96 research outputs found
Security Evaluation of Support Vector Machines in Adversarial Environments
Support Vector Machines (SVMs) are among the most popular classification
techniques adopted in security applications like malware detection, intrusion
detection, and spam filtering. However, if SVMs are to be incorporated in
real-world security systems, they must be able to cope with attack patterns
that can either mislead the learning algorithm (poisoning), evade detection
(evasion), or gain information about their internal parameters (privacy
breaches). The main contributions of this chapter are twofold. First, we
introduce a formal general framework for the empirical evaluation of the
security of machine-learning systems. Second, according to our framework, we
demonstrate the feasibility of evasion, poisoning and privacy attacks against
SVMs in real-world security problems. For each attack technique, we evaluate
its impact and discuss whether (and how) it can be countered through an
adversary-aware design of SVMs. Our experiments are easily reproducible thanks
to open-source code that we have made available, together with all the employed
datasets, on a public repository.Comment: 47 pages, 9 figures; chapter accepted into book 'Support Vector
Machine Applications
Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks
Malware still constitutes a major threat in the cybersecurity landscape, also
due to the widespread use of infection vectors such as documents. These
infection vectors hide embedded malicious code to the victim users,
facilitating the use of social engineering techniques to infect their machines.
Research showed that machine-learning algorithms provide effective detection
mechanisms against such threats, but the existence of an arms race in
adversarial settings has recently challenged such systems. In this work, we
focus on malware embedded in PDF files as a representative case of such an arms
race. We start by providing a comprehensive taxonomy of the different
approaches used to generate PDF malware, and of the corresponding
learning-based detection systems. We then categorize threats specifically
targeted against learning-based PDF malware detectors, using a well-established
framework in the field of adversarial machine learning. This framework allows
us to categorize known vulnerabilities of learning-based PDF malware detectors
and to identify novel attacks that may threaten such systems, along with the
potential defense mechanisms that can mitigate the impact of such threats. We
conclude the paper by discussing how such findings highlight promising research
directions towards tackling the more general challenge of designing robust
malware detectors in adversarial settings
ConXsense - Automated Context Classification for Context-Aware Access Control
We present ConXsense, the first framework for context-aware access control on
mobile devices based on context classification. Previous context-aware access
control systems often require users to laboriously specify detailed policies or
they rely on pre-defined policies not adequately reflecting the true
preferences of users. We present the design and implementation of a
context-aware framework that uses a probabilistic approach to overcome these
deficiencies. The framework utilizes context sensing and machine learning to
automatically classify contexts according to their security and privacy-related
properties. We apply the framework to two important smartphone-related use
cases: protection against device misuse using a dynamic device lock and
protection against sensory malware. We ground our analysis on a sociological
survey examining the perceptions and concerns of users related to contextual
smartphone security and analyze the effectiveness of our approach with
real-world context data. We also demonstrate the integration of our framework
with the FlaskDroid architecture for fine-grained access control enforcement on
the Android platform.Comment: Recipient of the Best Paper Awar
Review of Contemporary Literature on Machine Learning based Malware Analysis and Detection Strategies
Abstract: malicious software also known as malware are the critical security threat experienced by the current ear of internet and computer system users. The malwares can morph to access or control the system level operations in multiple dimensions. The traditional malware detection strategies detects by signatures, which are not capable to notify the unknown malwares. The machine learning models learns from the behavioral patterns of the existing malwares and attempts to notify the malwares with similar behavioral patterns, hence these strategies often succeeds to notify even about unknown malwares. This manuscript explored the detailed review of machine learning based malware detection strategies found in contemporary literature
Security Risk Assessments: Modeling and Risk Level Propagation
Security risk assessment is an important task in systems engineering. It is used to derive security requirements for a secure system design and to evaluate design alternatives as well as vulnerabilities. Security risk assessment is also a complex and interdisciplinary task, where experts from the application domain and the security domain have to collaborate and understand each other. Automated and tool-supported approaches are desired to help manage the complexity. However, the models used for system engineering usually focus on functional behavior and lack security-related aspects. Therefore, we present our modeling approach that alleviates communication between the involved experts and features steps of computer-aided modeling to achieve consistency and avoid omission errors. We demonstrate our approach with an example. We also describe how to model impact rating and attack feasibility estimation in a modular fashion, along with the propagation and aggregation of these estimations through the model. As a result, experts can make local decisions or changes in the model, which in turn provides the impact of these decisions or changes on the overall risk profile. Finally, we discuss the advantages of our model-based method
Selecting Countermeasures for ICT systems Before They are Attacked
A countermeasure is any change to a system to reduce the probability it is successfully attacked. We
propose a model based approach that selects countermeasures through multiple simulations of the
behaviors of an ICT system and of intelligent attackers that implement sequences of attacks. The
simulations return information on the attacker sequences and the goals they reach we use to compute
the statistics that drive the selection. Since attackers change their sequences as countermeasures are
deployed, we have defined an iterative strategy where each iteration selects some countermeasures,
updates the system models and runs the simulations to discover any new attacker sequence. The
discovery of new sequences starts a new iteration. The Haruspex suite automates the proposed approach.
Some of its tools acquire information on the target system and on the attackers and build
the corresponding models. Another tool simulates the attacks through the models of the system and
of the attackers. The tool to select countermeasures invokes the other ones to discover how countermeasures
influence the attackers. We apply the whole suite to three systems and discuss how the
connection topology influences the countermeasures to adop
Automated static analysis and classification of Android malware using permission and API calls models
Предложен метод автоматической классификации мобильных приложений на основе статического анализа и сопоставления моделей, полученных по его результатам, с моделями ранее известных вредоносных приложений. Модели основаны на привилегиях и API-вызовах, используемых в приложении. Все шаги анализа, а также построение моделей полностью автоматизированы. Таким образом, метод адаптирован для автоматизированного использования магазинами мобильных приложений или другими заинтересованными организациями
- …