-
Mal2GCN: A Robust Malware Detection Approach Using Deep Graph Convolutional Networks With Non-Negative Weights
Authors:
Omid Kargarnovin,
Amir Mahdi Sadeghzadeh,
Rasool Jalili
Abstract:
With the growing pace of using Deep Learning (DL) to solve various problems, securing these models against adversaries has become one of the main concerns of researchers. Recent studies have shown that DL-based malware detectors are vulnerable to adversarial examples. An adversary can create carefully crafted adversarial examples to evade DL-based malware detectors. In this paper, we propose Mal2G…
▽ More
With the growing pace of using Deep Learning (DL) to solve various problems, securing these models against adversaries has become one of the main concerns of researchers. Recent studies have shown that DL-based malware detectors are vulnerable to adversarial examples. An adversary can create carefully crafted adversarial examples to evade DL-based malware detectors. In this paper, we propose Mal2GCN, a robust malware detection model that uses Function Call Graph (FCG) representation of executable files combined with Graph Convolution Network (GCN) to detect Windows malware. Since FCG representation of executable files is more robust than raw byte sequence representation, numerous proposed adversarial example generating methods are ineffective in evading Mal2GCN. Moreover, we use the non-negative training method to transform Mal2GCN to a monotonically non-decreasing function; thereby, it becomes theoretically robust against appending attacks. We then present a black-box source code-based adversarial malware generation approach that can be used to evaluate the robustness of malware detection models against real-world adversaries. The proposed approach injects adversarial codes into the various locations of malware source codes to evade malware detection models. The experiments demonstrate that Mal2GCN with non-negative weights has high accuracy in detecting Windows malware, and it is also robust against adversarial attacks that add benign features to the Malware source code.
△ Less
Submitted 12 March, 2022; v1 submitted 27 August, 2021;
originally announced August 2021.
-
HODA: Hardness-Oriented Detection of Model Extraction Attacks
Authors:
Amir Mahdi Sadeghzadeh,
Amir Mohammad Sobhanian,
Faezeh Dehghan,
Rasool Jalili
Abstract:
Model Extraction attacks exploit the target model's prediction API to create a surrogate model in order to steal or reconnoiter the functionality of the target model in the black-box setting. Several recent studies have shown that a data-limited adversary who has no or limited access to the samples from the target model's training data distribution can use synthesis or semantically similar samples…
▽ More
Model Extraction attacks exploit the target model's prediction API to create a surrogate model in order to steal or reconnoiter the functionality of the target model in the black-box setting. Several recent studies have shown that a data-limited adversary who has no or limited access to the samples from the target model's training data distribution can use synthesis or semantically similar samples to conduct model extraction attacks. In this paper, we define the hardness degree of a sample using the concept of learning difficulty. The hardness degree of a sample depends on the epoch number that the predicted label of that sample converges. We investigate the hardness degree of samples and demonstrate that the hardness degree histogram of a data-limited adversary's sample sequences is distinguishable from the hardness degree histogram of benign users' samples sequences. We propose Hardness-Oriented Detection Approach (HODA) to detect the sample sequences of model extraction attacks. The results demonstrate that HODA can detect the sample sequences of model extraction attacks with a high success rate by only monitoring 100 samples of them, and it outperforms all previous model extraction detection methods.
△ Less
Submitted 24 February, 2022; v1 submitted 21 June, 2021;
originally announced June 2021.
-
AWA: Adversarial Website Adaptation
Authors:
Amir Mahdi Sadeghzadeh,
Behrad Tajali,
Rasool Jalili
Abstract:
One of the most important obligations of privacy-enhancing technologies is to bring confidentiality and privacy to users' browsing activities on the Internet. The website fingerprinting attack enables a local passive eavesdropper to predict the target user's browsing activities even she uses anonymous technologies, such as VPNs, IPsec, and Tor. Recently, the growth of deep learning empowers advers…
▽ More
One of the most important obligations of privacy-enhancing technologies is to bring confidentiality and privacy to users' browsing activities on the Internet. The website fingerprinting attack enables a local passive eavesdropper to predict the target user's browsing activities even she uses anonymous technologies, such as VPNs, IPsec, and Tor. Recently, the growth of deep learning empowers adversaries to conduct the website fingerprinting attack with higher accuracy. In this paper, we propose a new defense against website fingerprinting attack using adversarial deep learning approaches called Adversarial Website Adaptation (AWA). AWA creates a transformer set in each run so that each website has a unique transformer. Each transformer generates adversarial traces to evade the adversary's classifier. AWA has two versions, including Universal AWA (UAWA) and Non-Universal AWA (NUAWA). Unlike NUAWA, there is no need to access the entire trace of a website in order to generate an adversarial trace in UAWA. We accommodate secret random elements in the training phase of transformers in order for AWA to generate various sets of transformers in each run. We run AWA several times and create multiple sets of transformers. If an adversary and a target user select different sets of transformers, the accuracy of adversary's classifier is almost 19.52% and 31.94% with almost 22.28% and 26.28% bandwidth overhead in UAWA and NUAWA, respectively. If a more powerful adversary generates adversarial traces through multiple sets of transformers and trains a classifier on them, the accuracy of adversary's classifier is almost 49.10% and 25.93% with almost 62.52% and 64.33% bandwidth overhead in UAWA and NUAW, respectively.
△ Less
Submitted 13 April, 2021; v1 submitted 19 December, 2020;
originally announced December 2020.
-
Adversarial Network Traffic: Towards Evaluating the Robustness of Deep Learning-Based Network Traffic Classification
Authors:
Amir Mahdi Sadeghzadeh,
Saeed Shiravi,
Rasool Jalili
Abstract:
Network traffic classification is used in various applications such as network traffic management, policy enforcement, and intrusion detection systems. Although most applications encrypt their network traffic and some of them dynamically change their port numbers, Machine Learning (ML) and especially Deep Learning (DL)-based classifiers have shown impressive performance in network traffic classifi…
▽ More
Network traffic classification is used in various applications such as network traffic management, policy enforcement, and intrusion detection systems. Although most applications encrypt their network traffic and some of them dynamically change their port numbers, Machine Learning (ML) and especially Deep Learning (DL)-based classifiers have shown impressive performance in network traffic classification. In this paper, we evaluate the robustness of DL-based network traffic classifiers against Adversarial Network Traffic (ANT). ANT causes DL-based network traffic classifiers to predict incorrectly using Universal Adversarial Perturbation (UAP) generating methods. Since there is no need to buffer network traffic before sending ANT, it is generated live. We partition the input space of the DL-based network traffic classification into three categories: packet classification, flow content classification, and flow time series classification. To generate ANT, we propose three new attacks injecting UAP into network traffic. AdvPad attack injects a UAP into the content of packets to evaluate the robustness of packet classifiers. AdvPay attack injects a UAP into the payload of a dummy packet to evaluate the robustness of flow content classifiers. AdvBurst attack injects a specific number of dummy packets with crafted statistical features based on a UAP into a selected burst of a flow to evaluate the robustness of flow time series classifiers. The results indicate injecting a little UAP into network traffic, highly decreases the performance of DL-based network traffic classifiers in all categories.
△ Less
Submitted 20 January, 2021; v1 submitted 2 March, 2020;
originally announced March 2020.
-
Two Novel Server-Side Attacks against Log File in Shared Web Hosting Servers
Authors:
Seyed Ali Mirheidari,
Sajjad Arshad,
Saeidreza Khoshkdahan,
Rasool Jalili
Abstract:
Shared Web Hosting service enables hosting multitude of websites on a single powerful server. It is a well-known solution as many people share the overall cost of server maintenance and also, website owners do not need to deal with administration issues is not necessary for website owners. In this paper, we illustrate how shared web hosting service works and demonstrate the security weaknesses ris…
▽ More
Shared Web Hosting service enables hosting multitude of websites on a single powerful server. It is a well-known solution as many people share the overall cost of server maintenance and also, website owners do not need to deal with administration issues is not necessary for website owners. In this paper, we illustrate how shared web hosting service works and demonstrate the security weaknesses rise due to the lack of proper isolation between different websites, hosted on the same server. We exhibit two new server-side attacks against the log file whose objectives are revealing information of other hosted websites which are considered to be private and arranging other complex attacks. In the absence of isolated log files among websites, an attacker controlling a website can inspect and manipulate contents of the log file. These attacks enable an attacker to disclose file and directory structure of other websites and launch other sorts of attacks. Finally, we propose several countermeasures to secure shared web hosting servers against the two attacks subsequent to the separation of log files for each website.
△ Less
Submitted 2 November, 2018;
originally announced November 2018.
-
A Comprehensive Approach to Abusing Locality in Shared Web Hosting Servers
Authors:
Seyed Ali Mirheidari,
Sajjad Arshad,
Saeidreza Khoshkdahan,
Rasool Jalili
Abstract:
With the growing of network technology along with the need of human for social interaction, using websites nowadays becomes critically important which leads in the increasing number of websites and servers. One popular solution for managing these large numbers of websites is using shared web hosting servers in order to decrease the overall cost of server maintenance. Despite affordability, this so…
▽ More
With the growing of network technology along with the need of human for social interaction, using websites nowadays becomes critically important which leads in the increasing number of websites and servers. One popular solution for managing these large numbers of websites is using shared web hosting servers in order to decrease the overall cost of server maintenance. Despite affordability, this solution is insecure and risky according to high amount of reported defaces and attacks during recent years. In this paper, we introduce top ten most common attacks in shared web hosting servers which can occur because of the nature and bad configuration in these servers. Moreover, we present several simple scenarios that are capable of penetrating these kinds of servers even with the existence of several securing mechanisms. Finally, we provide a comprehensive secure configuration for confronting these attacks.
△ Less
Submitted 2 November, 2018;
originally announced November 2018.
-
Alert Correlation Algorithms: A Survey and Taxonomy
Authors:
Seyed Ali Mirheidari,
Sajjad Arshad,
Rasool Jalili
Abstract:
Alert correlation is a system which receives alerts from heterogeneous Intrusion Detection Systems and reduces false alerts, detects high level patterns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks. To reach these goals, many algorithms have been introduced in the world with many advantages and disadvantages. In t…
▽ More
Alert correlation is a system which receives alerts from heterogeneous Intrusion Detection Systems and reduces false alerts, detects high level patterns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks. To reach these goals, many algorithms have been introduced in the world with many advantages and disadvantages. In this paper, we are trying to present a comprehensive survey on already proposed alert correlation algorithms. The approach of this survey is mainly focused on algorithms in correlation engines which can work in enterprise and practical networks. Having this aim in mind, many features related to accuracy, functionality, and computation power are introduced and all algorithm categories are assessed with these features. The result of this survey shows that each category of algorithms has its own strengths and an ideal correlation frameworks should be carried the strength feature of each category.
△ Less
Submitted 2 November, 2018;
originally announced November 2018.
-
Statistical Disclosure: Improved, Extended, and Resisted
Authors:
Navid Emamdoost,
Mohammad Sadeq Dousti,
Rasool Jalili
Abstract:
Traffic analysis is a type of attack on secure communications systems, in which the adversary extracts useful patterns and information from the observed traffic. This paper improves and extends an efficient traffic analysis attack, called "statistical disclosure attack." Moreover, we propose a solution to defend against the improved (and, a fortiori, the original) statistical disclosure attack. Ou…
▽ More
Traffic analysis is a type of attack on secure communications systems, in which the adversary extracts useful patterns and information from the observed traffic. This paper improves and extends an efficient traffic analysis attack, called "statistical disclosure attack." Moreover, we propose a solution to defend against the improved (and, a fortiori, the original) statistical disclosure attack. Our solution delays the attacker considerably, meaning that he should gather significantly more observations to be able to deduce meaningful information from the traffic.
△ Less
Submitted 29 September, 2017;
originally announced October 2017.
