Annual Computer Security Applications Conference (ACSAC) 2020

Full Program »

Posters and Work in Progress Talks 1

Wednesday, 9 December 2020
15:00 - 16:00

Chair: Brendan Saltaformaggio, Georgia Tech

Note: posters are hyperlinked to the titles. Session video

Privacy and Anti-Tracking: The spillover effects of opt-out cookies

Authors: Zijun Ding (Tsinghua University); Cristobal Cheyre (Cornell University); Alessandro Acquisti (Carnegie Mellon University)


Abstract: In this ongoing project, we examine how online tracking is affected by users’ adoption of opt-out cookies. We use rich, micro-level longitudinal data from a randomized field experiment with actual users, and observe that the number of tracking-related HTTP requests received by users who adopted opt-out cookies drops not only for trackers associated with organizations that are members of the Digital Advertising Alliance – the provider of the opt-out cookies themselves – but also for trackers that are not DAA members. The unexpected drop appears across every category of websites. Our preliminary results suggest a “spillover” effect, or an externality, of opt-out cookies for the purposes of anti-tracking.

Perceptions of Security and Privacy in mHealth

Authors: Ana Ferreira (CINTESIS - Center for Health Technologies and Services Research, FMUP, University of Porto, Portugal); Joana Muchagata (Independent Researcher, Portugal); Pedro Vieira-Marques (CINTESIS – Center for Health Technologies and Services Research, FMUP, University of Porto, Portugal); Diogo Abrantes (Faculty of Science, University of Porto, Portugal); Soraia Teles (bCINTESIS – Center for Health Technologies and Services Research, ICBAS, University of Porto, Portugal)


Abstract: Mobile health applications (mHealth apps) have a great potential for improving patient’s monitoring and adherence to therapeutics, anytime/anywhere. However, those apps are not security prepared which also explains patients’ low adherence. A change of the “one-app-fits-all” paradigm to a more customized view of mHealth security features for different user groups or contexts, is required. This study aims to explore if content, context and users’ characteristics influence the perception of security and privacy in mHealth apps. An anonymous online survey was broadcasted on social media to explore a scenario on users’ decision-making process to access/not access different types of sensitive health data through mHealth, using a public connection. Statistically significant associations were found: younger participants give more relevance to display/not display data according to the type of data and connection, while access to genetic or a child’s records is also associated with the type of connection. Future work includes extending this study to a larger sample with different contexts to better map users’ security concerns and their unique characteristics, to mHealth data content.


Towards an Evaluation Framework for Tor Load Balancing

Authors: André Greubel, Samuel Kounev (University of Wuerzburg)


Abstract: Tor is a widely used anonymization network. Traffic is routed over different relay nodes to conceal the communication partner. The Tor Load Balancing Mechanism (TLBM) is responsible for assigning traffic to relays. However, up to this point, there are no agreed-upon quality and security metrics for evaluating the quality of the TLBM. In practice, multiple paper provide their own evaluation using custom metrics incomparable to related work. This paper aims to start bridging this gap by arguing for the necessity of a unified framework to evaluate TLBMs and by giving an overview of aspects that should be included in such a framework.

2PPS - Anonymous Pub/Sub based on PIR

Authors: Sarah Abdelwahab Gaballah (Technische Universität Darmstadt); Christoph Coijanovic (Karlsruhe Institute of Technology); Tim Grube (Technische Universität Darmstadt); Thorsten Strufe (Karlsruhe Institute of Technology); Max Mühlhäuser (Technische Universität Darmstadt)


Abstract: Settings such as political activism under oppressive governments require anonymous communication among users without a personal connection to each other. State of the art anonymous group communication protocols do not address this use case adequately since they either require trusted group members or fail to provide strong provable anonymity for both senders and receivers. We propose 2PPS (Twice-PIR Publish-Subscribe), which fixes these shortcomings by using Private Information Retrieval (PIR) for both sending and receiving messages.


A First Look at Evasion against Provenance Graph-based Threat Detection

Authors: Zhenyuan Li, Runqing Yang (Zhejiang University); Qi Alfred Chen (UC Irvine); Yan Chen (Northwestern University)


Abstract: Provenance graph-based threat detection are widely studied as countermeasures against APT and other cyber threats for its powerful alert correlation capability. However, these detection approaches generally suffer from dependency explosion problem. And methods proposed to mitigate the problem pose underlying risks. In this poster, we first proposed a systemic mimicry attack approach against the underlying risks. Then, we can generate adversary samples systematically. With these samples, we are able to provide a large dataset which can not only test the robustness of existing detection systems but also help with the design of new and more robust detection approaches.

Visualizing Automatic Speech Recognition

Authors: Karla Markert, Romain Parracone, Philip Sperl (Fraunhofer AISEC); Konstantin Böttinger (AISEC, Fraunhofer)


Abstract: Security of automatic speech recognition (ASR) is becoming ever more important as such systems increasingly influence our daily life, notably through virtual assistants. Most of today's ASR systems are based on neural networks and their vulnerability to adversarial examples has become a great matter of research interest. In parallel, the research for neural networks in the image domain has progressed, including methods for explaining their predictions. New concepts, referred to as attribution methods, have been developed to visualize regions in the input domain that strongly influence the image’s classification. In this paper, we apply two visualization techniques to the ASR system Deepspeech and show significant visual differences between benign data and adversarial examples. With our approach we make first steps towards explaining ASR systems, enabling the understanding of their decision process.


Towards Distance Relay Attack Discrimination for Situational Awareness-Based Anomaly Detection

Authors: Muhammad Nouman Nafees, Neetesh Saxena, Rashid Khan, Pete Burnap (Cardiff University)


Abstract: The discrimination between the sudden tripping of circuit breakers due to cyber-attacks and normal load disturbances is of paramount importance for better situational awareness in transmission substation settings. In this work, we propose an approach for attack detection and anomaly discrimination between distance relay attack, natural events and normal load disturbances on transmission lines. This is achieved by optimizing the hyperparameters of an ensemble machine learning classifier Bootstrap Aggregation (Bagging) with the base of Instance Base Learner (IBk). Numerical results show that our approach can discriminate and predict anomalies with 97.53% accuracy for three different scenarios including distance relay attack. The performance indicates that Bagging-IBk outperforms other algorithms.

Usable Logging as a Security Response to Physical Attacks on Mobile Devices

Authors: José Franco, Ana Cristina Pires, Luís Carriço, Tiago Guerreiro (LASIGE, Faculdade de Ciências, Universidade de Lisboa)


Abstract: Users are susceptible to privacy breaches when people close to them gain physical access to their phones. We present logging as a security response to this threat, one that is able to accommodate for the particularities of social relationships. To this end, and explore the feasibility of the logging approach, we present a prototype developed for Android that continuously gathers user interactions and translates them into human-readable units. Our future work will focus on understanding the amount and richness of information required for users to distinguish intrusions from ordinary usage.


Cyber Attack Stage Interpretation using Pseudo-Active Transfer Learning

Authors: Stephen Moskal, Shanchieh Jay Yang (Rochester Institute of Technology)


Abstract: As cyber defensive measures mature and become commonplace, a huge burden is put on network administrators to interpret the output from intrusion detection systems (IDS) with substantial research into the meaning of critical alerts. We leverage the concept of transfer learning to interpret IDS alerts by developing a language model to learn the nuances of cyber-security related texts, which aids in the classifying alerts into adversary's intended purposes. Texts from MITRE CVE, MITRE ATT&CK, IDS alerts, and IMDB reviews are used to train language models to measure their impact on classification accuracy of IDS alerts to the Action-Intent Framework (AIF) labels. We found that this transfer deep learning approach using MITRE CVE and IDS alerts improved upon traditional NLP approaches by 25%. The success of using CVE vulnerability database demonstrates that a significant knowledge can be transferred from relevant but not directly through the IDS alerts, if there is sufficient computational resources. This work also explores whether transfer learning can be generalized across different alert datasets with and without directly related classifier training. Finally, we demonstrate the exceptional top-1 accuracy of over 80% and a top-3 of over 90% for the entire 68K+ Suricata rule set, using the most robust language model and a sufficient amount of labeled samples. Through this study, we provide network administrators with operational advice in applying the transfer learning approach, depending on the available data and computational resources, as well as when would be appropriate to update and refine both the language and classifier models.

Feature Engineering Using File Layout for Malware Detection

Authors: KIM JEONGWOO (Chungnam National University); Paik Joon-Young (Tiangong University); Cho Eun-Sun (Chungnam National University)


Abstract: Malware detection on binary executables provides a high availability to even binaries which are not disassembled or decompiled. However, a binary-level approach could cause ambiguity problems. In this paper, we propose a new feature engineering technique that use minimal knowledge about the internal layout on a binary. The proposed feature avoids the ambiguity problems by integrating the information about the layout with structural entropy. The experimental results show that our feature improves accuracy and F1-score by 3.4% and 0.07, respectively, on a CNN based malware detector with realistic benign and malicious samples.


Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC