66 research outputs found

    Disarming Steganography Attacks Inside Neural Network Models

    Full text link
    Similar to the revolution of open source code sharing, Artificial Intelligence (AI) model sharing is gaining increased popularity. However, the fast adaptation in the industry, lack of awareness, and ability to exploit the models make them significant attack vectors. By embedding malware in neurons, the malware can be delivered covertly, with minor or no impact on the neural network's performance. The covert attack will use the Least Significant Bits (LSB) weight attack since LSB has a minimal effect on the model accuracy, and as a result, the user will not notice it. Since there are endless ways to hide the attacks, we focus on a zero-trust prevention strategy based on AI model attack disarm and reconstruction. We proposed three types of model steganography weight disarm defense mechanisms. The first two are based on random bit substitution noise, and the other on model weight quantization. We demonstrate a 100\% prevention rate while the methods introduce a minimal decrease in model accuracy based on Qint8 and K-LRBP methods, which is an essential factor for improving AI security

    Detection and Mitigation of Steganographic Malware

    Get PDF
    A new attack trend concerns the use of some form of steganography and information hiding to make malware stealthier and able to elude many standard security mechanisms. Therefore, this Thesis addresses the detection and the mitigation of this class of threats. In particular, it considers malware implementing covert communications within network traffic or cloaking malicious payloads within digital images. The first research contribution of this Thesis is in the detection of network covert channels. Unfortunately, the literature on the topic lacks of real traffic traces or attack samples to perform precise tests or security assessments. Thus, a propaedeutic research activity has been devoted to develop two ad-hoc tools. The first allows to create covert channels targeting the IPv6 protocol by eavesdropping flows, whereas the second allows to embed secret data within arbitrary traffic traces that can be replayed to perform investigations in realistic conditions. This Thesis then starts with a security assessment concerning the impact of hidden network communications in production-quality scenarios. Results have been obtained by considering channels cloaking data in the most popular protocols (e.g., TLS, IPv4/v6, and ICMPv4/v6) and showcased that de-facto standard intrusion detection systems and firewalls (i.e., Snort, Suricata, and Zeek) are unable to spot this class of hazards. Since malware can conceal information (e.g., commands and configuration files) in almost every protocol, traffic feature or network element, configuring or adapting pre-existent security solutions could be not straightforward. Moreover, inspecting multiple protocols, fields or conversations at the same time could lead to performance issues. Thus, a major effort has been devoted to develop a suite based on the extended Berkeley Packet Filter (eBPF) to gain visibility over different network protocols/components and to efficiently collect various performance indicators or statistics by using a unique technology. This part of research allowed to spot the presence of network covert channels targeting the header of the IPv6 protocol or the inter-packet time of generic network conversations. In addition, the approach based on eBPF turned out to be very flexible and also allowed to reveal hidden data transfers between two processes co-located within the same host. Another important contribution of this part of the Thesis concerns the deployment of the suite in realistic scenarios and its comparison with other similar tools. Specifically, a thorough performance evaluation demonstrated that eBPF can be used to inspect traffic and reveal the presence of covert communications also when in the presence of high loads, e.g., it can sustain rates up to 3 Gbit/s with commodity hardware. To further address the problem of revealing network covert channels in realistic environments, this Thesis also investigates malware targeting traffic generated by Internet of Things devices. In this case, an incremental ensemble of autoencoders has been considered to face the ''unknown'' location of the hidden data generated by a threat covertly exchanging commands towards a remote attacker. The second research contribution of this Thesis is in the detection of malicious payloads hidden within digital images. In fact, the majority of real-world malware exploits hiding methods based on Least Significant Bit steganography and some of its variants, such as the Invoke-PSImage mechanism. Therefore, a relevant amount of research has been done to detect the presence of hidden data and classify the payload (e.g., malicious PowerShell scripts or PHP fragments). To this aim, mechanisms leveraging Deep Neural Networks (DNNs) proved to be flexible and effective since they can learn by combining raw low-level data and can be updated or retrained to consider unseen payloads or images with different features. To take into account realistic threat models, this Thesis studies malware targeting different types of images (i.e., favicons and icons) and various payloads (e.g., URLs and Ethereum addresses, as well as webshells). Obtained results showcased that DNNs can be considered a valid tool for spotting the presence of hidden contents since their detection accuracy is always above 90% also when facing ''elusion'' mechanisms such as basic obfuscation techniques or alternative encoding schemes. Lastly, when detection or classification are not possible (e.g., due to resource constraints), approaches enforcing ''sanitization'' can be applied. Thus, this Thesis also considers autoencoders able to disrupt hidden malicious contents without degrading the quality of the image

    Pokročilé metody detekce steganografického obsahu

    Get PDF
    Steganography can be used for illegal activities. It is essential to be prepared. To detect steganography images, we have a counter-technique known as steganalysis. There are different steganalysis types, depending on if the original artifact (cover work) is known or not, or we know which algorithm was used for embedding. In terms of practical use, the most important are “blind steganalysis” methods that can be applied to image files because we do not have the original cover work for comparison. This philosophiæ doctor thesis describes the methodology to the issues of image steganalysis.In this work, it is crucial to understand the behavior of the targeted steganography algorithm. Then we can use it is weaknesses to increase the detection capability and success of categorization. We are primarily focusing on breaking the steganography algorithm OutGuess2.0. and secondary on breaking the F5 algorithm. We are analyzing the detector's ability, which utilizes a calibration process, blockiness calculation, and shallow neural network, to detect the presence of steganography message in the suspected image. The new approach and results are discussed in this Ph.D. thesis.Steganografie může být využita k nelegálním aktivitám. Proto je velmi důležité být připraven. K detekci steganografického obrázku máme k dispozici techniku známou jako stegoanalýza. Existují různé typy stegoanalýzy v závislosti na tom, zda je znám originální nosič nebo zdali víme, jaký byl použit algoritmus pro vložení tajné zprávy. Z hlediska praktického použití jsou nejdůležitější metody "slepé stagoanalýzy", které zle aplikovat na obrazové soubory a jelikož nemáme originální nosič pro srovnání. Tato doktorská práce popisuje metodologii obrazové stegoanalýzy. V této práci je důležité porozumět chování cíleného steganografického algoritmu. Pak můžeme využít jeho slabiny ke zvýšení detekční schopnosti a úspěšnosti kategorizace. Primárně se zaměřujeme na prolomení steganografického algoritmu OutGuess2.0 a sekundárně na algoritmus F5. Analyzujeme schopnost detektoru, který využívá proces kalibrace, výpočtu shlukování a mělkou neuronovou síť k detekci přítomnosti steganografické zprávy na podezřelém snímku. Nový přístup a výsledky jsou sepsány v této doktorské práci.460 - Katedra informatikyvyhově

    Multimedia Forensics

    Get PDF
    This book is open access. Media forensics has never been more relevant to societal life. Not only media content represents an ever-increasing share of the data traveling on the net and the preferred communications means for most users, it has also become integral part of most innovative applications in the digital information ecosystem that serves various sectors of society, from the entertainment, to journalism, to politics. Undoubtedly, the advances in deep learning and computational imaging contributed significantly to this outcome. The underlying technologies that drive this trend, however, also pose a profound challenge in establishing trust in what we see, hear, and read, and make media content the preferred target of malicious attacks. In this new threat landscape powered by innovative imaging technologies and sophisticated tools, based on autoencoders and generative adversarial networks, this book fills an important gap. It presents a comprehensive review of state-of-the-art forensics capabilities that relate to media attribution, integrity and authenticity verification, and counter forensics. Its content is developed to provide practitioners, researchers, photo and video enthusiasts, and students a holistic view of the field

    An Efficient Light-weight LSB steganography with Deep learning Steganalysis

    Full text link
    Active research is going on to securely transmit a secret message or so-called steganography by using data-hiding techniques in digital images. After assessing the state-of-the-art research work, we found, most of the existing solutions are not promising and are ineffective against machine learning-based steganalysis. In this paper, a lightweight steganography scheme is presented through graphical key embedding and obfuscation of data through encryption. By keeping a mindset of industrial applicability, to show the effectiveness of the proposed scheme, we emphasized mainly deep learning-based steganalysis. The proposed steganography algorithm containing two schemes withstands not only statistical pattern recognizers but also machine learning steganalysis through feature extraction using a well-known pre-trained deep learning network Xception. We provided a detailed protocol of the algorithm for different scenarios and implementation details. Furthermore, different performance metrics are also evaluated with statistical and machine learning performance analysis. The results were quite impressive with respect to the state of the arts. We received 2.55% accuracy through statistical steganalysis and machine learning steganalysis gave maximum of 49.93~50% correctly classified instances in good condition.Comment: Accepted pape

    Data Hiding and Its Applications

    Get PDF
    Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others

    A scenario CTF-based approach in cybersecurity education for secondary school students

    Get PDF
    Cybersecurity education topics require technical understanding. However, it is a challenging task for any teacher to introduce topics to students who have no technical background. Recently, the concept of gamification has been implemented as a tool to inculcate student’s interest using a variety of popular in-games techniques and applying them to educational modules. Extending from this notion, it was found that Capture the Flag (CTF) competition style is a successful way of introducing students to various technical concepts in the standard computer science curriculum. During the 2019 school holiday, a CTF for secondary school students was run at Universiti Tenaga Nasional (UNITEN) with the primary goal of introducing secondary school students to various cybersecurity topics and also to inculcate their interest in cybersecurity. The method that we used is different from other CTF or similar events, in which we use a scenario-based approach. We found that this method attracts participants in solving each challenge in a competitive environment

    Entropy in Image Analysis II

    Get PDF
    Image analysis is a fundamental task for any application where extracting information from images is required. The analysis requires highly sophisticated numerical and analytical methods, particularly for those applications in medicine, security, and other fields where the results of the processing consist of data of vital importance. This fact is evident from all the articles composing the Special Issue "Entropy in Image Analysis II", in which the authors used widely tested methods to verify their results. In the process of reading the present volume, the reader will appreciate the richness of their methods and applications, in particular for medical imaging and image security, and a remarkable cross-fertilization among the proposed research areas

    An approach for text steganography based on Markov Chains

    Get PDF
    A text steganography method based on Markov chains is introduced, together with a reference implementation. This method allows for information hiding in texts that are automatically generated following a given Markov model. Other Markov - based systems of this kind rely on big simpli cations of the language model to work, which produces less natural looking and more easily detectable texts. The method described here is designed to generate texts within a good approximation of the original language model provided.Sociedad Argentina de Informática e Investigación Operativ

    Smart campuses : extensive review of the last decade of research and current challenges

    Get PDF
    Novel intelligent systems to assist energy transition and improve sustainability can be deployed at different scales, ranging from a house to an entire region. University campuses are an interesting intermediate size (big enough to matter and small enough to be tractable) for research, development, test and training on the integration of smartness at all levels, which has led to the emergence of the concept of “smart campus” over the last few years. This review article proposes an extensive analysis of the scientific literature on smart campuses from the last decade (2010-2020). The 182 selected publications are distributed into seven categories of smartness: smart building, smart environment, smart mobility, smart living, smart people, smart governance and smart data. The main open questions and challenges regarding smart campuses are presented at the end of the review and deal with sustainability and energy transition, acceptability and ethics, learning models, open data policies and interoperability. The present work was carried out within the framework of the Energy Network of the Regional Leaders Summit (RLS-Energy) as part of its multilateral research efforts on smart region
    corecore