Computer Security - ESORICS 2021
26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I
Published on 29. September 2021
XXX, 782 pages
978-3-030-88418-5 (ISBN)
Description
The two volume set LNCS 12972 + 12973 constitutes the proceedings of the 26 th European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-8, 2021. The conference was originally planned to take place in Darmstadt, Germany, but changed to an online event due to the COVID-19 pandemic.
The 71 full papers presented in this book were carefully reviewed and selected from 351 submissions. They were organized in topical sections as follows:
Part I: network security; attacks; fuzzing; malware; user behavior and underground economy; blockchain; machine learning; automotive; anomaly detection;
Part II: encryption; cryptography; privacy; differential privacy; zero knowledge; key exchange; multi-party computation.More details
Series
Edition
1st ed. 2021
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Product notice
Reflowable
Illustrations
XXX, 782 p. 49 illus.
File size
47,77 MB
ISBN-13
978-3-030-88418-5 (9783030884185)
DOI
10.1007/978-3-030-88418-5
Schweitzer Classification
Other editions
Additional editions
Elisa Bertino | Haya Shulman | Michael Waidner
Computer Security - ESORICS 2021
26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I
Book
09/2021
Springer
€117.69
Shipment within 7-9 days
Content
- Intro
- Preface
- Organization
- Keynotes
- Algorithms and the Law
- The Politics and Technology of (Hardware) Trojans
- Increasing Trust in ML Through Governance
- The Science of Computer Science: An Offensive Research Perspective
- Contents - Part I
- Contents - Part II
- Network Security
- More Efficient Post-quantum KEMTLS with Pre-distributed Public Keys
- 1 Introduction
- 1.1 Pre-distributed Keys
- 2 Preliminaries
- 3 KEMTLS with Pre-distributed Long-Term Keys
- 3.1 Proactive Client Authentication
- 4 Security Analysis
- 5 Instantiation and Evaluation
- 5.1 Choice of Primitives
- 5.2 Implementation
- 5.3 Handshake Sizes
- 5.4 Handshake Times
- 6 Discussion
- A KEMTLS
- References
- How to (Legally) Keep Secrets from Mobile Operators
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Related Work
- 2 Preliminaries
- 3 LIKE Protocols
- 4 Security Model
- 5 Our Protocol
- 6 Security
- 7 Proof-of-Concept Implementation
- 8 Conclusion
- A Model Complements
- B Proof Sketches
- References
- A Formal Security Analysis of Session Resumption Across Hostnames
- 1 Introduction
- 2 Preliminaries
- 2.1 Building Blocks
- 2.2 Multi-Stage Key Exchange
- 3 Breaking the Security of Session Resumption Across Hostnames in TLS 1.3
- 3.1 Modeling TLS 1.3 Session Resumption as an MSKE Protocol
- 3.2 The Attack
- 4 Secure SRAH Protocols
- 4.1 Constructing Secure SRAH Protocols
- References
- Attacks
- Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data
- 1 Introduction
- 2 Motivation
- 3 Characteristics of the Vulnerability
- 3.1 Topologies
- 3.2 Traversals
- 3.3 Triggers
- 4 Modelling the Analysis
- 4.1 Preliminaries
- 4.2 Analysis Specification
- 5 Experimental Setup and Evaluation
- 5.1 Approach
- 5.2 Implementation
- 5.3 Libraries for Analysis
- 5.4 Triggers or Entry Points
- 5.5 Evaluation
- 6 Results and Discussion
- 6.1 PDF Vulnerabilities
- 6.2 Scalable Vector Graphics (SVG) Vulnerability
- 6.3 YAML Vulnerability
- 6.4 Newly Discovered Security Vulnerabilities
- 6.5 Threats to Validity
- 7 Related Work
- 7.1 Detecting Algorithmic Complexity Vulnerabilities
- 7.2 Traversals/Performance Bugs
- 8 Conclusion
- References
- PoW-How: An Enduring Timing Side-Channel to Evade Online Malware Sandboxes
- 1 Introduction
- 2 Background
- 2.1 Malware and Malware Analysis
- 2.2 PoW for Malware Analysis Evasion
- 2.3 Side-Channel Measurement
- 3 Our Approach: PoW-How
- 3.1 Threat Model
- 3.2 System Design
- 3.3 Performance Profiling
- 3.4 Threshold Estimation
- 3.5 Malware Integration and Testing
- 4 Evaluation
- 4.1 Threshold Estimation and PoW Algorithm Choice
- 4.2 Case Study: Known Malware
- 4.3 Case Study: Fresh Malware Sample
- 5 Security Analysis
- 6 Countermeasures
- 7 Discussion
- 7.1 Ethical Considerations
- 7.2 Bare-Metal Environments
- 7.3 Economical Denial of Sustainability
- 8 Related Work
- 9 Conclusion
- References
- Characterizing GPU Overclocking Faults
- 1 Introduction
- 1.1 Background
- 1.2 Related Work
- 1.3 Contributions
- 2 Preliminaries
- 2.1 CUDA
- 2.2 General GPU Setup
- 2.3 Overclocking
- 2.4 Attack Model
- 3 GPU Faults and Temperature Dependency
- 3.1 Setup
- 3.2 Initial Tests
- 3.3 Basics of Faults
- 3.4 The Relationship Between Faults and Temperature
- 4 Faults Boundaries and Values
- 4.1 The Boundaries of Faults
- 4.2 Byte-Flips and Bit-Flips
- 5 Memory Remnants and Transaction Size
- 5.1 The Basic Memory Transaction Size
- 5.2 A Model of the Memory Remnants Hypothesis:
- 5.3 Experimental Results
- 5.4 A Unified Fault Model
- 6 Countermeasures and Conclusions
- 6.1 Countermeasures
- 6.2 Conclusions
- A Appendix
- A.1 CUDA basics
- A.2 Future Work
- References
- Fuzzing
- ARIstoteles - Dissecting Apple's Baseband Interface
- 1 Introduction
- 2 Background and Related Work
- 2.1 Baseband Security Architecture
- 2.2 Baseband Interface Analysis Options on iOS
- 2.3 IOS Shared Libraries
- 3 Apple Remote Invocation Protocol
- 4 Fully-Automated Protocol Dissection
- 5 Automated Reverse-Engineering
- 5.1 Group and TLV Definitions
- 5.2 Type Definitions
- 5.3 Integrating Existing Dissectors
- 5.4 iOS Version Change Tracking
- 6 Fuzzing
- 6.1 Initial Fuzzing Considerations
- 6.2 Building and Optimizing Fuzzers
- 6.3 Crash Evaluation
- 7 Conclusion
- References
- webFuzz: Grey-Box Fuzzing for Web Applications
- 1 Introduction
- 1.1 Contributions
- 2 webFuzz
- 2.1 Instrumentation
- 2.2 Fuzzing Analysis
- 3 Bug Injection
- 3.1 Analysis and Injection
- 3.2 Bug Template
- 4 Evaluation
- 4.1 Code Coverage
- 4.2 Throughput
- 4.3 Vulnerability Detection
- 5 Limitations
- 6 Future Work
- 7 Related Work
- 8 Conclusion
- References
- My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers
- 1 Introduction
- 2 Background
- 3 Statistical Evaluations
- 4 Problem Description and Related Work
- 5 Our Methodology
- 5.1 Comparing Fuzzers
- 5.2 Test Set Selection
- 5.3 Seed Sets
- 5.4 Statistical Evaluation
- 5.5 Fuzzing Evaluation Setup
- 5.6 Test Runs
- 6 Experiments
- 6.1 Fuzzers
- 6.2 Seed Set
- 6.3 Run-Time
- 6.4 Number of Trials
- 6.5 Number of Bugs/Targets
- 6.6 Further Insights
- 7 Discussion
- 8 Conclusion
- References
- Malware
- Rope: Covert Multi-process Malware Execution with Return-Oriented Programming
- 1 Introduction
- 2 Background
- 2.1 Defenses for Systems and Applications
- 2.2 Distributed Malware
- 3 Challenges for Covert Distributed Malware
- 4 Rope
- 4.1 Architecture
- 4.2 Loader Component
- 4.3 Chunk Crafting and ROP-TxF Layout
- 4.4 Bootstrap Component
- 4.5 Discussion
- 5 Implementation
- 6 Evaluation
- 7 Countermeasures and Wrap-Up
- References
- Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
- 1 Introduction
- 2 Shortcomings of State-of-the-Art Approaches
- 3 Design
- 3.1 Gadgets
- 3.2 Logical Encoding
- 3.3 Preconditions and Postconditions
- 3.4 Formula Generation
- 3.5 Algorithm Configuration
- 4 Implementation
- 5 Evaluation
- 5.1 Setup
- 5.2 Finding a Chain
- 5.3 Real-World Applicability
- 5.4 Target-Specific Constraints
- 5.5 Chain Statistics
- 5.6 SGC's Configuration
- 6 Discussion
- 7 Related Work
- 8 Conclusion
- A Modeling
- B dnsmasq CVE-2017-14493
- References
- Peeler: Profiling Kernel-Level Events to Detect Ransomware
- 1 Introduction
- 2 Related Work
- 3 Key Characteristics to Detect Ransomware
- 3.1 Application Contextual Behavior
- 3.2 Application Behavioral Characteristics
- 4 System Design
- 4.1 Overview
- 4.2 System Events Monitor
- 4.3 Malicious Commands Detector
- 4.4 Machine Learning-Based Classifier
- 5 Dataset Collection
- 5.1 Ransomware
- 5.2 Benign Applications
- 6 Evaluation
- 6.1 Detection Accuracy
- 6.2 Effectiveness in Detecting Abused Tools/utilities
- 6.3 Robustness Against Unseen Families
- 7 Conclusion
- A Dataset
- A.1 Ransomware families
- A.2 Benign applications
- References
- User Behaviour and Underground Economy
- Mingling of Clear and Muddy Water: Understanding and Detecting Semantic Confusion in Blackhat SEO
- 1 Introduction
- 2 Background
- 2.1 Search Engine Optimization (SEO)
- 2.2 Blackhat SEO
- 2.3 Semantic-Based Techniques
- 3 Semantic Confusion Detection
- 3.1 System Overview
- 3.2 Datasets
- 3.3 Data Processor
- 3.4 Semantic Analyzer
- 3.5 SEO Collector
- 4 Implementation and Evaluation
- 4.1 Implementation
- 4.2 Evaluation
- 5 Measurement
- 5.1 Overview
- 5.2 SEO Domains
- 5.3 SEO Campaigns
- 5.4 Real-World Deployment
- 6 Practical Issues
- 7 Discussion
- 8 Related Work
- 9 Conclusion
- References
- An Explainable Online Password Strength Estimator
- 1 Introduction
- 1.1 Background
- 1.2 Contributions
- 2 Rank Estimation and Key Enumeration in Cryptographic Side-Channel Attacks
- 3 Multi-dimensional Models for Passwords
- 3.1 Overview
- 3.2 The Data Corpus
- 3.3 Selecting Dimensions
- 3.4 The Learning Phase
- 3.5 The Estimation Phase
- 3.6 Estimating the Ranks of Unleaked Password Parts
- 3.7 Performance
- 4 Usability of PESrank
- 4.1 A Proof of Concept Study
- 4.2 Explainability
- 5 Comparison with Existing Methods
- 5.1 Comparison to Cracker-Based and Neural Methods
- 5.2 Storage Requirements
- 6 Related Work
- 7 Conclusions
- A Additional Related Work
- A.1 Heuristic pure-estimator approaches
- A.2 Tweakable extensions and variations
- References
- Detecting Video-Game Injectors Exchanged in Game Cheating Communities
- 1 Introduction
- 2 Methodology
- 2.1 Data Collection
- 2.2 Post Analysis
- 2.3 Attachment Analysis
- 2.4 Injector Classifier
- 3 Results
- 3.1 Dataset Characterization
- 3.2 Injectors Classifier
- 3.3 Forum Analysis
- 4 Related Work
- 5 Discussion and Conclusions
- A Analysis Features
- References
- Blockchain
- Revocable Policy-Based Chameleon Hash
- 1 Introduction
- 2 Overview
- 3 Preliminaries
- 3.1 Bilinear Map
- 3.2 Hard Assumption
- 3.3 Access Structure
- 3.4 Revocable Attribute-Based Encryption
- 3.5 Tree-Based Structure for User Revocation
- 4 Revocable Policy-Based Chameleon Hash
- 4.1 System Model
- 4.2 Formal Definition
- 4.3 Security Model
- 5 Revocable Policy-Based Chameleon Hash
- 5.1 Proposed RABE
- 5.2 Proposed RPCH
- 5.3 Applications
- 6 Performance Analysis
- 7 Conclusion
- References
- Fair Peer-to-Peer Content Delivery via Blockchain
- 1 Introduction
- 2 Preliminaries
- 3 Warm-Up: Verifiable Fair Delivery
- 4 Formalizing P2P Content Delivery
- 4.1 System Model
- 4.2 Design Goals
- 5 FairDownload: Fair P2P Downloading
- 5.1 FairDownload Overview
- 5.2 FD: FairDownload Protocol
- 6 FairStream: Fair p2p Streaming
- 6.1 FairStream Overview
- 6.2 FS: FairStream Protocol
- 7 Implementation and Evaluations
- 7.1 Evaluating FairDownload
- 7.2 Evaluating FairStream
- 8 Conclusion
- References
- Conclave: A Collective Stake Pool Protocol
- 1 Introduction
- 2 UC Weighted Threshold Signature
- 3 The Collective Stake Pool
- 3.1 Hybrid Protocol Execution
- 3.2 Part 1: Stake Pool Management
- 3.3 Part 2: Participation in Consensus
- 3.4 The Security of the Conclave Collective Stake Pool
- 4 Weighted Threshold ECDSA
- 4.1 Key Generation Protocol Thresh-Key-Gen
- 4.2 Signing Protocol Thresh-Sign
- 4.3 Identifiable Abort
- 5 Conclusion
- References
- Probabilistic Micropayments with Transferability
- 1 Introduction
- 1.1 Contribution
- 1.2 Organization of This Paper
- 2 Background
- 3 Ticket Transfer Overview
- 3.1 Outline
- 3.2 Escrow Setup
- 3.3 Payment with Lottery Ticket
- 3.4 Ticket Winning and Revocation
- 4 Ticket Winning Condition
- 4.1 Structure of the Ticket
- 4.2 Ticket Winning Condition
- 5 Proportional Fee Scheme
- 6 Security Design
- 6.1 Detection Methods
- 7 Conclusions
- References
- MiniLedger: Compact-Sized Anonymous and Auditable Distributed Payments
- 1 Introduction
- 2 Preliminaries
- 3 MiniLedger Model
- 4 MiniLedger Construction
- 4.1 Our Construction
- 4.2 Discussion and Comparisons
- 5 Evaluation
- 6 Conclusion
- A MiniLedger Security and Extensions
- A.1 MiniLedger security
- A.2 Adding Clients for Fine-grained Auditing (MiniLedger+)
- A.3 Additional Types of Audits
- References
- Succinct Scriptable NIZK via Trusted Hardware
- 1 Introduction
- 2 Preliminaries
- 3 Security Definition
- 4 Our Succinct Scriptable NIZK Construction
- 5 OHWQ Instantiations
- 6 Implementation and Evaluations
- 7 Related Work
- 8 Conclusion
- A SGX implementation
- References
- Machine Learning
- CONTRA: Defending Against Poisoning Attacks in Federated Learning
- 1 Introduction
- 2 Background and Related Work
- 2.1 Federated Learning
- 2.2 Poisoning Attacks on Federated Learning
- 2.3 Existing Defenses Against Poisoning Attacks
- 3 The Threat Model and the Problem
- 3.1 Threat Model and Assumptions
- 3.2 Factors Impacting Defense Designs Against Poisoning Attacks
- 4 The CONTRA Approach
- 4.1 Overview of the CONTRA Design
- 4.2 The CONTRA Algorithm
- 4.3 Discussions
- 5 Experiments
- 5.1 Datasets, Settings, and Baseline
- 5.2 Defense Against Label-Flipping Attacks
- 5.3 Defense Against Backdoor Attacks
- 6 Conclusion
- References
- Romoa: Robust Model Aggregation for the Resistance of Federated Learning to Model Poisoning Attacks
- 1 Introduction
- 2 Problem Statement
- 2.1 Federated Learning
- 2.2 Model Poisoning Attack
- 3 Robust Model Aggregation
- 3.1 Asynchronous Model Updating
- 3.2 Lookahead Similarity Measurement
- 3.3 Model Aggregation with Sanitizing Factor
- 4 Security Analysis
- 4.1 FLG: Federated Learning Game
- 4.2 rFLG: Repeated Federated Learning Game
- 5 Evaluation
- 6 Related Work
- 7 Conclusion
- References
- FLOD: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority
- 1 Introduction
- 2 Background and Preliminaries
- 2.1 Federated Learning
- 2.2 Cryptographic Preliminaries
- 3 Scope and Threat Model
- 4 Design of FLOD
- 4.1 Aggregation Method
- 4.2 Privacy-Preserving Building Blocks
- 4.3 Correctness and Privacy
- 5 Evaluation
- 5.1 Effectiveness Analysis
- 5.2 Efficiency Analysis
- 6 Related Works
- 7 Conclusion
- A Byzantine-Robustness Analysis
- B Proof of Theorem 1
- C MA of ResNet-18 on CIFAR10 with Altering
- D Online Overhead of Free-HD and Private -Clipping
- References
- MediSC: Towards Secure and Lightweight Deep Learning as a Medical Diagnostic Service
- 1 Introduction
- 2 Related Works
- 3 Preliminaries on Additive Secret Sharing
- 4 System Overview
- 4.1 Architecture
- 4.2 Threat Model
- 5 Our Proposed Design
- 5.1 Secure Linear Layers
- 5.2 Secure Non-linear Layers
- 5.3 Security Analysis
- 6 Performance Evaluation
- 6.1 Microbenchmarks
- 6.2 MediSC's Protocol Performance
- 7 Conclusion
- A Further Implementation Details
- A.1 More Details of Implementation Setting
- A.2 Training Details
- A.3 More Details of Model Architecture
- References
- TAFA: A Task-Agnostic Fingerprinting Algorithm for Neural Networks
- 1 Introduction
- 2 Deep Neural Networks with Rectified Linear Units
- 3 Task-Agnostic Fingerprinting Algorithm
- 3.1 Security Settings of Model Fingerprinting
- 3.2 Overview of TAFA
- 3.3 Fingerprint Extraction
- 3.4 Fingerprint Verification
- 4 Evaluation Settings
- 5 Evaluation Results
- 5.1 Effectiveness of TAFA
- 5.2 Hyperparameter Sensitivity
- 6 Related Work
- 7 Conclusion and Future Directions
- A More Backgrounds on Deep Learning
- B More Evaluation Details and Results
- B.1 Details of Scenarios
- References
- DA3G: Detecting Adversarial Attacks by Analysing Gradients
- 1 Introduction
- 2 Background and Related Work
- 2.1 Adversarial Examples
- 2.2 Attack Methods
- 2.3 Defence Methods
- 3 Threat Models
- 3.1 Grey-Box Threat Model
- 3.2 White-Box Threat Model
- 4 Detecting Adversarial Attacks by Analysing Gradients
- 4.1 Architecture
- 4.2 Training Objectives
- 5 Experimental Setup
- 5.1 Architectural Choices
- 5.2 Data Sets
- 5.3 Attack Methods
- 5.4 Baseline Methods
- 5.5 Experimental Setup
- 6 Evaluation
- 6.1 Basic Grey-Box Detection
- 6.2 Combined Grey-Box Detection
- 6.3 Leave-One-Out Grey-Box Detection
- 6.4 Adaptive White-Box Attacks
- 7 Discussion and Future Work
- 8 Conclusion
- A Network Architectures
- B Adaptive Attacks
- C PGD Attack Step Size
- References
- Common Component in Black-Boxes Is Prone to Attacks
- 1 Introduction
- 2 Threat Model
- 2.1 Embedder, Composite and Victim Models
- 2.2 Adversary's Knowledge and Capability
- 2.3 Attack Scenarios
- 3 Proposed Attack
- 3.1 Substitute Architecture
- 3.2 Training
- 3.3 Adoption in Each Attack Scenario
- 4 Evaluation on Face Classification Task
- 4.1 Dataset
- 4.2 Model Setup
- 4.3 Attack Process
- 4.4 Benchmark of Embedder Extraction
- 4.5 Performance in Attack Scenarios
- 4.6 Observation from Empirical Evidence
- 5 Analysis and Potential Defense
- 5.1 Similar vs Same Component
- 5.2 Noisy Victims
- 5.3 Complexity of Victim Models
- 5.4 Data Distribution
- 6 Conclusion
- A Evaluation on Time Series Audio Data and Speaker Classification
- A.1 Dataset
- A.2 Model Setup
- A.3 Attack Process
- A.4 Benchmark of Embedder Extraction
- A.5 Performance in Attack Scenarios
- References
- LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks
- 1 Introduction
- 2 Background
- 2.1 IoT Botnets
- 2.2 Recurrent Neural Networks
- 2.3 Memory Networks
- 2.4 Graph Representation Learning on Temporal Interaction Networks
- 3 Related Work
- 4 LiMNet: A Lightweight Memory Network for Early-Stage Botnet Detection
- 4.1 LiMNet Architecture
- 4.2 Training LiMNet
- 5 Limitations of Existing Recurrent Models for Early-Stage Botnet Detection
- 6 Evaluation Methodology
- 6.1 Deployment Environment
- 6.2 Datasets
- 6.3 Tasks
- 6.4 State-of-the-Art Recurrent Models for Early-Stage Botnet Detection
- 7 Experimental Results
- 7.1 Experiment 1: Parameter Selection for Recurrent Models
- 7.2 Experiment 2: Recurrent Vs Memory Models
- 7.3 Experiment 3: Inference Speed
- 8 Discussion and Limitations
- 8.1 Dataset Limitations
- 8.2 Issues of Recurrent Models for Early-Stage Botnet Detection
- 9 Conclusion
- A Kitsune vs MedBIoT: Challenges for ML Models
- B Effect of Truncated Backpropagation Through Time
- C Cross-dataset Model Generalization
- References
- Adversarial Activity Detection Using Keystroke Acoustics
- 1 Introduction
- 1.1 Related Work
- 2 The Significance of Our Work
- 3 Typing Differences in Adversarial and Benign Environments
- 3.1 How These Differences Are Useful in Our Application?
- 4 Threat Model and Adversarial Capabilities
- 4.1 Real World Attack Scenario
- 4.2 Using Keystroke Acoustics Versus Keylogger
- 5 Description of Benign and Adversarial Datasets
- 5.1 Noisiness of the Data
- 6 Text Extraction from Audio
- 6.1 Audio Signal Preprocessing by Signal Mixing and Noise Reduction
- 6.2 Audio Signal Segmentation into Individual Keystroke Sounds
- 6.3 Using MFCCs as Audio Features
- 6.4 Removing Inaudible and Noisy Keystrokes
- 6.5 Clustering Keystroke Sounds into Audio Alphabet
- 6.6 Text Recovery Using Audio Alphabet
- 6.7 Error Correction Using Dictionary
- 7 Adversarial Activity Detection and Classification
- 7.1 Quantifying the Threat Level
- 8 Performance Evaluation of the Proposed Components
- 8.1 Audio Signal Segmentation into Individual Keystroke Sounds
- 8.2 Clustering into Audio Alphabet
- 8.3 Recovering Text from Clusters
- 8.4 Adversarial Activity Detection and Classification
- 9 Conclusion and Future Work
- A Choosing the Number of the Clusters
- B Comparison with Other Work
- C Choosing the Values of and
- D Examples of Adversarial Activity Detection Using Typed Sentences
- E Supplementary Figures and Tables
- References
- Automotive
- Tell Me How You Re-Charge, I Will Tell You Where You Drove To: Electric Vehicles Profiling Based on Charging-Current Demand
- 1 Introduction
- 2 System and Threat Model
- 2.1 System Model
- 2.2 Threat Model
- 3 The EVScout Attack
- 3.1 Attack Overview
- 3.2 Tail Identification
- 3.3 Tail's Features Extraction
- 3.4 Classification Algorithms
- 4 Evaluation
- 4.1 The ACN Infrastructure and Dataset
- 4.2 Algorithm
- 4.3 Numerical Results
- 5 Possible Countermeasures
- 6 Conclusions
- References
- CAN-SQUARE - Decimeter Level Localization of Electronic Control Units on CAN Buses
- 1 Introduction and Motivation
- 1.1 Related Works
- 2 CAN Background and Experimental Setup
- 2.1 CAN Background
- 2.2 Experimental Setup
- 3 Methodology and Results
- 3.1 Concept and Limitations in Previous Approaches
- 3.2 Intrusion Detection and Localization Algorithm
- 4 Experimental Evaluation
- 4.1 Evaluation Scenarios
- 4.2 Results
- 5 Conclusions
- References
- Shadow-Catcher: Looking into Shadows to Detect Ghost Objects in Autonomous Vehicle 3D Sensing
- 1 Introduction
- 2 Background and Related Work
- 3 Threat Model
- 4 3D Shadows as a Physical Invariant
- 5 Shadow-Catcher Design
- 6 Evaluation
- 7 Conclusion
- A Limitation of Prior Art
- B 2D Shadow Region Estimation
- References
- Anomaly Detection
- AutoGuard: A Dual Intelligence Proactive Anomaly Detection at Application-Layer in 5G Networks
- 1 Introduction
- 2 Related Works
- 3 Background and Threat Model
- 3.1 NSA 5G Core Signaling - Diameter Protocol
- 3.2 Threat Model
- 4 AutoGuard - Architecture
- 5 PM Counters and Statistical Features
- 6 Dual Intelligence Solution
- 6.1 Forecasting with LSTM Networks
- 6.2 Profiling and Anomaly Detection with Autoencoders
- 6.3 Online Proactive Anomaly Detection
- 7 Experiments
- 7.1 Dataset Description
- 7.2 Experimental Settings
- 7.3 Experimental Results
- 8 Conclusion
- 9 Appendix
- 9.1 Effect of the Aggregation Time Window on the Forecasting
- 9.2 Hyper-parameters Tuning for the Forecasting Model
- References
- MORTON: Detection of Malicious Routines in Large-Scale DNS Traffic
- 1 Introduction
- 2 Related Work
- 3 MORTON
- 3.1 Overview
- 3.2 Definitions
- 3.3 Data Processing
- 4 Labeled Evaluation
- 4.1 Dataset
- 4.2 Methods Compared
- 4.3 Evaluation Results
- 5 Real-World Evaluation
- 5.1 Methodology
- 5.2 Evaluation Results
- 5.3 Case Studies
- 6 Deployment Considerations and Limitations
- 7 Discussion
- 8 Conclusions and Future Work
- 35.A Detecting Multiple Host Names
- 35.B Neural Network Parameters
- References
- Iterative Selection of Categorical Variables for Log Data Anomaly Detection*-8pt
- 1 Introduction
- 2 Related Work
- 3 Concept
- 3.1 Correlations of Variables
- 3.2 Definitions
- 3.3 Procedure
- 4 Approach
- 4.1 Sample Data
- 4.2 Variable Filtering
- 4.3 Variable Pairing
- 4.4 Correlation Generation
- 4.5 Validation of Correlations
- 4.6 Correlation Updating and Testing
- 5 Evaluation
- 5.1 Comparison with Association Metrics
- 5.2 Anomaly Detection
- 6 Discussion
- 7 Conclusion
- A Appendix
- A.1 Threshold Parameter Selection
- References
- Author Index
