Peer-to-peer (P2P) botnets have recently been adopted by botmasters for their resiliency against take-down efforts. Besides being harder to take down, modern tend be stealthier in the way they perform malicious activities, making current detection approaches ineffective. In addition, rapidly growing volume of network traffic calls high scalability systems. this paper, we propose a novel scalable botnet system capable detecting stealthy P2P botnets. Our first identifies all hosts that are...

As the most competitive solution for next-generation network, SDN and its dominant implementation OpenFlow are attracting more interests. But besides convenience flexibility, SDN/OpenFlow also introduces new kinds of limitations security issues. Of these limitations, obvious maybe neglected one is flow table capacity switches. In this paper, we proposed a novel inference attack targeting at which motivated by limited capacities switches following measurable network performance decrease...

Virtual currency in OSNs plays an increasingly important role supporting various financial activities such as exchange, online shopping, and paid games. Users usually purchase virtual using real currency. This fact motivates attackers to instrument army of accounts collect unethically or illegally with no very low cost then launder the collected money for massive profit. Such attacks not only introduce significant loss victim users, but also harm viability ecosystem. It is therefore central...

Since the massive deployment of Cyber-Physical Systems (CPSs) calls for long-range and reliable communication services with manageable cost, it has been believed to be an inevitable trend relay a significant portion CPS traffic through existing networking infrastructures such as Internet. Adversaries who have access can therefore eavesdrop network then perform analysis attacks in order identify sessions subsequently launch various attacks. As we hardly prevent all adversaries from accessing...

Open Charge Point Protocol (OCPP) 1.6 is widely used in the electric vehicle (EV) charging industry to communicate between Charging System Management Services (CSMSs) and Electric Vehicle Supply Equipment (EVSE). Unlike OCPP 2.0.1, uses unencrypted websocket communications exchange information EVSE devices an on-premise or cloud-based CSMS. In this work, we demonstrate two machine-in-the-middle attacks on sessions terminate gain root access equipment via remote code execution. Second, a...

Online social networks (OSNs) gradually integrate financial capabilities by enabling the usage of real and virtual currency. They serve as new platforms to host a variety business activities, such online promotion events, where users can possibly get currency rewards participating in events. Both OSNs partners are significantly concerned when attackers instrument set accounts collect from these which make events ineffective result significant loss. It becomes great importance proactively...

As the domain name system (DNS) plays a critical role in malicious services and number of networks, especially small enterprise networks home that are generally poorly managed, grows rapidly, it is highly desired to outsource detection service thirdparty can aggregate information from multiple vantage points perform detection. To this end, we propose DNSRadar, explores coexistence cache-footprints distributed all participate outsourcing service. Bootstrapping list prelabeled domains,...

Website fingerprinting (WFP) could infer which websites a user is accessing via an encrypted proxy by passively inspecting the traffic between and proxy. The key to WFP designing classifier capable of distinguishing characteristics different websites. However, when deployed in real-life networks, well-trained may face significant obstacle training-testing asymmetry, fundamentally limits its practicability. Specifically, although pure samples can be collected controlled (clean) testbed for...

Unrestricted file upload vulnerabilities enable attackers to and execute malicious scripts in web servers. We have built a system, namely UChecker, effectively automatically detect such PHP server-side applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code perform symbolic execution. It then models using SMT constraints further leverages an solver verify the satisfiability these constraints. features novel vulnerability-oriented locality...

The efficient processing of document streams plays an important role in many information filtering systems. Emerging applications, such as news update and social network notifications, demand presenting end-users with the most relevant content to their preferences. In this work, user preferences are indicated by a set keywords. A central server monitors stream continuously reports each top-k documents that her Our objective is support large numbers users high rates, while refreshing results...

: Location information is a key issue for applications of the Internet Things. In this paper, we focus on mobile wireless networks with moving agents and targets. The positioning process divided into two phases based factor graph, i.e., prediction phase joint self-location tracking phase. phase, develop an adaptive model by exploiting correlation trajectories within short period to formulate message. calculate cooperative messages according variational message passing locate themselves....

Unrestricted file upload vulnerabilities enable attackers to malicious scripts a web server for later execution. We have built system, namely UFuzzer, effectively and automatically detect such in PHP-based server-side programs. Different from existing detection methods that use either static program analysis or fuzzing, UFuzzer integrates both (i.e., static-fuzzing co-analysis). Specifically, it leverages generate executable code templates compactly summarize the vulnerability-relevant...

Exfiltrating sensitive information from smartphones has become one of the most significant security threats. We have built a system to identify HTTP-based exfiltration malicious Android applications. In this paper, we discuss method track propagation in applications using static taint analysis. studied leaked information, destinations which is exfiltrated, and their correlations with types information. The analysis results based on 578 revealed that portion these are interested...

There is an increasing need of assessing and mitigating the effects successful attacks. Uncovering malicious contaminated objects in attacked computing system referred to as identification attack ramifications. Previous methods identify ramifications by directly tracking information flows (or dependences) from intrusion root (i.e., entry point attack). They face challenges such undetermined dependence explosion. In this paper, we present a novel, light-weight method capable identifying...

The Domain Name System (DNS), which does not encrypt domain names such as "bank.us" and "dentalcare.com", commonly accurately reflects the specific network services. Therefore, DNS-based behavioral analysis is extremely attractive for many applications forensics investigation online advertisement. Traditionally, a user can be trivially uniquely identified by device's IP address if it static (i.e., desktop or laptop). As more wireless mobile devices are deeply ingrained in our lives dynamic...

Designing secure cyber-physical systems (CPS) is fundamentally important and performing vulnerability assessment becomes indispensable. In this paper, we discuss our ongoing work on building an automated mission-aware CPS framework that can accomplish three objectives including i) mapping missions into infrastructural components, ii) evaluating global impact of each vulnerability, iii) achieving verifiable results high flexibility. order to these objectives, follow a model-assisted analysis...