16,380 research outputs found
An Empirical Study of Denial of Service Mitigation Techniques
We present an empirical study of the resistance of several protocols to denial of service (DoS) attacks on client-server communication. We show that protocols that use authenti-cation alone, e.g., IPSec, provide protection to some extent, but are still susceptible to DoS attacks, even when the net-work is not congested. In contrast, a protocol that uses a changing filtering identifier (FI) is usually immune to DoS attacks, as long as the network itself is not congested. This approach is called FI hopping. We build and experiment with two prototype implementations of FI hopping. One implementation is a modification of IPSec in a Linux ker-nel, and a second implementation comes as an NDIS hook driver on a Windows machine. We present results of ex-periments in which client-server communication is subject to a DoS-attack. Our measurements illustrate that FI hop-ping withstands severe DoS attacks without hampering the client-server communication. Moreover, our implementa-tions show that FI hopping is simple, practical, and easy to deploy.
Security Code Smells in Android ICC
Android Inter-Component Communication (ICC) is complex, largely
unconstrained, and hard for developers to understand. As a consequence, ICC is
a common source of security vulnerability in Android apps. To promote secure
programming practices, we have reviewed related research, and identified
avoidable ICC vulnerabilities in Android-run devices and the security code
smells that indicate their presence. We explain the vulnerabilities and their
corresponding smells, and we discuss how they can be eliminated or mitigated
during development. We present a lightweight static analysis tool on top of
Android Lint that analyzes the code under development and provides just-in-time
feedback within the IDE about the presence of such smells in the code.
Moreover, with the help of this tool we study the prevalence of security code
smells in more than 700 open-source apps, and manually inspect around 15% of
the apps to assess the extent to which identifying such smells uncovers ICC
security vulnerabilities.Comment: Accepted on 28 Nov 2018, Empirical Software Engineering Journal
(EMSE), 201
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
Over the last decade botnets survived by adopting a sequence of increasingly
sophisticated strategies to evade detection and take overs, and to monetize
their infrastructure. At the same time, the success of privacy infrastructures
such as Tor opened the door to illegal activities, including botnets,
ransomware, and a marketplace for drugs and contraband. We contend that the
next waves of botnets will extensively subvert privacy infrastructure and
cryptographic mechanisms. In this work we propose to preemptively investigate
the design and mitigation of such botnets. We first, introduce OnionBots, what
we believe will be the next generation of resilient, stealthy botnets.
OnionBots use privacy infrastructures for cyber attacks by completely
decoupling their operation from the infected host IP address and by carrying
traffic that does not leak information about its source, destination, and
nature. Such bots live symbiotically within the privacy infrastructures to
evade detection, measurement, scale estimation, observation, and in general all
IP-based current mitigation techniques. Furthermore, we show that with an
adequate self-healing network maintenance scheme, that is simple to implement,
OnionBots achieve a low diameter and a low degree and are robust to
partitioning under node deletions. We developed a mitigation technique, called
SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and
discuss a set of techniques that can enable subsequent waves of Super
OnionBots. In light of the potential of such botnets, we believe that the
research community should proactively develop detection and mitigation methods
to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure
Master of Puppets: Analyzing And Attacking A Botnet For Fun And Profit
A botnet is a network of compromised machines (bots), under the control of an
attacker. Many of these machines are infected without their owners' knowledge,
and botnets are the driving force behind several misuses and criminal
activities on the Internet (for example spam emails). Depending on its
topology, a botnet can have zero or more command and control (C&C) servers,
which are centralized machines controlled by the cybercriminal that issue
commands and receive reports back from the co-opted bots.
In this paper, we present a comprehensive analysis of the command and control
infrastructure of one of the world's largest proprietary spamming botnets
between 2007 and 2012: Cutwail/Pushdo. We identify the key functionalities
needed by a spamming botnet to operate effectively. We then develop a number of
attacks against the command and control logic of Cutwail that target those
functionalities, and make the spamming operations of the botnet less effective.
This analysis was made possible by having access to the source code of the C&C
software, as well as setting up our own Cutwail C&C server, and by implementing
a clone of the Cutwail bot. With the help of this tool, we were able to
enumerate the number of bots currently registered with the C&C server,
impersonate an existing bot to report false information to the C&C server, and
manipulate spamming statistics of an arbitrary bot stored in the C&C database.
Furthermore, we were able to make the control server inaccessible by conducting
a distributed denial of service (DDoS) attack. Our results may be used by law
enforcement and practitioners to develop better techniques to mitigate and
cripple other botnets, since many of findings are generic and are due to the
workflow of C&C communication in general
How to achieve climate-friendly behaviour changes ? A case study of the university of Grenoble
Climate change is definitely a huge challenge for the 21st century. Mitigation actions that stem from individual behaviour change towards a lower individual carbon footprint are part of the response. However, barriers are numerous for individuals to change their behaviour and actually reduce their greenhouse gas emissions. Even individuals with positive attitudes may show much reluctance to behave in a climate-friendly way. Against this background, our paper aims to investigate how these barriers can be overcome so that individuals take action. The first section reviews the individual, sociological, and institutional barriers that have been identified in the social sciences literature, and options that may spur action. The second section presents the climate mitigation initiative that has been implemented at the university of Grenoble, France, to engage its members into reducing their greenhouse gas emissions, and draws lessons from the results obtained. Digging alternatively into economics, sociology, psychology, and marketing brings some tools to lift barriers to action. However, these social sciences fields are interwoven. Adopting an interdisciplinary approach drawing simultaneously on those social sciences may bring better results. The university of Grenoble could be an interesting place to define an action-research program accordingly.climate change ; attitude ; behaviour ; social sciences
Master of puppets: analyzing and attacking a botnet for fun and profit
A botnet is a network of compromised machines (bots),
under the control of an attacker. Many of these machines
are infected without their owners’ knowledge, and botnets
are the driving force behind several misuses and criminal
activities on the Internet (for example spam emails). Depending
on its topology, a botnet can have zero or more
command and control (C&C) servers, which are centralized
machines controlled by the cybercriminal that issue
commands and receive reports back from the co-opted
bots.
In this paper, we present a comprehensive analysis of
the command and control infrastructure of one of the
world’s largest proprietary spamming botnets between
2007 and 2012: Cutwail/Pushdo. We identify the key
functionalities needed by a spamming botnet to operate
effectively. We then develop a number of attacks against
the command and control logic of Cutwail that target
those functionalities, and make the spamming operations
of the botnet less effective. This analysis was made possible
by having access to the source code of the C&C software,
as well as setting up our own Cutwail C&C server,
and by implementing a clone of the Cutwail bot. With the
help of this tool, we were able to enumerate the number
of bots currently registered with the C&C server, impersonate
an existing bot to report false information to the
C&C server, and manipulate spamming statistics of an arbitrary
bot stored in the C&C database. Furthermore, we
were able to make the control server inaccessible by conducting
a distributed denial of service (DDoS) attack. Our
results may be used by law enforcement and practitioners
to develop better techniques to mitigate and cripple other
botnets, since many of findings are generic and are due to
the workflow of C&C communication in general.First author draf
- …