1,887 research outputs found

    Flame Prediction Based on Harmful Expression Judgement Using Distributed Representation

    Get PDF
    In recent years, flaming-that is, hostile or insulting interaction-on social media has been a problem. To avoid or minimize flaming, enabling the system to automatically check messages before posting to determine whether they include expressions that are likely to trigger flaming can be helpful. We target two types of harmful expressions: insulting expressions and expressions that are likely to cause a quarrel. We first constructed an original harmful expressions dictionary. To minimize the cost of collecting the expressions, we built our dictionary semi-automatically by using word distributed representations. The method used distributed representations of harmful expressions and general expressions as features, and constructed a classifier of harmful/general expressions based on these features. An evaluation experiment found that the proposed method was able to extract harmful expressions with an accuracy of approximately 70%. The proposed method was also able to extract unknown expressions; however, it tended to wrongly extract non-harmful expressions. The method is able to determine unknown harmful expressions not included in the basic dictionary and can identify semantic relationships among harmful expressions. Although the method cannot presently be applied directly to multi-word expressions, it should be possible to add such a capability by introducing time-series learning

    Techniques for the reverse engineering of banking malware

    Get PDF
    Malware attacks are a significant and frequently reported problem, adversely affecting the productivity of organisations and governments worldwide. The well-documented consequences of malware attacks include financial loss, data loss, reputation damage, infrastructure damage, theft of intellectual property, compromise of commercial negotiations, and national security risks. Mitiga-tion activities involve a significant amount of manual analysis. Therefore, there is a need for automated techniques for malware analysis to identify malicious behaviours. Research into automated techniques for malware analysis covers a wide range of activities. This thesis consists of a series of studies: an anal-ysis of banking malware families and their common behaviours, an emulated command and control environment for dynamic malware analysis, a technique to identify similar malware functions, and a technique for the detection of ransomware. An analysis of the nature of banking malware, its major malware families, behaviours, variants, and inter-relationships are provided in this thesis. In doing this, this research takes a broad view of malware analysis, starting with the implementation of the malicious behaviours through to detailed analysis using machine learning. The broad approach taken in this thesis differs from some other studies that approach malware research in a more abstract sense. A disadvantage of approaching malware research without domain knowledge, is that important methodology questions may not be considered. Large datasets of historical malware samples are available for countermea-sures research. However, due to the age of these samples, the original malware infrastructure is no longer available, often restricting malware operations to initialisation functions only. To address this absence, an emulated command and control environment is provided. This emulated environment provides full control of the malware, enabling the capabilities of the original in-the-wild operation, while enabling feature extraction for research purposes. A major focus of this thesis has been the development of a machine learn-ing function similarity method with a novel feature encoding that increases feature strength. This research develops techniques to demonstrate that the machine learning model trained on similarity features from one program can find similar functions in another, unrelated program. This finding can lead to the development of generic similar function classifiers that can be packaged and distributed in reverse engineering tools such as IDA Pro and Ghidra. Further, this research examines the use of API call features for the identi-fication of ransomware and shows that a failure to consider malware analysis domain knowledge can lead to weaknesses in experimental design. In this case, we show that existing research has difficulty in discriminating between ransomware and benign cryptographic software. This thesis by publication, has developed techniques to advance the disci-pline of malware reverse engineering, in order to minimize harm due to cyber-attacks on critical infrastructure, government institutions, and industry.Doctor of Philosoph

    Coding policies for secure web applications

    Get PDF

    Abmash: Mashing Up Legacy Web Applications by Automated Imitation of Human Actions

    Get PDF
    Many business web-based applications do not offer applications programming interfaces (APIs) to enable other applications to access their data and functions in a programmatic manner. This makes their composition difficult (for instance to synchronize data between two applications). To address this challenge, this paper presents Abmash, an approach to facilitate the integration of such legacy web applications by automatically imitating human interactions with them. By automatically interacting with the graphical user interface (GUI) of web applications, the system supports all forms of integrations including bi-directional interactions and is able to interact with AJAX-based applications. Furthermore, the integration programs are easy to write since they deal with end-user, visual user-interface elements. The integration code is simple enough to be called a "mashup".Comment: Software: Practice and Experience (2013)

    Individual Verifiability for E-Voting, From Formal Verification To Machine Learning

    Get PDF
    The cornerstone of secure electronic voting protocols lies in the principle of individual verifiability. This thesis delves into the intricate task of harmonizing this principle with two other crucial aspects: ballot privacy and coercion-resistance. In the realm of electronic voting, individual verifiability serves as a critical safeguard. It empowers each voter with the ability to confirm that their vote has been accurately recorded and counted in the final tally. This thesis explores the intricate balance between this pivotal aspect of electronic voting and the equally important facets of ballot privacy and coercion-resistance. Ballot privacy, or the assurance that a voter's choice remains confidential, is a fundamental right in democratic processes. It ensures that voters can express their political preferences without fear of retribution or discrimination. On the other hand, coercion-resistance refers to the system's resilience against attempts to influence or manipulate a voter's choice. Furthermore, this thesis also ventures into an empirical analysis of the effectiveness of individual voter checks in ensuring a correct election outcome. It considers a scenario where an adversary possesses additional knowledge about the individual voters and can strategically decide which voters to target. The study aims to estimate the degree to which these checks can still guarantee the accuracy of the election results under such circumstances. In essence, this thesis embarks on a comprehensive exploration of the dynamics between individual verifiability, ballot privacy, and coercion-resistance in secure electronic voting protocols. It also seeks to quantify the effectiveness of individual voter checks in maintaining the integrity of election outcomes, particularly when faced with a knowledgeable and capable adversary. The first contribution of this thesis is revisiting the seminal coercion-resistant e-voting protocol by Juels, Catalano, and Jakobsson (JCJ), examining its usability and practicality. It discusses the credential handling system proposed by Neumann et al., which uses a smart card to unlock or fake credentials via a PIN code. The thesis identifies several security concerns with the JCJ protocol, including an attack on coercion-resistance due to information leakage from the removal of duplicate ballots. It also addresses the issues of PIN errors and the single point of failure associated with the smart card. To mitigate these vulnerabilities, we propose hardware-flexible protocols that allow credentials to be stored by ordinary means while still being PIN-based and providing PIN error resilience. One of these protocols features a linear tally complexity, ensuring efficiency and scalability for large-scale electronic voting systems. The second contribution of this thesis pertains to the exploration and validation of the ballot privacy definition proposed by Cortier et. al., particularly in the context of an adversarial presence. Our exploration involves both the Selene and the MiniVoting abstract scheme. We apply Cortier's definition of ballot privacy to this scheme, investigating how it holds up under this framework. To ensure the validity of our findings, we employ the use of tools for machine-checked proof. This method provides a rigorous and reliable means of verifying our results, ensuring that our conclusions are both accurate and trustworthy. The final contribution of this thesis is a detailed examination and analysis of the Estonian election results. This analysis is conducted in several phases, each contributing to a comprehensive understanding of the election process. The first phase involves a comprehensive marginal analysis of the Estonian election results. We compute upper bounds for several margins, providing a detailed statistical overview of the election outcome. This analysis allows us to identify key trends and patterns in the voting data, laying the groundwork for the subsequent phase of our research. We then train multiple binary classifiers to predict whether a voter is likely to verify their vote. This predictive modeling enables an adversary to gain insights into voter behavior and the factors that may influence their decision to verify their vote. With the insights gained from the previous phases, an adversarial classification algorithm for verifying voters is trained. The likelihood of such an adversary is calculated using various machine learning models, providing a more robust assessment of potential threats to the election process

    The future of Cybersecurity in Italy: Strategic focus area

    Get PDF
    This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

    Program analysis for anomaly detection

    Get PDF
    When interacting with mobile applications, users may not always get what they expect. For instance, when users download Android applications from a market, they do not know much about their actual behavior. A brief description, a set of screenshots and a list of permissions, which give a high level intuition of what applications might be doing, form user expectations. However applications do not always meet them. For example, a gaming application intentionally could send SMS messages to a premium number in a background without a user’s knowledge. A less harmful scenario would be a wrong message confirming a successful action that was never executed. Whatever the behavior of a mobile application might (app) be, in order to test and fully understand it, there needs to be a technique that can analyse the User Interface (UI) of the app and the code associated with it as the whole. This thesis presents a static analysis framework called SAFAND that given an ANDROID app performs the following analysis: - gathers information on how the application uses sensitive data; - identifies and analyses UI elements of the application; - binds UI elements with their corresponding behavior. The thesis illustrates how results obtained from the framework can be used to identify problems ranging from small usability issues to malicious behavior of real-world applications.Bei der Interaktion mit mobilen Anwendungen erhalten Benutzer möglicherweise nicht immer das, was sie erwarten. Wenn Benutzer beispielsweise Android- Anwendungen von einem Marktplatz herunterladen, wissen sie nicht viel über das tatsächliche Verhalten dieser Anwendungen. Eine kurze Beschreibung, eine Reihe von Screenshots und eine Liste von Berechtigungen, die eine umfassende Vorstellung davon geben sollen, welche Anwendungen möglicherweise ausgeführt werden können, bilden die Erwartungen der Benutzer. Die Anwendungen entsprechen diesen Erwartungen aber nicht immer. Zum Beispiel könnte ein Spiel ohne Wissen des Benutzers im Hintergrund absichtlich SMS-Nachrichten an eine Premium-Nummer senden. Ein weniger schädliches Szenario wäre eine falsche Meldung, welche eine erfolgreiche Aktion bestätigt, die jedoch niemals durchgeführt wurde. Unabhängig vom Verhalten einer mobilen Anwendung (App) muss eine Technik vorhanden sein, die die Benutzeroberfläche (User Interface, UI) der App und des damit verbundenen Codes testet und als Ganzes versteht. In dieser Arbeit wird ein statisches Analyseframework namens SAFAND2 vorgestellt, bei dem eine ANDROID-App die folgende Analyse durchführt: * sammelt Informationen darüber, wie die Anwendung sensible Daten verwendet; * identifiziert und analysiert UI-Elemente der Anwendung; * verbindet UI-Elemente mit ihrem entsprechenden Verhalten. Die Arbeit zeigt, wie Probleme, von kleinen Usability-Problemen bis hin zu böswilligem Verhalten realer Anwendungen, mit den Ergebnissen des Frameworks identifiziert werden können. 2SAFAND = Static Analysis For Anomaly Detectio

    A real-time framework for malicious behaviour discovery on android mobile devices.

    Get PDF
    openIn few years Android has become the most widespread operating system among mobile devices. Its extreme popularity combined with the personal information contained on smartphones - as financial account, private photos and other acquaintances’ data – has captured the attention of many criminal organizations and hackers. The consequence is the massive presence on the market of malwares targeting the Android architecture. A great amount of research has focused on mechanisms to discovery such threads analyzing the application package before installing it, looking for common patterns and specific features while other approaches try to discover the infection during the attack but the required computation penalizes the device’s performance and battery autonomy. In this thesis we present a novel framework for real-time monitoring the Android device’s behavior without compromising the user experience. Our approach, thanks to a client-server architecture, permits to know in time many information related to the system and the applications running on it. By defining appropriate rules through an ad-hoc language we are able to control the device’s behavior and understand if it is the result of an infection. Further, with the contribution of the server which collects data from many users, we are able to compare data from different devices and understand if an application is different from the “safe” version. During our tests we were able to discover if an application has been infected with the introduction of a malicious code and to understand if the device behavior deviates in time in respect to the user standard profile which was built dynamically over time.openInformaticaTaddeo, MarcoTaddeo, Marc

    Effective software testing with a string-constraint solver

    Get PDF
    Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Cataloged from PDF version of thesis.Includes bibliographical references (p. 91-100).This dissertation presents techniques and tools for improving software reliability, by using an expressive string-constraint solver to make implementation-based testing more effective and more applicable. Concolic testing is a paradigm of implementation-based systematic software testing that combines dynamic symbolic execution with constraint-based systematic execution-path enumeration. Concolic testing is easy to use and effective in finding real errors. It is, however, limited by the expressiveness of the underlying constraint solver. Therefore, to date, concolic testing has not been successfully applied to programs with highly-structured inputs (e.g., compilers), or to Web applications. This dissertation shows that the effectiveness and applicability of concolic testing can be greatly improved by using an expressive and efficient string-constraint solver, i.e., a solver for constraints on string variables. We present the design, implementation, and experimental evaluation of a novel string-constraint solver. Furthermore, we show novel techniques for two important problems in concolic testing: getting past input validation in programs with highly-structured inputs, and creating inputs that demonstrate security vulnerabilities in Web applications.by Adam Kieżun.Ph.D
    corecore