Detection of Intrusions and Malware, and Vulnerability Assessment
20th International Conference, DIMVA 2023, Hamburg, Germany, July 12-14, 2023, Proceedings
Published on 9. June 2023
XII, 278 pages
978-3-031-35504-2 (ISBN)
Description
This book constitutes the proceedings of the 20th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2023, held in Hamburg, Germany, in July 2023.
The 12 full papers and 1 short paper presented in this volume were carefully reviewed and selected from 43 submissions. The papers are organized in thematical sections named: Side Channels Attacks; Security and Machine Learning; Cyber Physical System Security; Security Issues when Dealing with Users; Analysis of Vulnerable Code; Flow Integrity and Security.
The 12 full papers and 1 short paper presented in this volume were carefully reviewed and selected from 43 submissions. The papers are organized in thematical sections named: Side Channels Attacks; Security and Machine Learning; Cyber Physical System Security; Security Issues when Dealing with Users; Analysis of Vulnerable Code; Flow Integrity and Security.
More details
Series
Edition
1st ed. 2023
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Product notice
Reflowable
Illustrations
XII, 278 p. 64 illus., 53 illus. in color.
File size
11,40 MB
ISBN-13
978-3-031-35504-2 (9783031355042)
DOI
10.1007/978-3-031-35504-2
Schweitzer Classification
Other editions
Additional editions
Daniel Gruss | Federico Maggi | Mathias Fischer
Detection of Intrusions and Malware, and Vulnerability Assessment
20th International Conference, DIMVA 2023, Hamburg, Germany, July 12-14, 2023, Proceedings
Book
06/2023
Springer
€128.39
Shipment within 15-20 days
Content
- Intro
- Preface
- Organization
- Contents
- Side Channels Attacks
- MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V
- 1 Introduction
- 1.1 Our Contribution
- 2 Background
- 2.1 RISC-V
- 2.2 Dynamic Binary Instrumentation
- 2.3 Microarchitectural Side-Channels
- 3 Overview
- 3.1 Analysis Approach
- 3.2 Toolchain
- 4 MAMBO-V Implementation
- 4.1 Instrumentation Approach
- 4.2 New Features for RISC-V
- 5 Side-Channel Leakage Analysis.
- 5.1 Leakage Model
- 5.2 Required Information
- 5.3 MAMBO-V Trace Plugin
- 6 Evaluation
- 6.1 Experimental Setup
- 6.2 Performance Results
- 6.3 Vulnerabilities
- 7 Discussion and Future Work
- 8 Related Work
- 9 Conclusion
- References
- The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption
- 1 Introduction
- 2 Background
- 3 Fingerprinting Model
- 4 Methodology
- 4.1 Fingerprinting Process Overview
- 4.2 Native Code Setup
- 4.3 Portable Code Proof of Concept Setup
- 5 Results
- 5.1 Classification Pipeline
- 5.2 Native-Code Fingerprinting
- 5.3 Portable Fingerprinting
- 6 Discussion
- 6.1 Related Work
- 6.2 Limitations
- 6.3 Countermeasures
- 7 Conclusions
- References
- PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV
- 1 Introduction
- 2 Background
- 2.1 AMD Secure Encrypted Virtualization (SEV)
- 2.2 Hardware Power Reporting Feature
- 2.3 Power-Based Side-Channel Attacks
- 2.4 Common Power Analysis Methods
- 3 Exploring Power Consumption Leakage
- 3.1 Synchronous Power Measurement
- 3.2 Instruction Power Consumption
- 4 PwrLeak Design
- 4.1 Threat Model
- 4.2 Overview of PwrLeak
- 4.3 Instruction Identification
- 4.4 Power Interpolator
- 4.5 Power Attack
- 5 Evaluation
- 5.1 Infer Images from Libjpeg
- 5.2 Steal Private Exponent in RSA
- 6 Discussion
- 7 Related Work
- 8 Conclusion
- References
- Security and Machine Learning
- Madvex: Instrumentation-Based Adversarial Attacks on Machine Learning Malware Detection
- 1 Introduction
- 2 Background
- 2.1 WebAssembly
- 2.2 Cryptojacking Malware
- 2.3 Malware Detection
- 2.4 Adversarial Attacks
- 3 Madvex: Crafting Functional Adversarial Binaries
- 3.1 Data Acquisition
- 3.2 Substitute Network Training
- 3.3 Attack Methodology
- 4 Evaluation
- 4.1 Gadget Effectiveness
- 4.2 Performance Analysis
- 5 Related Work
- 6 Conclusion
- References
- Honey, I Chunked the Passwords: Generating Semantic Honeywords Resistant to Targeted Attacks Using Pre-trained Language Models
- 1 Introduction
- 1.1 Honeywords for Targeted Attacks
- 1.2 Related Work
- 1.3 Our Contribution
- 2 Preliminaries
- 2.1 The Honeyword Mechanism
- 2.2 Threat Model
- 2.3 Dataset
- 3 Our Methodology
- 3.1 PII Extraction
- 3.2 Chunk Analysis for zxcvbn-weak and zxcvbn-strong Password Sets
- 3.3 Honeyword Generation with Chunk-GPT3
- 4 Evaluation
- 4.1 Metric: HWSimilarity
- 4.2 Comparable HGTs and Evaluation Results
- 5 Discussion
- 6 Conclusions
- References
- Cyber Physical System Security
- White-Box Concealment Attacks Against Anomaly Detectors for Cyber-Physical Systems
- 1 Introduction
- 2 CPS: Background and Related Work
- 3 System and Attacker Model
- 3.1 Research Goals and Challenges
- 3.2 Formal Definition of Concealment Attack
- 4 Proposed Approach
- 4.1 White-Box Concealment Attacks (WBC)
- 4.2 Attacking Detectors with Differentiable Classifiers
- 4.3 Attacking Detectors with Non-differentiable Classifiers
- 5 Implementation and Evaluation Setup
- 5.1 Attack Implementation and Hardware Setup
- 5.2 Auto Regressive Models
- 5.3 Linear Time Invariant Models
- 5.4 SVM
- 5.5 PASAD
- 5.6 SFIG
- 5.7 SWaT Dataset
- 6 Evaluation Results
- 6.1 Auto Regressive
- 6.2 Linear Time Invariant
- 6.3 SVM
- 6.4 PASAD
- 6.5 SFIG
- 7 Discussion and Conclusion
- References
- A Security Analysis of CNC Machines in Industry 4.0
- 1 Introduction
- 2 Background
- 3 Approach
- 3.1 Threat Modelling
- 3.2 CNC Technologies and Related Problems
- 4 Findings
- 4.1 Impact
- 5 Use Cases
- 6 Responsible Disclosure and Mitigations
- 7 Related Work
- 8 Conclusions
- References
- Security Issues When Dealing with Users
- A Deep Dive into the VirusTotal File Feed
- 1 Introduction
- 2 Datasets
- 3 Features
- 3.1 VT Report Features
- 3.2 Derived Features
- 4 Feed Analysis
- 4.1 AV Detections
- 4.2 Family Labeling
- 5 Comparison with Telemetry
- 6 Discussion
- 7 Related Work
- 8 Conclusions
- References
- Attackers as Instructors: Using Container Isolation to Reduce Risk and Understand Vulnerabilities
- 1 Introduction
- 2 Background and Related Work
- 3 An Untrusted Application Server Design
- 3.1 Threat Model
- 3.2 Design Components
- 3.3 Application Containers
- 3.4 Container Management
- 3.5 Authentication Container and Permissions
- 3.6 Client-Side Demultiplexing and Forwarding
- 3.7 Guarding Backend Resources
- 3.8 Constructing Execution Events
- 4 Implementation
- 4.1 Container Configuration
- 4.2 Container Manager
- 4.3 Authentication Container
- 4.4 Client-to-SuS Middlebox
- 4.5 SuS-to-Backend Middlebox
- 4.6 Tracing Application Execution
- 4.7 Integrating Execution Traces
- 5 Security Evaluation
- 5.1 Evaluation: Real-Word Vulnerabilities
- 5.2 Case Study: Exploring Execution Traces
- 6 Performance Evaluation
- 6.1 RAM Usage
- 6.2 Page Retrieval Times
- 6.3 PHP Profiling Overhead
- 7 Conclusion
- References
- Analysis of Vulnerable Code
- Extended Abstract: Towards Reliable and Scalable Linux Kernel CVE Attribution in Automated Static Firmware Analyses
- 1 Introduction
- 2 Background & Related Work
- 3 Methodology
- 3.1 Gather Kernel Information via Static Firmware Analysis
- 3.2 Build Log-Assisted CVE Attribution
- 4 Case Study
- 4.1 Experiment & Firmware Corpus
- 4.2 R1 Analysis - Applicability in Real-World Scenarios
- 4.3 R2 Analysis - Impact on CVE Attribution Result Reliability
- 5 Limitations
- 6 Conclusion and Future Work
- References
- Divak: Non-invasive Characterization of Out-of-Bounds Write Vulnerabilities
- 1 Introduction
- 2 Motivation
- 3 Divak: Design
- 3.1 Approach Overview
- 3.2 Memory Layout Extraction
- 3.3 Intended Destination Objects Identification
- 3.4 Pointer-Creating Instructions Identification
- 3.5 Bounds-Narrowing Instructions Detection
- 3.6 Intended Pointee Objects Determination
- 4 Implementation
- 5 Evaluation
- 5.1 Dependent OOB Writes Detection
- 5.2 Independent OOB Writes Detection
- 5.3 Testing Real-World Programs
- 5.4 Performance Overhead
- 6 Discussion
- 7 Related Work
- 8 Conclusion
- References
- Flow Integrity and Security
- CEFI: Command Execution Flow Integrity for Embedded Devices
- 1 Introduction
- 2 Background
- 2.1 IoT Architecture
- 2.2 Interaction Channels on IoT Platform
- 2.3 ARM TrustZone
- 3 Motivation
- 3.1 Problem Statement
- 3.2 Threat Model
- 4 CEFI
- 4.1 Calling Context Encoding Instrumentation
- 4.2 Command Execution Flow Integrity Enforcement
- 5 Evaluation
- 5.1 Performance Overhead
- 5.2 Effectiveness Analysis
- 5.3 Annotation Effort
- 6 Related Work
- 6.1 Control and Data Flow Integrity on Embedded Systems
- 6.2 Context Sensitive Defense Solutions
- 7 Conclusion
- References
- Untangle: Aiding Global Function Pointer Hijacking for Post-CET Binary Exploitation
- 1 Introduction
- 2 Background
- 2.1 Exploitation Techniques and Defenses
- 3 Related Work
- 4 Threat Model and Problem Statement
- 5 Untangle
- 6 Experimental Validation
- 6.1 Symbolic Execution Results
- 6.2 Performance Evaluation
- 7 Impact and Defenses
- 8 Limitations and Future Work
- 9 Conclusions
- References
- Author Index
