EAI Endorsed Transactions on Security and Safety https://publications.eai.eu/index.php/sesa <div class="abstract"> <p>Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require the security of data handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication.</p> <p><strong>INDEXING</strong>: DOAJ, CrossRef, Google Scholar, ProQuest, EBSCO, CNKI, Dimensions</p> <p> </p> </div> en-US <p>This is an open-access article distributed under the terms of the Creative Commons Attribution <a href="https://creativecommons.org/licenses/by/3.0/" target="_blank" rel="noopener">CC BY 3.0</a> license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.</p> publications@eai.eu (EAI Publications Department) publications@eai.eu (EAI Support) Wed, 16 Mar 2022 10:29:01 +0000 OJS 3.3.0.18 http://blogs.law.harvard.edu/tech/rss 60 Binary Code Similarity Detection through LSTM and Siamese Neural Network https://publications.eai.eu/index.php/sesa/article/view/29 <p>Given the fact that many software projects are closed-source, analyzing security-related vulnerabilities at the binary level is quintessential to protect computer systems from attacks of malware. Binary code similarity detection is a potential solution for detecting malware from the binaries generated by the processor. In this paper, we proposed a malware detection mechanism based on the binaries using machine learning techniques. Through utilizing the Recurrent Neural Network (RNN), more specifically Long Short-Term Memory (LSTM) network, we generate the uniformed feature embedding of each binary file and further take advantage of the Siamese Neural Network to compute the similarity measure of the extracted features. Therefore, the security risks of the software projects can be evaluated through the similarity measure of the corresponding binaries with existing trained malware. Our real-world experimental results demonstrate a convincing performance in distinguishing out the outliers, and achieved slightly better performance compared with existing state-of-the-art methods.</p> Zhengping Luo, Tao Hou, Xiangrong Zhou, Hui Zeng, Zhuo Lu Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety https://creativecommons.org/licenses/by/3.0/ https://publications.eai.eu/index.php/sesa/article/view/29 Tue, 14 Sep 2021 00:00:00 +0000 Leveraging attention-based deep neural networks for security vetting of Android applications https://publications.eai.eu/index.php/sesa/article/view/30 <p>Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of attention-based mechanisms in natural language processing motivates us to apply the idea for security vetting of Android apps. An Android app’s code contains API-calls that can provide clues regarding the malicious or benign nature of an app. By observing the pattern of the API-calls being invoked, we can interpret the predictions of a model trained to separate benign apps from malicious apps. In this paper, using the attention mechanism, we aim to find the API-calls that are predictive with respect to the maliciousness of Android apps. More specifically, we target to identify a set of API-calls that malicious apps exploit, which might help the community discover new signatures of malware. In our experiment, we work with two attention-based models: Bi-LSTM Attention and Self-Attention. Our classification models achieve high accuracy in malware detection. Using the attention weights, we also extract the top 200 API-calls (that reflect the malicious behavior of the apps) from each of these two models, and we observe that there is significant overlap between the top 200 API-calls identified by the two models. This result increases our confidence that the top 200 API-calls can be used to improve the interpretability of the models.</p> Prabesh Pathak, Prabesh Poudel, Sankardas Roy, Doina Caragea Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety https://creativecommons.org/licenses/by/3.0/ https://publications.eai.eu/index.php/sesa/article/view/30 Mon, 27 Sep 2021 00:00:00 +0000 A Comprehensive Survey on Intrusion Detection based Machine Learning for IoT Networks https://publications.eai.eu/index.php/sesa/article/view/27 <p>The Internet of things (IoT) is a new ubiquitous technology that relies on heterogeneous devices and protocols. The IoT technologies are expected to offer a new level of connectivity thanks to its smart devices able to enhance everyday tasks and facilitate smart decisions based on sensed data. The IoT could collect sensitive data and should be able to face attacks and privacy issues. The IoT security issue is a hot topic of research and industrial concern. Indeed, threats against IoT devices and services could cause security breaches and data leakage. Aiming to identify attempts to abuse the IoT systems and mitigate malicious events, this paper studied the Intrusion Detection Systems (IDS) based on Machine Learning (ML) techniques. The ML approach could provide good tools to detect novel intrusion activities in a timely manner. This paper, therefore, highlighted the related issues to develop secured and efficient IoT services. It tried to allow a comprehensive review of IoT features and design. It mainly focused on intrusion detection based on the machine learning schema and built a taxonomy of different IoT attacks and threats. This paper also compared between the different intrusion detection techniques and established a taxonomy of machine leaning methods for intrusion detection solutions.</p> Hela Mliki, Abir Hadj Kaceam, Lamia Chaari Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety https://creativecommons.org/licenses/by/3.0/ https://publications.eai.eu/index.php/sesa/article/view/27 Wed, 06 Oct 2021 00:00:00 +0000 FedADMP: A Joint Anomaly Detection and Mobility Prediction Framework via Federated Learning https://publications.eai.eu/index.php/sesa/article/view/26 <p>With the proliferation of mobile devices and smart cameras, detecting anomalies and predicting their mobility are critical for enhancing safety in ubiquitous computing systems. Due to data privacy regulations and limited communication bandwidth, it is infeasible to collect, transmit, and store all data from mobile devices at a central location. To overcome this challenge, we propose FedADMP, a federated learning based joint Anomaly Detection and Mobility Prediction framework. FedADMP adaptively splits the training process between the server and clients to reduce computation loads on clients. To protect the privacy of user data, clients in FedADMP upload only intermediate model parameters to the cloud server. We also develop a differential privacy method to prevent the cloud server and external attackers from inferring private information during the model upload procedure. Extensive experiments using real-world datasets show that FedADMP consistently outperforms existing methods.</p> Zezhang Yang, Jian Li, Ping Yang Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety https://creativecommons.org/licenses/by/3.0/ https://publications.eai.eu/index.php/sesa/article/view/26 Thu, 21 Oct 2021 00:00:00 +0000 Device Authentication Codes based on RF Fingerprinting using Deep Learning https://publications.eai.eu/index.php/sesa/article/view/31 <p>In this paper, we propose Device Authentication Code (DAC), a novel method for authenticating IoT devices with wireless interface, by exploiting their radio frequency (RF) signatures. The proposed DAC is based on RF fingerprinting, an information-theoretic method, feature learning, and the discriminatory power of deep learning. Specifically, an autoencoder is used to automatically extract features from the RF traces and the reconstruction error is used as the DAC, and this DAC is unique to each individual device. Then Kolmogorov-Smirnov (K-S) test is used to match the distribution of the reconstruction error generated by the receiver and the DAC in the received message, and the result will determine whether the device of interest is an intruder. We validate this concept on two experimentally collected RF traces from six ZigBee devices and five universal software defined radio peripheral devices, respectively. The traces span a range of Signal-to-Noise Ratio by varying locations, mobility of the devices, channel interference, and noise to ensure robustness of the model. Experimental results demonstrate that DAC is able to prevent device impersonation by extracting salient features that are unique to each wireless device of interest and can be used to identify radio frequency devices. Furthermore, the proposed method does not need the RF traces of the intruder during model training to be able to identify devices not seen during training, which makes it practical.</p> Joshua Bassey, Xiangfang Li, Lijun Qian Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety https://creativecommons.org/licenses/by/3.0/ https://publications.eai.eu/index.php/sesa/article/view/31 Tue, 30 Nov 2021 00:00:00 +0000