Models 4.5 Growth and Inflation Model Validation 5 Conclusion References Blockchain-Based Privacy-Preservation Platform for Data Storage and Query Processing 1 Introduction 2 Background Research 3 Proposed Privacy Model and Infrastructure 3.1 Methodology Overview 3.2 Formal Contextualized Privacy Ontology 3.3 Tight-Coupling of Data Elements 3.4 Tight-Coupling of Relational Database and Blockchains 3.5 Query Processing on Proposed Methodology 4 Research Implementation 4.1 Privacy Ontology Formulation and System Modelling 4.2 Relational Database Design 4.3 Blockchains Design, Data Communication, and Encryption 5 Evaluation and Results Analysis 5.1 Privacy Infrastructure Security Assessment 5.2 Query Processing and Response Time Analysis 5.3 Query 1: Data Provider Demographic Data 5.4 Query 2: Data Provider Healthcare Data 5.5 Query 3: Data Provider Consent Witness Data 5.6 Average Query Processing and Privacy Overhead Cost Analysis 6 Conclusion References Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication 1 Introduction 2 Related Work 3 Risk-Based Account Recovery 4 Methodology 5 Experiment 1: RBAR Use by Google 5.1 Preparation 5.2 Results 6 Experiment 2: RBAR Use by Other Services 6.1 Preparation 6.2 Identifying RBAR Usage 6.3 Analyzing the Influence of MFA Settings on Account Recovery on LinkedIn 7 Results and Discussion 7.1 Experiment Results 7.2 Maturity Model 7.3 Comparison with Official Documentation 7.4 Ethics 7.5 Limitations 7.6 RBAR 8 Conclusion References A Unified Knowledge Graph to Permit Interoperability of Heterogenous Digital Evidence 1 Introduction 2 Literature Review 3 Unified Metadata Graph Model 3.1 Metadata Extraction and Ingestion 3.2 Metadata Harmonisation, Unification, and Mapping Refinement Processes 3.3 Cross Evidence Analytics 4 Use Case Evaluation 4.1 Crime Scenario Overview 4.2 Investigation Objectives 4.3 Investigation Workflow 5 Conclusion References SMARPchain: A Smart Marker Based Reputational Probabilistic Blockchain for Multi-agent Systems 1 Introduction 2 Related Work 3 Background of Smart Markers 4 Design 4.1 Advantages 4.2 Concerns and Mitigation 5 Implementation 6 Evaluation 7 Conclusion References Automatically Inferring Image Base Addresses of ARM32 Binaries Using Architecture Features 1 Introduction 2 Related Work 3 System Design 3.1 Retrieving Absolute and Relative Addresses 3.2 Inferring Candidate Base Addresses 3.3 Statistically Filtering 3.4 Structurally Filtering 3.5 Semantically Filtering 4 Evaluation 5 Discussion 6 Conclusion References Author Index
دانلود کتاب Ubiquitous Security : Third International Conference, UbiSec 2023, Exeter, UK, November 1–3, 2023, Revised Selected Papers