969 research outputs found
Recommended from our members
A survey of intrusion detection techniques in Cloud
Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks
Deep Learning for Face Anti-Spoofing: A Survey
Face anti-spoofing (FAS) has lately attracted increasing attention due to its
vital role in securing face recognition systems from presentation attacks
(PAs). As more and more realistic PAs with novel types spring up, traditional
FAS methods based on handcrafted features become unreliable due to their
limited representation capacity. With the emergence of large-scale academic
datasets in the recent decade, deep learning based FAS achieves remarkable
performance and dominates this area. However, existing reviews in this field
mainly focus on the handcrafted features, which are outdated and uninspiring
for the progress of FAS community. In this paper, to stimulate future research,
we present the first comprehensive review of recent advances in deep learning
based FAS. It covers several novel and insightful components: 1) besides
supervision with binary label (e.g., '0' for bonafide vs. '1' for PAs), we also
investigate recent methods with pixel-wise supervision (e.g., pseudo depth
map); 2) in addition to traditional intra-dataset evaluation, we collect and
analyze the latest methods specially designed for domain generalization and
open-set FAS; and 3) besides commercial RGB camera, we summarize the deep
learning applications under multi-modal (e.g., depth and infrared) or
specialized (e.g., light field and flash) sensors. We conclude this survey by
emphasizing current open issues and highlighting potential prospects.Comment: IEEE Transactions on Pattern Analysis and Machine Intelligence
(TPAMI
No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems
In recent years, a number of process-based anomaly detection schemes for
Industrial Control Systems were proposed. In this work, we provide the first
systematic analysis of such schemes, and introduce a taxonomy of properties
that are verified by those detection systems. We then present a novel general
framework to generate adversarial spoofing signals that violate physical
properties of the system, and use the framework to analyze four anomaly
detectors published at top security conferences. We find that three of those
detectors are susceptible to a number of adversarial manipulations (e.g.,
spoofing with precomputed patterns), which we call Synthetic Sensor Spoofing
and one is resilient against our attacks. We investigate the root of its
resilience and demonstrate that it comes from the properties that we
introduced. Our attacks reduce the Recall (True Positive Rate) of the attacked
schemes making them not able to correctly detect anomalies. Thus, the
vulnerabilities we discovered in the anomaly detectors show that (despite an
original good detection performance), those detectors are not able to reliably
learn physical properties of the system. Even attacks that prior work was
expected to be resilient against (based on verified properties) were found to
be successful. We argue that our findings demonstrate the need for both more
complete attacks in datasets, and more critical analysis of process-based
anomaly detectors. We plan to release our implementation as open-source,
together with an extension of two public datasets with a set of Synthetic
Sensor Spoofing attacks as generated by our framework
Deep Learning based Fingerprint Presentation Attack Detection: A Comprehensive Survey
The vulnerabilities of fingerprint authentication systems have raised
security concerns when adapting them to highly secure access-control
applications. Therefore, Fingerprint Presentation Attack Detection (FPAD)
methods are essential for ensuring reliable fingerprint authentication. Owing
to the lack of generation capacity of traditional handcrafted based approaches,
deep learning-based FPAD has become mainstream and has achieved remarkable
performance in the past decade. Existing reviews have focused more on
hand-cratfed rather than deep learning-based methods, which are outdated. To
stimulate future research, we will concentrate only on recent
deep-learning-based FPAD methods. In this paper, we first briefly introduce the
most common Presentation Attack Instruments (PAIs) and publicly available
fingerprint Presentation Attack (PA) datasets. We then describe the existing
deep-learning FPAD by categorizing them into contact, contactless, and
smartphone-based approaches. Finally, we conclude the paper by discussing the
open challenges at the current stage and emphasizing the potential future
perspective.Comment: 29 pages, submitted to ACM computing survey journa
AI-based intrusion detection systems for in-vehicle networks: a survey.
The Controller Area Network (CAN) is the most widely used in-vehicle communication protocol, which still lacks the implementation of suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyber attacks. Various Intrusion Detection Systems (IDSs) have been developed to detect these attacks. However, the high generalization capabilities of Artificial Intelligence (AI) make AI-based IDS an excellent countermeasure against automotive cyber attacks. This article surveys AI-based in-vehicle IDS from 2016 to 2022 (August) with a novel taxonomy. It reviews the detection techniques, attack types, features, and benchmark datasets. Furthermore, the article discusses the security of AI models, necessary steps to develop AI-based IDSs in the CAN bus, identifies the limitations of existing proposals, and gives recommendations for future research directions
Mustererkennungsbasierte Verteidgung gegen gezielte Angriffe
The speed at which everything and everyone is being connected considerably outstrips the rate at which effective security mechanisms are introduced to protect them. This has created an opportunity for resourceful threat actors which have specialized in conducting low-volume persistent attacks through sophisticated techniques that are tailored to specific valuable targets. Consequently, traditional approaches are rendered ineffective against targeted attacks, creating an acute need for innovative defense mechanisms.
This thesis aims at supporting the security practitioner in bridging this gap by introducing a holistic strategy against targeted attacks that addresses key challenges encountered during the phases of detection, analysis and response. The structure of this thesis is therefore aligned to these three phases, with each one of its central chapters taking on a particular problem and proposing a solution built on a strong foundation on pattern recognition and machine learning.
In particular, we propose a detection approach that, in the absence of additional authentication mechanisms, allows to identify spear-phishing emails without relying on their content. Next, we introduce an analysis approach for malware triage based on the structural characterization of malicious code. Finally, we introduce MANTIS, an open-source platform for authoring, sharing and collecting threat intelligence, whose data model is based on an innovative unified representation for threat intelligence standards based on attributed graphs.
As a whole, these ideas open new avenues for research on defense mechanisms and represent an attempt to counteract the imbalance between resourceful actors and society at large.In unserer heutigen Welt sind alle und alles miteinander vernetzt. Dies bietet mächtigen Angreifern die Möglichkeit, komplexe Verfahren zu entwickeln, die auf spezifische Ziele angepasst sind. Traditionelle Ansätze zur Bekämpfung solcher Angriffe werden damit ineffektiv, was die Entwicklung innovativer Methoden unabdingbar macht.
Die vorliegende Dissertation verfolgt das Ziel, den Sicherheitsanalysten durch eine umfassende Strategie gegen gezielte Angriffe zu unterstützen. Diese Strategie beschäftigt sich mit den hauptsächlichen Herausforderungen in den drei Phasen der Erkennung und Analyse von sowie der Reaktion auf gezielte Angriffe. Der Aufbau dieser Arbeit orientiert sich daher an den genannten drei Phasen. In jedem Kapitel wird ein Problem aufgegriffen und eine entsprechende Lösung vorgeschlagen, die stark auf maschinellem Lernen und Mustererkennung basiert.
Insbesondere schlagen wir einen Ansatz vor, der eine Identifizierung von Spear-Phishing-Emails ermöglicht, ohne ihren Inhalt zu betrachten. Anschliessend stellen wir einen Analyseansatz für Malware Triage vor, der auf der strukturierten Darstellung von Code basiert. Zum Schluss stellen wir MANTIS vor, eine Open-Source-Plattform für Authoring, Verteilung und Sammlung von Threat Intelligence, deren Datenmodell auf einer innovativen konsolidierten Graphen-Darstellung für Threat Intelligence Stardards basiert. Wir evaluieren unsere Ansätze in verschiedenen Experimenten, die ihren potentiellen Nutzen in echten Szenarien beweisen.
Insgesamt bereiten diese Ideen neue Wege für die Forschung zu Abwehrmechanismen und erstreben, das Ungleichgewicht zwischen mächtigen Angreifern und der Gesellschaft zu minimieren
Learning One Class Representations for Face Presentation Attack Detection using Multi-channel Convolutional Neural Networks
Face recognition has evolved as a widely used biometric modality. However,
its vulnerability against presentation attacks poses a significant security
threat. Though presentation attack detection (PAD) methods try to address this
issue, they often fail in generalizing to unseen attacks. In this work, we
propose a new framework for PAD using a one-class classifier, where the
representation used is learned with a Multi-Channel Convolutional Neural
Network (MCCNN). A novel loss function is introduced, which forces the network
to learn a compact embedding for bonafide class while being far from the
representation of attacks. A one-class Gaussian Mixture Model is used on top of
these embeddings for the PAD task. The proposed framework introduces a novel
approach to learn a robust PAD system from bonafide and available (known)
attack classes. This is particularly important as collecting bonafide data and
simpler attacks are much easier than collecting a wide variety of expensive
attacks. The proposed system is evaluated on the publicly available WMCA
multi-channel face PAD database, which contains a wide variety of 2D and 3D
attacks. Further, we have performed experiments with MLFP and SiW-M datasets
using RGB channels only. Superior performance in unseen attack protocols shows
the effectiveness of the proposed approach. Software, data, and protocols to
reproduce the results are made available publicly.Comment: 15 page
Biometric presentation attack detection: beyond the visible spectrum
The increased need for unattended authentication in
multiple scenarios has motivated a wide deployment of biometric
systems in the last few years. This has in turn led to the
disclosure of security concerns specifically related to biometric
systems. Among them, presentation attacks (PAs, i.e., attempts
to log into the system with a fake biometric characteristic or
presentation attack instrument) pose a severe threat to the
security of the system: any person could eventually fabricate
or order a gummy finger or face mask to impersonate someone
else. In this context, we present a novel fingerprint presentation
attack detection (PAD) scheme based on i) a new capture device
able to acquire images within the short wave infrared (SWIR)
spectrum, and i i) an in-depth analysis of several state-of-theart
techniques based on both handcrafted and deep learning
features. The approach is evaluated on a database comprising
over 4700 samples, stemming from 562 different subjects and
35 different presentation attack instrument (PAI) species. The
results show the soundness of the proposed approach with a
detection equal error rate (D-EER) as low as 1.35% even in a
realistic scenario where five different PAI species are considered
only for testing purposes (i.e., unknown attacks
- …