ICISSP 2022 Abstracts

Full Papers

Paper Nr:	6
Title:	”Fake News Detector”: An Automatic System for the Reliability Evaluation of Digital News
Authors:	Claudio Cilli, Giulio Magnanini, Lorenzo Manduca and Fabrizio Venettoni
Abstract:	Nowadays, information is taking on an increasingly central role in people’s lives. With the rise of internet, the amount of information has grown exponentially as the ease of publishing content of all types has increased. At the same time, however, the risks deriving from the lack of checks on the truthfulness of these have also increased. In fact, a ”Fake” information content can lead to serious reputational, economic or health damages. To overcome the problem of verification, several studies have been carried out, but none of them appears to have been the subject of a significant commercial implementation. In all the projects proposed so far there is a common thread, that is to act directly to the source of the news, examining, thanks to existing technologies, the possible truthfulness of the same. On the other hand, lacking a real involvement of the reader, these projects were not suitable to increase the awareness of the end user. This work implements a technological platform able to provide a reliability value of a digital news, thus measuring the level of impartiality of the author through the evaluation of a defined series of parameters.
Download

Paper Nr:	10
Title:	Network Intrusion Detection: A Comprehensive Analysis of CIC-IDS2017
Authors:	Arnaud Rosay, Eloïse Cheval, Florent Carlier and Pascal Leroux
Abstract:	With an ever increasing number of connected devices, network intrusion detection is more important than ever. Over the past few decades, several datasets were created to address this security issue. Analysis of older datasets, such as KDD-Cup99 and NSL-KDD, uncovered problems, paving the way for newer datasets that solved the identified issues. Among the recent datasets for network intrusion detection, CIC-IDS2017 is now widely used. It presents the advantage of being available as raw data and as flow-based features in CSV files. In this paper, we analyze this dataset in detail and report several problems we discovered in the flows extracted from the network packets. To address these issues, we propose a new feature extraction tool called LycoSTand, available as open source. We create LYCOS-IDS2017 dataset by extracting features from CIC-IDS2017 raw data files. The performance comparison between the original and the new datasets shows significant improvements for all machine learning algorithms we tested. Beyond the improvements on CIC- IDS2017, we discuss other datasets that are affected by the same problems and for which LycoSTand could be used to generate improved network intrusion detection datasets.
Download

Paper Nr:	12
Title:	Privacy-preserving Parallel Computation of Shortest Path Algorithms with Low Round Complexity
Authors:	Mohammad Anagreh, Peeter Laud and Eero Vainikko
Abstract:	Reducing the round complexity in secure multiparty computation (SMC) protocols is a worthy goal due to the latency of the network. The SIMD approach is considered an efficient strategy to reduce the round complexity of an SMC protocol. This paper studies the secure multiparty computation (SMC) protocol for the shortest path problem in sparse and dense graphs, building upon the breadth-first search algorithm. The sensitivity of operations in processing the algorithms led us to produce two different structural algorithms for computing the shortest path. We present state-of-the-art parallel privacy-preserving shortest path algorithms for weighted and unweighted graphs based on the breadth-first search. We have implemented the proposed algorithms on top of the Sharemind SMC protocol set and tested it for different graphs, dense and sparse, represented as the adjacency matrix.
Download

Paper Nr:	14
Title:	Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks
Authors:	Amir Naseredini, Stefan Gast, Martin Schwarzl, Pedro S. Bernardo, Amel Smajic, Claudio Canella, Martin Berger and Daniel Gruss
Abstract:	In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.
Download

Paper Nr:	15
Title:	Semantic Attack on Disassociated Transactions
Authors:	Asma AlShuhail and Jianhue Shao
Abstract:	Publishing data about individuals is a double-edged sword; it can provide a significant benefit for a range of organisations to help understand issues concerning individuals and improve services they offer. However, it can also represent a serious threat to individuals’ privacy. To deal with these threats, researchers have worked on anonymisation methods. One such method is disassociation which protects transaction data by dividing them into chunks to hide sensitive links between data items. However, this method does not take into consideration semantic relationships that may exist among data items, which can be exploited by attackers to expose protected data. In this paper, we propose a de-anonymisation approach to attacking transaction data anonymised by the disassociation method. Our approach attempts to re-associate disassociated transaction data by exploiting semantic relationships among data items, and our findings show that the disassociation method may not protect transaction data effectively: up to 60% of the disassociated items can be re-associated, thereby breaking the privacy of nearly 70% of protected itemsets in disassociated transactions.
Download

Paper Nr:	21
Title:	Implementing Post-quantum Cryptography for Developers
Authors:	Julius Hekkala, Kimmo Halunen and Visa Vallivaara
Abstract:	The possibility of a quantum computer threatens modern public key cryptography. Post-quantum cryptographic algorithms are designed to protect sensitive data and communications also against an attacker equipped with a quantum computer. National Institute of Standards and Technology is standardizing post-quantum algorithms that could replace currently used public key cryptographic algorithms in key exchange and digital signatures. Lattice-based cryptography is one of the post-quantum algorithm groups with the biggest potential. Cryptography libraries are used by developers in all kinds of different solutions, but currently the availability of post-quantum algorithms in open-source libraries is very limited. Implementing post-quantum algorithms into a software library involves a multitude of challenges. We integrated three lattice-based post-quantum algorithms into a fork of Crypto++, a C++ cryptography library. We analyzed challenges in the implementation process and the performance and security of the fork. Especially the complex mathematical ideas behind the algorithms make implementation difficult. The performance of the algorithms was satisfactory but analyzing the security of the implementation in more detail is needed.
Download

Paper Nr:	29
Title:	Security Issue Classification for Vulnerability Management with Semi-supervised Learning
Authors:	Emil Wåreus, Anton Duppils, Magnus Tullberg and Martin Hell
Abstract:	Open-Source Software (OSS) is increasingly common in industry software and enables developers to build better applications, at a higher pace, and with better security. These advantages also come with the cost of including vulnerabilities through these third-party libraries. The largest publicly available database of easily machine-readable vulnerabilities is the National Vulnerability Database (NVD). However, reporting to this database is a human-dependent process, and it fails to provide an acceptable coverage of all open source vulnerabilities. We propose the use of semi-supervised machine learning to classify issues as security-related to provide additional vulnerabilities in an automated pipeline. Our models, based on a Hierarchical Attention Network (HAN), outperform previously proposed models on our manually labelled test dataset, with an F1 score of 71%. Based on the results and the vast number of GitHub issues, our model potentially identifies about 191 036 security-related issues with prediction power over 80%.
Download

Paper Nr:	31
Title:	Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities
Authors:	Engla Rencelj Ling and Mathias Ekstedt
Abstract:	The metric Time-To-Compromise (TTC) can be used for estimating the time taken for an attacker to compromise a component or a system. The TTC helps to identify the most critical attacks, which is useful when allocating resources for strengthening the cyber security of a system. In this paper we describe our updated version of the original definition of TTC. The updated version is specifically developed for the Industrial Control Systems domain. The Industrial Control Systems are essential for our society since they are a big part of producing, for example, electricity and clean water. Therefore, it is crucial that we keep these systems secure from cyberattacks. We align the method of estimating the TTC to Industrial Control Systems by updating the original definition’s parameters and use a vulnerability dataset specific for the domain. The new definition is evaluated by comparing estimated Time-To-Compromise values for Industrial Control System attack scenarios to previous research results.
Download

Paper Nr:	33
Title:	Containment Strategy Formalism in a Probabilistic Threat Modelling Framework
Authors:	Per Fahlander, Mathias Ekstedt, Preetam Mukherjee and Ashish K. Dwivedi
Abstract:	Foreseeing, mitigating and preventing cyber-attacks is more important than ever before. Advances in the field of probabilistic threat modelling can help organisations understand their own resilience profile against cyber-attacks. Previous research has proposed MAL, a meta language for capturing the attack logic of a considered domain and running attack simulations in a model that depicts the defended IT-infrastructure. While this modality is already somewhat established for proposing general threat mitigation actions, less is known about how to model containment strategies in the event that penetration already has occurred. The problem is a fundamental gap between predominant threat models in cyber-security research and containment in the incident response lifecycle. This paper presents a solution to the problem by summarizing a methodology for reasoning about containment strategies in MAL-based threat models.
Download

Paper Nr:	34
Title:	Culturally-sensitive Cybersecurity Awareness Program Design for Iranian High-school Students
Authors:	Rooya Karimnia, Kaie Maennel and Mahtab Shahin
Abstract:	Many of our daily activities are performed online, which calls for everyone to learn more about cybersecurity. Designing a culturally-sensitive cybersecurity awareness course is essential to “speak” to training audiences with different cultural backgrounds and technology. We analyse the current cybersecurity awareness level of high-school students in Iran, Hormozgan, based on a survey of 616 responses. We develop an awareness program for 16 to 18-year-old students using the culturally-sensitive ADDIE model. We implement the program and evaluate its effectiveness by pre-and post-test methods. We also evaluate whether cultural aspects of Intention, Interaction, and Introspection are practical and sufficient in designing a cultural dimension to a cybersecurity awareness program. The key findings of the analysis show low cyber hygiene knowledge levels, excessive use of VPNs and that lectures are a preferred learning method. Based on practical application, we conclude that the ADDIE model with cultural embrace provides a means of incorporating culture into cybersecurity education. However, from a practical implementation perspective, the guidance is relatively high-level and would need further tailoring to focus on relevant aspects for cybersecurity training (e.g., technology use). The pre-and post-test results of a pilot session show increase in overall knowledge on selected cybersecurity topics.
Download

Paper Nr:	57
Title:	Analysis and Enhancement of Self-sovereign Identity System Properties Compiling Standards and Regulations
Authors:	Charnon Pattiyanon and Toshiaki Aoki
Abstract:	A self-sovereign identity (SSI) system represents a paradigm shift in identity management by leveraging the decentralization inherent in blockchain technology. The fundamental characteristics of the SSI system are constrained by a set of guiding principles and system properties. While knowledgeable scholars and practitioners have proposed such principles and properties, they have not yet been standardized. The SSI community has agreed upon and adheres to the existing proposals when implementing the SSI system. Additionally, the SSI system is used to manage personally identifiable information (PII), and compliance with certain standards and regulations is required. We discovered that while the current proposals do correspond to some extent to those documents, they cannot be characterized as explicitly compliant. We evaluate several well-known standards and regulations as credible sources in this work and compare them to the definitions in current proposals in order to identify inconsistencies. Then, we propose a list of SSI system properties that could be used to improve the security and privacy of the SSI system by addressing the inconsistencies discovered. We assess its applicability in real-world scenarios and its appropriateness from an expert’s perspective. The proposed properties yield meaningful results that may resolve the inconsistencies.
Download

Paper Nr:	60
Title:	Public Key Compression and Fast Polynomial Multiplication for NTRU using the Corrected Hybridized NTT-Karatsuba Method
Authors:	Rohon Kundu, Alessandro de Piccoli and Andrea Visconti
Abstract:	NTRU is a lattice-based public-key cryptosystem that has been selected as one of the Round III finalists at the NIST Post-Quantum Cryptography Standardization. Compressing the key sizes to increase efficiency has been a long-standing open question for lattice-based cryptosystems. In this paper we provide a solution to three seemingly opposite demands for NTRU cryptosystem: compress the key size, increase the security level, optimize performance by implementing fast polynomial multiplications. We consider a specific variant of NTRU known as NTRU-NTT. To perform polynomial optimization, we make use of the Number-Theoretic Transformation (NTT) and hybridize it with the Karatsuba Algorithm. Previous work done in providing 2-part Hybridized NTT-Karatsuba Algorithm contained some operational errors in the product expression, which have been detected in this paper. Further, we conjectured the corrected expression and gave a detailed mathematical proof of correctness. In this paper, for the first time, we optimize NTRU-NTT using the corrected Hybridized NTT-Karatsuba Algorithm. The significance of compressing the value of the prime modulus q lies with decreasing the key sizes. We achieve a 128-bit post-quantum security level for a modulus value of 83,969 which is smaller than the previously known modulus value of 1,061,093,377, while keeping n constant at 2048.
Download

Paper Nr:	62
Title:	Intent-aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps
Authors:	Md R. Rahman, Elizabeth Miller, Moinul Hossain and Aisha Ali-Gombe
Abstract:	As data privacy continues to be a crucial human-right concern as recognized by the UN, regulatory agencies have demanded developers obtain user permission before accessing user-sensitive data. Mainly through the use of privacy policies statements, developers fulfill their legal requirements to keep users abreast of the requests for their data. In addition, platforms such as Android enforces explicit permission request using the permission model. Nonetheless, recent research has shown that service providers hardly make full disclosure when requesting data in these statements. Neither is the current permission model designed to provide adequate informed consent. Often users have no clear understanding of the reason and scope of usage of the data request. This paper proposes an unambiguous, informed consent process that provides developers with a standardized method for declaring Intent. Our proposed Intent-aware permission architecture extends the current Android permission model with a precise mechanism for full disclosure of purpose and scope limitation. The design of which is based on an ontology study of data requests purposes. The overarching objective of this model is to ensure end-users are adequately informed before making decisions on their data. Additionally, this model has the potential to improve trust between end-users and developers.
Download

Paper Nr:	75
Title:	A Fast and Cost-effective Design for FPGA-based Fuzzy Rainbow Tradeoffs
Authors:	Leonardo Veronese, Francesco Palmarini, Riccardo Focardi and Flaminia L. Luccio
Abstract:	Time/memory tradeoffs are general techniques used in cryptanalysis that aim at reducing the computational effort in exchange for a higher memory usage. Among these techniques, one of the most modern algorithms is the fuzzy-rainbow tradeoff, which has notably been used in 2010 to attack the GSM A5/1 cipher. Most of the existing analyses of tradeoff algorithms only take into account the main-memory model, which does not reflect the hierarchical (external) storage model of real world systems. Moreover, to the best of our knowledge, there are no publicly available implementations or designs that show the performance level that can be achieved with modern off-the-shelf hardware. In this paper, we propose a reference hardware and software design for the cryptanalysis of ciphers and one-way functions based on FPGAs, SSDs and the fuzzy rainbow tradeoff algorithm. We evaluate the performance of our design by extending an existing analytical model to account for the actual storage hierarchy, and we estimate an attack time for DES and A5/1 ciphers of less than one second, demonstrating that these ciphers can be cracked in real-time with a budget under 6000e.
Download

Paper Nr:	76
Title:	Detecting Obfuscated Malware using Memory Feature Engineering
Authors:	Tristan Carrier, Princy Victor, Ali Tekeoglu and Arash H. Lashkari
Abstract:	Memory analysis is critical in detecting malicious processes as it can capture various characteristics and behaviors. However, while there is much research in the field, there are also some significant obstacles in malware detection, such as detection rate and advanced malware obfuscation. As advanced malware uses obfuscation and other techniques to stay hidden from the detection methods, there is a strong need for an efficient framework that focuses on detecting obfuscation and hidden malware. In this research, the advancement of the VolMemLyzer, as one of the most updated memory feature extractors for learning systems, has been extended to focus on hidden and obfuscated malware used with a stacked ensemble machine learning model to create a framework for efficiently detecting malware. Also, a specific malware memory dataset (MalMemAnalysis-2022) was created to test and evaluate this framework, focusing on simulating real-world obfuscated malware as close as possible. The results show that the proposed solution can detect obfuscated and hidden malware using memory feature engineering extremely fast with an Accuracy and F1-Score of 99.00% and 99.02%, respectively.
Download

Paper Nr:	86
Title:	Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning
Authors:	Héloíse Maurel, Santiago Vidal and Tamara Rezk
Abstract:	Cross-site Scripting (XSS) is one of the most common and impactful software vulnerabilities (ranked second in the CWE ’s top 25 in 2021). Several approaches have focused on automatically detecting software vulnerabilities through machine learning models. To build a model, it is necessary to have a dataset of vulnerable and non-vulnerable examples and to represent the source code in a computer understandable way. In this work, we explore the impact of predicting XSS using representations based on single-tier and multi-tier languages. We built 144 models trained on Javascript-based multitier code - i.e. which includes server code and HTML, Javascript and CSS as client code - and 144 models trained on single-tier code, which include sever code and client-side code as text. Despite the lower precision, our results show a better recall with multitier languages than a single-tier language, implying an insignificant impact on XSS detectors based on deep learning.
Download

Paper Nr:	89
Title:	Differential-linear Attacks on Permutation Ciphers Revisited: Experiments on Ascon and DryGASCON
Authors:	Aslí Başak Civek and Cihangir Tezcan
Abstract:	Ascon and DryGASCON are very similar designs that were submitted to NIST’s lightweight cryptography standardization process. While Ascon made it to the finals, DryGASCON was eliminated in the second round. We analyze these algorithms against truncated, linear and differential-linear distinguishers to compare their security. We correct 2, 3, 3.5-round truncated differentials and 5-round differential-linear distinguishers that were given for DryGASCON-128. Moreover, we provide the longest practical differential-linear distinguisher of DryGASCON-128. Finally, we compare the security of Ascon-128 and DryGASCON-128 against differential-linear cryptanalysis.
Download

Paper Nr:	92
Title:	On Tracking Ransomware on the File System
Authors:	Luigi Catuogno and Clemente Galdi
Abstract:	Ransomware detection is gaining growing importance in the scientific literature because of widespread and economic impact of this type of malware. A successful ransomware detection system must identify a malicious behaviour as soon as possible while reducing false positive detection. To this end, different strategies have been explored. Recently, a promising approach has risen. It consists in looking for possible running ransomware by measuring the different activities every process does on the filesystem. Such measurements are represented with quantitative “indicators”. Indicators selection and their interpretation, is a critical and challenging task. In this paper we survey some of most representative file-system centered ransomware detectors and describe their chosen behavioural indicators and strategies used to measure them. Then we compare the different solutions and discuss pros, cons and open issues of every approach.
Download

Paper Nr:	93
Title:	SecTL: Secure and Verifiable Transfer Learning-based inference
Authors:	Abbass Madi, Oana Stan, Renaud Sirdey and Cédric Gouy-Pailler
Abstract:	This paper investigates the possibility of realizing complex machine learning tasks over encrypted inputs with guaranteed integrity. Our approach combines Fully Homomorphic Encryption (FHE) and Verifiable Computing (VC) to achieve these properties. To workaround the practical difficulties when using these techniques - high computational cost for FHE and limited expressivity for VC, we leverage on transfer learning as a mean to (legitimately) decrease the footprint of encrypted domain calculations without jeopardizing the target security properties. In that sense, our approach demonstrates that scaling confidential and verifiable encrypted domain calculations to complex machine learning functions does not necessarily require scaling these techniques to the evaluation of large models. We furthermore demonstrate the practicality of our approach on an image classification task.
Download

Paper Nr:	97
Title:	TEEm: A Tangle-based Elastic Emulator for Storing Connected Vehicle Data in a Distributed Ledger Technology
Authors:	David Werden, Matthew Muccioli and Anyi Liu
Abstract:	This paper describes TEEm, a Cyber-Physical test-bed that emulates the data exchange of in-vehicle network communication between multiple vehicles. In particular, TEEm leverages the Distributed Ledger Technology (DLT) as the fundamental technology for data storage and exchange. TEEm uses a private Tangle instance and is extensible, thus we refer to this testing environment as the Tangle-based Elastic Emulator, or TEEm. To mimic realistic in-vehicle network traffic, we use both hardware emulation as well as software containers to replicate vehicles with Electronic Control Units (ECUs). TEEm seamlessly pushes in-vehicle network traffic to an IOTA private Tangle Hornet. Our implementation and evaluation demonstrate the feasibility of applying the DLT in building the shared storage, authenticating vehicles, and effectively retrieving a wide range of data generated by ECUs and other in-vehicle sensors. TEEm holds a great potential to coordinate with other emerging technology, such as Deep Learning and Edge Computing.
Download

Paper Nr:	101
Title:	Game Theoretic Analysis of Ransomware: A Preliminary Study
Authors:	Rudra P. Baksi and Shambhu Upadhyaya
Abstract:	Ransomware attacks have been frequent and wreaking havoc of the kind never seen before. This paper presents an analysis of a basic type of ransomware. When faced with a ransomware attack, the victim needs to address a question whether to pay or not to pay the ransom. In this regard, we develop a game-theoretic model to analyze the attack landscape and to determine under what conditions the defender is in a position of advantage to successfully neutralize the attack. In this preliminary analysis, we develop strategies which would help the victim to make an informed decision. We put forward two parameters that help the defender make an informed decision in the face of an attack. We perform a sensitivity analysis to show how the variation of the parameters affect the outcomes of the attacker and the defender and thereby affecting the equilibrium strategies. We then discuss how the outcome of the model can help defenders to come up with an effective defense mechanism against similar future attacks.
Download

Short Papers

Paper Nr:	4
Title:	On the LPSE Password Meter’s Discrepancies among Different Datasets
Authors:	Agnieszka Rucka and Wojciech Wodo
Abstract:	The global dataset constantly grows, along with the number of online accounts. More and more data breaches occur, putting users’ data at risk. At the same time, users still commonly choose weak passwords. It has been shown that password strength meters can contribute to better user choices. As the problem of password strength estimation is nontrivial, a number of solutions have been proposed. One of them is the LPSE (Guo and Zhang, 2018), which, according to its authors, shows very promising performance. However, we observed a significantly worse performance of LPSE in a different dataset. In this paper we present an extensive investigation of these discrepancies. We describe our recreation of the original experiment and confront the obtained results with the original. We analyze the data distribution in our dataset, and compare performance of the LPSE with the widely known lightweight password meter zxcvbn. Lastly, we discuss possible reasons for observed discrepancies (including methodological differences) and draw final conclusions.
Download

Paper Nr:	13
Title:	Utility of Anonymised Data in Decision Tree Derivation
Authors:	Jack R. Davies and Jianhua Shao
Abstract:	Privacy Preserving Data Publishing (PPDP) is a practice for anonymising microdata such that it can be publicly shared. Much work has been carried out on developing methods of data anonymisation, but relatively little work has been done on examining how useful anonymised data is in supporting data analysis. This paper evaluates the utility of k-anonymised data in decision tree derivation and examines how accurate some commonly used metrics are in estimating this utility. Our results suggest that whilst classification accuracy loss is minimal in most common scenarios, using a small selection of simple metrics when calibrating a k-Anonymisation could help significantly improve decision tree classification accuracy for anonymised data.
Download

Paper Nr:	17
Title:	Formalizing Real-world Threat Scenarios
Authors:	Paul Tavolato, Robert Luh and Sebastian Eresheim
Abstract:	Using formal methods in threat analysis would be of great benefit to securing modern IT systems. To this end a strictly formal description of attacker-defender scenarios is vital. This paper demonstrates how attacker and defender behavior and its interrelationship can be defined using Markov decision processes and stochastic game theory. Based on these definitions, model checking methods can be applied to find quantitative answers to important questions relevant in threat analysis. A main focus lies on the applicability of the method to real-world situations. This is accomplished by incorporating information from several proven tactical and technical knowledge bases. Practicability of the method is shown by using the model checking tool PRISM-games.
Download

Paper Nr:	18
Title:	Side Channel Identification using Granger Time Series Clustering with Applications to Control Systems
Authors:	Matthew Lee, Joshua Sylvester, Sunjoli Aggarwal, Aviraj Sinha, Michael Taylor, Nathan Srirama, Eric C. Larson and Mitchell A. Thornton
Abstract:	Side channels are data sources that adversaries can exploit to carry out cyber security attacks. Alternatively, side channels can be used as data sources for techniques to predict the presence of an attack. Typically, the identification of side channels requires domain-specific expertise and it is likely that many side channels are present within systems that are not readily identified, even by a subject matter expert. We are motivated to develop methods that automatically recognize the presence of side channels without requiring the need to use detailed or domain-specific knowledge. Understanding cause and effect relationships is hypothesized to be a key aspect of determining appropriate side channels; however, determining such relationships is generally a problem whose solution is very challenging. We describe a time-series clustering approach for identifying side channels using the statistical model of Granger causality. Since our method is based upon the Granger causality paradigm in contrast to techniques that rely upon the identification of correlation relationships, we can identify side channels without requiring detailed subject matter expertise. A Granger-based data clustering technique is described in detail and experimental results of our prototype algorithms are provided to demonstrate the efficacy of the approach using an industrial control system model comprised of commercial components.
Download

Paper Nr:	19
Title:	An Analysis of Cloud Certifications’ Performance on Privacy Protections
Authors:	Tian Wang and Masooda Bashir
Abstract:	Cloud computing is an evolving paradigm that changes the way humans share, store, and access their information in digital form. Although cloud computing offers tremendous benefits, it also brings security and privacy challenges. Certifications have been developed by governments and authorized organizations as a new approach to protecting users’ information in the cloud. While the security controls in the certifications have been well established and widely applied, the privacy protections provided by certifications are still ambiguous and yet to be examined. In this study, we identified and selected four cloud certifications that are commonly used for certifying the security and privacy of cloud computing, and we evaluated their performance on privacy protections specifically to understand how privacy is treated in these certifications according to their existing controls. Our research reveals a lack of privacy controls in the current certifications and inadequate privacy-related content; even when present, such content is not clear or is difficult to distinguish from security controls. Results demonstrate that without having a set of baseline privacy protection criteria or standards, it is very challenging to determine cloud certifications’ performance and adequacy for privacy protections. It also points to the urgent need for the development of a consistent and comprehensive privacy framework that can be utilized for such evaluations.
Download

Paper Nr:	23
Title:	Efficient and Secure Encryption Adjustment for JSON Data
Authors:	Maryam Almarwani, Boris Konev and Alexei Lisitsa
Abstract:	Querying over data protected by multi-layered encryption requires encryption level adjustments. Different layers of encryption enable different sets of operations over encrypted data at the expense of possibly reducing protection levels and releasing some information about the data. Trade-offs between functionality and data security are non-trivial and have been addressed in previous work for various data models. In this paper, we consider encryption level adjustments for JSON-formatted data and propose new adjustments methodologies, based on sorted criteria and on update-aware principles. Sorted criteria are used to limit the number of encryption layers adjusted, while update-aware adjustments limit the number of updated values. We report on the empirical evaluation of the policies and show that they improve over previously proposed policies in terms of communication costs, exposing information, and performance.
Download

Paper Nr:	25
Title:	Towards a Better Understanding of Machine Learning based Network Intrusion Detection Systems in Industrial Networks
Authors:	Anne Borcherding, Lukas Feldmann, Markus Karch, Ankush Meshram and Jürgen Beyerer
Abstract:	It is crucial in an industrial network to understand how and why a intrusion detection system detects, classifies, and reports intrusions. With the ongoing introduction of machine learning into the research area of intrusion detection, this understanding gets even more important since the used systems often appear as a black-box for the user and are no longer understandable in an intuitive and comprehensible way. We propose a novel approach to understand the internal characteristics of a machine learning based network intrusion detection system. This approach includes methods to understand which data sources the system uses, to evaluate whether the system uses linear or non-linear classification approaches, and to find out which underlying machine learning model is implemented in the system. Our evaluation on two publicly available industrial datasets shows that the detection of the data source and the differentiation between linear and non-linear models is possible with our approach. In addition, the identification of the underlying machine learning model can be accomplished with statistical significance for non-linear models. The information made accessible by our approach helps to develop a deeper understanding of the functioning of a network intrusion detection system, and contributes towards developing transparent machine learning based intrusion detection approaches.
Download

Paper Nr:	28
Title:	Cluster Crash: Learning from Recent Vulnerabilities in Communication Stacks
Authors:	Anne Borcherding, Philipp Takacs and Jürgen Beyerer
Abstract:	To ensure functionality and security of network stacks in Industrial Devices, thorough testing is necessary. This includes blackbox network fuzzing, where fields in network packets are filled with unexpected values to test the device’s behavior in edge cases. Due to resource constraints, the tests need to be efficient and such the input values need to be chosen intelligently. Previous solutions use heuristics based on vague knowledge from previous projects to make these decisions. We aim to structure existing knowledge by defining Vulnerability Anti-Patterns for network communication stacks based on an analysis of the recent vulnerability groups Ripple20, Amnesia:33, and Urgent/11. For our evaluation, we implement fuzzing test scripts based on the Vulnerability Anti-Patterns and run them against 8 Industrial Devices from 5 different device classes. We show (I) that similar vulnerabilities occur in implementations of the same protocol as well as in different protocols, (II) that similar vulnerabilities also spread over different device classes, and (III) that test scripts based on the Vulnerability Anti-Patterns help to identify these vulnerabilities.
Download

Paper Nr:	32
Title:	An Exploratory Study of Why UMLsec Is Not Adopted
Authors:	Shouki A. Ebad
Abstract:	UMLsec is an extended UML-based secure modelling profile. It has been applied at the phase of the software design and architecture. Although it appeared over two decades ago and been integrated into some tools, how extensively it has been adopted or used by the software security community is questionable. This paper employs social science methodologies to fill this gap. The contribution of this study is to find the reasons affecting the UMLsec adoption by software practitioners and researchers and their proposals to increase this adoption. As a result, only 13% of the sample uses UMLsec. In addition, four problems preventing the use of UMLsec, (1) using a pattern-driven security methodology rather than UMLsec (2) agile supportability; agile process reduces the design and architecture documentation including UML diagram (3) UMLsec standardization and tooling is still questionable (4) the awareness and training on use UMLsec are weak. The study also presented proposals for UMLsec improvement, in particular (1) simplifying the notations to apply UMLsec in many fields (2) raising awareness (e.g., demonstrating practical examples to the interested people). The paper discussed the threats to the validity of the study and suggested open issues for future research.
Download

Paper Nr:	40
Title:	Android Data Storage Locations and What App Developers Do with It from a Security and Privacy Perspective
Authors:	Kris Heid, Tobias Tefke, Jens Heider and Ralf C. Staudemeyer
Abstract:	Many Android apps handle and store sensible data on the smartphone, such as for example passwords, API keys or messages. This information must of course be protected and thus more and more protected storage options and storage isolation techniques were implemented in recent Android version. This results in good security and privacy mechanisms provided to Android developers. However, the question is how well these measures are implemented in todays apps. In this publication, we are presenting an automated dynamic analysis environment which we use to analyze the top 1000 Android apps. Filesystem API accesses of these apps are evaluated and judged how well Android’s protected storage locations are leveraged or abused.
Download

Paper Nr:	42
Title:	A Novel Key Exchange Protocol using Logic Algebra for the Factorization Problem
Authors:	Junhui Xiao, Ashish Neupane, Hiba F. Fayoumi and Weiqing Sun
Abstract:	Our current key exchange protocols are at risk of failing to keep private data secret due to advancements in technology. Therefore, there is a need to develop an efficient and secure key exchange protocol which can function in the new computing era to come. In this paper, we propose and develop a novel key exchange protocol based on logic algebra for the factorization problem. Both the security analysis and experimentation evaluation demonstrate promising results of our proposed approach.
Download

Paper Nr:	45
Title:	Construction of a Support Tool for User Reading of Privacy Policies and Assessment of its User Impact
Authors:	Sachiko Kanamori, Hirotsune Sato, Naoya Tabata and Ryo Nojima
Abstract:	Today’s service providers must notify users of their privacy policies and obtain user consent in advance. Frameworks that impose these requirements have become mandatory. Originally designed to protect user privacy, obtaining user consent in advance has become a mere formality. These problems are introduced by the gap between service providers’ privacy policies, which prioritize the observance of laws and guidelines, and user expectations of these policies. In particular, users wish to easily understand how their data will be handled. To reduce this gap, we provide a tool that supports users in reading privacy policies in Japanese. We assess the effectiveness of the tool in experiments and follow-up questionnaires.
Download

Paper Nr:	47
Title:	Impact of Cross-standard Cell Libraries on Machine Learning based Hardware Trojan Detection
Authors:	Shang-Wen Chen, Jian-Wei Liao, Chia-Wei Tien and Jung-Hsin Hsiao
Abstract:	Hardware Trojans (HTs) have become a new threat that owns a huge possibility to widespread into over the world because of its unique characteristic. Hardware Trojan is dependent on the invaded hardware, and if the invading success such that the devices which use the invaded hardware will spread to customers of hardware vendors all over the world. Thus, how to detect HT exists in our devices or not becomes an important issue. There are already some researches to try to solve this problem and acquire good results. The common premise of these researches is that the adopted standard cell library in model and testing set is the same. However, there is no good performance to detect HT with machine learning in reality under the above premise. The possible thinking is that adopted standard cell libraries of model and testing set are different in real case and it cause the bad result of machine learning. We experiment and verify this view. That is, we prove that the impact of cross-standard cell library on machine learning in hardware Trojan detection exists.
Download

Paper Nr:	50
Title:	Benchmarking Consumer Data and Privacy Knowledge in Connected and Autonomous Vehicles
Authors:	Flora Barber and Steven Furnell
Abstract:	Connected and Autonomous Vehicles (CAVs) and their features are integrating into the conventional personal vehicle market, irrevocably transforming the definition of a vehicle. However, consumers have been routinely omitted from stakeholder research and their understanding of CAV’s data implications has been understudied. This paper addresses this through benchmarking the consumer’s current data and privacy knowledge with a survey, focus group, and analysis of privacy provisions available to consumers from manufacturers, where it found the materials insufficient. Using thematic analysis, this consultation of 168 survey respondents from 14 countries established the consumer’s need to be ‘Informed’, with further sub-themes of ‘Given Information’, ‘Information Requirements’, ‘Privacy Communications’, and ‘Privacy Control’. A follow-up focus group of 6 participants identified a further four themes of ‘Disinterest’, ‘Distrust’, ‘Impact’, and ‘Vehicle Perception’. This paper recommends industry prioritisation of consumer education and engagement with data privacy to maximise public trust, including the introduction of vehicle specific data protection legislation, government level assurance of manufacturer compliance, and use of the manufacturer’s app to control privacy. Consumers purchasing a vehicle must be made aware of its data transmission, collection, and protection technologies.
Download

Paper Nr:	51
Title:	Evaluating Deep Learning-based NIDS in Adversarial Settings
Authors:	Hesamodin Mohammadian, Arash Habibi Lashkari and Ali A. Ghorbani
Abstract:	The intrusion detection systems are a critical component of any cybersecurity infrastructure. With the increase in speed and density of network traffic, the intrusion detection systems are incapable of efficiently detecting these attacks. During recent years, deep neural networks have demonstrated their performance and efficiency in several machine learning tasks, including intrusion detection. Nevertheless, recently, it has been found that deep neural networks are vulnerable to adversarial examples in the image domain. In this paper, we evaluate the adversarial example generation in malicious network activity classification. We use CIC-IDS2017 and CIC-DDoS2019 datasets with 76 different network features and try to find the most suitable features for generating adversarial examples in this domain. We group these features into different categories based on their nature. The result of the experiments shows that since these features are dependent and related to each other, it is impossible to make a general decision that can be supported for all different types of network attacks. After the group of All features with 38.22% success in CIC-IDS2017 and 39.76% in CIC-DDoS2019 with ε value of 0.01, the combination of Forward, Backward and Flow-based feature groups with 23.28% success in CIC-IDS2017 and 36.65% in CIC-DDoS2019 with ε value of 0.01 and the combination of Forward and Backward feature groups have the highest potential for adversarial attacks.
Download

Paper Nr:	54
Title:	Feature Importance and Deep Learning for Android Malware Detection
Authors:	A. Talbi, A. Viens, L.-C. Leroux, M. François, M. Caillol and N. Nguyen
Abstract:	Effective and efficient malware detection is key in today’s world to prevent systems from being compromised, to protect personal user data, and to tackle other security issues. In this paper, we worked on Android malware detection by using static analysis features and deep learning methods to separate benign applications from malicious ones. Custom feature vectors are extracted from the Drebin and the AndroZoo dataset and different data science methods of feature importance are used to improve the results of Deep Neural Network classification. Experimental results on the Drebin dataset were significant with 99.31% accuracy in malware detection. We extended our work on more recent applications with a complete pipeline for the AndroZoo dataset, with about 40,000 APKs used from 2014 to 2021 pre-tagged as reported malicious or not. The pipeline includes static features extracted from the manifest file and bytecode such as suspicious behaviors, restricted and suspicious API calls, etc. The accuracy result for AndroZoo is 97.7%, confirming the power of deep learning on Android malware detection.
Download

Paper Nr:	55
Title:	SMPG: Secure Multi Party Computation on Graph Databases
Authors:	Nouf Aljuaid, Alexei Lisitsa and Sven Schewe
Abstract:	In this position paper, we outline how secure multi-party querying can be brought to graph databases. Such a system will allow multiple users to jointly query federated graph databases that consist of several private parts. We have provided a proof of concept. Our prototype implementation for the SMPG system builds on top of Conclave (Volgushev et al., 2019), which was originally proposed and implemented for multi-party computation and querying on relational databases. We describe the templates of queries that are currently supported by our prototype and discuss current limitations as well as the extensions planned to tap the conceptual benefits.
Download

Paper Nr:	56
Title:	Age Bias in Finger Vein Biometric Research
Authors:	Joanne L. Hall, Jomin John, Jessica Liebig and Anju Skariah
Abstract:	Finger vein biometrics have been implemented for authentication in a variety of contexts and places. Vein patterns are unique, easy to capture and resistant to surface wear and tear. However, there has been a lack of research on the effectiveness and stability of vein patterns in the elderly population (aged 60 years and above). A lack of inclusivity, has in the past ostracised senior citizens, from accessing basic amenities, such as pension payments and healthcare services. A lack of inclusion of the elderly in finger vein biometric research could result in the exclusion of elderly people from goods and services which use finger vein biometric authentication. As the global population ages, ensuring the usability of biometric technologies for the elderly is both a social and economic imperative.
Download

Paper Nr:	58
Title:	Industrial and Automation Control System Cyber Range Prototype for Offensive Capability Development
Authors:	Austris Uljāns and Bernhards Blumbergs
Abstract:	Industrial and automation control systems (IACS) are broadly utilized in sectors, such as manufacturing processes control and energy transmission. Attacks on these systems may have devastating effects. Moreover, current IACS systems are interconnected with conventional IT infrastructures thus increasing potential adversary access to industrial systems. This research describes and offers a prototype for a realistic and easily reproducible IACS cyber range for offensive exercise development. An extensive study of various technical aspects and scenarios of existing IACS cyber ranges is conducted to create the knowledgebase for such range development. Created IACS cyber range use is validated by conducting practical offensive capability development training for a target audience. This work concludes, that IACS cyber ranges are a viable tool for understanding and developing offensive tactics and techniques used to gain access to the IACS network and damage physical processes.
Download

Paper Nr:	64
Title:	Planning for Cryptographic Readiness in an Era of Quantum Computing Advancement
Authors:	David Ott, Dennis Moreau and Manish Gaur
Abstract:	As the prospects for scaled quantum computing steadily improve, there is an important disruption emerging in response within the world of security: post-quantum cryptography, or PQC. In the 1990s, Peter Shor showed that if scaled quantum computers were to exist, they could be used to efficiently break trap door functions underlying our widely used public key cryptography algorithms (RSA, DSA, ECDSA, ECDH). Various US government agencies have issued reports on this concern, including NIST which embarked on a standardization effort to select new algorithms with the help of the cryptography community as of 2016. But while NIST will address the problem of new algorithms, many organizations feel puzzled at the uncertain timeline for PQC and the lack of guidance on the path forward with migration. In this paper, we discuss the problem of PQC readiness from an organization’s point of view, providing recommendations on how to understand the landscape and guidance on what can and should be done in a phased manner. While scaled quantum computing may seem a distant concern, we believe there are good reasons for an organization to start now in developing its understanding of the situation and creating a phased action plan toward PQC readiness.
Download

Paper Nr:	67
Title:	Incentivisation of Outsourced Network Testing: View from Platform Perspective
Authors:	Sultan Alasmari, Weichao Wang and Yu Wang
Abstract:	With the development of Security as a Service (SAAS), many companies outsource their network security functionality to security service providers. To guarantee the execution and quality of such services, a third party can help the end customer verify the enforcement of the security service level agreement (SSLA). Since individual testers often lack the capability and trustworthiness to attract many customers, a platform is needed to bridge the gap between the customers and the testers. In this paper, we investigate the incentivisation of outsourced network testing from the platform perspective. We first define the problem of cost/benefit model of the platform and identify the restriction factors. We describe multiple testing task assignment scenarios and prove that they are NP problems. Next we design heuristic algorithms for the problem. Our simulation results examine the performance of the heuristic approaches.
Download

Paper Nr:	68
Title:	Protecting Shared Virtualized Environments against Cache Side-channel Attacks
Authors:	Abdullah Albalawi, Vassilios G. Vassilakis and Radu Calinescu
Abstract:	We introduce a side-channel attack detection and protection method that combines dynamic and static analysis. The dynamic analysis uses Linux Perf to obtain readings from 13 hardware performance counters related to the shared cache. Based on these readings, the virtual machine (VM) behaviour is then classified into suspicious or benign using logistic regression classification. As a second step, the static analysis extracts the executable files from the disk image or the RAM image of the suspicious VM. It then checks whether these files contain operating codes for side-channel attacks. Based on this, the threat level of these files is determined using the SoftMax classification algorithm; we have four threat levels in total. After that, VMs that pose a threat to the shared environment are excluded. As a hypervisor, we employed KVM (Kernel-based Virtual Machine), and as guest operating systems, we utilized Linux Ubuntu 18.04.5 LTS (64bits). We then conducted experiments on several host machines, namely Ubuntu 18.04.5 LTS, Debian 10, and CentOS 8, with various processor models. The accuracy of detecting suspicious behaviour and classifying the threat level was recorded as 96%– 99% with between 0.6%–25% CPU overheads for dynamic and static analysis.
Download

Paper Nr:	69
Title:	Revisiting Ontology Based Access Control: The Case for Ontology Based Data Access
Authors:	Ozgu Can and Murat O. Unalir
Abstract:	Ontology Based Data Access (OBDA) is a semantic paradigm to perform a mapping between an ontology and a data source for querying heterogeneous data sources. The result of this mapping ensures data access and data integration. Therefore, OBDA allows to query various datasets and provides data virtualization by integrating multiple and varied data sources. Ontology Based Access Control (OBAC) enables the realization of an access control mechanism by using Semantic Web technologies. OBAC allows to model the access control knowledge and uses domain knowledge to create policy ontologies. This paper revisits the OBAC approach by considering the OBDA to query legacy data that are stored in different types of data sources. For this purpose, OBAC is examined within the scope of OBDA and a conceptual model is proposed to extend OBAC with OBDA to provide data virtualization and to consolidate users’ access privileges. Thus, security and management of complex information systems could be carried out by using Semantic Web technologies.
Download

Paper Nr:	71
Title:	DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication
Authors:	Pablo Picazo-Sanchez, Maximilian Algehed and Andrei Sabelfeld
Abstract:	Browser extensions are popular web applications that users install in modern browsers to enrich the user experience on the web. It is common for browser extensions to include static resources in the form of HTML, CSS, fonts, images, and JavaScript libraries. Unfortunately, the state of the art is that each extension ships its own version of a given resource. This paper presents DeDup.js, a framework that incorporates similarity analysis for achieving two goals: detecting potentially malicious extensions during the approval process, and given an extension as input, DeDup.js discovers similar extensions. We downloaded three snapshots of the Google Chrome Web Store during one year totaling more than 422k browser extensions and conclude that over 50% of the static resources are shared among the extensions. By implementing an instance of DeDup.js, we detect more than 7k extensions that should not have been published and were later deleted. Also, we discover more than 1k malicious extensions still online that send user’s queries to external servers without the user’s knowledge. Finally, we show the potential of DeDup.js by analyzing a set extensions part of CacheFlow, a recently discovered attack. We detect 53 malicious extensions of which 36 Google has already taken down and the rest are investigated.
Download

Paper Nr:	72
Title:	Survey and Guidelines about Learning Cyber Security Risk Assessment
Authors:	Christophe Ponsard and Philippe Massonet
Abstract:	Risk assessment is a key part of all cyber security frameworks, standards and related certification schemes. It is a complex process involving both the business domain to assess impact and the technical domain to measure feasibility. It requires to produce a realistic risk matrix based on qualitative information and then to decide about measures aligned with relevant standards. Getting experienced in this area is a difficult learning process with many possible pitfalls. In this paper, we report about our lessons learned based on a controlled experiment of 26 risk analyses across different domains including some operators of essential services. We also provide some methodological recommendations for efficient tool support, including model-based.
Download

Paper Nr:	74
Title:	Post Quantum Cryptography Analysis of TLS Tunneling on a Constrained Device
Authors:	Jon Barton, William J. Buchanan, Nikolaos Pitropakis, Sarwar Sayeed and Will Abramson
Abstract:	Advances in quantum computing make Shor’s algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to build methods based on a hard mathematical problem, which are not susceptible to Shor’s algorithm and create Post Quantum Cryptography (PQC). While high-powered computing devices may be able to run these new methods, we need to investigate how well these methods run on limited powered devices. This paper outlines an evaluation framework for PQC within constrained devices, and contributes to the area by providing benchmarks of the front-running algorithms on a popular single-board low-power device. It also introduces a set of five notions which can be considered to determine the robustness of particular algorithms.
Download

Paper Nr:	77
Title:	PDF Malware Detection based on Stacking Learning
Authors:	Maryam Issakhani, Princy Victor, Ali Tekeoglu and Arash H. Lashkari
Abstract:	Over the years, Portable Document Format (PDF) has become the most popular content presenting format among users due to its flexibility and easy-to-work features. However, advanced features such as JavaScript or file embedding make them an attractive target to exploit by attackers. Due to the complex PDF structure and sophistication of attacks, traditional detection approaches such as Anti-Viruses can detect only specific types of threats as they rely on signature-based techniques. Even though state-of-the-art researches utilize AI technology for a higher PDF Malware detection rate, the evasive malicious PDF files are still a security threat. This paper proposes a framework to address this gap by extracting 28 static representative features from PDF files with 12 being novel,and feeding to the stacking ML models for detecting evasive malicious PDF files. We evaluated our solution on two different datasets, Contagio and a newly generated evasive PDF dataset (Evasive-PDFMal2022). In the first evaluation, we achieved accuracy and F1-score of 99.89% and 99.86%, which outperforms the existing models. Then, we re-evaluated the proposed model using the newly generated evasive PDF dataset (Evasive-PDFMal2022)as an improved version of Contagio. As a result, we achieved 98.69% and 98.77% as accuracy and F1-scores, demonstrating the effectiveness of our proposed model. A comparison with state-of-the-art methods proves that our proposed work is more resilient to detect evasive malicious PDF files.
Download

Paper Nr:	79
Title:	The GDPR Compliance and Access Control Systems: Challenges and Research Opportunities
Authors:	Said Daoudagh and Eda Marchetti
Abstract:	The General Data Protection Regulation (GDPR) is changing how Personal Data should be processed. Using Access Control Systems (ACSs) and their specific policies as practical means for assuring a by-design lawfully compliance with the privacy-preserving rules and provision is currently an increasingly researched topic. As a result, this newly born research field raises several research questions and paves the way for different solutions. This position paper would like to provide an overview of research challenges and questions concerning activities for analyzing, designing, implementing, and testing Access Control mechanisms (systems and policies) to guarantee compliance with the GDPR. Some possible answers to the open issues and future research directions and topics are also provided.
Download

Paper Nr:	81
Title:	Who Watches the Watchers: A Multi-Task Benchmark for Anomaly Detection
Authors:	Phil Demetriou, Ingolf Becker and Stephen Hailes
Abstract:	A driver in the rise of IoT systems has been the relative ease with which it is possible to create specialized-but- adaptable deployments from cost-effective components. Such components tend to be relatively unreliable and resource poor, but are increasingly widely connected. As a result, IoT systems are subject both to component failures and to the attacks that are an inevitable consequence of wide-area connectivity. Anomaly detection systems are therefore a cornerstone of effective operation; however, in the literature, there is no established common basis for the evaluation of anomaly detection systems for these environments. No common set of benchmarks or metrics exists and authors typically provide results for just one scenario. This is profoundly unhelpful to designers of IoT systems, who need to make a choice about anomaly detection that takes into account both ease of deployment and likely detection performance in their context. To address this problem, we introduce Aftershock, a multi-task benchmark. We adapt and standardize an array of datasets from the public literature into anomaly detection-specific benchmarks. We then proceed to apply a diverse set of existing anomaly detection algorithms to our datasets, producing a set of performance baselines for future comparisons. Results are reported via a dedicated online platform located at https://aftershock. dev, allowing system designers to evaluate the general applicability and practical utility of various anomaly detection models. This approach of public evaluation against common criteria is inspired by the immensely useful community resources found in areas such as natural language processing, recommender systems, and reinforcement learning. We collect, adapt, and make available 10 anomaly detection tasks which we use to evaluate 6 state-of-the-art solutions as well as common baselines. We offer researchers a submission system to evaluate future solutions in a transparent manner and we are actively engaging with academic and industry partners to expand the set of available tasks. Moreover, we are exploring options to add hardware-in-the-loop. As a community contribution, we invite researchers to train their own models (or those reported by others) on the public development datasets available on the online platform, submitting them for independent evaluation and reporting results against others.
Download

Paper Nr:	88
Title:	Cryptanalysis of Some Electronic Checkbook Schemes
Authors:	Isa Sertkaya and Oznur Kalkar
Abstract:	Paper-based check is the second mostly used payment method. Accordingly, efforts are underway to improve electronic checkbook (shortly, e-checkbook) systems which mimics the paper-based checkbook mechanism, in line with social needs. Considering the cost of paper check procedures and the amount of money transferred using checks, we believe that there should be a properly designed and provably secure e-checkbook scheme. Analyzing the vulnerabilities of the existing systems, and figuring out where they originate is the first step towards a secure e-checkbook mechanism. In this study, we show that the e-checkbook schemes denoted as PEEC, CYLL, CCL, CWL and CCW fail to achieve their claimed security and susceptible to various types of attacks including e-check forgery and manipulation. Particularly, we show that Pasupathinathan et al.’s PEEC scheme does not satisfy the correctness, anonymous identity and payment unlinkability; Chen et al.’s CYLL scheme is not secure against e-check manipulation and e-check forgery attacks; Chang et al.’s CCL scheme, Chen et al.’s CWL scheme and Chang et al.’s CCW scheme are susceptible to e-check manipulation attack.
Download

Paper Nr:	91
Title:	The Role of Information Deserts in Information Security Awareness and Behaviour
Authors:	D. P. Snyman and H. A. Kruger
Abstract:	Based on the theory of local information landscapes, this paper presents the first attempt to link this model with contextual factors in information security behaviour. It is posited that the success of security awareness campaigns is dependent on generating knowledge on security risks. Should an information deficiency (information desert) originate in the local information landscape it is likely to prevent the effective generation of the intended knowledge that the programme seeks to convey. The mutual interaction of the constructs of the underlying theory, is shown to have either a limiting or extending effect on information transfer which is further influenced by specific external contextual factors that have previously been shown to influence information security behaviour. A practical evaluation is presented on how the local information landscape, informed by contextual factors, can influence the dissemination of security awareness information within an organisation. This approach can help organisations to identify specific topics or themes that future campaigns should address to improve their effectiveness. Finally, if the factors that influence how information is propagated within the organisation are understood, changes to the contextual environment can be implemented to improve the local information landscapes and avoid information deserts.
Download

Paper Nr:	100
Title:	WhatsApp Web Client Live Forensics Technique
Authors:	Alberto Magno Muniz Soares
Abstract:	At crime scenes or when participating in arrest warrants, forensic experts may come across situations where there is a WhatsApp Web service session available on an on-site computer, which can be a very important source of data for an investigation. Some justice systems may consider video recordings or printing of conversations screens from a computer illicit or questionable evidence. This article analyses WhatsApp Web in browsers, presents a live acquisition technique that allows automated extraction of messages, attachments, contacts, and account data, even if in a disconnected computer, from WhatsApp Web sessions opened in web browsers. The technique extracts, in line with forensics procedures, digital data that can be loaded in forensic tools for analysis.
Download

Paper Nr:	103
Title:	Can We Formally Catch Cheating in E-exams?
Authors:	Itzel Vazquez Sandoval and Gabriele Lenzini
Abstract:	Cheating in exams is a practice as old as exams themselves. Institutions and examiners have learned to mitigate traditional ways of cheating, such as the use of crib notes. Yet, the massive digitalization of the world has facilitated the application of electronic exams (e-exams), for which more innovative and sophisticated ways of cheating have emerged. The advent of Information and Communication Technology is changing the threat model as the e-exam environment is not restricted to a classroom anymore; and examiners are simply not well- equipped to supervise a digitally connected network. To a large extent, the research on the subject follows one of two main approaches: philosophical, focused on trying to understand the causes and behaviors of cheaters; or pragmatical, aimed at providing means for preventing or detecting fraudulent scenarios. Here, we take a different perspective and look at cheating as a theoretical information security problem. More specifically, we aim at finding specifications that allow us to unequivocally decide whether an examinee has tried to subvert an exam protocol by using unauthorized means to answer questions. We discuss how we could formalize such definitions and comment on different frameworks suitable for the task. Our discussion provides insights into future research directions towards devising formal frameworks for a rigorous study of cheating scenarios and thereby, the development of e-exam systems that would be resilient to such scenarios by design.
Download

Paper Nr:	104
Title:	Ransomware Detection with Deep Neural Networks
Authors:	Matan Davidian, Natalia Vanetik and Michael Kiperberg
Abstract:	The number of reported malware and their average identification time increases each year, thus increasing the mitigation cost. Static analysis techniques cannot reliably detect polymorphic and metamorphic malware, while dynamic analysis is more effective in detecting advanced malware, especially when the analysis is performed using machine-learning techniques. This paper presents a novel approach for the detection of ransomware, a particular type of malware. The approach uses word embeddings to represent system call features and deep neural networks such as Convolutional Neural Networks (CNN) and Long Short-Term Memory Networks (LSTM). The evaluation, performed on two datasets, shows that the described approach achieves a detection rate of over 99% for ransomware samples.
Download

Paper Nr:	11
Title:	Classifying COVID-19 Disinformation on Twitter using a Convolutional Neural Network
Authors:	Mohamad Nabeel and Christine Große
Abstract:	Disinformation regarding COVID-19 is spreading rapidly on social media platforms and can cause undesirable consequences for people who rely on such content. To combat disinformation, several platform providers have implemented intelligent systems to detect disinformation and provide measurements that apprise users of the quality of information being disseminated on social media platforms. For this purpose, intelligent systems employing deep learning approaches are often applied, hence, their effectivity requires closer analysis. The study begins with a thorough literature review regarding the concept of disinformation and its classification. This paper models and evaluates a disinformation detector that uses a convolutional neural network to classify samples of social media content. The evaluation of the proposed deep learning model showed that it performed well overall in discriminating the fake-labelled tweets from the real-labelled tweets; the model yielded an accuracy score of 97.2%, a precision score of 95.7% and a recall score of 99.8%. Consequently, the paper contributes an effective disinformation detector, which can be used as a tool to combat the substantial volume of disinformation scattered throughout social media platforms. A more standardised feature extraction for disinformation cases should be the subject of subsequent research.
Download

Paper Nr:	27
Title:	Digital Supply Chain Vulnerabilities in Critical Infrastructure: A Systematic Literature Review on Cybersecurity in the Energy Sector
Authors:	Mari Aarland and Terje Gjøsæter
Abstract:	The main purpose of this paper is to identify the current state of the art on digital supply chain cybersecurity risks in critical infrastructure and how the term resilience is used in this context. To achieve this objective, the authors applied a systematic literature review method that summarises and analyses the studies relevant for the research topic. In total 33 papers were identified. The results show that limited research is done on supply chain risks in critical infrastructure. Relevant frameworks and methods for resilience of supply chains have also been identified. These frameworks and methods could be very beneficial for a more holistic management of cybersecurity risks in the increasingly complex supply chains within critical infrastructure.
Download

Paper Nr:	30
Title:	PREUNN: Protocol Reverse Engineering using Neural Networks
Authors:	Valentin Kiechle, Matthias Börsig, Sven Nitzsche, Ingmar Baumgart and Jürgen Becker
Abstract:	The ability of neural networks to universally approximate any function enables them to learn relationships between arbitrary kinds of data. This offers great potential in information security topics such as protocol reverse engineering (PRE), which has seen little usage of neural networks (NNs) so far. In this paper, we provide a novel approach for implementing PRE with solely NNs, demonstrating a simple yet effective reverse engineering of text-based protocols. This approach is modular by design and allows for the exchange of neural network models at any step with better performing models. The architectures used include a convolutional neural network (CNN), an autoencoder (AE), a generative adversarial net (GAN), a long short-term memory (LSTM), and a self-organizing map (SOM). All of these models combine for a new protocol reverse engineering approach. The results show that the widespread application layer protocols HTTP and FTP can successfully be mimicked by artificial intelligence, thereby paving the way for use cases such as fuzzing. A direct comparison to other PRE approaches is not possible due to the black-box nature of neural networks and represents the main limitation of our work. Our experiments showed that this multi-model approach yield up to 19% better message clustering, improved context distribution, and proving LSTM to be the best candidate for generating new messages with up to 67.6% valid HTTP packages and 100% valid FTP packages.
Download

Paper Nr:	38
Title:	A Tailored Model for Cyber Security Education Utilizing a Cyber Range
Authors:	Gregor Langner, Florian Skopik, Steven Furnell and Gerald Quirchmayr
Abstract:	The threats posed by the digital space are a challenge for businesses, organisations and people that can no longer be met with pure knowledge. For this reason, all individuals have to demonstrate not only knowledge but also skills and competences in the field of cyber security. However, this presents an enormous challenge to higher education institutions (HEI) in terms of how to teach these competencies and skills to their students. In this paper, we present a new teaching method for cyber security (CS). It is based on the requirements and needs of educators and learners and integrates existing methodological approaches. This teaching method is complemented by the use of a cyber range as a central teaching tool to make the education more realistic. The method is not only applicable to technical programmes, it is applicable to all programmes and the focus is on cross-disciplinary training. This ensures that the teaching not only meets today’s requirements but also those of the future in the field of education.
Download

Paper Nr:	41
Title:	SpamFender: A Semi-supervised Incremental Spam Classification System across Social Networks
Authors:	Shengyuan Wen and Weiqing Sun
Abstract:	Social network users receive a large amount of social data every day. These data may contain malicious unwanted social spams, even though each social network has its social spam filtering mechanism. Moreover, spammers may send spam to multiple social networks concurrently, and the spam on the same topic from different social networks has similarities. Therefore, it is crucial to building a universal spam detection system across different social networks that can effectively fend off spam continuously. In this paper, we designed and implemented a tool Spam-Fender to facilitate spam detection across social networks. In order to utilize the raw social data obtained from multiple social networks, we utilized a semi-supervised learning method to convert unlabelled data into usable data for training the model. Moreover, we developed an incremental learning method to enable the model to learn new data continuously. Performance evaluations demonstrate that our proposed system can effectively detect social spam with satisfactory accuracy levels. In addition, we conducted a case study on the COVID-19 dataset to evaluate our system.
Download

Paper Nr:	43
Title:	Cyber Exercises in Computer Science Education
Authors:	Melisa Gafic, Simon Tjoa, Peter Kieseberg, Otto Hellwig and Gerald Quirchmayr
Abstract:	Due to the strong dependence of companies on their ICT and the high relevance of stable services to remain competitive in the global market, cyber security and resilience play an increasingly important role. However, information security is not only an important issue in the corporate context but also in the societal context. For this reason, nearly all computer science programs at higher education institutions (HEI) incorporate this topic. In this paper, we introduce a table-top cyber security exercise lecture format and the experiences gathered over the last years. The approach is currently used to teach computer science students as well as information security students at two higher education institutions in Austria. Additionally, we briefly highlight how the approach was adapted in order to satisfy the compelling need to teach the course remotely due to Corona restrictions.
Download

Paper Nr:	53
Title:	Effective & Efficient Access Control in Smart Farms: Opportunities, Challenges & Potential Approaches
Authors:	Ghadeer I. Yassin and Lakshmish Ramaswamy
Abstract:	The Internet of Things technologies has revolutionized the sector of farming and agriculture. It also helped it to face the current environmental and societal challenges. IoT technologies are able to assist the farming sector in many different applications including reducing wasted resources, real time monitoring of crops, monitoring environment conditions, precision agriculture, farm data analytics and improving crops quality, while decreasing the number of workers needed to complete farm related tasks. However, the nature of the Smart farms are diverse in terms of the number, type and location of the installed smart devices, the variety of the collected data, the number and type of workers who help in the farm and have access to farm related data and equipment. At the same time, Farmers are very protective of their own data and sometimes refrain from incorporating smart farming technologies to insure the safety of their data. Therefore, in this paper we outline the security challenges in smart framing settings and explain the need for multi-user, multi-device aware access controls in smart farms. We highlight different possible security scenarios that challenge the adoption of IoT solutions in smart farms and discuss possible solutions.
Download

Paper Nr:	70
Title:	Linguistic Steganography for Messaging Applications
Authors:	Elsa Serret, Antoine Lesueur and Alban Gabillon
Abstract:	Steganography is a set of techniques to hide secret information in another medium called the cover. In the case of linguistic steganography, the cover is text itself. Different methods of linguistic steganography have been developed. They are grouped into two main categories: text generation systems and cover text modification methods. Text generation systems do not produce messages that fit naturally into a conversation within a messaging application. Text modification methods revolve around lexical substitution or syntactic modification. In this paper, we present a new method of linguistic steganography for messaging applications. Our method is based on cover text extension and synonym substitution. We analyse the performance of our system as well as its security and show that it outperforms other substitution methods in terms of bandwidth, i.e., average number of encoded secret bits per sentence.
Download

Paper Nr:	73
Title:	Comparing Perception of Disclosure of Different Types of Information Related to Automated Tools
Authors:	Vanessa Bracamonte and Takamasa Isohara
Abstract:	Transparency has been identified as an important influence on users’ perception of algorithm-based automated tools. Research in algorithmic transparency has mostly focused on two types of information: disclosure related to the personal data collected from users and explanation of how algorithms work. However, the development and use of automated tools also involve other types of information that could be the subject of disclosure. In this study, we compare perception of providing information about data provenance and human involvement, in addition to personal data processing and algorithm explanation. We conducted a user experiment and compared the disclosure of these four types of information, for two types of automated apps that process personal information. The results indicate that disclosure of information about data provenance and human involvement is perceived to be as important as personal data processing information. In addition, the relative importance of explanations about the algorithm, compared to other types of information, depended on the type of app. Finally, perception of the usefulness and accessibility of the information did not vary between types of information or app, but participants considered they would be able to understand explanations about the algorithm more than other types of information.
Download

Paper Nr:	84
Title:	Cyber Attack Stage Tracing System based on Attack Scenario Comparison
Authors:	Masahito Kumazaki, Hirokazu Hasegawa, Yukiko Yamaguchi, Hajime Shimada and Hiroki Takakura
Abstract:	In the current organizational network consisting of multiple branch sites, there is a difference in security between sites, making it difficult to protect against targeted attacks. Therefore, it is important to detect and respond to attacks early, but it is also difficult to achieve this with the current network management. In order to solve this problem, we previously proposed a response support system for multiple sites. This system has two functions. First, it provides recommendations for an incident response by using information of incidents similar to the one. Second function estimates correlations among incidents and targets of cyber attack. To enable recommendations, we also proposed a method for evaluating the similarity of incidents and conducted experiments to investigate its effectiveness. We were able to correctly estimate the similarity of attacks when their attack stages were the same, but not when they were different. The result indicates the necessity to conduct similarity estimation for the same stage of attacks even if their current stages differ. By investigating stage transitions of attacks, we have to make alignment among their stages. In this paper, we propose a method to expect the attack methods and a system to generate information divided by attack stages. We also confirmed the effectiveness of proposed method by conducting experiments using a simulated cyber attack.
Download

Paper Nr:	85
Title:	Malware in Motion
Authors:	Robert Choudhury, Zhiyuan Luo and Khuong A. Nguyen
Abstract:	Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time. To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent. We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried out using a physical device with the novel use of Android’s Activity Recognition API.
Download

Paper Nr:	99
Title:	iProfile: Collecting and Analyzing Keystroke Dynamics from Android Users
Authors:	Haytham Elmiligi and Sherif Saad
Abstract:	Keystroke dynamics is one of the most popular behavioural biometrics that are currently being used as a second factor of authentication for many web services and applications. One of the reasons that makes it really popular is that it is a resettable biometric, which meets one of the main usability requirements of authentication systems. With the recent advances in mobile technologies, developers and researchers utilized several machine learning algorithms to identify smartphone users based on their keystroke dynamics. The biggest problem that faces researchers in this area is the ability to collect datasets from smartphone users that could be used to train the machine learning algorithms and, hence, create accurate predictive model. This paper introduces iProfile, a native Android application that collects keystroke dynamics from Android smartphone users. This application opens the door for researchers to recruit participants from all over the world to contribute to the data collection of keystroke dynamics. Our iProfile application allows researchers to study the impact of several parameters, such as hardware brands, users’ geolocation, native language text direction, and several other factors, on the accuracy of machine learning classifiers. It also helps maintain a standard benchmark for keystroke dynamics. Having a standard benchmark helps researchers better evaluate their work based on consistent data collection procedures and evaluation metrics. This paper explains the main building blocks of the iProfile application, the algorithms used in the implementation, the communication protocol with the database server, the structure and format of the generated dataset and the feature extraction approaches. As a proof of concept, the app was used to develop a novel feature-set that identifies Android users based on 147 features.
Download

Paper Nr:	102
Title:	A Privacy-Preserving Auction Platform with Public Verifiability for Smart Manufacturing
Authors:	Thomas Lorünser, Florian Wohner and Stephan Krenn
Abstract:	The digitization trend in the manufacturing industry is gaining pace and novel cloud based market places will play an important role in the transformation. However, existing market platforms are centrally organized and can not provide the required level of data privacy and trustworthiness needed for the manufacturing industry. In this work we study the security and privacy aspects for the case of a market platform for outsourcing in manufacturing. We show that the requirements identified together with relevant stakeholder are challenging and sometimes also contradicting on the first sight. To address this challenge we combined different cryptographic building blocks into a novel framework for more secure but transparent decentralized data markets. In particular the framework combines secure multiparty computation with zero-knowledge proof of knowledge methods and blockchain to enable flexible sealed-bid auctions which are also publicly verifiable. For evaluation a proof-of-concept was developed and benchmarking results show that the framework can efficiently address all requirements established.
Download