The extremely diffused architecture of the Internet enables propagation malware and presents a significant challenge for development defenses against such propagation. Although machine learning-based detection models can improve approaches in response to this problem, their rates vary according features classification methods. Single learning effectiveness suitability classifiers despite use an appropriate training dataset. Some result high with malicious dataset but have low benign dataset,...

Hardware technologies for trusted computing, or execution environments (TEEs), have rapidly matured over the last decade.In fact, TEEs are at brink of widespread commoditization with recent introduction Intel Software Guard Extensions (Intel SGX).Despite such rapid development TEE, software TEE significantly lag behind their hardware counterpart, and currently only a select group researchers privilege accessing this technology.To address problem, we develop an open source platform, called...

ARM TrustZone is widely used to provide a Trusted Execution Environment (TEE) for mobile devices. However, the use of limited because resources are only available some pre-authorized applications. In other words, alliances OS vendors and device manufacturers can secure their services. To help overcome this problem, we designed PrivateZone framework enable individual developers utilize resources. Using PrivateZone, run Security Critical Logics (SCL) in Private (PrEE). The advantage its...

Given the energy constraints in autonomous mobile agents (AMAs), such as unmanned vehicles, spiking neural networks (SNNs) are increasingly favored a more efficient alternative to traditional artificial networks. AMAs employ multi-object detection (MOD) from multiple cameras identify nearby objects while ensuring two essential objectives, (R1) timing guarantee and (R2) high accuracy for safety. In this paper, we propose RT-SNN, first system design, aiming at achieving R1 R2 SNN-based MOD...

Modern applications often involve processing of sensitive information. However, the lack privilege separation within user space leaves application secret such as cryptographic keys just unprotected a "hello world" string. Cutting-edge hardware-supported security features are being introduced. vendor-specific or compatibility with older generations processors. The situation developers no portable solution to incorporate protection for component. We propose LOTRx86, fundamental and approach...

Abstract The advancement of software defined networking (SDN) is redefining traditional computer architecture. role the control plane SDN such importance that SDNs are referred to as network operating systems (OSs). However, robustness and security OS has been overlooked. In this paper, we report three main issues pertaining OSs. First, identified vulnerabilities could be exploited by malicious or buggy applications running on We also four major attack vectors undermine operations: denial...

External hardware-based kernel integrity monitors have been proposed to mitigate kernel-level malwares. However, the existing external approaches limited monitoring static regions of while latest rootkits manipulate dynamic objects. To address issue, we present KI-Mon, a platform that introduces event-triggered techniques for KI-Mon advances bus traffic snooping technique not only detect memory write on host but also filter out all meaningful generate events. We show how invariant...

Malware has been installed through drive-by downloads via exploit kit attacks. However, the prior signature- or dynamic-based detection approach to continuously increasing number of suspicious samples is time-consuming. In such circumstances, convolutional neural networks (ConvNets) can help in rapid owing their direct image-feature generation using codes. general ConvNet model entails vanishing gradient problem, where features used for a deep learning-based method will become less effective...

This paper proposes and describes an active authentication model based on user profiles built from user-issued commands when interacting with GUI-based application. Previous behavioral models derived issued were limited to analyzing the user's interaction *Nix (Linux or Unix) command shell program. Human-computer (HCI) research has explored idea of building users their patterns such graphical interfaces. It did so by keystroke and/or mouse dynamics. However, none had creating capturing...

Abstract While container adoption has witnessed significant growth in facilitating the operation of large-scale applications, this increased attention also attracted adversaries who exploit numerous vulnerabilities present contemporary containers. Unfortunately, existing security solutions largely overlooked need to restrict access shared host kernel, particularly exhibiting critical limitations enforcing least privilege for containers during runtime. Hence, we propose Optimus, an automated...

The existing approaches to instruction trace-based security monitoring hardware are dependent on the privileged software, which presents a significant challenge in defending against attacks software itself. To address this challenge, we propose Interstellar, introduces partitioned near CPU's main core and leverages benefit of hardware-level monitoring. Interstellar is fully partitioned, parallelized, simultaneously detecting hardware. Interstellar's design makes malicious hard...

ARM TrustZone provides a Trusted Execution Environment (TEE) to isolate security-critical services, which are generally invoked from the Rich (REE) through communication channel established by executing Secure Monitor Call (SMC) with general registers configured as input parameters. Unfortunately, has been abused adversaries incur misbehavior of TEE, analyze internal working and exploit its vulnerabilities. We therefore propose TEE defense (TFence) framework that enables creation partially...

This paper addresses active authentication using scrolling behaviors for biometrics and assesses different classification clustering methods that leverage those traits. The dataset used contained event-driven temporal data captured through monitoring users' reading habits. derived feature set is mainly composed of events their derivatives (changes) 5-gram sequencing to increase the number extracted context. Classification performance in terms both accuracy Area under Curve (AUC) Receiver...

Stack-based memory corruption vulnerabilities have been exploited, allowing attackers to execute arbitrary code and read/write memory. Although several solutions proposed prevent errors on the stack, they are either limited a specific type of attack (either spatial or temporal attacks) cause significant performance degradation. In this article, we introduce SaVioR, an efficient comprehensive stack protection mechanism. The key technique involves randomization layout reduce its predictability...