66 research outputs found
Disarming Steganography Attacks Inside Neural Network Models
Similar to the revolution of open source code sharing, Artificial
Intelligence (AI) model sharing is gaining increased popularity. However, the
fast adaptation in the industry, lack of awareness, and ability to exploit the
models make them significant attack vectors. By embedding malware in neurons,
the malware can be delivered covertly, with minor or no impact on the neural
network's performance. The covert attack will use the Least Significant Bits
(LSB) weight attack since LSB has a minimal effect on the model accuracy, and
as a result, the user will not notice it. Since there are endless ways to hide
the attacks, we focus on a zero-trust prevention strategy based on AI model
attack disarm and reconstruction. We proposed three types of model
steganography weight disarm defense mechanisms. The first two are based on
random bit substitution noise, and the other on model weight quantization. We
demonstrate a 100\% prevention rate while the methods introduce a minimal
decrease in model accuracy based on Qint8 and K-LRBP methods, which is an
essential factor for improving AI security
Detection and Mitigation of Steganographic Malware
A new attack trend concerns the use of some form of steganography and information hiding to make malware stealthier and able to elude many standard security mechanisms. Therefore, this Thesis addresses the detection and the mitigation of this class of threats. In particular, it considers malware implementing covert communications within network traffic or cloaking malicious payloads within digital images.
The first research contribution of this Thesis is in the detection of network covert channels. Unfortunately, the literature on the topic lacks of real traffic traces or attack samples to perform precise tests or security assessments. Thus, a propaedeutic research activity has been devoted to develop two ad-hoc tools. The first allows to create covert channels targeting the IPv6 protocol by eavesdropping flows, whereas the second allows to embed secret data within arbitrary traffic traces that can be replayed to perform investigations in realistic conditions. This Thesis then starts with a security assessment concerning the impact of hidden network communications in production-quality scenarios. Results have been obtained by considering channels cloaking data in the most popular protocols (e.g., TLS, IPv4/v6, and ICMPv4/v6) and showcased that de-facto standard intrusion detection systems and firewalls (i.e., Snort, Suricata, and Zeek) are unable to spot this class of hazards.
Since malware can conceal information (e.g., commands and configuration files) in almost every protocol, traffic feature or network element, configuring or adapting pre-existent security solutions could be not straightforward. Moreover, inspecting multiple protocols, fields or conversations at the same time could lead to performance issues.
Thus, a major effort has been devoted to develop a suite based on the extended Berkeley Packet Filter (eBPF) to gain visibility over different network protocols/components and to efficiently collect various performance indicators or statistics by using a unique technology. This part of research allowed to spot the presence of network covert channels targeting the header of the IPv6 protocol or the inter-packet time of generic network conversations. In addition, the approach based on eBPF turned out to be very flexible and also allowed to reveal hidden data transfers between two processes co-located within the same host. Another important contribution of this part of the Thesis concerns the deployment of the suite in realistic scenarios and its comparison with other similar tools. Specifically, a thorough performance evaluation demonstrated that eBPF can be used to inspect traffic and reveal the presence of covert communications also when in the presence of high loads, e.g., it can sustain rates up to 3 Gbit/s with commodity hardware. To further address the problem of revealing network covert channels in realistic environments, this Thesis also investigates malware targeting traffic generated by Internet of Things devices. In this case, an incremental ensemble of autoencoders has been considered to face the ''unknown'' location of the hidden data generated by a threat covertly exchanging commands towards a remote attacker.
The second research contribution of this Thesis is in the detection of malicious payloads hidden within digital images. In fact, the majority of real-world malware exploits hiding methods based on Least Significant Bit steganography and some of its variants, such as the Invoke-PSImage mechanism. Therefore, a relevant amount of research has been done to detect the presence of hidden data and classify the payload (e.g., malicious PowerShell scripts or PHP fragments). To this aim, mechanisms leveraging Deep Neural Networks (DNNs) proved to be flexible and effective since they can learn by combining raw low-level data and can be updated or retrained to consider unseen payloads or images with different features. To take into account realistic threat models, this Thesis studies malware targeting different types of images (i.e., favicons and icons) and various payloads (e.g., URLs and Ethereum addresses, as well as webshells). Obtained results showcased that DNNs can be considered a valid tool for spotting the presence of hidden contents since their detection accuracy is always above 90% also when facing ''elusion'' mechanisms such as basic obfuscation techniques or alternative encoding schemes.
Lastly, when detection or classification are not possible (e.g., due to resource constraints), approaches enforcing ''sanitization'' can be applied. Thus, this Thesis also considers autoencoders able to disrupt hidden malicious contents without degrading the quality of the image
Pokročilé metody detekce steganografického obsahu
Steganography can be used for illegal activities. It is essential to be prepared. To detect steganography images, we have a counter-technique known as steganalysis. There are different steganalysis types, depending on if the original artifact (cover work) is known or not, or we know which algorithm was used for embedding. In terms of practical use, the most important are “blind steganalysis” methods that can be applied to image files because we do not have the original cover work for comparison. This philosophiæ doctor thesis describes the methodology to the issues of image steganalysis.In this work, it is crucial to understand the behavior of the targeted steganography algorithm. Then we can use it is weaknesses to increase the detection capability and success of categorization. We are primarily focusing on breaking the steganography algorithm OutGuess2.0. and secondary on breaking the F5 algorithm. We are analyzing the detector's ability, which utilizes a calibration process, blockiness calculation, and shallow neural network, to detect the presence of steganography message in the suspected image. The new approach and results are discussed in this Ph.D. thesis.Steganografie může být využita k nelegálním aktivitám. Proto je velmi důležité být připraven. K detekci steganografického obrázku máme k dispozici techniku známou jako stegoanalýza. Existují různé typy stegoanalýzy v závislosti na tom, zda je znám originální nosič nebo zdali víme, jaký byl použit algoritmus pro vložení tajné zprávy. Z hlediska praktického použití jsou nejdůležitější metody "slepé stagoanalýzy", které zle aplikovat na obrazové soubory a jelikož nemáme originální nosič pro srovnání. Tato doktorská práce popisuje metodologii obrazové stegoanalýzy. V této práci je důležité porozumět chování cíleného steganografického algoritmu. Pak můžeme využít jeho slabiny ke zvýšení detekční schopnosti a úspěšnosti kategorizace. Primárně se zaměřujeme na prolomení steganografického algoritmu OutGuess2.0 a sekundárně na algoritmus F5. Analyzujeme schopnost detektoru, který využívá proces kalibrace, výpočtu shlukování a mělkou neuronovou síť k detekci přítomnosti steganografické zprávy na podezřelém snímku. Nový přístup a výsledky jsou sepsány v této doktorské práci.460 - Katedra informatikyvyhově
Multimedia Forensics
This book is open access. Media forensics has never been more relevant to societal life. Not only media content represents an ever-increasing share of the data traveling on the net and the preferred communications means for most users, it has also become integral part of most innovative applications in the digital information ecosystem that serves various sectors of society, from the entertainment, to journalism, to politics. Undoubtedly, the advances in deep learning and computational imaging contributed significantly to this outcome. The underlying technologies that drive this trend, however, also pose a profound challenge in establishing trust in what we see, hear, and read, and make media content the preferred target of malicious attacks. In this new threat landscape powered by innovative imaging technologies and sophisticated tools, based on autoencoders and generative adversarial networks, this book fills an important gap. It presents a comprehensive review of state-of-the-art forensics capabilities that relate to media attribution, integrity and authenticity verification, and counter forensics. Its content is developed to provide practitioners, researchers, photo and video enthusiasts, and students a holistic view of the field
An Efficient Light-weight LSB steganography with Deep learning Steganalysis
Active research is going on to securely transmit a secret message or
so-called steganography by using data-hiding techniques in digital images.
After assessing the state-of-the-art research work, we found, most of the
existing solutions are not promising and are ineffective against machine
learning-based steganalysis. In this paper, a lightweight steganography scheme
is presented through graphical key embedding and obfuscation of data through
encryption. By keeping a mindset of industrial applicability, to show the
effectiveness of the proposed scheme, we emphasized mainly deep learning-based
steganalysis. The proposed steganography algorithm containing two schemes
withstands not only statistical pattern recognizers but also machine learning
steganalysis through feature extraction using a well-known pre-trained deep
learning network Xception. We provided a detailed protocol of the algorithm for
different scenarios and implementation details. Furthermore, different
performance metrics are also evaluated with statistical and machine learning
performance analysis. The results were quite impressive with respect to the
state of the arts. We received 2.55% accuracy through statistical steganalysis
and machine learning steganalysis gave maximum of 49.93~50% correctly
classified instances in good condition.Comment: Accepted pape
Data Hiding and Its Applications
Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others
A scenario CTF-based approach in cybersecurity education for secondary school students
Cybersecurity education topics require technical understanding. However, it is a challenging task for any teacher to introduce topics to students who have no technical background. Recently, the concept of gamification has been implemented as a tool to inculcate student’s interest using a variety of popular in-games techniques and applying them to educational modules. Extending from this notion, it was found that Capture the Flag (CTF) competition style is a successful way of introducing students to various technical concepts in the standard computer science curriculum. During the 2019 school holiday, a CTF for secondary school students was run at Universiti Tenaga Nasional (UNITEN) with the primary goal of introducing secondary school students to various cybersecurity topics and also to inculcate their interest in cybersecurity. The method that we used is different from other CTF or similar events, in which we use a scenario-based approach. We found that this method attracts participants in solving each challenge in a competitive environment
Entropy in Image Analysis II
Image analysis is a fundamental task for any application where extracting information from images is required. The analysis requires highly sophisticated numerical and analytical methods, particularly for those applications in medicine, security, and other fields where the results of the processing consist of data of vital importance. This fact is evident from all the articles composing the Special Issue "Entropy in Image Analysis II", in which the authors used widely tested methods to verify their results. In the process of reading the present volume, the reader will appreciate the richness of their methods and applications, in particular for medical imaging and image security, and a remarkable cross-fertilization among the proposed research areas
An approach for text steganography based on Markov Chains
A text steganography method based on Markov chains is introduced, together with a reference implementation. This method allows for information hiding in texts that are automatically generated following a given Markov model. Other Markov - based systems of this kind rely on big simpli cations of the language model to work, which produces less natural looking and more easily detectable texts. The method described here is designed to generate texts within a good approximation of the original language model provided.Sociedad Argentina de Informática e Investigación Operativ
Smart campuses : extensive review of the last decade of research and current challenges
Novel intelligent systems to assist energy transition and improve sustainability can be deployed at different scales, ranging from a house to an entire region. University campuses are an interesting intermediate size (big enough to matter and small enough to be tractable) for research, development, test and training on the integration of smartness at all levels, which has led to the emergence of the concept of “smart campus” over the last few years. This review article proposes an extensive analysis of the scientific literature on smart campuses from the last decade (2010-2020). The 182 selected publications are distributed into seven categories of smartness: smart building, smart environment, smart mobility, smart living, smart people, smart governance and smart data. The main open questions and challenges regarding smart campuses are presented at the end of the review and deal with sustainability and energy transition, acceptability and ethics, learning models, open data policies and interoperability. The present work was carried out within the framework of the Energy Network of the Regional Leaders Summit (RLS-Energy) as part of its multilateral research efforts on smart region
- …