当前期刊: arXiv - CS - Cryptography and Security Go to current issue    加入关注   
显示样式:        排序: IF: - GO 导出
我的关注
我的收藏
您暂时未登录!
登录
  • BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy
    arXiv.cs.CR Pub Date : 2020-09-24
    Daniele Antonioli; Nils Ole Tippenhauer; Kasper Rasmussen; Mathias Payer

    The Bluetooth standard specifies two incompatible wireless transports: Bluetooth Classic (BT) for high-throughput services and Bluetooth Low Energy (BLE) for very low-power services. BT and BLE have different security architectures and threat models, but they use similar security mechanisms. In particular, pairing enables two devices to establish a long term key to secure the communication. Two devices

    更新日期:2020-09-25
  • BreachRadar: Automatic Detection of Points-of-Compromise
    arXiv.cs.CR Pub Date : 2020-09-24
    Miguel Araujo; Miguel Almeida; Jaime Ferreira; Luis Silva; Pedro Bizarro

    Bank transaction fraud results in over $13B annual losses for banks, merchants, and card holders worldwide. Much of this fraud starts with a Point-of-Compromise (a data breach or a skimming operation) where credit and debit card digital information is stolen, resold, and later used to perform fraud. We introduce this problem and present an automatic Points-of-Compromise (POC) detection procedure. BreachRadar

    更新日期:2020-09-25
  • Lic-Sec: an enhanced AppArmor Docker security profile generator
    arXiv.cs.CR Pub Date : 2020-09-24
    Hui Zhu; Christian Gehrmann

    Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis of Docker-sec, which is a Linux Security Module proposed in 2018, and a new AppArmor profile generator called Lic-Sec, which combines Docker-sec with a modified version of LiCShield, which is

    更新日期:2020-09-25
  • BCMIX: A Dynamic Self-organizing Blockchain-based Mix Anonymous System
    arXiv.cs.CR Pub Date : 2020-09-24
    Renpeng ZouSchool of Cyber Engineering, Xidian University, Xian, China; Xixiang LvSchool of Cyber Engineering, Xidian University, Xian, China

    Increasing awareness of privacy-preserving has led to a strong focus on anonymous systems protecting anonymity. By studying early schemes, we summarize some intractable problems of anonymous systems. Centralization setting is a universal problem since most anonymous system rely on central proxies or presetting nodes to forward and mix messages, which compromises users' privacy in some way. Besides

    更新日期:2020-09-25
  • Practical Aspect of Privacy-Preserving Data Publishing in Process Mining
    arXiv.cs.CR Pub Date : 2020-09-24
    Majid Rafiei; Wil M. P. van der Aalst

    Process mining techniques such as process discovery and conformance checking provide insights into actual processes by analyzing event data that are widely available in information systems. These data are very valuable, but often contain sensitive information, and process analysts need to balance confidentiality and utility. Privacy issues in process mining are recently receiving more attention from

    更新日期:2020-09-25
  • ThreatZoom: CVE2CWE using Hierarchical Neural Network
    arXiv.cs.CR Pub Date : 2020-09-24
    Ehsan Aghaei; Waseem Shadid; Ehab Al-Shaer

    The Common Vulnerabilities and Exposures (CVE) represent standard means for sharing publicly known information security vulnerabilities. One or more CVEs are grouped into the Common Weakness Enumeration (CWE) classes for the purpose of understanding the software or configuration flaws and potential impacts enabled by these vulnerabilities and identifying means to detect or prevent exploitation. As

    更新日期:2020-09-25
  • Pandora: A Cyber Range Environment for the Safe Testing and Deployment of Autonomous Cyber Attack Tools
    arXiv.cs.CR Pub Date : 2020-09-24
    Hetong Jiang; Taejun Choi; Ryan K. L. Ko

    Cybersecurity tools are increasingly automated with artificial intelligent (AI) capabilities to match the exponential scale of attacks, compensate for the relatively slower rate of training new cybersecurity talents, and improve of the accuracy and performance of both tools and users. However, the safe and appropriate usage of autonomous cyber attack tools - especially at the development stages for

    更新日期:2020-09-25
  • Graph-Based Intrusion Detection System for Controller Area Networks
    arXiv.cs.CR Pub Date : 2020-09-24
    Riadul Islam; Rafi Ud Daula Refat; Sai Manikanta Yerram; Hafiz Malik

    We propose a new hybrid clock distribution scheme that uses global current-mode (CM) and local voltage-mode (VM) clocking to distribute a high-performance clock signal with reduced power consumption. In order to enable hybrid clocking, we propose two new current-to-voltage converters. The converters are simple current receiver circuits based on amplifier and current-mirror circuits. The global clocking

    更新日期:2020-09-25
  • Secure Data Sharing With Flow Model
    arXiv.cs.CR Pub Date : 2020-09-24
    Chenwei Wu; Chenzhuang Du; Yang Yuan

    In the classical multi-party computation setting, multiple parties jointly compute a function without revealing their own input data. We consider a variant of this problem, where the input data can be shared for machine learning training purposes, but the data are also encrypted so that they cannot be recovered by other parties. We present a rotation based method using flow model, and theoretically

    更新日期:2020-09-25
  • Detection of Iterative Adversarial Attacks via Counter Attack
    arXiv.cs.CR Pub Date : 2020-09-23
    Matthias Rottmann; Mathis Peyron; Natasa Krejic; Hanno Gottschalk

    Deep neural networks (DNNs) have proven to be powerful tools for processing unstructured data. However for high-dimensional data, like images, they are inherently vulnerable to adversarial attacks. Small almost invisible perturbations added to the input can be used to fool DNNs. Various attacks, hardening methods and detection methods have been introduced in recent years. Notoriously, Carlini-Wagner

    更新日期:2020-09-25
  • I-SiamIDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems
    arXiv.cs.CR Pub Date : 2020-09-23
    Punam Bedi; Neha Gupta; Vinita Jindal

    NIDSs identify malicious activities by analyzing network traffic. NIDSs are trained with the samples of benign and intrusive network traffic. Training samples belong to either majority or minority classes depending upon the number of available instances. Majority classes consist of abundant samples for the normal traffic as well as for recurrent intrusions. Whereas, minority classes include fewer samples

    更新日期:2020-09-25
  • The Agent Web Model -- Modelling web hacking for reinforcement learning
    arXiv.cs.CR Pub Date : 2020-09-23
    Laszlo Erdodi; Fabio Massimo Zennaro

    Website hacking is a frequent attack type used by malicious actors to obtain confidential information, modify the integrity of web pages or make websites unavailable. The tools used by attackers are becoming more and more automated and sophisticated, and malicious machine learning agents seems to be the next development in this line. In order to provide ethical hackers with similar tools, and to understand

    更新日期:2020-09-24
  • FastSecAgg: Scalable Secure Aggregation for Privacy-Preserving Federated Learning
    arXiv.cs.CR Pub Date : 2020-09-23
    Swanand Kadhe; Nived Rajaraman; O. Ozan Koyluoglu; Kannan Ramchandran

    Recent attacks on federated learning demonstrate that keeping the training data on clients' devices does not provide sufficient privacy, as the model parameters shared by clients can leak information about their training data. A 'secure aggregation' protocol enables the server to aggregate clients' models in a privacy-preserving manner. However, existing secure aggregation protocols incur high com

    更新日期:2020-09-24
  • AI assisted Malware Analysis: A Course for Next Generation Cybersecurity Workforce
    arXiv.cs.CR Pub Date : 2020-09-21
    Maanak Gupta; Sudip Mittal; Mahmoud Abdelsalam

    The use of Artificial Intelligence (AI) and Machine Learning (ML) to solve cybersecurity problems has been gaining traction within industry and academia, in part as a response to widespread malware attacks on critical systems, such as cloud infrastructures, government offices or hospitals, and the vast amounts of data they generate. AI- and ML-assisted cybersecurity offers data-driven automation that

    更新日期:2020-09-24
  • Phishing Detection Using Machine Learning Techniques
    arXiv.cs.CR Pub Date : 2020-09-20
    Vahid Shahrivari; Mohammad Mahdi Darabi; Mohammad Izadi

    The Internet has become an indispensable part of our life, However, It also has provided opportunities to anonymously perform malicious activities like Phishing. Phishers try to deceive their victims by social engineering or creating mock-up websites to steal information such as account ID, username, password from individuals and organizations. Although many methods have been proposed to detect phishing

    更新日期:2020-09-24
  • A Privacy-Preserving Protocol for the Kidney Exchange Problem
    arXiv.cs.CR Pub Date : 2020-09-23
    Malte Breuer; Ulrike Meyer; Susanne Wetzel; Anja Mühlfeld

    Kidney donations from living donors form an attractive alternative to long waiting times on a list for a post-mortem donation. However, even if a living donor for a given patient is found, the donor's kidney might not meet the patient's medical requirements. If several patients are in this position, they may be able to exchange donors in a cyclic fashion. Current algorithmic approaches for determining

    更新日期:2020-09-24
  • Reliable, Fair and Decentralized Marketplace for Content Sharing Using Blockchain
    arXiv.cs.CR Pub Date : 2020-09-23
    Prabal Banerjee; Chander Govindarajan; Praveen Jayachandran; Sushmita Ruj

    Content sharing platforms such as Youtube and Vimeo have promoted pay per view models for artists to monetize their content. Yet, artists remain at the mercy of centralized platforms that control content listing and advertisement, with little transparency and fairness in terms of number of views or revenue. On the other hand, consumers are distanced from the publishers and cannot authenticate originality

    更新日期:2020-09-24
  • A Partial Break of the Honeypots Defense to Catch Adversarial Attacks
    arXiv.cs.CR Pub Date : 2020-09-23
    Nicholas Carlini

    A recent defense proposes to inject "honeypots" into neural networks in order to detect adversarial attacks. We break the baseline version of this defense by reducing the detection true positive rate to 0\% and the detection AUC to 0.02, maintaining the original distortion bounds. The authors of the original paper have amended the defense in their CCS'20 paper to mitigate this attacks. To aid further

    更新日期:2020-09-24
  • Pocket Diagnosis: Secure Federated Learning against Poisoning Attack in the Cloud
    arXiv.cs.CR Pub Date : 2020-09-23
    Zhuoran Ma; Jianfeng Ma; Yinbin Miao; Ximeng Liu; Kim-Kwang Raymond Choo; Robert H. Deng

    Federated learning has become prevalent in medical diagnosis due to its effectiveness in training a federated model among multiple health institutions (i.e. Data Islands (DIs)). However, increasingly massive DI-level poisoning attacks have shed light on a vulnerability in federated learning, which inject poisoned data into certain DIs to corrupt the availability of the federated model. Previous works

    更新日期:2020-09-24
  • Fundamental Limits of Byzantine Agreement
    arXiv.cs.CR Pub Date : 2020-09-23
    Jinyuan Chen

    Byzantine agreement (BA) is a distributed consensus problem where $n$ processors want to reach agreement on an $\ell$-bit message or value, but up to $t$ of the processors are dishonest or faulty. The challenge of this BA problem lies in achieving agreement despite the presence of dishonest processors who may arbitrarily deviate from the designed protocol. The quality of a BA protocol is measured primarily

    更新日期:2020-09-24
  • Distributed Differentially Private Mutual Information Ranking and Its Applications
    arXiv.cs.CR Pub Date : 2020-09-22
    Ankit Srivastava; Samira Pouyanfar; Joshua Allen; Ken Johnston; Qida Ma

    Computation of Mutual Information (MI) helps understand the amount of information shared between a pair of random variables. Automated feature selection techniques based on MI ranking are regularly used to extract information from sensitive datasets exceeding petabytes in size, over millions of features and classes. Series of one-vs-all MI computations can be cascaded to produce n-fold MI results,

    更新日期:2020-09-24
  • Adversarial Attack Based Countermeasures against Deep Learning Side-Channel Attacks
    arXiv.cs.CR Pub Date : 2020-09-22
    Ruizhe Gu; Ping Wang; Mengce Zheng; Honggang Hu; Nenghai Yu

    Numerous previous works have studied deep learning algorithms applied in the context of side-channel attacks, which demonstrated the ability to perform successful key recoveries. These studies show that modern cryptographic devices are increasingly threatened by side-channel attacks with the help of deep learning. However, the existing countermeasures are designed to resist classical side-channel attacks

    更新日期:2020-09-23
  • EI-MTD:Moving Target Defense for Edge Intelligence against Adversarial Attacks
    arXiv.cs.CR Pub Date : 2020-09-19
    Yaguan Qian; Qiqi Shao; Jiamin Wang; Xiang Lin; Yankai Guo; Zhaoquan Gu; Bin Wang; Chunming Wu

    With the boom of edge intelligence, its vulnerability to adversarial attacks becomes an urgent problem. The so-called adversarial example can fool a deep learning model on the edge node to misclassify. Due to the property of transferability, the adversary can easily make a black-box attack using a local substitute model. Nevertheless, the limitation of resource of edge nodes cannot afford a complicated

    更新日期:2020-09-23
  • Early detection of the advanced persistent threat attack using performance analysis of deep learning
    arXiv.cs.CR Pub Date : 2020-09-19
    Javad Hassannataj Joloudari; Mojtaba Haderbadi; Amir Mashmool; Mohammad GhasemiGol; Shahab S.; Amir Mosavi

    One of the most common and important destructive attacks on the victim system is Advanced Persistent Threat (APT)-attack. The APT attacker can achieve his hostile goals by obtaining information and gaining financial benefits regarding the infrastructure of a network. One of the solutions to detect a secret APT attack is using network traffic. Due to the nature of the APT attack in terms of being on

    更新日期:2020-09-23
  • Using Inaudible Audio and Voice Assistants to Transmit Sensitive Data over Telephony
    arXiv.cs.CR Pub Date : 2020-09-21
    Zhengxian He; Mohit Narayan Rajput; Mustaque Ahamad

    New security and privacy concerns arise due to the growing popularity of voice assistant (VA) deployments in home and enterprise networks. A number of past research results have demonstrated how malicious actors can use hidden commands to get VAs to perform certain operations even when a person may be in their vicinity. However, such work has not explored how compromised computers that are close to

    更新日期:2020-09-23
  • A Technical Review of Wireless security for the Internet of things: Software Defined Radio perspective
    arXiv.cs.CR Pub Date : 2020-09-21
    Jose de Jesus Rugeles; Edward Paul Guillen; Leonardo S Cardoso

    The increase of cyberattacks using IoT devices has exposed the vulnerabilities in the infrastructures that make up the IoT and have shown how small devices can affect networks and services functioning. This paper presents a review of the vulnerabilities of the wireless technologies that bear the IoT and assessing the experiences in implementing wireless attacks targeting the Internet of Things using

    更新日期:2020-09-23
  • Proposal of a Novel Bug Bounty Implementation Using Gamification
    arXiv.cs.CR Pub Date : 2020-09-21
    Jamie O'Hare; Lynsay A. Shepherd

    Despite significant popularity, the bug bounty process has remained broadly unchanged since its inception, with limited implementation of gamification aspects. Existing literature recognises that current methods generate intensive resource demands, and can encounter issues impacting program effectiveness. This paper proposes a novel bug bounty process aiming to alleviate resource demands and mitigate

    更新日期:2020-09-23
  • Adversary Models for Mobile Device Authentication
    arXiv.cs.CR Pub Date : 2020-09-21
    René Mayrhofer; Vishwath Mohan; Stephan Sigg

    Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods having been proposed and analyzed. In related areas such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have already been established and are used to qualitatively and quantitatively compare

    更新日期:2020-09-23
  • A Formally Verified Protocol for Log Replication with Byzantine Fault Tolerance
    arXiv.cs.CR Pub Date : 2020-09-22
    Joel Wanner; Laurent Chuat; Adrian Perrig

    Byzantine fault tolerant protocols enable state replication in the presence of crashed, malfunctioning, or actively malicious processes. Designing such protocols without the assistance of verification tools, however, is remarkably error-prone. In an adversarial environment, performance and flexibility come at the cost of complexity, making the verification of existing protocols extremely difficult

    更新日期:2020-09-23
  • Modeling Techniques for Logic Locking
    arXiv.cs.CR Pub Date : 2020-09-21
    Joseph Sweeney; Marijn J. H. Heule; Lawrence Pileggi

    Logic locking is a method to prevent intellectual property (IP) piracy. However, under a reasonable attack model, SAT-based methods have proven to be powerful in obtaining the secret key. In response, many locking techniques have been developed to specifically resist this form of attack. In this paper, we demonstrate two SAT modeling techniques that can provide many orders of magnitude speed up in

    更新日期:2020-09-23
  • Using Neural Architecture Search for Improving Software Flaw Detection in Multimodal Deep Learning Models
    arXiv.cs.CR Pub Date : 2020-09-22
    Alexis Cooper; Xin Zhou; Scott Heidbrink; Daniel M. Dunlavy

    Software flaw detection using multimodal deep learning models has been demonstrated as a very competitive approach on benchmark problems. In this work, we demonstrate that even better performance can be achieved using neural architecture search (NAS) combined with multimodal learning models. We adapt a NAS framework aimed at investigating image classification to the problem of software flaw detection

    更新日期:2020-09-23
  • Privacy Preserving K-Means Clustering: A Secure Multi-Party Computation Approach
    arXiv.cs.CR Pub Date : 2020-09-22
    Daniel Hurtado Ramírez; J. M. Auñón

    Knowledge discovery is one of the main goals of Artificial Intelligence. This Knowledge is usually stored in databases spread in different environments, being a tedious (or impossible) task to access and extract data from them. To this difficulty we must add that these datasources may contain private data, therefore the information can never leave the source. Privacy Preserving Machine Learning (PPML)

    更新日期:2020-09-23
  • Usage Patterns of Privacy-Enhancing Technologies
    arXiv.cs.CR Pub Date : 2020-09-22
    Kovila P. L. Coopamootoo

    The steady reports of privacy invasions online paints a picture of the Internet growing into a more dangerous place. This is supported by reports of the potential scale for online harms facilitated by the mass deployment of online technology and the data-intensive web. While Internet users often express concern about privacy, some report taking actions to protect their privacy online. We investigate

    更新日期:2020-09-23
  • Less Manual Work for Safety Engineers: Towards an Automated Safety Reasoning with Safety Patterns
    arXiv.cs.CR Pub Date : 2020-09-22
    Yuri Gil Dantasfortiss GmbH; Antoaneta Kondevafortiss GmbH; Vivek Nigamfortiss GmbH

    The development of safety-critical systems requires the control of hazards that can potentially cause harm. To this end, safety engineers rely during the development phase on architectural solutions, called safety patterns, such as safety monitors, voters, and watchdogs. The goal of these patterns is to control (identified) faults that can trigger hazards. Safety patterns can control such faults by

    更新日期:2020-09-23
  • Security, Privacy and Ethical Concerns of IoT Implementations in Hospitality Domain
    arXiv.cs.CR Pub Date : 2020-09-21
    Suat Mercan; Kemal Akkaya; Lisa Cain; John Thomas

    The Internet of Things (IoT) has been on the rise in the last decade as it finds applications in various domains. Hospitality is one of the pioneer sectors that has adopted this technology to create novel services such as smart hotel rooms, personalized services etc. Hotels, restaurants, theme parks, and cruise ships are some specific application areas to improve customer satisfaction by creating an

    更新日期:2020-09-23
  • Crafting Adversarial Examples for Deep Learning Based Prognostics (Extended Version)
    arXiv.cs.CR Pub Date : 2020-09-21
    Gautam Raj Mode; Khaza Anuarul Hoque

    In manufacturing, unexpected failures are considered a primary operational risk, as they can hinder productivity and can incur huge losses. State-of-the-art Prognostics and Health Management (PHM) systems incorporate Deep Learning (DL) algorithms and Internet of Things (IoT) devices to ascertain the health status of equipment, and thus reduce the downtime, maintenance cost and increase the productivity

    更新日期:2020-09-23
  • Multimodal Deep Learning for Flaw Detection in Software Programs
    arXiv.cs.CR Pub Date : 2020-09-09
    Scott Heidbrink; Kathryn N. Rodhouse; Daniel M. Dunlavy

    We explore the use of multiple deep learning models for detecting flaws in software programs. Current, standard approaches for flaw detection rely on a single representation of a software program (e.g., source code or a program binary). We illustrate that, by using techniques from multimodal deep learning, we can simultaneously leverage multiple representations of software programs to improve flaw

    更新日期:2020-09-23
  • Information Signaling: A Counter-Intuitive DefenseAgainst Password Cracking
    arXiv.cs.CR Pub Date : 2020-09-21
    Wenjie Bai; Jeremiah Blocki; Ben Harsha

    We introduce password strength information signaling as a novel, yet counter-intuitive, defense against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password cracking attacks. An offline attacker can quickly check millions (or sometimes billions/trillions) of password guesses by comparing their hash value with the stolen hash

    更新日期:2020-09-22
  • Physical Zero-Knowledge Proof for Ripple Effect
    arXiv.cs.CR Pub Date : 2020-09-21
    Suthee Ruangwises; Toshiya Itoh

    Ripple Effect is a logic puzzle with an objective to fill numbers into a rectangular grid divided into rooms. Each room must contain consecutive integers starting from 1 to its size. Also, if two cells in the same row or column have the same number $x$, the space separating the two cells must be at least $x$ cells. In this paper, we propose a physical protocol of zero-knowledge proof for Ripple Effect

    更新日期:2020-09-22
  • Domain-Embeddings Based DGA Detection with Incremental Training Method
    arXiv.cs.CR Pub Date : 2020-09-21
    Xin Fang; Xiaoqing Sun; Jiahai Yang; Xinran Liu

    DGA-based botnet, which uses Domain Generation Algorithms (DGAs) to evade supervision, has become a part of the most destructive threats to network security. Over the past decades, a wealth of defense mechanisms focusing on domain features have emerged to address the problem. Nonetheless, DGA detection remains a daunting and challenging task due to the big data nature of Internet traffic and the potential

    更新日期:2020-09-22
  • SPChain: Blockchain-based Medical Data Sharing and Privacy-preserving eHealth System
    arXiv.cs.CR Pub Date : 2020-09-21
    Renpeng ZouSchool of Cyber Engineering, Xidian University, Xian, China; Xixiang LvSchool of Cyber Engineering, Xidian University, Xian, China; Jingsong ZhaoSchool of Cyber Engineering, Xidian University, Xian, China

    The development of eHealth systems has brought great convenience to people's life. Researchers have been combining new technologies to make eHealth systems work better for patients. The Blockchain-based eHealth system becomes popular because of its unique distributed tamper-resistant and privacy-preserving features. However, due to the security issues of the blockchain system, there are many security

    更新日期:2020-09-22
  • Collisions of uniformly distributed identifiers with an application to MAC address anonymization
    arXiv.cs.CR Pub Date : 2020-09-21
    Jean-François Determe; Sophia Azzagnuni; Utkarsh Singh; François Horlin; Philippe De Doncker

    The main contribution of this paper consists in theoretical approximations of the collision rate of $n$ random identifiers uniformly distributed in $m (> n)$ buckets---along with bounds on the approximation errors. A secondary contribution is a decentralized anonymization system of media access control (MAC) addresses with a low collision rate. The main contribution supports the secondary one in that

    更新日期:2020-09-22
  • DeepTag: Robust Image Tagging for DeepFake Provenance
    arXiv.cs.CR Pub Date : 2020-09-21
    Run Wang; Felix Juefei-Xu; Qing Guo; Yihao Huang; Lei Ma; Yang Liu; Lina Wang

    In recent years, DeepFake is becoming a common threat to our society, due to the remarkable progress of generative adversarial networks (GAN) in image synthesis. Unfortunately, existing studies that propose various approaches, in fighting against DeepFake, to determine if the facial image is real or fake, is still at an early stage. Obviously, the current DeepFake detection method struggles to catchthe

    更新日期:2020-09-22
  • Privacy-Preserving Machine Learning Training in Aggregation Scenarios
    arXiv.cs.CR Pub Date : 2020-09-21
    Liehuang Zhu; Xiangyun Tang; Meng Shen; Jie Zhang; Xiaojiang Du

    To develop Smart City, the growing popularity of Machine Learning (ML) that appreciates high-quality training datasets generated from diverse IoT devices raises natural questions about the privacy guarantees that can be provided in such settings. Privacy-preserving ML training in an aggregation scenario enables a model demander to securely train ML models with the sensitive IoT data gathered from personal

    更新日期:2020-09-22
  • On Distributed Differential Privacy and Counting Distinct Elements
    arXiv.cs.CR Pub Date : 2020-09-21
    Lijie Chen; Badih Ghazi; Ravi Kumar; Pasin Manurangsi

    We study the setup where each of $n$ users holds an element from a discrete set, and the goal is to count the number of distinct elements across all users, under the constraint of $(\epsilon, \delta)$-differentially privacy: - In the non-interactive local setting, we prove that the additive error of any protocol is $\Omega(n)$ for any constant $\epsilon$ and for any $\delta$ inverse polynomial in $n$

    更新日期:2020-09-22
  • On the Efficient Estimation of Min-Entropy
    arXiv.cs.CR Pub Date : 2020-09-21
    Yongjune Kim; Cyril Guyot; Young-Sik Kim

    The min-entropy is an important metric to quantify randomness of generated random numbers in cryptographic applications; it measures the difficulty of guessing the most-likely output. One of the important min-entropy estimator is the compression estimator of NIST Special Publication (SP) 800-90B, which relies on Maurer's universal test. In this paper, we propose two kinds of min-entropy estimators

    更新日期:2020-09-22
  • R$^2$DP: A Universal and Automated Approach to Optimizing the Randomization Mechanisms of Differential Privacy for Utility Metrics with No Known Optimal Distributions
    arXiv.cs.CR Pub Date : 2020-09-20
    Meisam Mohammady; Shangyu Xie; Yuan Hong; Mengyuan Zhang; Lingyu Wang; Makan Pourzandi; Mourad Debbabi

    Differential privacy (DP) has emerged as a de facto standard privacy notion for a wide range of applications. Since the meaning of data utility in different applications may vastly differ, a key challenge is to find the optimal randomization mechanism, i.e., the distribution and its parameters, for a given utility metric. Existing works have identified the optimal distributions in some special cases

    更新日期:2020-09-22
  • On Certificate Management in Named Data Networking
    arXiv.cs.CR Pub Date : 2020-09-20
    Zhiyi Zhang; Su Yong Wong; Junxiao Shi; Davide Pesavento; Alexander Afanasyev; Lixia Zhang

    Named Data Networking (NDN) secures network communications by requiring all data packets to be signed when produced. This requirement necessitates efficient and usable mechanisms to handle NDN certificate issuance and revocation, making these supporting mechanisms essential for NDN operations. In this paper, we first investigate and clarify core concepts related to NDN certificates and security design

    更新日期:2020-09-22
  • An insecure noninteractive group key establishment scheme
    arXiv.cs.CR Pub Date : 2020-09-19
    Chris J Mitchell

    A serious weakness in the recently proposed Chen-Hsu-Harn group authentication and group key establishment scheme is described. A simple attack against the group key establishment part of the scheme is given, which casts doubt on the viability of the scheme.

    更新日期:2020-09-22
  • Detecting Malicious URLs of COVID-19 Pandemic using ML technologies
    arXiv.cs.CR Pub Date : 2020-09-19
    Jamil Ispahany; Rafiqul Islam

    Throughout the COVID-19 outbreak, malicious attacks have become more pervasive and damaging than ever. Malicious intruders have been responsible for most cybercrimes committed recently and are the cause for a growing number of cyber threats, including identity and IP thefts, financial crimes, and cyber-attacks to critical infrastructures. Machine learning (ML) has proven itself as a prominent field

    更新日期:2020-09-22
  • A framework for effective corporate communication after cyber security incidents
    arXiv.cs.CR Pub Date : 2020-09-19
    Richard Knight; Jason R. C. Nurse

    A major cyber security incident can represent a cyber crisis for an organisation, in particular because of the associated risk of substantial reputational damage. As the likelihood of falling victim to a cyberattack has increased over time, so too has the need to understand exactly what is effective corporate communication after an attack, and how best to engage the concerns of customers, partners

    更新日期:2020-09-22
  • Optimizing Away JavaScript Obfuscation
    arXiv.cs.CR Pub Date : 2020-09-19
    Adrian Herrera

    JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-Deobs, a JavaScript deobfuscation tool that we have built.

    更新日期:2020-09-22
  • Optimal Provable Robustness of Quantum Classification via Quantum Hypothesis Testing
    arXiv.cs.CR Pub Date : 2020-09-21
    Maurice Weber; Nana Liu; Bo Li; Ce Zhang; Zhikuan Zhao

    Quantum machine learning models have the potential to offer speedups and better predictive accuracy compared to their classical counterparts. However, these quantum algorithms, like their classical counterparts, have been shown to also be vulnerable to input perturbations, in particular for classification problems. These can arise either from noisy implementations or, as a worst-case type of noise

    更新日期:2020-09-22
  • MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design
    arXiv.cs.CR Pub Date : 2020-09-18
    Gururaj Saileshwar; Moinuddin Qureshi

    Shared caches in modern processors are vulnerable to conflict-based attacks, whereby an attacker monitors the access pattern of a victim by engineering cache-set conflicts. Recent mitigations propose a randomized mapping of addresses to cache locations to obfuscate addresses that can conflict with a target address. Unfortunately, such designs continue to select eviction candidates from a small subset

    更新日期:2020-09-22
  • Training Production Language Models without Memorizing User Data
    arXiv.cs.CR Pub Date : 2020-09-21
    Swaroop Ramaswamy; Om Thakkar; Rajiv Mathews; Galen Andrew; H. Brendan McMahan; Françoise Beaufays

    This paper presents the first consumer-scale next-word prediction (NWP) model trained with Federated Learning (FL) while leveraging the Differentially Private Federated Averaging (DP-FedAvg) technique. There has been prior work on building practical FL infrastructure, including work demonstrating the feasibility of training language models on mobile devices using such infrastructure. It has also been

    更新日期:2020-09-22
  • Defending against substitute model black box adversarial attacks with the 01 loss
    arXiv.cs.CR Pub Date : 2020-09-01
    Yunzhe Xue; Meiyan Xie; Usman Roshan

    Substitute model black box attacks can create adversarial examples for a target model just by accessing its output labels. This poses a major challenge to machine learning models in practice, particularly in security sensitive applications. The 01 loss model is known to be more robust to outliers and noise than convex models that are typically used in practice. Motivated by these properties we present

    更新日期:2020-09-22
  • ServiceNet: A P2P Service Network
    arXiv.cs.CR Pub Date : 2020-09-04
    Ji LiuSchool of Electrical & Information Engineering, University of Sydney, Australia; Hang ZhaoSchool of Electrical & Information Engineering, University of Sydney, Australia; Jiyuan YangSchool of Electrical & Information Engineering, University of Sydney, Australia; Yu ShiSchool of Electrical & Information Engineering, University of Sydney, Australia; Ruichang LiuSchool of Electrical & Information

    Given a large number of online services on the Internet, from time to time, people are still struggling to find out the services that they need. On the other hand, when there are considerable research and development on service discovery and service recommendation, most of the related work are centralized and thus suffers inherent shortages of the centralized systems, e.g., adv-driven, lack at trust

    更新日期:2020-09-22
  • On Software Implementation of Gabidulin Decoders
    arXiv.cs.CR Pub Date : 2020-09-21
    Johannes Kunz; Julian Renner; Georg Maringer; Thomas Schamberger; Antonia Wachter-Zeh

    This work compares the performance of software implementations of different Gabidulin decoders. The parameter sets used within the comparison stem from their applications in recently proposed cryptographic schemes. The complexity analysis of the decoders is recalled, counting the occurrence of each operation within the respective decoders. It is shown that knowing the number of operations may be misleading

    更新日期:2020-09-22
  • DeepDyve: Dynamic Verification for Deep Neural Networks
    arXiv.cs.CR Pub Date : 2020-09-21
    Yu Li; Min Li; Bo Luo; Ye Tian; Qiang Xu

    Deep neural networks (DNNs) have become one of the enabling technologies in many safety-critical applications, e.g., autonomous driving and medical image analysis. DNN systems, however, suffer from various kinds of threats, such as adversarial example attacks and fault injection attacks. While there are many defense methods proposed against maliciously crafted inputs, solutions against faults presented

    更新日期:2020-09-22
  • ES Attack: Model Stealing against Deep Neural Networks without Data Hurdles
    arXiv.cs.CR Pub Date : 2020-09-21
    Xiaoyong Yuan; Lei Ding; Lan Zhang; Xiaolin Li; Dapeng Wu

    Deep neural networks (DNNs) have become the essential components for various commercialized machine learning services, such as Machine Learning as a Service (MLaaS). Recent studies show that machine learning services face severe privacy threats - well-trained DNNs owned by MLaaS providers can be stolen through public APIs, namely model stealing attacks. However, most existing works undervalued the

    更新日期:2020-09-22
Contents have been reproduced by permission of the publishers.
导出
全部期刊列表>>
物理学研究前沿热点精选期刊推荐
chemistry
自然职位线上招聘会
欢迎报名注册2020量子在线大会
化学领域亟待解决的问题
材料学研究精选新
GIANT
ACS ES&T Engineering
ACS ES&T Water
ACS Publications填问卷
屿渡论文,编辑服务
阿拉丁试剂right
南昌大学
王辉
南方科技大学
彭小水
隐藏1h前已浏览文章
课题组网站
新版X-MOL期刊搜索和高级搜索功能介绍
ACS材料视界
天合科研
x-mol收录
X-MOL
苏州大学
廖矿标
深圳湾
试剂库存
down
wechat
bug