当前期刊: arXiv - CS - Cryptography and Security Go to current issue    加入关注   
显示样式:        排序: IF: - GO 导出
我的关注
我的收藏
您暂时未登录!
登录
  • The Privacy-Utility Tradeoff of Robust Local Differential Privacy
    arXiv.cs.CR Pub Date : 2021-01-22
    Milan Lopuhaä-Zwakenberg; Jasper Goseling

    We consider data release protocols for data $X=(S,U)$, where $S$ is sensitive; the released data $Y$ contains as much information about $X$ as possible, measured as $\operatorname{I}(X;Y)$, without leaking too much about $S$. We introduce the Robust Local Differential Privacy (RLDP) framework to measure privacy. This framework relies on the underlying distribution of the data, which needs to be estimated

    更新日期:2021-01-25
  • A Robust Blockchain Readiness Index Model
    arXiv.cs.CR Pub Date : 2021-01-20
    Elias Iosif; Klitos Christodoulou; Andreas Vlachos

    As the blockchain ecosystem gets more mature many businesses, investors, and entrepreneurs are seeking opportunities on working with blockchain systems and cryptocurrencies. A critical challenge for these actors is to identify the most suitable environment to start or evolve their businesses. In general, the question is to identify which countries are offering the most suitable conditions to host their

    更新日期:2021-01-25
  • Privacy Friendly E-Ticketing For Public Transport
    arXiv.cs.CR Pub Date : 2021-01-22
    Jaap-Henk Hoepman

    This paper studies how to implement a privacy friendly form of ticketing for public transport in practice. The protocols described are inspired by current (privacy invasive) public transport ticketing systems used around the world. The first protocol emulates paper based tickets. The second protocol implements a pay-as-you-go approach, with fares determined when users check-in and check-out. Both protocols

    更新日期:2021-01-25
  • Decision process for blockchain architectures based on requirements
    arXiv.cs.CR Pub Date : 2021-01-22
    Nicolas SixCRI

    In recent years, blockchain has grown in popularity due to its singular attributes, enabling the development of new innovative decentralized applications. But when companies consider leveraging blockchain for their applications, the plethora of possible choices and the difficulty of integrating blockchain into architectures can hinder its adoption. Our research project aims to ease the adoption of

    更新日期:2021-01-25
  • A blockchain-based pattern for confidential and pseudo-anonymous contract enforcement
    arXiv.cs.CR Pub Date : 2021-01-22
    Nicolas SixCRI; Claudia Negri RibaltaCRI; Nicolas HerbautCRI; Camille SalinesiCRI

    Blockchain has been praised for its capacity to hold data in a decentralized and tamper-proof way. It also supports the execution of code through blockchain's smart contracts, adding automation of actions to the network with high trustability. However, as smart contracts are visible by anybody on the network, the business data and logic may be at risk, thus companies could be reluctant to use such

    更新日期:2021-01-25
  • A novel DL approach to PE malware detection: exploring Glove vectorization, MCC_RCNN and feature fusion
    arXiv.cs.CR Pub Date : 2021-01-22
    Yuzhou Lin; Xiaolin Chang

    In recent years, malware becomes more threatening. Concerning the increasing malware variants, there comes Machine Learning (ML)-based and Deep Learning (DL)-based approaches for heuristic detection. Nevertheless, the prediction accuracy of both needs to be improved. In response to the above issues in the PE malware domain, we propose the DL-based approaches for detection and use static-based features

    更新日期:2021-01-25
  • Privacy-Preserving and Efficient Verification of the Outcome in Genome-Wide Association Studies
    arXiv.cs.CR Pub Date : 2021-01-21
    Anisa Halimi; Leonard Dervishi; Erman Ayday; Apostolos Pyrgelis; Juan Ramon Troncoso-Pastoriza; Jean-Pierre Hubaux; Xiaoqian Jiang; Jaideep Vaidya

    Providing provenance in scientific workflows is essential for reproducibility and auditability purposes. Workflow systems model and record provenance describing the steps performed to obtain the final results of a computation. In this work, we propose a framework that verifies the correctness of the statistical test results that are conducted by a researcher while protecting individuals' privacy in

    更新日期:2021-01-25
  • Adversarial Laws of Large Numbers and Optimal Regret in Online Classification
    arXiv.cs.CR Pub Date : 2021-01-22
    Noga Alon; Omri Ben-Eliezer; Yuval Dagan; Shay Moran; Moni Naor; Eylon Yogev

    Laws of large numbers guarantee that given a large enough sample from some population, the measure of any fixed sub-population is well-estimated by its frequency in the sample. We study laws of large numbers in sampling processes that can affect the environment they are acting upon and interact with it. Specifically, we consider the sequential sampling model proposed by Ben-Eliezer and Yogev (2020)

    更新日期:2021-01-25
  • Quantum Private Information Retrieval for Quantum Messages
    arXiv.cs.CR Pub Date : 2021-01-22
    Seunghoan Song; Masahito Hayashi

    Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description

    更新日期:2021-01-25
  • Understanding the Tradeoffs in Client-Side Privacy for Speech Recognition
    arXiv.cs.CR Pub Date : 2021-01-22
    Peter Wu; Paul Pu Liang; Ruslan Salakhutdinov; Louis-Philippe Morency

    Existing approaches to ensuring privacy of user speech data primarily focus on server-side approaches. While improving server-side privacy reduces certain security concerns, users still do not retain control over whether privacy is ensured on the client-side. In this paper, we define, evaluate, and explore techniques for client-side privacy in speech recognition, where the goal is to preserve privacy

    更新日期:2021-01-25
  • Post-Quantum Security of the Bitcoin Backbone and Quantum Multi-Solution Bernoulli Search
    arXiv.cs.CR Pub Date : 2020-12-30
    Alexandru Cojocaru; Juan Garay; Aggelos Kiayias; Fang Song; Petros Wallden

    Bitcoin and its underlying blockchain protocol have recently received significant attention in the context of building distributed systems as well as from the perspective of the foundations of the consensus problem. At the same time, the rapid development of quantum technologies brings the possibility of quantum computing devices from a theoretical conception to an emerging technology. Motivated by

    更新日期:2021-01-25
  • SoK: Decentralized Finance (DeFi)
    arXiv.cs.CR Pub Date : 2021-01-21
    Sam M. Werner; Daniel Perez; Lewis Gudgeon; Ariah Klages-Mundt; Dominik Harz; William J. Knottenbelt

    Decentralized Finance (DeFi), a blockchain powered peer-to-peer financial system, is mushrooming. One year ago the total value locked in DeFi systems was approximately 600m USD, now, as of January 2021, it stands at around 25bn USD. The frenetic evolution of the ecosystem makes it challenging for newcomers to gain an understanding of its basic features. In this Systematization of Knowledge (SoK), we

    更新日期:2021-01-22
  • An Efficient Communication Protocol for FPGA IP Protection
    arXiv.cs.CR Pub Date : 2021-01-21
    Farzane Khajuyi; Behnam Ghavami; Human Nikmehr

    We introduce a protection-based IP security scheme to protect soft and firm IP cores which are used on FPGA devices. The scheme is based on Finite State Machin (FSM) obfuscation and exploits Physical Unclonable Function (PUF) for FPGA unique identification (ID) generation which help pay-per-device licensing. We introduce a communication protocol to protect the rights of parties in this market. On standard

    更新日期:2021-01-22
  • Copycat CNN: Are Random Non-Labeled Data Enough to Steal Knowledge from Black-box Models?
    arXiv.cs.CR Pub Date : 2021-01-21
    Jacson Rodrigues Correia-Silva; Rodrigo F. Berriel; Claudine Badue; Alberto F. De Souza; Thiago Oliveira-Santos

    Convolutional neural networks have been successful lately enabling companies to develop neural-based products, which demand an expensive process, involving data acquisition and annotation; and model generation, usually requiring experts. With all these costs, companies are concerned about the security of their models against copies and deliver them as black-boxes accessed by APIs. Nonetheless, we argue

    更新日期:2021-01-22
  • Quantitative Security Risk Modeling and Analysis with RisQFLan
    arXiv.cs.CR Pub Date : 2021-01-21
    Maurice H. ter Beek; Axel Legay; Alberto Lluch Lafuente; Andrea Vandin

    Domain-specific quantitative modeling and analysis approaches are fundamental in scenarios in which qualitative approaches are inappropriate or unfeasible. In this paper, we present a tool-supported approach to quantitative graph-based security risk modeling and analysis based on attack-defense trees. Our approach is based on QFLan, a successful domain-specific approach to support quantitative modeling

    更新日期:2021-01-22
  • Malware Detection and Analysis: Challenges and Research Opportunities
    arXiv.cs.CR Pub Date : 2021-01-21
    Zahid Akhtar

    Malwares are continuously growing in sophistication and numbers. Over the last decade, remarkable progress has been achieved in anti-malware mechanisms. However, several pressing issues (e.g., unknown malware samples detection) still need to be addressed adequately. This article first presents a concise overview of malware along with anti-malware and then summarizes various research challenges. This

    更新日期:2021-01-22
  • Introducing the Unitychain Structure: A novel blockchain-like structure that enables greater parallel processing, security, and performance for networks that leverage distributed key generation and classical consensus protocols
    arXiv.cs.CR Pub Date : 2021-01-21
    Joshua D. Tobkin

    A Unitychain is a novel blockchain-like structure that drastically improves transaction scalability and security while maintaining ongoing network performance, even if participating nodes are required to perform a new Distributed Key Generation procedure for security purposes. The Unitychain structure, furthermore, enables greater parallel processing by the assignment of different network node configurations

    更新日期:2021-01-22
  • Understand Volatility of Algorithmic Stablecoin: Modeling, Verification and Empirical Analysis
    arXiv.cs.CR Pub Date : 2021-01-21
    Wenqi Zhao; Hui Li; Yuming Yuan

    An algorithmic stablecoin is a type of cryptocurrency managed by algorithms (i.e., smart contracts) to dynamically minimize the volatility of its price relative to a specific form of asset, e.g., US dollar. As algorithmic stablecoins have been growing rapidly in recent years, they become much more volatile than expected. In this paper, we took a deep dive into the core of algorithmic stablecoins and

    更新日期:2021-01-22
  • Fidelity and Privacy of Synthetic Medical Data
    arXiv.cs.CR Pub Date : 2021-01-18
    Ofer Mendelevitch; Michael D. Lesh

    The digitization of medical records ushered in a new era of big data to clinical science, and with it the possibility that data could be shared, to multiply insights beyond what investigators could abstract from paper records. The need to share individual-level medical data to accelerate innovation in precision medicine continues to grow, and has never been more urgent, as scientists grapple with the

    更新日期:2021-01-22
  • Adversarial Machine Learning in Text Analysis and Generation
    arXiv.cs.CR Pub Date : 2021-01-14
    Izzat Alsmadi

    The research field of adversarial machine learning witnessed a significant interest in the last few years. A machine learner or model is secure if it can deliver main objectives with acceptable accuracy, efficiency, etc. while at the same time, it can resist different types and/or attempts of adversarial attacks. This paper focuses on studying aspects and research trends in adversarial machine learning

    更新日期:2021-01-22
  • A Study of F0 Modification for X-Vector Based Speech Pseudonymization Across Gender
    arXiv.cs.CR Pub Date : 2021-01-21
    Pierre ChampionMULTISPEECH; Denis JouvetMULTISPEECH; Anthony LarcherLIUM

    Speech pseudonymization aims at altering a speech signal to map the identifiable personal characteristics of a given speaker to another identity. In other words, it aims to hide the source speaker identity while preserving the intelligibility of the spoken content. This study takes place in the VoicePrivacy 2020 challenge framework, where the baseline system performs pseudonymization by modifying x-vector

    更新日期:2021-01-22
  • RADAR: Run-time Adversarial Weight Attack Detection and Accuracy Recovery
    arXiv.cs.CR Pub Date : 2021-01-20
    Jingtao Li; Adnan Siraj Rakin; Zhezhi He; Deliang Fan; Chaitali Chakrabarti

    Adversarial attacks on Neural Network weights, such as the progressive bit-flip attack (PBFA), can cause a catastrophic degradation in accuracy by flipping a very small number of bits. Furthermore, PBFA can be conducted at run time on the weights stored in DRAM main memory. In this work, we propose RADAR, a Run-time adversarial weight Attack Detection and Accuracy Recovery scheme to protect DNN weights

    更新日期:2021-01-21
  • secureTF: A Secure TensorFlow Framework
    arXiv.cs.CR Pub Date : 2021-01-20
    Do Le Quoc; Franz Gregor; Sergei Arnautov; Roland Kunkel; Pramod Bhatotia; Christof Fetzer

    Data-driven intelligent applications in modern online services have become ubiquitous. These applications are usually hosted in the untrusted cloud computing infrastructure. This poses significant security risks since these applications rely on applying machine learning algorithms on large datasets which may contain private and sensitive information. To tackle this challenge, we designed secureTF,

    更新日期:2021-01-21
  • The (in)security of some recently proposed lightweight key distribution schemes
    arXiv.cs.CR Pub Date : 2021-01-20
    Chris J Mitchell

    Two recently published papers propose some very simple key distribution schemes designed to enable two or more parties to establish a shared secret key with the aid of a third party. Unfortunately, as we show, most of the schemes are inherently insecure and all are incompletely specified - moreover, claims that the schemes are inherently lightweight are shown to be highly misleading.

    更新日期:2021-01-21
  • On Provable Backdoor Defense in Collaborative Learning
    arXiv.cs.CR Pub Date : 2021-01-19
    Ximing Qiao; Yuhua Bai; Siping Hu; Ang Li; Yiran Chen; Hai Li

    As collaborative learning allows joint training of a model using multiple sources of data, the security problem has been a central concern. Malicious users can upload poisoned data to prevent the model's convergence or inject hidden backdoors. The so-called backdoor attacks are especially difficult to detect since the model behaves normally on standard test data but gives wrong outputs when triggered

    更新日期:2021-01-21
  • Adversarial Attacks for Tabular Data: Application to Fraud Detection and Imbalanced Data
    arXiv.cs.CR Pub Date : 2021-01-20
    Francesco Cartella; Orlando Anunciacao; Yuki Funabiki; Daisuke Yamaguchi; Toru Akishita; Olivier Elshocht

    Guaranteeing the security of transactional systems is a crucial priority of all institutions that process transactions, in order to protect their businesses against cyberattacks and fraudulent attempts. Adversarial attacks are novel techniques that, other than being proven to be effective to fool image classification models, can also be applied to tabular data. Adversarial attacks aim at producing

    更新日期:2021-01-21
  • Epidemic? The Attack Surface of German Hospitals during the COVID-19 Pandemic
    arXiv.cs.CR Pub Date : 2021-01-20
    Johannes Klick; Robert Koch; Thomas Brandstetter

    In our paper we analyze the attack surface of German hospitals and healthcare providers in 2020 during the COVID-19 Pandemic. The analysis looked at the publicly visible attack surface utilizing a Distributed Cyber Recon System, utilizing distributed Internet scanning, Big Data methods and scan data of 1,483 GB from more than 89 different global Internet scans. From the 1,555 identified German clinical

    更新日期:2021-01-21
  • Safer Illinois and RokWall: Privacy Preserving University Health Apps for COVID-19
    arXiv.cs.CR Pub Date : 2021-01-19
    Vikram Sharma Mailthody; James Wei; Nicholas Chen; Mohammad Behnia; Ruihao Yao; Qihao Wang; Vedant Agrawal; Churan He; Lijian Wang; Leihao Chen; Amit Agarwal; Edward Richter; Wen-Mei Hwu; Christopher W. Fletcher; Jinjun Xiong; Andrew Miller; Sanjay Patel

    COVID-19 has fundamentally disrupted the way we live. Government bodies, universities, and companies worldwide are rapidly developing technologies to combat the COVID-19 pandemic and safely reopen society. Essential analytics tools such as contact tracing, super-spreader event detection, and exposure mapping require collecting and analyzing sensitive user information. The increasing use of such powerful

    更新日期:2021-01-21
  • Inference under Information Constraints III: Local Privacy Constraints
    arXiv.cs.CR Pub Date : 2021-01-20
    Jayadev Acharya; Clément L. Canonne; Cody Freitag; Ziteng Sun; Himanshu Tyagi

    We study goodness-of-fit and independence testing of discrete distributions in a setting where samples are distributed across multiple users. The users wish to preserve the privacy of their data while enabling a central server to perform the tests. Under the notion of local differential privacy, we propose simple, sample-optimal, and communication-efficient protocols for these two questions in the

    更新日期:2021-01-21
  • Porcupine: A Synthesizing Compiler for Vectorized Homomorphic Encryption
    arXiv.cs.CR Pub Date : 2021-01-19
    Meghan Cowan; Deeksha Dangwal; Armin Alaghi; Caroline Trippel; Vincent T. Lee; Brandon Reagen

    Homomorphic encryption (HE) is a privacy-preserving technique that enables computation directly on encrypted data. Despite its promise, HE has seen limited use due to performance overheads and compilation challenges. Recent work has made significant advances to address the performance overheads but automatic compilation of efficient HE kernels remains relatively unexplored. This paper presents Porcupine

    更新日期:2021-01-21
  • MIT SafePaths Card (MiSaCa): Augmenting Paper Based Vaccination Cards with Printed Codes
    arXiv.cs.CR Pub Date : 2021-01-20
    Joseph Bae; Rohan Sukumaran; Sheshank Shankar; Saurish Srivastava; Rohan Iyer; Aryan Mahindra; Qamil Mirza; Maurizio Arseni; Anshuman Sharma; Saras Agrawal; Orna Mukhopadhyay; Colin Kang; Priyanshi Katiyar; Apurv Shekhar; Sifat Hasan; Krishnendu Dasgupta; Darshan Gandhi; Sethuramen TV; Parth Patwa; Ishaan Singh; Abhishek Singh; Ramesh Raskar

    In this early draft, we describe a user-centric, card-based system for vaccine distribution. Our system makes use of digitally signed QR codes and their use for phased vaccine distribution, vaccine administration/record-keeping, immunization verification, and follow-up symptom reporting. Furthermore, we propose and describe a complementary scanner app system to be used by vaccination clinics, public

    更新日期:2021-01-21
  • LowKey: Leveraging Adversarial Attacks to Protect Social Media Users from Facial Recognition
    arXiv.cs.CR Pub Date : 2021-01-20
    Valeriia Cherepanova; Micah Goldblum; Harrison Foley; Shiyuan Duan; John Dickerson; Gavin Taylor; Tom Goldstein

    Facial recognition systems are increasingly deployed by private corporations, government agencies, and contractors for consumer services and mass surveillance programs alike. These systems are typically built by scraping social media profiles for user images. Adversarial perturbations have been proposed for bypassing facial recognition systems. However, existing methods fail on full-scale systems and

    更新日期:2021-01-21
  • A System for Automated Open-Source Threat Intelligence Gathering and Management
    arXiv.cs.CR Pub Date : 2021-01-19
    Peng Gao; Xiaoyuan Liu; Edward Choi; Bhavna Soman; Chinmaya Mishra; Kate Farris; Dawn Song

    Sophisticated cyber attacks have plagued many high-profile businesses. To remain aware of the fast-evolving threat landscape, open-source Cyber Threat Intelligence (OSCTI) has received growing attention from the community. Commonly, knowledge about threats is presented in a vast number of OSCTI reports. Despite the pressing need for high-quality OSCTI, existing OSCTI gathering and management platforms

    更新日期:2021-01-20
  • Panel: Humans and Technology for Inclusive Privacy and Security
    arXiv.cs.CR Pub Date : 2021-01-18
    Sanchari Das; Robert S. Gutzwiller; Rod D. Roscoe; Prashanth Rajivan; Yang Wang; L. Jean Camp; Roberto Hoyle

    Computer security and user privacy are critical issues and concerns in the digital era due to both increasing users and threats to their data. Separate issues arise between generic cybersecurity guidance (i.e., protect all user data from malicious threats) and the individualistic approach of privacy (i.e., specific to users and dependent on user needs and risk perceptions). Research has shown that

    更新日期:2021-01-20
  • Fast Privacy-Preserving Text Classification based on Secure Multiparty Computation
    arXiv.cs.CR Pub Date : 2021-01-18
    Amanda Resende; Davis Railsback; Rafael Dowsley; Anderson C. A. Nascimento; Diego F. Aranha

    We propose a privacy-preserving Naive Bayes classifier and apply it to the problem of private text classification. In this setting, a party (Alice) holds a text message, while another party (Bob) holds a classifier. At the end of the protocol, Alice will only learn the result of the classifier applied to her text input and Bob learns nothing. Our solution is based on Secure Multiparty Computation (SMC)

    更新日期:2021-01-20
  • Information Theoretic Secure Aggregation with User Dropouts
    arXiv.cs.CR Pub Date : 2021-01-19
    Yizhou Zhao; Hua Sun

    In the robust secure aggregation problem, a server wishes to learn and only learn the sum of the inputs of a number of users while some users may drop out (i.e., may not respond). The identity of the dropped users is not known a priori and the server needs to securely recover the sum of the remaining surviving users. We consider the following minimal two-round model of secure aggregation. Over the

    更新日期:2021-01-20
  • MIMOSA: Reducing Malware Analysis Overhead with Coverings
    arXiv.cs.CR Pub Date : 2021-01-18
    Mohsen Ahmadi; Kevin Leach; Ryan Dougherty; Stephanie Forrest; Westley Weimer

    There is a growing body of malware samples that evade automated analysis and detection tools. Malware may measure fingerprints ("artifacts") of the underlying analysis tool or environment and change their behavior when artifacts are detected. While analysis tools can mitigate artifacts to reduce exposure, such concealment is expensive. However, not every sample checks for every type of artifact-analysis

    更新日期:2021-01-20
  • Data Protection Impact Assessment for the Corona App
    arXiv.cs.CR Pub Date : 2021-01-18
    Kirsten Bock; Christian R. Kühne; Rainer Mühlhoff; Měto R. Ost; Jörg Pohle; Rainer Rehak

    Since SARS-CoV-2 started spreading in Europe in early 2020, there has been a strong call for technical solutions to combat or contain the pandemic, with contact tracing apps at the heart of the debates. The EU's General Daten Protection Regulation (GDPR) requires controllers to carry out a data protection impact assessment (DPIA) where their data processing is likely to result in a high risk to the

    更新日期:2021-01-20
  • Leveraging AI to optimize website structure discovery during Penetration Testing
    arXiv.cs.CR Pub Date : 2021-01-18
    Diego Antonelli; Roberta Cascella; Gaetano Perrone; Simon Pietro Romano; Antonio Schiano

    Dirbusting is a technique used to brute force directories and file names on web servers while monitoring HTTP responses, in order to enumerate server contents. Such a technique uses lists of common words to discover the hidden structure of the target website. Dirbusting typically relies on response codes as discovery conditions to find new pages. It is widely used in web application penetration testing

    更新日期:2021-01-19
  • Applying High-Performance Bioinformatics Tools for Outlier Detection in Log Data
    arXiv.cs.CR Pub Date : 2021-01-18
    Markus Wurzenberger; Florian Skopik; Roman Fiedler; Wolfgang Kastner

    Most of today's security solutions, such as security information and event management (SIEM) and signature based IDS, require the operator to evaluate potential attack vectors and update detection signatures and rules in a timely manner. However, today's sophisticated and tailored advanced persistent threats (APT), malware, ransomware and rootkits, can be so complex and diverse, and often use zero

    更新日期:2021-01-19
  • SoK: Fully Homomorphic Encryption Compilers
    arXiv.cs.CR Pub Date : 2021-01-18
    Alexander Viand; Patrick Jattke; Anwar Hithnawi

    Fully Homomorphic Encryption (FHE) allows a third party to perform arbitrary computations on encrypted data, learning neither the inputs nor the computation results. Hence, it provides resilience in situations where computations are carried out by an untrusted or potentially compromised party. This powerful concept was first conceived by Rivest et al. in the 1970s. However, it remained unrealized until

    更新日期:2021-01-19
  • DeepPayload: Black-box Backdoor Attack on Deep Learning Models through Neural Payload Injection
    arXiv.cs.CR Pub Date : 2021-01-18
    Yuanchun Li; Jiayi Hua; Haoyu Wang; Chunyang Chen; Yunxin Liu

    Deep learning models are increasingly used in mobile applications as critical components. Unlike the program bytecode whose vulnerabilities and threats have been widely-discussed, whether and how the deep learning models deployed in the applications can be compromised are not well-understood since neural networks are usually viewed as a black box. In this paper, we introduce a highly practical backdoor

    更新日期:2021-01-19
  • A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence
    arXiv.cs.CR Pub Date : 2021-01-17
    Peng Gao; Fei Shao; Xiaoyuan Liu; Xusheng Xiao; Haoyuan Liu; Zheng Qin; Fengyuan Xu; Prateek Mittal; Sanjeev R. Kulkarni; Dawn Song

    Log-based cyber threat hunting has emerged as an important solution to counter sophisticated cyber attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external knowledge about threat behaviors provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we build ThreatRaptor, a system that facilitates cyber threat

    更新日期:2021-01-19
  • A Technical Report for Light-Edge: A Lightweight Authentication Protocol for IoT Devices in an Edge-Cloud Environment
    arXiv.cs.CR Pub Date : 2021-01-17
    Ali Shahidinejad; Mostafa Ghobaei-Arani; Alireza Souri; Mohammad Shojafar; Saru Kumari

    Selected procedures in [1] and additional simulation results are presented in detail in this report. We first present the IoT device registration in Section I, and we provide the details of fuzzy-based trust computation in Section II. In the end, we show some additional simulation results for formal validation of the Light-Edge under On-the-Fly Model Checker (OFMC) and Constraint-Logic-based ATtack

    更新日期:2021-01-19
  • Intrusion Detection Systems for Smart Home IoT Devices: Experimental Comparison Study
    arXiv.cs.CR Pub Date : 2021-01-16
    Faisal Alsakran; Gueltoum Bendiab; Stavros Shiaeles; Nicholas Kolokotronis

    Smart homes are one of the most promising applications of the emerging Internet of Things (IoT) technology. With the growing number of IoT related devices such as smart thermostats, smart fridges, smart speaker, smart light bulbs and smart locks, smart homes promise to make our lives easier and more comfortable. However, the increased deployment of such smart devices brings an increase in potential

    更新日期:2021-01-19
  • AGChain: A Blockchain-based Gateway for Permanent, Distributed, and Secure App Delegation from Existing Mobile App Markets
    arXiv.cs.CR Pub Date : 2021-01-16
    Mengjie Chen; Daoyuan Wu; Xiao Yi; Jianliang Xu

    Mobile app markets are emerging with the popularity of smartphones. However, they fall short in several aspects, including no transparent app listing, no world-wide app access, and even insecure app downloading. To address these problems, we propose a novel blockchain-based gateway, AGChain, to bridge end users and app markets so that existing app markets could still provide services while users enjoy

    更新日期:2021-01-19
  • Revisiting Driver Anonymity in ORide
    arXiv.cs.CR Pub Date : 2021-01-16
    Deepak Kumaraswamy; Shyam Murthy; Srinivas Vivek

    Ride Hailing Services (RHS) have become a popular means of transportation, and with its popularity comes the concerns of privacy of riders and drivers. ORide is a privacy-preserving RHS proposed in 2017 and uses Somewhat Homomorphic Encryption (SHE). In their protocol, a rider and all drivers in a zone send their encrypted coordinates to the RHS Service Provider (SP) who computes the squared Euclidean

    更新日期:2021-01-19
  • SEDAT:Security Enhanced Device Attestation with TPM2.0
    arXiv.cs.CR Pub Date : 2021-01-16
    Avani Dave; Monty Wiseman; David Safford

    Remote attestation is one of the ways to verify the state of an untrusted device. Earlier research has attempted remote verification of a devices' state using hardware, software, or hybrid approaches. Majority of them have used Attestation Key as a hardware root of trust, which does not detect hardware modification or counterfeit issues. In addition, they do not have a secure communication channel

    更新日期:2021-01-19
  • Privacy Protection of Grid Users Data with Blockchain and Adversarial Machine Learning
    arXiv.cs.CR Pub Date : 2021-01-15
    Ibrahim Yilmaz; Kavish Kapoor; Ambareen Siraj; Mahmoud Abouyoussef

    Utilities around the world are reported to invest a total of around 30 billion over the next few years for installation of more than 300 million smart meters, replacing traditional analog meters [1]. By mid-decade, with full country wide deployment, there will be almost 1.3 billion smart meters in place [1]. Collection of fine grained energy usage data by these smart meters provides numerous advantages

    更新日期:2021-01-19
  • CARE: Lightweight Attack Resilient Secure Boot Architecturewith Onboard Recovery for RISC-V based SOC
    arXiv.cs.CR Pub Date : 2021-01-15
    Avani Dave; Nilanjan Banerjee; Chintan Patel

    Recent technological advancements have proliferated the use of small embedded devices for collecting, processing, and transferring the security-critical information. The Internet of Things (IoT) has enabled remote access and control of these network-connected devices. Consequently, an attacker can exploit security vulnerabilities and compromise these devices. In this context, the secure boot becomes

    更新日期:2021-01-19
  • GraphAttacker: A General Multi-Task GraphAttack Framework
    arXiv.cs.CR Pub Date : 2021-01-18
    Jinyin Chen; Dunjie Zhang; Zhaoyan Ming; Kejie Huang

    Graph Neural Networks (GNNs) have been successfully exploited in graph analysis tasks in many real-world applications. However, GNNs have been shown to have potential security issues imposed by adversarial samples generated by attackers, which achieved great attack performance with almost imperceptible perturbations. What limit the wide application of these attackers are their methods' specificity

    更新日期:2021-01-19
  • Trading on-chain: how feasible is regulators' worst-case scenario?
    arXiv.cs.CR Pub Date : 2021-01-15
    Mahsa Moosavi; Jeremy Clark

    When consumers trade financial products, they typically use well-identified service providers that operate under government regulation. In theory, decentralized platforms like Ethereum can offer trading services 'on-chain' without an obvious entry point for regulators. Fortunately for regulators, most trading volume in blockchain-based assets is still on centralized service providers for performance

    更新日期:2021-01-19
  • On the Differentially Private Nature of Perturbed Gradient Descent
    arXiv.cs.CR Pub Date : 2021-01-18
    Thulasi Tholeti; Sheetal Kalyani

    We consider the problem of empirical risk minimization given a database, using the gradient descent algorithm. We note that the function to be optimized may be non-convex, consisting of saddle points which impede the convergence of the algorithm. A perturbed gradient descent algorithm is typically employed to escape these saddle points. We show that this algorithm, that perturbs the gradient, inherently

    更新日期:2021-01-19
  • Adversarial Interaction Attack: Fooling AI to Misinterpret Human Intentions
    arXiv.cs.CR Pub Date : 2021-01-17
    Nodens Koren; Qiuhong Ke; Yisen Wang; James Bailey; Xingjun Ma

    Understanding the actions of both humans and artificial intelligence (AI) agents is important before modern AI systems can be fully integrated into our daily life. In this paper, we show that, despite their current huge success, deep learning based AI systems can be easily fooled by subtle adversarial noise to misinterpret the intention of an action in interaction scenarios. Based on a case study of

    更新日期:2021-01-19
  • Membership Inference Attack on Graph Neural Networks
    arXiv.cs.CR Pub Date : 2021-01-17
    Iyiola E. Olatunji; Wolfgang Nejdl; Megha Khosla

    Graph Neural Networks (GNNs), which generalize traditional deep neural networks or graph data, have achieved state of the art performance on several graph analytical tasks like node classification, link prediction or graph classification. We focus on how trained GNN models could leak information about the \emph{member} nodes that they were trained on. In particular, we focus on answering the question:

    更新日期:2021-01-19
  • Joint Beamforming and Location Optimization for Secure Data Collection in Wireless Sensor Networks with UAV-Carried Intelligent Reflecting Surface
    arXiv.cs.CR Pub Date : 2021-01-17
    Christantus O. Nnamani; Muhammad R. A. Khandaker; Mathini Sellathurai

    This paper considers unmanned aerial vehicle (UAV)-carried intelligent reflecting surface (IRS) for secure data collection in wireless sensor networks. An eavesdropper (Eve) lurks within the vicinity of the main receiver (Bob) while several randomly placed sensor nodes beamform collaboratively to the UAV-carried IRS that reflects the signal to the main receiver (Bob). The design objective is to maximise

    更新日期:2021-01-19
  • Adversarial Attacks On Multi-Agent Communication
    arXiv.cs.CR Pub Date : 2021-01-17
    James Tu; Tsunhsuan Wang; Jingkang Wang; Sivabalan Manivasagam; Mengye Ren; Raquel Urtasun

    Growing at a very fast pace, modern autonomous systems will soon be deployed at scale, opening up the possibility for cooperative multi-agent systems. By sharing information and distributing workloads, autonomous agents can better perform their tasks and enjoy improved computation efficiency. However, such advantages rely heavily on communication channels which have been shown to be vulnerable to security

    更新日期:2021-01-19
  • T-Lease: A Trusted Lease Primitive for Distributed Systems
    arXiv.cs.CR Pub Date : 2021-01-16
    Bohdan TrachTU Dresden; Rasha FaqehTU Dresden; Oleksii OleksenkoTU Dresden; Wojciech OzgaTU Dresden; Pramod BhatotiaTU Münich; Christof FetzerTU Dresden

    A lease is an important primitive for building distributed protocols, and it is ubiquitously employed in distributed systems. However, the scope of the classic lease abstraction is restricted to the trusted computing infrastructure. Unfortunately, this important primitive cannot be employed in the untrusted computing infrastructure because the trusted execution environments (TEEs) do not provide a

    更新日期:2021-01-19
  • Towards interpreting ML-based automated malware detection models: a survey
    arXiv.cs.CR Pub Date : 2021-01-15
    Yuzhou Lin; Xiaolin Chang

    Malware is being increasingly threatening and malware detectors based on traditional signature-based analysis are no longer suitable for current malware detection. Recently, the models based on machine learning (ML) are developed for predicting unknown malware variants and saving human strength. However, most of the existing ML models are black-box, which made their pre-diction results undependable

    更新日期:2021-01-18
  • The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts
    arXiv.cs.CR Pub Date : 2021-01-15
    Christof Ferreira Torres; Antonio Ken Iannillo; Arthur Gervais; Radu State

    In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets for attackers. As a result, they started to become victims of attacks, costing millions of dollars. In response to these attacks, both academia and industry

    更新日期:2021-01-18
Contents have been reproduced by permission of the publishers.
导出
全部期刊列表>>
微生物研究
亚洲大洋洲地球科学
NPJ欢迎投稿
自然科研论文编辑
ERIS期刊投稿
欢迎阅读创刊号
自然职场,为您触达千万科研人才
spring&清华大学出版社
城市可持续发展前沿研究专辑
Springer 纳米技术权威期刊征稿
全球视野覆盖
施普林格·自然新
chemistry
物理学研究前沿热点精选期刊推荐
自然职位线上招聘会
欢迎报名注册2020量子在线大会
化学领域亟待解决的问题
材料学研究精选新
GIANT
ACS ES&T Engineering
ACS ES&T Water
屿渡论文,编辑服务
阿拉丁试剂right
上海中医药大学
浙江大学
西湖大学
化学所
北京大学
清华
隐藏1h前已浏览文章
课题组网站
新版X-MOL期刊搜索和高级搜索功能介绍
ACS材料视界
清华大学-1
南开大学
浙江大学
天合科研
x-mol收录
试剂库存
down
wechat
bug