Adversarial Detection of Flash Malware: Limitations and Open Issues

During the past four years, Flash malware has become one of the most insidious threats to detect, with almost 600 critical vulnerabilities targeting Adobe Flash disclosed in the wild. Research has shown that machine learning can be successfully used to detect Flash malware by leveraging static analysis to extract information from the structure of the file or its bytecode. However, the robustness of Flash malware detectors against well-crafted evasion attempts - also known as adversarial examples - has never been investigated. In this paper, we propose a security evaluation of a novel, representative Flash detector that embeds a combination of the prominent, static features employed by state-of-the-art tools. In particular, we discuss how to craft adversarial Flash malware examples, showing that it suffices to manipulate the corresponding source malware samples slightly to evade detection. We then empirically demonstrate that popular defense techniques proposed to mitigate evasion attempts, including re-training on adversarial examples, may not always be sufficient to ensure robustness. We argue that this occurs when the feature vectors extracted from adversarial examples become indistinguishable from those of benign data, meaning that the given feature representation is intrinsically vulnerable. In this respect, we are the first to formally define and quantitatively characterize this vulnerability, highlighting when an attack can be countered by solely improving the security of the learning algorithm, or when it requires also considering additional features. We conclude the paper by suggesting alternative research directions to improve the security of learning-based Flash malware detectors

Flash-based security primitives: Evolution, challenges and future directions

Over the last two decades, hardware security has gained increasing attention in academia and industry. Flash memory has been given a spotlight in recent years, with the question of whether or not it can prove useful in a security role. Because of inherent process variation in the characteristics of flash memory modules, they can provide a unique fingerprint for a device and have thus been proposed as locations for hardware security primitives. These primitives include physical unclonable functions (PUFs), true random number generators (TRNGs), and integrated circuit (IC) counterfeit detection. In this paper, we evaluate the efficacy of flash memory-based security primitives and categorize them based on the process variations they exploit, as well as other features. We also compare and evaluate flash-based security primitives in order to identify drawbacks and essential design considerations. Finally, we describe new directions, challenges of research, and possible security vulnerabilities for flash-based security primitives that we believe would benefit from further exploration

Between Worlds: Securing Mixed JavaScript/ActionScript Multi-Party Web Content

Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of dynamic features unique to each platform has popularized it for myriad Web development projects. Although Flash and JavaScript security has been examined extensively, the security of untrusted content that combines both has received considerably less attention. This article considers this fusion in detail, outlining several practical scenarios that threaten the security of Web applications. The severity of these attacks warrants the development of new techniques that address the security of Flash-JavaScript content considered as a whole, in contrast to prior solutions that have examined Flash or JavaScript security individually. Toward this end, the article presents FlashJaX, a cross-platform solution that enforces fine-grained, history-based policies that span both Flash and JavaScript. Using in-lined reference monitoring, FlashJaX safely embeds untrusted JavaScript and Flash content in Web pages without modifying browser clients or using special plug-ins. The architecture of FlashJaX, its design and implementation, and a detailed security analysis are exposited. Experiments with advertisements from popular ad networks demonstrate that FlashJaX is transparent to policy-compliant advertisement content, yet blocks many common attack vectors that exploit the fusion of these Web platforms

Complete Security Package for USB Thumb Drive

This paper is devoted to design and implement a complete security platform for USB flash disks due to the popularity of this device in exchanging data, it is a complete system security solution as it concerns the thumb drive due to the manipulation of I/O operation not the file system.  USB flash disks have been the major threat for computer system beside the internet threats where viruses can spread from computer to computer or from computer to network. USB complete security system presented by this paper is composed of three essential elements: kernel filter driver which will be installed in USB device driver stack to intercept all exchanged packets and send it to encryption unit, kernel level encryption/decryption unit and configuration unit. In contrary to most USB security modules the system presented by this paper will store only the round number of the key generator with the encrypted data. Round number will be coded using MD5 algorithm to increase the immunity of attacking data stored in the flash disks. Keywords: USB protection, kernel driver, device stack, encryption/decryption, filter driver, MD5.

Distinguishing DDoS attacks from flash crowds using probability metrics

Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash crowds effectively, and our simulations show that the proposed methods work well. In particular, these mathods can not only distinguish DDoS attacks from Flash crowds clearly, but also can distinguish the anomaly flow being DDoS attacks flow or being Flash crowd flow from Normal network flow effectively. Furthermore, we show our proposed hybrid probability metrics can greatly reduce both false positive and false negative rates in detection.<br /

Perceptions About Data Security For Portable Storage Devices

The importance of securing data and information is a critical issue in todays world. These are no longer stored on a central system that is easy to protect and secure. Now everyone carries around small storage devices, which make guaranteeing that the information is guarded is much more complex and uncertain. This paper builds on the previous research of Knott &amp; Steubes in the paper Encryption and Portable Data Storage, to be published in the Spring of 2011. In the previous work we identified the potential security issues that arise from using a portable storage device such as a USB flash drive. TrueCrypt software was introduced as an option that allows users to encrypt and hide data. The TrueCrypt software, which is publically available, is particularly useful for safeguarding data on USB flash drives that are easily compromised. A survey of undergraduate students was administered which focused on their practices and attitudes about security. It was found that there were strong associations between the use of flash drives, security, and the use of passwords

Encryption And Portable Data Storage

The protection of data is key issue in todays world. The wide of availability and use of portable technologies such as USB flash has increased concern about securing the data resides on these devices. Because USB flash drives are small, relatively inexpensive, and easy to use, the security of the information stored on these thumb drives is on-going concern. A number of approaches to safeguarding the information stored on these drives are available. This paper examines one approach to this goal through the use of encryption. This method encrypts all the data on the drive. In addition the fact the data on the drive is encrypted is not visually obvious when viewing the contents of the disk. The proposed approach uses publically available and free encryption algorithms. A user password is needed to view and access the data that has been encrypted. The proposed methodology is quick and easy to use. Individuals who routinely carry around their USB drives need to be able to decrypt and encrypt the device quickly and conveniently. Furthermore, if the device is lost, it is still possible with the method advocated in this paper to include information about how to return the device to the owner without compromising the secured data on the drive. Without encrypting the data on portable drives, the user risks the disclosure of information. This paper argues that portable storage should be secured and suggests a way to secure the data through password and encryption that further enhances the usability and flexibility of the USB flash drive. The paper includes the results and analysis of an undergraduate student survey that determined what habits and practices they followed with respect to securing their personal data and files. Some of the questions included in the analysis are the following:Do you encrypt your USB flash drive?Do you use any type of security for your USB flash drive?How important do you think security is for a flash drive? (A Likert scale)Do you use passwords to protect your USB flash drive?Do you backup your work?Do you think it is important to use security when using a USB flash drive?The findings of the survey help to understand the perspective of todays students and how to address the critical need to secure their information and data files with them