BASS 2018 Abstracts


Full Papers
Paper Nr: 1
Title:

Support Vector Machines for Image Spam Analysis

Authors:

Aneri Chavda, Katerina Potika, Fabio Di Troia and Mark Stamp

Abstract: Email is one of the most common forms of digital communication. Spam is unsolicited bulk email, while image spam consists of spam text embedded inside an image. Image spam is used as a means to evade text-based spam filters, and hence image spam poses a threat to email-based communication. In this research, we analyze image spam detection using support vector machines (SVMs), which we train on a wide variety of image features. We use a linear SVM to quantify the relative importance of the features under consideration. We also develop and analyze a realistic “challenge” dataset that illustrates the limitations of current image spam detection techniques.

Paper Nr: 2
Title:

On the Effectiveness of Generic Malware Models

Authors:

Naman Bagga, Fabio Di Troia and Mark Stamp

Abstract: Malware detection based on machine learning typically involves training and testing models for each malware family under consideration. While such an approach can generally achieve good accuracy, it requires many classification steps, resulting in a slow, inefficient, and potentially impractical process. In contrast, classifying samples as malware or benign based on more generic “families” would be far more efficient. However, extracting common features from extremely general malware families will likely result in a model that is too generic to be useful. In this research, we perform controlled experiments to determine the tradeoff between generality and accuracy—over a variety of machine learning techniques—based on n-gram features.

Paper Nr: 3
Title:

Robust Hashing for Image-based Malware Classification

Authors:

Wei-Chung Huang, Fabio Di Troia and Mark Stamp

Abstract: In this paper, we compare and contrast support vector machine (SVM) classifiers to robust hashing based strategies for the malware classification problem. For both the SVM and robust hashing approaches, we treat each executable file as a two-dimensional image. We experiment with two image-based robust hashing techniques, one that relies on wavelet analysis, and one that uses distributed coding. For our support vector machine experiments, we consider an image-based feature that deals with horizontal edges. While the SVM performs slightly better, there are some potential advantages to robust hashing for malware detection.

Paper Nr: 4
Title:

Towards a Systematic Process-aware Behavioral Analysis for Security

Authors:

Laura Genga and Nicola Zannone

Abstract: Nowadays, security is a key concern for organizations. An increasingly popular solution to enhance security in organizational settings is the adoption of anomaly detection systems. These systems raise an alert when an abnormal behavior is detected, upon which proper measures have to be taken. A well-known drawback of these solutions is that the underlying detection engine is a black box, i.e., the behavioral profiles used for detections are encoded in some mathematical model that is challenging to understand for human analysts or, in some cases, is not even accessible. Therefore, anomaly detection systems often fail in supporting analysts in understanding what is happening in the system and how to respond to detected security threats. In this work, we investigate the use of process analysis techniques to build behavioral models understandable by human analysts. We also delineate a systematic methodology for process-aware behaviors analysis and discuss the findings obtained by applying such a methodology to a real-world event log.

Paper Nr: 5
Title:

Collective Responsibility and Mutual Coercion in IoT Botnets - A Tragedy of the Commons Problem

Authors:

Carolina Adaros Boye, Paul Kearney and Mark Josephs

Abstract: In recent years, several cases of DDoS attacks using IoT botnets have been reported, including the largest DDoS known, caused by the malware Mirai in 2016. The infection of the IoT devices could have been prevented with basic security hygiene, but as the actors responsible to apply these preventative measures are not the main target but just “enablers” of the attack their incentive is little. In most cases they will even be unaware of the situation. Internet, as a common and shared space allows also some costs to be absorbed by the community rather than being a direct consequence suffered by those that behave insecurely. This paper analyses the long term effects of the prevalence of a system where individual decision-making systematically causes net harm. An analogy with “the tragedy of the commons” problem is done under the understanding that rational individuals seek the maximization of their own utility, even when this damages shared resources. Four areas of solution are proposed based on the review of this problem in different contexts. It was found necessary to include non-technical solutions and consider human behaviour. This opens a discussion about a multidisciplinary focus in IoT cyber security.

Paper Nr: 9
Title:

Feature Selection for Anomaly Detection in Vehicular Ad Hoc Networks

Authors:

Van Huynh Le, Jerry den Hartog and Nicola Zannone

Abstract: An emerging trend to improve automotive safety is the development of Vehicle-to-Vehicle (V2V) safety applications. These applications use information gathered from the vehicle’s sensors and from surrounding vehicles to detect and prevent imminent crashes. Vehicles have been equipped with external communication interfaces to make these applications possible, but this also exposes them to security threats. If an attacker is able to feed safety applications with incorrect data, they might actually cause accidents rather than prevent them. In this paper, we investigate the application of white-box anomaly detection to detect such attacks. A key step in applying such an approach is the selection of the “right” behavioral features, i.e. features that allow the detection of attacks and provide an understanding of the raised alerts. By finding meaningful features and building accurate models of normal behavior, this work makes a first step towards the design of effective anomaly detection engines for V2V communication.