اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدCoinWatch: A Clone-Based Approach For Detecting Vulnerabilities in Cryptocurrencies
156
0
0.0
(
0
)
نشر من قبل
Ivan Homoliak Ph.D.
تاريخ النشر
2020
مجال البحث
الهندسة المعلوماتية
والبحث باللغة
English
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoins core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, and we propose CoinWatch (CW). Given a reported vulnerability at the input, CW uses the code evolution analysis and a clone detection technique for indication of cryptocurrencies that might be vulnerable. We applied CW on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.
قيم البحث
اقرأ أيضاً
Software Defined Networking (SDN) is a network paradigm shift that facilitates comprehensive network programmability to cope with emerging new technologies such as cloud computing and big data. SDN facilitates simplified and centralized network manag
ement enabling it to operate in dynamic scenarios. Further, SDN uses the OpenFlow protocol for communication between the controller and its switches. The OpenFlow creates vulnerabilities for network attacks especially Distributed Denial of Service (DDoS). DDoS attacks are launched from the compromised hosts connected to the SDN switches. In this paper, we introduce a time- and space-efficient solution for the identification of these compromised hosts. Our solution consumes less computational resources and space and does not require any special equipment.
Vulnerability prediction refers to the problem of identifying the system components that are most likely to be vulnerable based on the information gained from historical data. Typically, vulnerability prediction is performed using manually identified
features that are potentially linked with vulnerable code. Unfortunately, recent studies have shown that existing approaches are ineffective when evaluated in realistic settings due to some unavoidable noise included in the historical data. To deal with this issue, we develop a prediction method using the encoder-decoder framework of machine translation that automatically learns the latent features (context, patterns, etc.) of code that are linked with vulnerabilities. The key idea of our approach is to learn from things we know, the past vulnerability fixes and their context. We evaluate our approach by comparing it with existing techniques on available releases of the three security-critical open source systems (Linux Kernel, OpenSSL, and Wireshark) with historical vulnerabilities that have been reported in the National Vulnerability Database (NVD). Our evaluation demonstrates that the prediction capability of our approach significantly outperforms the state-of-the-art vulnerability prediction techniques (Software Metrics, Imports, Function Calls, and Text Mining) in both recall and precision values (yielding 4.7 times higher MCC values) under realistic training setting.
The dramatic growth in smartphone malware shows that malicious program developers are shifting from traditional PC systems to smartphone devices. Therefore, security researchers are also moving towards proposing novel antimalware methods to provide a
dequate protection. This paper proposes a Blockchain-Based Malware Detection Framework (B2MDF) for detecting malicious mobile applications in mobile applications marketplaces (app stores). The framework consists of two internal and external private blockchains forming a dual private blockchain as well as a consortium blockchain for the final decision. The internal private blockchain stores feature blocks extracted by both static and dynamic feature extractors, while the external blockchain stores detection results as blocks for curre
As the most popular blockchain that supports smart contracts, there are already more than 296 thousand kinds of cryptocurrencies built on Ethereum. However, not all cryptocurrencies can be controlled by users. For example, some money is permanently l
ocked in wallets accounts due to attacks. In this paper, we conduct the first systematic investigation on locked cryptocurrencies in Ethereum. In particular, we define three categories of accounts with locked cryptocurrencies and develop a novel tool named CLUE to discover them. Results show that there are more than 216 million dollars value of cryptocurrencies locked in Ethereum. We also analyze the reasons (i.e., attacks/behaviors) why cryptocurrencies are locked. Because the locked cryptocurrencies can never be controlled by users, avoid interacting with the accounts discovered by CLUE and repeating the same mistakes again can help users to save money.
Internet users increasingly rely on commercial virtual private network (VPN) services to protect their security and privacy. The VPN services route the clients traffic over an encrypted tunnel to a VPN gateway in the cloud. Thus, they hide the client
s real IP address from online services, and they also shield the users connections from perceived threats in the access networks. In this paper, we study the security of such commercial VPN services. The focus is on how the client applications set up VPN tunnels, and how the service providers instruct users to configure generic client software. We analyze common VPN protocols and implementations on Windows, macOS and Ubuntu. We find that the VPN clients have various configuration flaws, which an attacker can exploit to strip off traffic encryption or to bypass authentication of the VPN gateway. In some cases, the attacker can also steal the VPN users username and password. We suggest ways to mitigate each of the discovered vulnerabilities.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
