# PapersCutA shortcut to recent security papers

### Arxiv

#### From Cyber-Security Deception To Manipulation and Gratification Through Gamification

Authors: Xavier Bellekens, Gayan Jayasekara, Hanan Hindy, Miroslav Bures, David Brosset, Christos Tachtatzis, Robert Atkinson

Abstract: With the ever growing networking capabilities and services offered to users, attack surfaces have been increasing exponentially, additionally, the intricacy of network architectures has increased the complexity of cyber-defenses, to this end, the use of deception has recently been trending both in academia and industry. Deception enables to create proactive defense systems, luring attackers in order to better defend the systems at hand. Current applications of deception, only rely on static, or low interactive environments. In this paper we present a platform that combines human-computer-interaction, analytics, gamification and deception to lure malicious users into selected traps while piquing their interests. Furthermore we analyse the interactive deceptive aspects of the platform through the addition of a narrative, further engaging malicious users into following a predefined path and deflecting attacks from key network systems.

Comment: 17 Pages, Accepted in HCI International 2019

Date: 21 Mar 2019

#### Impact of network delays on Hyperledger Fabric

Authors: Thanh Son Lam Nguyen, Guillaume Jourjon, Maria Potop-Butucaru, Kim Thai

Abstract: Blockchain has become one of the most attractive technologies for applications, with a large range of deployments such as production, economy, or banking. Under the hood, Blockchain technology is a type of distributed database that supports untrusted parties. In this paper we focus Hyperledger Fabric, the first blockchain in the market tailored for a private environment, allowing businesses to create a permissioned network. Hyperledger Fabric implements a PBFT consensus in order to maintain a non forking blockchain at the application level. We deployed this framework over an area network between France and Germany in order to evaluate its performance when potentially large network delays are observed. Overall we found that when network delay increases significantly (i.e. up to 3.5 seconds at network layer between two clouds), we observed that the blocks added to our blockchain had up to 134 seconds offset after 100 th block from one cloud to another. Thus by delaying block propagation, we demonstrated that Hyperledger Fabric does not provide sufficient consistency guaranties to be deployed in critical environments. Our work, is the fist to evidence the negative impact of network delays on a PBFT-based blockchain.

Date: 21 Mar 2019

#### On Preempting Advanced Persistent Threats Using Probabilistic Graphical Models

Authors: Phuong Cao

Abstract: This paper presents PULSAR, a framework for pre-empting Advanced Persistent Threats (APTs). PULSAR employs a probabilistic graphical model (specifically a Factor Graph) to infer the time evolution of an attack based on observed security events at runtime. PULSAR (i) learns the statistical significance of patterns of events from past attacks; (ii) composes these patterns into FGs to capture the progression of the attack; and (iii) decides on preemptive actions. PULSAR's accuracy and its performance are evaluated in three experiments at SystemX: (i) a study with a dataset containing 120 successful APTs over the past 10 years (PULSAR accurately identifies 91.7%); (ii) replaying of a set of ten unseen APTs (PULSAR stops 8 out of 10 replayed attacks before system integrity violation, and all ten before data exfiltration); and (iii) a production deployment of PULSAR (during a month-long deployment, PULSAR took an average of one second to make a decision).

Date: 21 Mar 2019

#### A Unified Analytical Framework for Trustable Machine Learning and Automation Running with Blockchain

Authors: Tao Wang

Abstract: Traditional machine learning algorithms use data from databases that are mutable, and therefore the data cannot be fully trusted. Also, the machine learning process is difficult to automate. This paper proposes building a trustable machine learning system by using blockchain technology, which can store data in a permanent and immutable way. In addition, smart contracts are used to automate the machine learning process. This paper makes three contributions. First, it establishes a link between machine learning technology and blockchain technology. Previously, machine learning and blockchain have been considered two independent technologies without an obvious link. Second, it proposes a unified analytical framework for trustable machine learning by using blockchain technology. This unified framework solves both the trustability and automation issues in machine learning. Third, it enables a computer to translate core machine learning implementation from a single thread on a single machine to multiple threads on multiple machines running with blockchain by using a unified approach. The paper uses association rule mining as an example to demonstrate how trustable machine learning can be implemented with blockchain, and it shows how this approach can be used to analyze opioid prescriptions to help combat the opioid crisis.

Comment: 10 pages, IEEE Big Data Workshops, 2018

Date: 21 Mar 2019

#### Provable Certificates for Adversarial Examples: Fitting a Ball in the Union of Polytopes

Authors: Matt Jordan, Justin Lewis, Alexandros G. Dimakis

Abstract: We propose a novel method for computing exact pointwise robustness of deep neural networks for a number of $\ell_p$ norms. Our algorithm, GeoCert, finds the largest $\ell_p$ ball centered at an input point $x_0$, within which the output class of a given neural network with ReLU nonlinearities remains unchanged. We relate the problem of computing pointwise robustness of these networks to that of growing a norm ball inside a non-convex polytope. This is a challenging problem in general, as we discuss; however, we prove a useful structural result about the geometry of the piecewise linear components of ReLU networks. This result allows for an efficient convex decomposition of the problem. Specifically we show that if polytopes satisfy a technical condition that we call being 'perfectly-glued', then we can find the largest ball inside their union in polynomial time. Our method is efficient and can certify pointwise robustness for any norm where p is greater or equal to 1.

Comment: Code can be found here: https://github.com/revbucket/geometric-certificates

Date: 20 Mar 2019

#### Gamification Techniques for Raising Cyber Security Awareness

Authors: Sam Scholefield, Lynsay A. Shepherd

Abstract: Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users often do not know how to make their online interactions secure, which demonstrates an educational need in this area. Gamification has grown in popularity in recent years and has been used to teach people about a range of subjects. This paper presents an exploratory study investigating the use of gamification techniques to educate average users about password security, with the aim of raising overall security awareness. To explore the impact of such techniques, a role-playing quiz application (RPG) was developed for the Android platform to educate users about password security. Results gained from the work highlighted that users enjoyed learning via the use of the password application, and felt they benefitted from the inclusion of gamification techniques. Future work seeks to expand the prototype into a full solution, covering a range of security awareness issues.

Comment: 14 pages. Human-Computer International 2019, HCII 2019, Orlando, United States (2019), Springer

Date: 21 Mar 2019

#### On the Robustness of Deep K-Nearest Neighbors

Authors: Chawin Sitawarin, David Wagner

Abstract: Despite a large amount of attention on adversarial examples, very few works have demonstrated an effective defense against this threat. We examine Deep k-Nearest Neighbor (DkNN), a proposed defense that combines k-Nearest Neighbor (kNN) and deep learning to improve the model's robustness to adversarial examples. It is challenging to evaluate the robustness of this scheme due to a lack of efficient algorithm for attacking kNN classifiers with large k and high-dimensional data. We propose a heuristic attack that allows us to use gradient descent to find adversarial examples for kNN classifiers, and then apply it to attack the DkNN defense as well. Results suggest that our attack is moderately stronger than any naive attack on kNN and significantly outperforms other attacks on DkNN.

Comment: Published at Deep Learning and Security Workshop 2019 (IEEE S&P)

Date: 20 Mar 2019

#### BotGraph: Web Bot Detection Based on Sitemap

Authors: Yang Luo, Guozhen She, Jinwan Huang, Peng Cheng, Yongqiang Xiong

Abstract: The web bots have been blamed for consuming large amount of Internet traffic and undermining the interest of the scraped sites for years. Traditional bot detection studies focus mainly on signature-based solution, but advanced bots usually forge their identities to bypass such detection. With increasing cloud migration, cloud providers provide new opportunities for an effective bot detection based on big data to solve this issue. In this paper, we present a behavior-based bot detection scheme called BotGraph that combines sitemap and convolutional neural network (CNN) to detect inner behavior of bots. Experimental results show that BotGraph achieves ~95% recall and precision on 35-day production data traces from different customers including the Bing search engine and several sites.

Comment: 7 pages, 3 figures

Date: 19 Mar 2019

#### A Stream-based Query System for Efficiently Detecting Abnormal System Behaviors for Enterprise Security

Authors: Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, Prateek Mittal

Abstract: The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely abnormal system behavior detection over the stream of monitoring data. However, existing stream-based solutions lack explicit language constructs for expressing anomaly models that capture abnormal system behaviors, thus facing challenges in incorporating expert knowledge to perform timely anomaly detection over the large-scale monitoring data. To address these limitations, we build SAQL, a novel stream-based query system that takes as input, a real-time event feed aggregated from multiple hosts in an enterprise, and provides an anomaly query engine that queries the event feed to identify abnormal behaviors based on the specified anomaly models. SAQL provides a domain-specific query language, Stream-based Anomaly Query Language (SAQL), that uniquely integrates critical primitives for expressing major types of anomaly models. In the demo, we aim to show the complete usage scenario of SAQL by (1) performing an APT attack in a controlled environment, and (2) using SAQL to detect the abnormal behaviors in real time by querying the collected stream of system monitoring data that contains the attack traces. The audience will have the option to perform the APT attack themselves under our guidance, and interact with the system and detect the attack footprints in real time via issuing queries and checking the query results through a command-line UI.

Comment: demo paper, 4 pages. arXiv admin note: text overlap with arXiv:1806.09339 and arXiv:1810.03464

Date: 19 Mar 2019

#### Trends on Computer Security: Cryptography, User Authentication, Denial of Service and Intrusion Detection

Authors: Pablo Daniel Marcillo Lara, Daniel Alejandro Maldonado-Ruiz, Santiago Daniel Arrais Díaz, Lorena Isabel Barona López, Ángel Leonardo Valdivieso Caraguay

Abstract: The new generation of security threats has been promoted by digital currencies and real-time applications, where all users develop new ways to communicate on the Internet. Security has evolved in the need of privacy and anonymity for all users and his portable devices. New technologies in every field prove that users need security features integrated into their communication applications, parallel systems for mobile devices, internet, and identity management. This review presents the key concepts of the main areas in computer security and how it has evolved in the last years. This work focuses on cryptography, user authentication, denial of service attacks, intrusion detection and firewalls.

Date: 19 Mar 2019