23,028 Hits in 3.7 sec

Whom Does Your Android App Talk To?

Xuetao Wei, Iulian Neamtiu, Michalis Faloutsos
2015 2015 IEEE Global Communications Conference (GLOBECOM)  
Smartphone privacy and security work has focused mostly on malicious apps. We take a different angle by questioning whether good apps suffer from a lack of judgment and interact with "bad" websites.  ...  The focus of our work is this relatively neglected aspect of security: "Whom does an app talk to?"  ...  The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the National Science Foundation  ... 
doi:10.1109/glocom.2015.7416952 fatcat:etpoi4vdmvcg3pkhzyen5mwii4

Evaluating the Flexibility of the Java Sandbox

Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, Joshua Sunshine
2015 Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015  
We describe an empirical study of the ways benign open-source Java applications use and interact with the Java security manager.  ...  clear differences between the ways benign and exploit programs interact with the security manager.  ...  Summary of benign behaviors Recall that in Section 3, we refined the high-level research question-how do benign applications interact with the security manager?  ... 
doi:10.1145/2818000.2818003 dblp:conf/acsac/CokerMDGS15 fatcat:gmmzimr7hjf5jpqyttht2xipsa

State of the Art Analysis Approach for Identification of the Malignant URLs

Amruta Rajeev Nagaonkar, Umesh L. Kulkarni
2017 IOSR Journal of Computer Engineering  
Therefore efficiency of web security gets maintained. For such anatomization we developed an analyzer which identifies URLs and examine as malicious or benign.  ...  In this paper we described a novel approach which analyze all types of attacks by identifying malicious URLs and secure the web users from them.  ...  Length of URL 4. Length of hyphen 5. Length of domain 6. Domain name extension 7. Length of max-length in domain name 8.  ... 
doi:10.9790/0661-1901020612 fatcat:ssynebg73vg47insjhcwwfik4u

Analyzing Information Flow in JavaScript-Based Browser Extensions

Mohan Dhawan, Vinod Ganapathy
2009 2009 Annual Computer Security Applications Conference  
To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges.  ...  We implemented Sabre by modifying the Firefox browser and evaluated it using both malicious JSEs as well as benign ones that contained exploitable vulnerabilities.  ...  We thank Jan Jajalla for his help with experiments, members of DiscoLab and the anonymous reviewers for their comments. This work was supported by NSF awards 0831268, 0915394 and 0931992.  ... 
doi:10.1109/acsac.2009.43 dblp:conf/acsac/DhawanG09 fatcat:2qis6oqbtzduxepgq2zh2q3zpy

Secure Real-Time Computational Intelligence System Against Malicious QR Code Links

Heider A. M. Wahsheh, Mohammed S. Al-Zahrani
2021 International Journal of Computers Communications & Control  
A dataset of 90 000 benign and malicious URLs was collected from various resources, and their lexical properties were extracted.  ...  Several of these solutions are limited to malicious link detection methods or require knowledge of cryptographic techniques.  ...  Acknowledgement The authors acknowledge the Deanship of Scientific Research at King Faisal University for the financial support under Nasher Track (Grant No. 206046).  ... 
doi:10.15837/ijccc.2021.3.4186 fatcat:g3kr3avt6rewrnbk6appv4lcfy

ASPIRE: Iterative Specification Synthesis for Security

Kevin Zhijie Chen, Warren He, Devdatta Akhawe, Vijay D'Silva, Prateek Mittal, Dawn Song
2015 USENIX Workshop on Hot Topics in Operating Systems  
How to perform a systematic security analysis of complex applications is a challenging and open question.  ...  We implement a prototype of AS-PIRE for synthesizing and checking specifications of web applications, although our approach is not limited to web security, and use it in three case studies to demonstrate  ...  Interaction The set of endpoints consists of a benign client, a malicious client, a malicious server and a set of benign servers defined by the synthesized MDL specification.  ... 
dblp:conf/hotos/ChenHADMS15 fatcat:p6aesgfcyrbh5lpgnnc4zwku3a

Malicious Websites Detection and Search Engine Protection

Hao Zhou, Jianhua Sun, Hao Chen
2013 Journal of Advances in Computer Networks  
With the development of the Internet, the amount of information is expanding rapidly. Naturally, search engine becomes the backbone of information management.  ...  Nevertheless, the flooding of large number of malicious websites on search engine has posed tremendous threat to our users.  ...  Many malicious websites from public blacklist can"t be accesses currently, so we gathered malicious websites from several security agencies. 1) Benign URLs We collected 22014 benign URLs from three following  ... 
doi:10.7763/jacn.2013.v1.52 fatcat:bwjozmqrcvgkth56dkgoy44tei

Experiences Deploying Multi-Vantage-Point Domain Validation at Let's Encrypt

Henry Birge-Lee, Liang Wang, Daniel McCarney, Roland Shoemaker, Jennifer Rexford, Prateek Mittal
2021 USENIX Security Symposium  
We explore the design space of multi-vantage-point domain validation to achieve (1) security via sufficiently diverse vantage points, (2) performance by ensuring low latency and overhead in certificate  ...  We show that multi-vantage-point domain validation can thwart the vast majority of BGP attacks.  ...  We are also grateful for support from the Open Technology Fund and International Republican Institute through their Securing Domain Validation project, the National Science Foundation under grant CNS-1553437  ... 
dblp:conf/uss/Birge-LeeWMSRM21 fatcat:ch4tgxgmmfcyhorbvlqdpb7ifa

Quality of interaction among path computation elements for trust-aware inter-provider cooperation

C. J. Fung, B. Martini, M. Gharbaoui, F. Paolucci, A. Giorgetti, P. Castoldi
2014 2014 IEEE International Conference on Communications (ICC)  
This work introduces the concepts of Quality of Interaction and trust ranking and elaborates a trust management model including effectiveness and security objectives regulating the cooperation among PCEs  ...  Path Computation Element (PCE) architecture enables effective traffic engineering in multi-domain networks while limiting the exposure of intra-domain information.  ...  QUALITY OF INTERACTION AND TRUST-AWARE PCE COLLABORATION In multi-domain PCE architecture, the PCEs belonging to different domains cooperate using client-server interactions for computing inter-domain  ... 
doi:10.1109/icc.2014.6883397 dblp:conf/icc/FungMGPGC14 fatcat:5qxupfvtmjhlbbu4teffm4wkwi

Machine Learning in Cyber-Security - Problems, Challenges and Data Sets [article]

Idan Amit, John Matherly, William Hewlett, Zhi Xu, Yinnon Meshi, Yigal Weinberger
2019 arXiv   pre-print
We also present a method to generate labels via pivoting, providing a solution to common problems of lack of labels in cyber-security.  ...  We present cyber-security problems of high importance. We show that in order to solve these cyber-security problems, one must cope with certain machine learning challenges.  ...  interactive command shell on host B.  ... 
arXiv:1812.07858v3 fatcat:j62uh2pw65cxdossot4w4ez72e

Code-Reuse Attacks for the Web

Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß, Eduardo A. Vela Nava, Martin Johns
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
In our data set 78.30% of all secondlevel domains had at least one data ow from an HTML attribute into a security-sensitive sink, whereas 59.51% of the sites exhibited such ows from dataattributes.  ...  Because of this, we decided to deduplicate our nal results based on the rst domain before the top level domain (subsequently called "second level domains").  ... 
doi:10.1145/3133956.3134091 dblp:conf/ccs/LekiesKGNJ17 fatcat:kaeubika4rfrpkmkvkym7l2aii

A Word-Level Analytical Approach for Identifying Malicious Domain Names Caused by Dictionary-Based DGA Malware

Akihiro Satoh, Yutaka Fukuda, Gen Kitagata, Yutaka Nakamura
2021 Electronics  
Our approach contributes to dramatically improving network security by providing a technique to address various types of malware encroachment.  ...  are distinctly different from those of human-generated domains.  ...  benign and malicious domains, which is 80% of the datasets, and to predict 646,224 benign and malicious domains, which is 20% of the datasets.  ... 
doi:10.3390/electronics10091039 doaj:6ffbaa98c18c4cb7956dcaadedbdadf6 fatcat:s4bxpyagyncglhjor4hnymkoie

Evasive Malicious Website Detection by Leveraging Redirection Subgraph Similarities

Toshiki SHIBAHARA, Yuta TAKATA, Mitsuaki AKIYAMA, Takeshi YAGI, Kunio HATO, Masayuki MURATA
2019 IEICE transactions on information and systems  
malicious, benign, and compromised websites.  ...  Security researchers and vendors have tried to prevent the attacks by detecting malicious data, i.e., malicious URLs, web content, and redirections.  ...  Feature 1 # of different domains 2 Path length 3 # of HTTP 3xx redirections 4 # of different domain HTTP 3xx redirections 5 # of consecutive HTTP 3xx redirections 6 # of consecutive different domain HTTP  ... 
doi:10.1587/transinf.2018fcp0007 fatcat:h7aszr7ujna75gjsezeradugyi

Self-protection of Android systems from inter-component communication attacks

Mahmoud Hammad, Joshua Garcia, Sam Malek
2018 Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering - ASE 2018  
analysis, SALMA models an Android system using seven domains, four component interaction domains and three permission domains.  ...  Note that the communication domain also includes interactions between the Android framework and components of third-party apps.  ...  The evaluation of RevealDroid using a large dataset consisting of more than 54,000 malicious and benign apps shows the accuracy and the resiliency of RevealDroid against code obfuscation.  ... 
doi:10.1145/3238147.3238207 dblp:conf/kbse/HammadGM18 fatcat:qht4e54ehjfltlht6wjuwzsata

An evasion and counter-evasion study in malicious websites detection

Li Xu, Zhenxin Zhan, Shouhuai Xu, Keying Ye
2014 2014 IEEE Conference on Communications and Network Security  
models by taking advantage of this symmetry.  ...  In this paper, we present a framework for characterizing the evasion and counter-evasion interactions between the attacker and the defender, where the attacker attempts to evade the defender's detection  ...  This suggests that we might need to design new machine learning algorithms to best fit the domain of security problems.  ... 
doi:10.1109/cns.2014.6997494 dblp:conf/cns/XuZXY14 fatcat:luptx5v3yvc7jlbabxqzum6agq
« Previous Showing results 1 — 15 out of 23,028 results