No Arabic abstract
We explore a new type of malicious script attacks: the persistent parasite attack. Persistent parasites are stealthy scripts, which persist for a long time in the browsers cache. We show to infect the caches of victims with parasite scripts via TCP injection. Once the cache is infected, we implement methodologies for propagation of the parasites to other popular domains on the victim client as well as to other caches on the network. We show how to design the parasites so that they stay long time in the victims cache not restricted to the duration of the users visit to the web site. We develop covert channels for communication between the attacker and the parasites, which allows the attacker to control which scripts are executed and when, and to exfiltrate private information to the attacker, such as cookies and passwords. We then demonstrate how to leverage the parasites to perform sophisticated attacks, and evaluate the attacks against a range of applications and security mechanisms on popular browsers. Finally we provide recommendations for countermeasures.
To examine the integrity and authenticity of an IP address efficiently and economically, this paper proposes a new non-Merkle-Damgard structural (non-MDS) hash function called JUNA that is based on a multivariate permutation problem and an anomalous subset product problem to which no subexponential time solutions are found so far. JUNA includes an initialization algorithm and a compression algorithm, and converts a short message of n bits which is regarded as only one block into a digest of m bits, where 80 <= m <= 232 and 80 <= m <= n <= 4096. The analysis and proof show that the new hash is one-way, weakly collision-free, and strongly collision-free, and its security against existent attacks such as birthday attack and meet-in-the- middle attack is to O(2 ^ m). Moreover, a detailed proof that the new hash function is resistant to the birthday attack is given. Compared with the Chaum-Heijst-Pfitzmann hash based on a discrete logarithm problem, the new hash is lightweight, and thus it opens a door to convenience for utilization of lightweight digital signing schemes.
Machine learning (ML) classifiers are vulnerable to adversarial examples. An adversarial example is an input sample which is slightly modified to induce misclassification in an ML classifier. In this work, we investigate white-box and grey-box evasion attacks to an ML-based malware detector and conduct performance evaluations in a real-world setting. We compare the defense approaches in mitigating the attacks. We propose a framework for deploying grey-box and black-box attacks to malware detection systems.
The distributed denial of service (DDoS) attack is detrimental to businesses and individuals as people are heavily relying on the Internet. Due to remarkable profits, crackers favor DDoS as cybersecurity weapons to attack a victim. Even worse, edge servers are more vulnerable. Current solutions lack adequate consideration to the expense of attackers and inter-defender collaborations. Hence, we revisit the DDoS attack and defense, clarifying the advantages and disadvantages of both parties. We further propose a joint defense framework to defeat attackers by incurring a significant increment of required bots and enlarging attack expenses. The quantitative evaluation and experimental assessment showcase that such expense can surge up to thousands of times. The skyrocket of expenses leads to heavy loss to the cracker, which prevents further attacks.
Mining is the important part of the blockchain used the proof of work (PoW) on its consensus, looking for the matching block through testing a number of hash calculations. In order to attract more hash computing power, the miner who finds the proper block can obtain some rewards. Actually, these hash calculations ensure that the data of the blockchain is not easily tampered. Thus, the incentive mechanism for mining affects the security of the blockchain directly. This paper presents an approach to attack against the difficulty adjustment algorithm (abbreviated as DAA) used in blockchain mining, which has a direct impact on miners earnings. In this method, the attack miner jumps between different blockchains to get more benefits than the honest miner who keep mining on only one blockchain. We build a probabilistic model to simulate the time to obtain the next block at different hash computing power called hashrate. Based on this model, we analyze the DAAs of the major cryptocurrencies, including Bitcoin, Bitcoin Cash, Zcash, and Bitcoin Gold. We further verify the effectiveness of this attack called jumping mining through simulation experiments, and also get the characters for the attack in the public block data of Bitcoin Gold. Finally, we give an improved DAA scheme against this attack. Extensive experiments are provided to support the efficiency of our designed scheme.
Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs), such that the prediction of the infected model will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger, while it performs well on benign samples. Currently, most of existing backdoor attacks adopted the setting of emph{static} trigger, $i.e.,$ triggers across the training and testing images follow the same appearance and are located in the same area. In this paper, we revisit this attack paradigm by analyzing the characteristics of the static trigger. We demonstrate that such an attack paradigm is vulnerable when the trigger in testing images is not consistent with the one used for training. We further explore how to utilize this property for backdoor defense, and discuss how to alleviate such vulnerability of existing attacks.