41 research outputs found
CARET analysis of multithreaded programs
Dynamic Pushdown Networks (DPNs) are a natural model for multithreaded
programs with (recursive) procedure calls and thread creation. On the other
hand, CARET is a temporal logic that allows to write linear temporal formulas
while taking into account the matching between calls and returns. We consider
in this paper the model-checking problem of DPNs against CARET formulas. We
show that this problem can be effectively solved by a reduction to the
emptiness problem of B\"uchi Dynamic Pushdown Systems. We then show that CARET
model checking is also decidable for DPNs communicating with locks. Our results
can, in particular, be used for the detection of concurrent malware.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Using Context and Interactions to Verify User-Intended Network Requests
Client-side malware can attack users by tampering with applications or user
interfaces to generate requests that users did not intend. We propose Verified
Intention (VInt), which ensures a network request, as received by a service, is
user-intended. VInt is based on "seeing what the user sees" (context). VInt
screenshots the user interface as the user interacts with a security-sensitive
form. There are two main components. First, VInt ensures output integrity and
authenticity by validating the context, ensuring the user sees correctly
rendered information. Second, VInt extracts user-intended inputs from the
on-screen user-provided inputs, with the assumption that a human user checks
what they entered. Using the user-intended inputs, VInt deems a request to be
user-intended if the request is generated properly from the user-intended
inputs while the user is shown the correct information. VInt is implemented
using image analysis and Optical Character Recognition (OCR). Our evaluation
shows that VInt is accurate and efficient
A Model Checker for Operator Precedence Languages
The problem of extending model checking from finite state machines to procedural programs has fostered much research toward the definition of temporal logics for reasoning on context-free structures. The most notable of such results are temporal logics on Nested Words, such as CaRet and NWTL. Recently, Precedence Oriented Temporal Logic (POTL) has been introduced to specify and prove properties of programs coded trough an Operator Precedence Language (OPL). POTL is complete w.r.t. the FO restriction of the MSO logic previously defined as a logic fully equivalent to OPL. POTL increases NWTL's expressive power in a perfectly parallel way as OPLs are more powerful that nested words.In this article, we produce a model checker, named POMC, for OPL programs to prove properties expressed in POTL. To the best of our knowledge, POMC is the first implemented and openly available model checker for proving tree-structured properties of recursive procedural programs. We also report on the experimental evaluation we performed on POMC on a nontrivial benchmark
Improving Cyber Situational Awareness via Data mining and Predictive Analytic Techniques
As cyber-attacks have become more common in everyday life, there is a need for maintaining and improving cyber security standards in any business or industry. Cyber Situational Awareness (CSA) is a broad strategy which can be adopted by any business or government to tackle cyber-attacks and incidents. CSA is based on current and past incidents, elements and actors in any system. Managers and decision makers need to monitor their systems constantly to understand ongoing events and changes which it can lead to predict future incidents. Prediction of future cyber incidents then can guide cyber managers to be prepared against future cyber threats and breaches.
This research aims to improve cyber situational awareness by developing a framework based on data mining techniques specifically classification methods known as predictive approaches and Open Source Intelligence (OSINT). OSINT is another important element in this research because not only it is accessible publicly but also it is cost effective and research friendly.
This research highlights the importance of understanding past and current CSA, which it can lead to more preparation against future cyber threats, and cyber security experts can use the developed framework with other different methods and provide a comprehensive strategy to improve cyber security and safety
UGRansome1819 : a novel dataset for anomaly detection and zero-day threats
This research attempts to introduce the production methodology of an anomaly detection
dataset using ten desirable requirements. Subsequently, the article presents the produced dataset
named UGRansome, created with up-to-date and modern network traffic (netflow), which represents
cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered
that the timestamp of various network attacks is inferior to one minute and this feature pattern
was used to record the time taken by the threat to infiltrate a network node. The main asset of the
proposed dataset is its implication in the detection of zero-day attacks and anomalies that have
not been explored before and cannot be recognised by known threats signatures. For instance, the
UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises
the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats
in the proposed dataset. These feature patterns are included in the corpus, but derived from two
well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former
incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome
dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to
assess the performance of Ensemble Learning algorithms. False alarms have been minimized with
a null empirical error during the experiment, which demonstrates that implementing the Random
Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats
detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are
recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that
they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance
was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution
in terms of several instances.https://www.mdpi.com/journal/informationam2022Informatic
Countermeasures for the majority attack in blockchain distributed systems
La tecnología Blockchain es considerada como uno de los paradigmas informáticos más importantes posterior al Internet; en función a sus características únicas que la hacen ideal para registrar, verificar y administrar información de diferentes transacciones. A pesar de esto, Blockchain se enfrenta a diferentes problemas de seguridad, siendo el ataque del 51% o ataque mayoritario uno de los más importantes. Este consiste en que uno o más mineros tomen el control de al menos el 51% del Hash extraído o del cómputo en una red; de modo que un minero puede manipular y modificar arbitrariamente la información registrada en esta tecnología. Este trabajo se enfocó en diseñar e implementar estrategias de detección y mitigación de ataques mayoritarios (51% de ataque) en un sistema distribuido Blockchain, a partir de la caracterización del comportamiento de los mineros. Para lograr esto, se analizó y evaluó el Hash Rate / Share de los mineros de Bitcoin y Crypto Ethereum, seguido del diseño e implementación de un protocolo de consenso para controlar el poder de cómputo de los mineros. Posteriormente, se realizó la exploración y evaluación de modelos de Machine Learning para detectar software malicioso de tipo Cryptojacking.DoctoradoDoctor en Ingeniería de Sistemas y Computació