Mining specifications of malicious behavior

The emergence of blockchains has fueled the development of resilient systems that can deal with Byzantine failures due to crashes, bugs, or even malicious behavior. Recently, we have also seen the exploration of sharding in these resilient systems, this to provide the scalability required by very large data-based applications. Unfortunately, current sharded resilient systems all use system-specific specialized approaches toward sharding that do not provide the flexibility of traditional sharded data management systems. To improve on this situation, we fundamentally look at the design of sharded resilient systems. We do so by introducing BYSHARD, a unifying framework for the study of sharded resilient systems. Within this framework, we show how two-phase commit and two-phase locking ---two techniques central to providing atomicity and isolation in traditional sharded databases---can be implemented efficiently in a Byzantine environment, this with a minimal usage of costly Byzantine resilient primitives. Based on these techniques, we propose eighteen multi-shard transaction processing protocols. Finally, we practically evaluate these protocols and show that each protocol supports high transaction throughput and provides scalability while each striking its own trade-off between throughput, isolation level, latency , and abort rate. As such, our work provides a strong foundation for the development of ACID-compliant general-purpose and flexible sharded resilient data management systems.

Download Full-text

AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection

Applied Sciences ◽

10.3390/app8122421 ◽

2018 ◽

Vol 8 (12) ◽

pp. 2421 ◽

Cited By ~ 1

Author(s):

Chongya Song ◽

Alexander Pons ◽

Kang Yen

Keyword(s):

Markov Model ◽

Hidden Markov Model ◽

Performance Metrics ◽

Hidden Markov ◽

Data Sets ◽

Learning Abilities ◽

Benchmark Data ◽

Malicious Behavior ◽

Network Intrusion ◽

The Common

In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.

Download Full-text

Dynamic Analysis Bypassing Malware Detection Method Utilizing Malicious Behavior Visualization and Similarity

Lecture Notes in Electrical Engineering - Advanced Multimedia and Ubiquitous Engineering ◽

10.1007/978-981-10-5041-1_89 ◽

2017 ◽

pp. 560-565

Author(s):

Jihun Kim ◽

Jonghee M. Youn

Keyword(s):

Dynamic Analysis ◽

Detection Method ◽

Malware Detection ◽

Malicious Behavior

Download Full-text

Secure Online Examination with Biometric Authentication and Blockchain-Based Framework

Mathematical Problems in Engineering ◽

10.1155/2021/5058780 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Xiaoling Zhu ◽

Chenglong Cao

Keyword(s):

Access Control ◽

Biometric Authentication ◽

Fine Grained ◽

Fuzzy Vault ◽

Malicious Behavior ◽

Online Examination ◽

E Learning ◽

Important Means ◽

Biometric Templates ◽

Biometric Features

E-learning has been carried out all over the world and then online examinations have become an important means to check learning effect during the outbreak of COVID-19. Participant authenticity, data integrity, and access control are the assurance to online examination. The existing online examination schemes cannot provide the protection of biometric features and fine-grained access control. Particularly, they did not discuss how to resolve some disputes among students, teachers, and a platform in a fair and reasonable way. We propose a novel biometric authentication and blockchain-based online examination scheme. The examination data are encrypted to store in a distributed system, which can be obtained only if the user satisfies decryption policy. And the pieces of evidence are recorded in a blockchain network which is jointly established by some credible institutions. Unlike other examination authentication systems, face templates in our scheme are protected using a fuzzy vault and a cryptographic method. Furthermore, educational administrative department can determine who the real initiator of malicious behavior is when a dispute arises using a dispute determination protocol. Analysis shows that no central authority is required in our scheme; the collusion of multiple users cannot obtain more data; even if the authorities compromise, biometric features of each user will not be leaked. Therefore, in terms of privacy-preserving biometric templates, fine-grained access, and dispute resolution, it is superior to the existing schemes.

Download Full-text

A Register Access Control Scheme for SNR System to Counter CPA Attack Based on Malicious User Blacklist

Future Internet ◽

10.3390/fi13100262 ◽

2021 ◽

Vol 13 (10) ◽

pp. 262

Author(s):

Jia Shi ◽

Xuewen Zeng ◽

Yang Li

Keyword(s):

Access Control ◽

System Component ◽

Information Centric Networking ◽

Collusion Attack ◽

Malicious User ◽

Malicious Behavior ◽

Pollution Attack ◽

Resolution System ◽

Control Scheme ◽

Registration Phase

Standalone Name Resolution (SNR) is an essential component of many Information-Centric Networking (ICN) infrastructures that maps and stores the mappings of IDs and locators. The delivery of data can be realized only when the name resolution process is completed correctly. It also makes the SNR become the key target of network attackers. In this paper, our research focuses on the more covert and complex Content Pollution Attack (CPA). By continuously sending invalid content to the network at a low speed, attackers will consume a lot of the resources and time of the SNR system, resulting in a serious increase in the resolution delay of normal users and further cache pollution in ICN. It is difficult to be quickly detected because the characteristics of attack are inconspicuous. To address the challenge, a register access control scheme for an SNR system based on a malicious user blacklist query is proposed. A neighbor voting algorithm is designed to discover possible attacks in the network quickly and build a blacklist of malicious users reasonably. Users on the blacklist will be restricted from accessing the ICN network during the registration phase with the resolution system. Incentives and punishments for network users are introduced to automate responses about the potential malicious behavior reports. Our scheme is more efficient as users do not have to wait for an additional system component to perform operations. In addition, our algorithm can better solve the collusion problem in the voting process when compared with the others. We experimentally evaluate our protocol to demonstrate that the probability of successful collusion attack can be reduced to less than 0.1 when the attacker ratio is 0.5.

Download Full-text