1,475 research outputs found
Minimizing the Time of Spam Mail Detection by Relocating Filtering System to the Sender Mail Server
Unsolicited Bulk Emails (also known as Spam) are undesirable emails sent to
massive number of users. Spam emails consume the network resources and cause
lots of security uncertainties. As we studied, the location where the spam
filter operates in is an important parameter to preserve network resources.
Although there are many different methods to block spam emails, most of program
developers only intend to block spam emails from being delivered to their
clients. In this paper, we will introduce a new and efficient approach to
prevent spam emails from being transferred. The result shows that if we focus
on developing a filtering method for spams emails in the sender mail server
rather than the receiver mail server, we can detect the spam emails in the
shortest time consequently to avoid wasting network resources.Comment: 10 pages, 7 figure
Internet scalability: properties and evolution
Copyright © 2008 IEEEMatthew Roughan; Steve Uhlig; Walter Willinge
Hyp3rArmor: reducing web application exposure to automated attacks
Web applications (webapps) are subjected constantly to automated, opportunistic attacks from autonomous robots (bots) engaged in reconnaissance to discover victims that may be vulnerable to specific exploits. This is a typical behavior found in botnet recruitment, worm propagation, largescale fingerprinting and vulnerability scanners. Most anti-bot techniques are deployed at the application layer, thus leaving the network stack of the webapp’s server exposed. In this paper we present a mechanism called Hyp3rArmor, that addresses this vulnerability by minimizing the webapp’s attack surface exposed to automated opportunistic attackers, for JavaScriptenabled web browser clients. Our solution uses port knocking to eliminate the webapp’s visible network footprint. Clients of the webapp are directed to a visible static web server to obtain JavaScript that authenticates the client to the webapp server (using port knocking) before making any requests to the webapp. Our implementation of Hyp3rArmor, which is compatible with all webapp architectures, has been deployed and used to defend single and multi-page websites on the Internet for 114 days. During this time period the static web server observed 964 attempted attacks that were deflected from the webapp, which was only accessed by authenticated clients. Our evaluation shows that in most cases client-side overheads were negligible and that server-side overheads were minimal. Hyp3rArmor is ideal for critical systems and legacy applications that must be accessible on the Internet. Additionally Hyp3rArmor is composable with other security tools, adding an additional layer to a defense in depth approach.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798
PDoT: Private DNS-over-TLS with TEE Support
Security and privacy of the Internet Domain Name System (DNS) have been
longstanding concerns. Recently, there is a trend to protect DNS traffic using
Transport Layer Security (TLS). However, at least two major issues remain: (1)
how do clients authenticate DNS-over-TLS endpoints in a scalable and extensible
manner; and (2) how can clients trust endpoints to behave as expected? In this
paper, we propose a novel Private DNS-over-TLS (PDoT ) architecture. PDoT
includes a DNS Recursive Resolver (RecRes) that operates within a Trusted
Execution Environment (TEE). Using Remote Attestation, DNS clients can
authenticate, and receive strong assurance of trustworthiness of PDoT RecRes.
We provide an open-source proof-of-concept implementation of PDoT and use it to
experimentally demonstrate that its latency and throughput match that of the
popular Unbound DNS-over-TLS resolver.Comment: To appear: ACSAC 201
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
- …