Search CORE

1,116 research outputs found

Towards secure message systems

Author: Xie Mengjun
Publication venue: W&M ScholarWorks
Publication date: 01/01/2010
Field of study

Message systems, which transfer information from sender to recipient via communication networks, are indispensable to our modern society. The enormous user base of message systems and their critical role in information delivery make it the top priority to secure message systems. This dissertation focuses on securing the two most representative and dominant messages systems---e-mail and instant messaging (IM)---from two complementary aspects: defending against unwanted messages and ensuring reliable delivery of wanted messages.;To curtail unwanted messages and protect e-mail and instant messaging users, this dissertation proposes two mechanisms DBSpam and HoneyIM, which can effectively thwart e-mail spam laundering and foil malicious instant message spreading, respectively. DBSpam exploits the distinct characteristics of connection correlation and packet symmetry embedded in the behavior of spam laundering and utilizes a simple statistical method, Sequential Probability Ratio Test, to detect and break spam laundering activities inside a customer network in a timely manner. The experimental results demonstrate that DBSpam is effective in quickly and accurately capturing and suppressing e-mail spam laundering activities and is capable of coping with high speed network traffic. HoneyIM leverages the inherent characteristic of spreading of IM malware and applies the honey-pot technology to the detection of malicious instant messages. More specifically, HoneyIM uses decoy accounts in normal users\u27 contact lists as honey-pots to capture malicious messages sent by IM malware and suppresses the spread of malicious instant messages by performing network-wide blocking. The efficacy of HoneyIM has been validated through both simulations and real experiments.;To improve e-mail reliability, that is, prevent losses of wanted e-mail, this dissertation proposes a collaboration-based autonomous e-mail reputation system called CARE. CARE introduces inter-domain collaboration without central authority or third party and enables each e-mail service provider to independently build its reputation database, including frequently contacted and unacquainted sending domains, based on the local e-mail history and the information exchanged with other collaborating domains. The effectiveness of CARE on improving e-mail reliability has been validated through a number of experiments, including a comparison of two large e-mail log traces from two universities, a real experiment of DNS snooping on more than 36,000 domains, and extensive simulation experiments in a large-scale environment

College of William & Mary: W&M Publish

Agent‐based modeling of malware dynamics in heterogeneous environments

Author: Bose Abhijit
Shin Kang G.
Publication venue: 'Wiley'
Publication date: 01/12/2013
Field of study

The increasing convergence of power‐law networks such as social networking and peer‐to‐peer applications, web‐delivered applications, and mobile platforms makes today's users highly vulnerable to entirely new generations of malware that exploit vulnerabilities in web applications and mobile platforms for new infections, while using the power‐law connectivity for finding new victims. The traditional epidemic models based on assumptions of homogeneity, average‐degree distributions, and perfect‐mixing are inadequate to model this type of malware propagation. In this paper, we study four aspects crucial to modeling malware propagation: application‐level interactions among users of such networks , local network structure , user mobility , and network coordination of malware such as botnets . Since closed‐form solutions of malware propagation considering these aspects are difficult to obtain, we describe an open‐source, flexible agent‐based emulation framework that can be used by malware researchers for studying today's complex malware. The framework, called Agent‐Based Malware Modeling (AMM), allows different applications, network structure, network coordination, and user mobility in either a geographic or a logical domain to study various infection and propagation scenarios. In addition to traditional worms and viruses, the framework also allows modeling network coordination of malware such as botnets. The majority of the parameters used in the framework can be derived from real‐life network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios. As representative examples, we examine two well‐known malware spreading mechanisms: (i) a malicious virus such as Cabir spreading among the subscribers of a cellular network using Bluetooth and (ii) a hybrid worm that exploit email and file‐sharing to infect users of a social network. In both cases, we identify the parameters most important to the spread of the epidemic based upon our extensive simulation results. Copyright © 2011 John Wiley & Sons, Ltd. This paper presents a novel agent‐based framework for realistic modeling of malware propagation in heterogeneous networks, applications and platforms. The majority of the parameters used in the framework can be derived from real‐life network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios for the given network. Two well‐known malware spreading mechanisms in traditional as well as mobile environments were studied using extensive simulations within the framework and the most important spreading parameters were identified.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/101832/1/sec298.pd

Deep Blue Documents at the University of Michigan

Amun : a python honeypot

Author: Göbel Jan Gerrit
Publication venue
Publication date: 01/01/2009
Field of study

In this report we describe a low-interaction honeypot, which is capable of capturing autonomous spreading malware from the internet, named Amun. For this purpose, the software emulates a wide range of different vulnerabilities. As soon as an attacker exploits one of the emulated vulnerabilities the payload transmitted by the attacker is analyzed and any download URL found is extracted. Next, the honeypot tries to download the malicious software and store it on the local harddisc, for further analyses. As a result, we are able to collect at best unknown binaries of malware that automatically spreads across the network. The collected samples can for example be used to help anti-virus vendors improve their signatures

MAnnheim DOCument Server

The future of Cybersecurity in Italy: Strategic focus area

Author: Anglano C.
Aniello L.
Antinori A.
Armando A.
Aversa R.
Baldi Marco
Baldoni R.
Barili A.
Bartoletti M.
Bellini M.
Bergadano F.
Bernardeschi C.
Bianchi E.
Biancotti C.
Bistarelli S.
Blefari Melazzi N.
Boetti M.
Bondavalli A.
Bonomi .
Buccafurri F.
Cambiaso E.
Caputo B.
Carminati B.
Cataliotti F. S.
Catarci T.
Ceccarelli A.
Cesa Bianchi N.
Chiaraluce F.
Colajanni M.
Conti M.
Conti M.
Coppolino L.
Costa G.
Costamagna V.
Cotroneo D.
Crispo B.
Cucchiara R.
Damiani E.
De Nicola R.
De Nicola R.
De Santis A.
Degiovanni I. P.
Demetrescu C.
Di Battista G.
Di Corinto A.
Di Luna A.
Di Martino B.
Di Natale G.
Dini G.
D’Antonio S.
Evangelisti M.
Falcinelli D.
Ferretti M.
Ficco M.
Figà G.
Flocchini P.
Flottes M.
Focardi R.
Franchina . Furfaro
Girdinio P.
Guida F.
Italiano G. F.
Lain D.
Laurenti N.
Lioy A.
Loreti M.
Malerba D.
Mancini L. V.
Marchetti Spaccamela A.
Marcialis G.
Margheri A.
Marrella A.
Martinelli F.
Martinelli M.
Martino L.
Massacci F.
Mayer M.
Mecella M.
Mensi M.
Merlo A.
Miculan M.
Montanari L.
Morana M.
Mosco G. D.
Mostarda L.
Murino V.
Nardi D.
Navigli R.
Palazzi A.
Palmieri F.
Panetta I. C.
Passarella A.
Pellegrini A.
Pellegrino G.
Pelosi G.
Pirlo G.
Piuri V.
Pizzonia M.
Pogliani M.
Polino M.
Pontil M.
Prinetto P.
Prinetto P.
Quaglia F.
Quattrociocchi W.
Querzoni L.
Rak M.
Ranise S.
Ricci E.
Rossi L.
Rota P.
Russo L. O.
Samarati P.
Santoro N.
Santucci B.
Sassone V.
Scala A.
Scotti F.
Servida A.
Spagnoletti P.
Spalazzi L.
Spidalieri F.
Spoto A.
Squarcina M.
Stefanelli S.
Vecchio A.
Venticinque S.
Villoresi P.
Visaggio A.
Vitaletti A.
Zanero S.
Publication venue
Publication date: 01/01/2018
Field of study

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Archivio della ricerca- Università di Roma La Sapienza

Tracking and Mitigation of Malicious Remote Control Networks

Author: Holz Thorsten
Publication venue: Universität Mannheim
Publication date: 01/01/2009
Field of study

Attacks against end-users are one of the negative side effects of today’s networks. The goal of the attacker is to compromise the victim’s machine and obtain control over it. This machine is then used to carry out denial-of-service attacks, to send out spam mails, or for other nefarious purposes. From an attacker’s point of view, this kind of attack is even more efficient if she manages to compromise a large number of machines in parallel. In order to control all these machines, she establishes a "malicious remote control network", i.e., a mechanism that enables an attacker the control over a large number of compromised machines for illicit activities. The most common type of these networks observed so far are so called "botnets". Since these networks are one of the main factors behind current abuses on the Internet, we need to find novel approaches to stop them in an automated and efficient way. In this thesis we focus on this open problem and propose a general root cause methodology to stop malicious remote control networks. The basic idea of our method consists of three steps. In the first step, we use "honeypots" to collect information. A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. This technique enables us to study current attacks on the Internet and we can for example capture samples of autonomous spreading malware ("malicious software") in an automated way. We analyze the collected data to extract information about the remote control mechanism in an automated fashion. For example, we utilize an automated binary analysis tool to find the Command & Control (C&C) server that is used to send commands to the infected machines. In the second step, we use the extracted information to infiltrate the malicious remote control networks. This can for example be implemented by impersonating as a bot and infiltrating the remote control channel. Finally, in the third step we use the information collected during the infiltration phase to mitigate the network, e.g., by shutting down the remote control channel such that the attacker cannot send commands to the compromised machines. In this thesis we show the practical feasibility of this method. We examine different kinds of malicious remote control networks and discuss how we can track all of them in an automated way. As a first example, we study botnets that use a central C&C server: We illustrate how the three steps can be implemented in practice and present empirical measurement results obtained on the Internet. Second, we investigate botnets that use a peer-to-peer based communication channel. Mitigating these botnets is harder since no central C&C server exists which could be taken offline. Nevertheless, our methodology can also be applied to this kind of networks and we present empirical measurement results substantiating our method. Third, we study fast-flux service networks. The idea behind these networks is that the attacker does not directly abuse the compromised machines, but uses them to establish a proxy network on top of these machines to enable a robust hosting infrastructure. Our method can be applied to this novel kind of malicious remote control networks and we present empirical results supporting this claim. We anticipate that the methodology proposed in this thesis can also be used to track and mitigate other kinds of malicious remote control networks

MAnnheim DOCument Server

Studying Malicious Websites and the Underground Economy on the Chinese Web

Author: Guo Jinpeng
Han Xinhui
Holz Thorsten
Song Chengyu
Zhuge Jianwei
Zou Wei
Publication venue
Publication date: 01/01/2007
Field of study

The World Wide Web gains more and more popularity within China with more than 1.31 million websites on the Chinese Web in June 2007. Driven by the economic profits, cyber criminals are on the rise and use the Web to exploit innocent users. In fact, a real underground black market with thousand of participants has developed which brings together malicious users who trade exploits, malware, virtual assets, stolen credentials, and more. In this paper, we provide a detailed overview of this underground black market and present a model to describe the market. We substantiate our model with the help of measurement results within the Chinese Web. First, we show that the amount of virtual assets traded on this underground market is huge. Second, our research proofs that a significant amount of websites within China’s part of the Web are malicious: our measurements reveal that about 1.49% of the examined sites contain some kind of malicious content

CiteSeerX

Crossref

MAnnheim DOCument Server