Research in Attacks Intrusions and Defenses 17th International Symposium RAID 2014 Gothenburg Sweden September 17 19 2014 Proceedings 1st Edition by Angelos Stavrou 3319113791 9783319113791

Research in Attacks Intrusions and Defenses 17th International Symposium RAID 2014 Gothenburg Sweden September 17 19 2014 Proceedings 1st Edition by Angelos Stavrou – Ebook PDF Instant Download/DeliveryISBN:  3319113791, 9783319113791 

Full download Research in Attacks Intrusions and Defenses 17th International Symposium RAID 2014 Gothenburg Sweden September 17 19 2014 Proceedings 1st Edition after payment.

Product details:

ISBN-10 :  3319113791 

ISBN-13 :  9783319113791

Author: Angelos Stavrou 

This book constitutes the proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2014, held in Gothenburg, Sweden, in September 2014. The 22 full papers were carefully reviewed and selected from 113 submissions, and are presented together with 10 poster abstracts. The papers address all current topics in computer security, including network security, authentication, malware, intrusion detection, browser security, web application security, wireless security, vulnerability analysis.

Research in Attacks Intrusions and Defenses 17th International Symposium RAID 2014 Gothenburg Sweden September 17 19 2014 Proceedings 1st table of contents:

1 Introduction
2 Overview of Malware Blacklists
3 Parking Domains
3.1 Datasets
3.2 Feature Selection and Classification
3.3 Evaluation
4 Sinkholes
4.1 Sinkhole Identification
4.2 Evaluation
5 Blacklist Evaluation
5.1 Classification of Blacklist Entries
5.2 Blacklist Completeness
5.3 Reaction Time
5.4 DGA-Based Domains
6 Discussion and Future Work
7 Related Work
8 Conclusion
References
GOLDENEYE: Efficiently and Effectively Unveiling Malware’s Targeted Environment
1 Introduction
2 Background and Related Work
2.1 Objectives
2.2 Related Work
3 Overview of GOLDENEYE
4 Detailed Design
4.1 Phase I: Pre-selection of Malware Corpus
4.2 Phase II: Dynamic Environment Analysis
5 Distributed Deployment of GOLDENEYE
6 Evaluation
6.1 Experiment Dataset
6.2 Experiment Setup
6.3 Experiments on General Malware Corpus
6.4 Experiment on Known Environment-Targeted Malware Dataset
6.5 Case Studies
6.6 Experiment on Distributed Deployment of GOLDENEYE
7 Discussion
8 Conclusion
References
PillarBox: Combating Next-Generation Malware with Fast Forward-Secure Logging
1 Introduction
2 Modeling and Design Principles
2.1 Threat Model
2.2 Secure Alert Relaying via Buffering
3 Architecture
3.1 Interface with SAS
3.2 PillarBox Components
3.3 Parameterizing PillarBox
4 PillarBox Buffer and Protocols
5 Experimental Evaluation
5.1 Demonstrating Direct-Send Vulnerability
5.2 Race-Condition Experiments
5.3 Observed Alerting Frequencies
5.4 Throughput Experiments
6 Related Work
7 Conclusion
References
Malware and Binary Analysis
Dynamic Reconstruction of Relocation Information for Stripped Binaries
1 Introduction
2 Background
3 Approach
3.1 Overview
3.2 Access Analysis
3.3 Jump Tables
3.4 Pointer Verification
3.5 Dynamic Data
4 Implementation
4.1 Initialization
4.2 Runtime
5 Evaluation
5.1 Statistics
5.2 Performance Overhead
5.3 Use Cases
6 Related Work
6.1 Code Randomization and Disassembly
6.2 Dynamic Data Structure Excavation
7 Conclusion
References
Evaluating the Effectiveness of Current Anti-ROP Defenses
1 Introduction
2 Technical Background
2.1 Return-Oriented Programming
2.2 Last Branch Recording
3 Security Assessment of kBouncer
3.1 Examination of Indirect Branch Sequences
3.2 Circumventing kBouncer
3.3 Circumvention for 32-Bit Applications
3.4 Circumvention for 64-Bit Applications
3.5 Example Exploits
3.6 Possible Improvements
4 Security Assessment of ROPGuard
5 Security Assessment of ROPecker
5.1 Triggering of Detection Logic
5.2 Examination of Indirect Branch Sequences
5.3 Circumvention
5.4 Example Exploit
5.5 Possible Improvements
6 Related Work
7 Conclusions
References
Unsupervised Anomaly-Based Malware Detection Using Hardware Features
1 Introduction
2 Background
3 Experimental Setup
3.1 Exploits
3.2 Measurement Infrastructure
3.3 Collection of Clean and Infected Measurements
4 Building Models
4.1 Feature Selection
5 Results
5.1 Anomalies Not Directly Detectable
5.2 Power Transform
5.3 Evaluation Metrics for Models
5.4 Detection Performance of Models
5.5 Results for Adobe PDF Reader
6 Analysis of Evasion Strategies
6.1 Defenses
7 Related Work
8 Conclusions
References
Web
Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection
1 Introduction
2 Related Work
3 Dataset
4 Content Obfuscation
4.1 Heuristic
4.2 Implementation
4.3 Evaluation of the Detection of Obfuscated Content
4.4 Observed Uses of Obfuscation
4.5 From Obfuscation Detection to Maliciousness Detection
5 Counterfeit Certification Seals
5.1 Use by Fraudsters
5.2 Heuristic
6 Proof-of-concept General Detector
6.1 Signature Generation
6.2 Signature Matching
6.3 Evaluation
7 Conclusions
References
You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers
1 Introduction
2 Problem Definition
2.1 PISE Attacks Targeting User-owned Data
2.2 Insufficiency of Existing Solutions
2.3 Threat Model and Scope
3 USERPATH Design and Security Properties
3.1 Challenges and Key Ideas
3.2 USERPATH Design
3.3 Security Properties: Putting It Together
3.4 Compatibility and Usability Implications
4 Implementation in Chromium
5 Evaluation
5.1 Scope of Vulnerabilities
5.2 Case Study : Elgg and OpenCart
5.3 Applicability to Web Applications and TCB Reduction
5.4 Performance
6 Related Work
7 Conclusion and Acknowledgments
References
Measuring Drive-by Download Defense in Depth
1 Introduction
2 Methodology
2.1 Approach
2.2 Definitions
2.3 Linking Attack Vector Data
2.4 Discussion of Data Sets and Adversarial Capabilities
3 System Architecture
4 Results
4.1 Attack Data Collected
4.2 Late Detections
4.3 Correlation of Security Products
4.4 Human Factor
4.5 Use Case
5 Related Work
6 Future Work
7 Conclusion
References
Web II
A Lightweight Formal Approach for Analyzing Security of Web Protocols
1 Introduction
2 Background and Related Work
2.1 Formalisms for Analyzing Security
2.2 Tools for Analyzing Web Protocols
2.3 Overview of BAN
3 Belief Logic for the Web
3.1 Extensions to BAN
3.2 Example: SAML SSO
3.3 Soundness of Belief Logic
4 Generic Alloy Based Model
4.1 Modeling Principals
4.2 Protocol Messages
4.3 Learning Rules
4.4 Protocol Flow
4.5 Adversary Model
5 Analyzing SAML ID Linking
5.1 Mapping SAML messages to Alloy Model
5.2 Specifying the Goal Constraint
5.3 Protocol Rules
5.4 Result of Alloy Analysis
6 Conclusion
References
Why Is CSP Failing? Trends and Challenges in CSP Adoption
1 Introduction
2 Content Security Policy
2.1 Overview of CSP
2.2 Deploying CSP
2.3 Attacks Outside the Scope of CSP
3 HTTP Security Headers
3.1 Methodology
3.2 Adoption of HTTP Security Headers
3.3 Detailed Analysis of CSP Headers
3.4 Conclusions
4 CSP Violation Reports
4.1 Background
4.2 Methodology
4.3 Results
4.4 Conclusions
5 Semi-automated Policy Generation
5.1 Methodology
5.2 Evaluation
5.3 Conclusions
6 Discussion
6.1 Discussions with Security Engineers
6.2 Suggested Improvements
7 Related Work
8 Conclusion
References
Synthetic Data Generation and Defense in Depth Measurement of Web Applications
1 Introduction
2 Data Generator Framework
2.1 Normal Traffic Generation
2.2 Launching Attacks
2.3 Labeling the Data
3 Prototype Implementation
3.1 Dataset Generation
3.2 Security Controls
4 Experiments and Results
4.1 Datasets
4.2 Comparison Experiments
4.3 Sensor Performance
4.4 Correlation and Overlap between Sensors
4.5 False Positive Analysis
4.6 Attack Evasion
5 Related Work
6 Future Work
7 Conclusion
References
Authentication and Privacy
A Comparative Evaluation of Implicit Authentication Schemes
1 Introduction
2 Related Work and Background
2.1 Related Work
2.2 Implicit Authentication Schemes
3 Evaluation Datasets
3.1 Netsense Dataset [37]3.2 WatApp Dataset
3.3 Touchscreen Input Dataset
3.4 Keystroke Dataset
4 Comparative Evaluation
4.1 Evaluation Setup
4.2 Evaluation Results
5 Discussion and Open Challenges
6 Conclusion
References
Protecting Web-Based Single Sign-on Protocols against Relying Party Impersonation Attacks through a
1 Introduction
2 Threat Model
2.1 Concepts
2.2 In-scope Attacks
2.3 Out-of-scope Attacks
3 Revisiting Existing SSO Designs and Attacks
3.1 Identity
3.2 Communication between the RP and the IdP
4 Design
4.1 IdP Deployment – Clean-slate Design
4.2 RP Deployment – Proxy Design
5 Implementation
5.1 IdP Deployment
5.2 Proxy RP Deployment
6 Evaluation
6.1 Formal Protocol Verification
6.2 Security Analysis
6.3 Performance Analysis
7 Related Work
7.1 Vulnerability Identification
7.2 Defense Mechanism
8 Conclusion
References
Wait a Minute! A fast, Cross-VM Attack on AES
1 Introduction
2 Related Work
3 Cache-Based Side-Channel Attacks
3.1 The Flush+Reload Technique
4 Memory Deduplication
4.1 KSM (Kernel Same-page Merging)
5 CFS-free Flush+Reload Attack on AES
5.1 Description of the Attack
5.2 Recovering the Full Key
5.3 Attack Scenario 1: Spy Process
5.4 Attack Scenario 2: Cross-VM Attack
6 Experiment Setup and Results
6.1 Comparison to other Attacks
7 Countermeasures
8 Conclusion
References
Network Security
Count Me In: Viable Distributed Summary Statistics for Securing High-Speed Networks
1 Introduction
2 Design
2.1 Motivation
2.2 Objectives
2.3 Architecture
2.4 Reducers
2.5 Comparison with MapReduce
3 Implementation
3.1 User Interface
3.2 Cluster Integration
3.3 Computation Plugins
4 Applications and Deployment
4.1 Scan Detection
4.2 Brute-force Login Detection
4.3 SQL Injection Detection
4.4 Traceroute detection
4.5 Top-k
4.6 Traffic Matrix
4.7 Real-Time Visualization
5 Evaluation
5.1 Correctness
5.2 Computational Overhead
5.3 Memory Overhead
5.4 Communication Overhead
6 Related Work
7 Conclusion
References
Formal Analysis of Security Procedures in LTE – A Feasibility Study
1 Introduction
2 Overview of LTE
2.1 Architecture
2.2 Trust Model
2.3 Session and Mobility Management
2.4 Key Hierarchy
2.5 Initial Key Establishment
3 ProVerif Overview
3.1 ProVerif
3.2 Input Language
3.3 Security Properties
3.4 Analysis and Discussion
4 Session Management
4.1 NAS Security
4.2 RRC Security
5 Mobility Management
5.1 X2 Handover
5.2 S1 Handover
5.3 Formal Models and Analysis
6 Conclusion
References
Run Away If You Can
1 Introduction
2 Related Work
2.1 Jamming Attack
2.2 Jamming Mitigation
3 Our Persistent Jamming Attack
3.1 Security Limitations
3.2 ID Detection
3.3 Fingerprint Detection
4 Implementation and Evaluation of Our Proposed Attack
4.1 Real World Experiment
4.2 Large-scale Emulation
5 Defenses
5.1 ID Protection
5.2 Fingerprint Protection
6 Conclusions
References
Intrusion Detection and Vulnerability Analysis
On Emulation-Based Network Intrusion Detection Systems
1 Introduction
2 Detecting Shellcode on Emulation Based NIDS
2.1 Pre-processing
2.2 Emulation
2.3 Heuristic-Based Detection
3 Evading EBNIDSes
3.1 Evasions Exploiting Implementation Limitations
3.2 Evasions Exploiting on Intrinsic Limitations
4 Conclusions and Future Works
References
Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism
1 Introduction
2 Dynamic Platform Background
2.1 Talent
3 Threat Model
4 Experiments
4.1 Experiment Setup
4.2 Experiment Results
5 Abstract Analysis
5.1 Limited Duration Effect
5.2 Diversity Effect
5.3 Multi-instance Effect
5.4 Cleanup Effect
5.5 Smoothing Effects
6 Generalized Model of Dynamic Platform Techniques
6.1 Attacker Aggregate Control
6.2 Attacker Continuous Control
6.3 Attacker Fractional Payoff Model
6.4 Attacker Binary Payoff Model
7 Simulation Results
7.1 Discussion
8 Lessons Learned
9 Related Work
10 Conclusion
References
Some Vulnerabilities Are Different Than Others
1 Introduction
2 Related Work
2.1 Problems with the Existing Security Metrics
3 Proposed Metrics
4 Experimental Methods
4.1 Data Sets
4.2 Data Analysis Approach
4.3 Products Analyzed
4.4 Threats to Validity
5 Analysis of Exploited Vulnerabilities and Exercised Attack Surfaces
5.1 How Many Vulnerabilities Get Exploited?
5.2 How Often Do Vulnerabilities Get Exploited?
5.3 When Do Vulnerabilities Get Exploited?
6 Discussion
7 Conclusions
References
Towards a Masquerade Detection System Based on User’s Tasks
1 Introduction
2 User Profile for Masquerade Detection
2.1 NIDES
2.2 UNIX Commands
2.3 Mouse Usage
2.4 Keyboard Usage
2.5 Search Patterns
3 WUIL and a Task Abstraction
3.1 The WUIL Masquerade Dataset
3.2 Task Abstraction
4 Tasks vs Objects: An Experimental Comparison
4.1 Experiment Design
4.2 Markov Chains
4.3 Na¨ıve Bayes
5 Results
5.1 A Comparison of Classification Performance
5.2 Mean-Windows-to-First-Alarm
6 Conclusions and Further Work

People also search for Research in Attacks Intrusions and Defenses 17th International Symposium RAID 2014 Gothenburg Sweden September 17 19 2014 Proceedings 1st:

raid research in attacks intrusions and defenses
    
attack is the best form of defence psychology
    
attack is the best form of defence
    
a researcher is intrigued by an explanation
    
a research method in which an investigator manipulates factors

Tags: Research, Attacks Intrusions, Defenses, International Symposium, Gothenburg Sweden September, Angelos Stavrou