730 research outputs found
Data Leak Detection As a Service: Challenges and Solutions
We describe a network-based data-leak detection (DLD)
technique, the main feature of which is that the detection
does not require the data owner to reveal the content of the
sensitive data. Instead, only a small amount of specialized
digests are needed. Our technique – referred to as the fuzzy
fingerprint – can be used to detect accidental data leaks due
to human errors or application flaws. The privacy-preserving
feature of our algorithms minimizes the exposure of sensitive
data and enables the data owner to safely delegate the
detection to others.We describe how cloud providers can offer
their customers data-leak detection as an add-on service
with strong privacy guarantees.
We perform extensive experimental evaluation on the privacy,
efficiency, accuracy and noise tolerance of our techniques.
Our evaluation results under various data-leak scenarios
and setups show that our method can support accurate
detection with very small number of false alarms, even
when the presentation of the data has been transformed. It
also indicates that the detection accuracy does not degrade
when partial digests are used. We further provide a quantifiable
method to measure the privacy guarantee offered by our
fuzzy fingerprint framework
Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK
Cyber adversaries have increasingly leveraged social engineering attacks to
breach large organizations and threaten the well-being of today's online users.
One clever technique, the "watering hole" attack, compromises a legitimate
website to execute drive-by download attacks by redirecting users to another
malicious domain. We introduce a game-theoretic model that captures the salient
aspects for an organization protecting itself from a watering hole attack by
altering the environment information in web traffic so as to deceive the
attackers. Our main contributions are (1) a novel Social Engineering Deception
(SED) game model that features a continuous action set for the attacker, (2) an
in-depth analysis of the SED model to identify computationally feasible
real-world cases, and (3) the CyberTWEAK algorithm which solves for the optimal
protection policy. To illustrate the potential use of our framework, we built a
browser extension based on our algorithms which is now publicly available
online. The CyberTWEAK extension will be vital to the continued development and
deployment of countermeasures for social engineering.Comment: IAAI-20, AICS-2020 Worksho
Dos and Don'ts of Machine Learning in Computer Security
With the growing processing power of computing systems and the increasing
availability of massive datasets, machine learning algorithms have led to major
breakthroughs in many different areas. This development has influenced computer
security, spawning a series of work on learning-based security systems, such as
for malware detection, vulnerability discovery, and binary code analysis.
Despite great potential, machine learning in security is prone to subtle
pitfalls that undermine its performance and render learning-based systems
potentially unsuitable for security tasks and practical deployment. In this
paper, we look at this problem with critical eyes. First, we identify common
pitfalls in the design, implementation, and evaluation of learning-based
security systems. We conduct a study of 30 papers from top-tier security
conferences within the past 10 years, confirming that these pitfalls are
widespread in the current security literature. In an empirical analysis, we
further demonstrate how individual pitfalls can lead to unrealistic performance
and interpretations, obstructing the understanding of the security problem at
hand. As a remedy, we propose actionable recommendations to support researchers
in avoiding or mitigating the pitfalls where possible. Furthermore, we identify
open problems when applying machine learning in security and provide directions
for further research.Comment: to appear at USENIX Security Symposium 202
- …