Information Security Commons^™

Dial "N" For Nxdomain: The Scale, Origin, And Security Implications Of Dns Queries To Non-Existent Domains, Gunnan Liu, Lin Jin, Shuai Hao, Yubao Zhang, Daiping Liu, Angelos Stavrou, Haining Wang

Computer Science Faculty Publications

Non-Existent Domain (NXDomain) is one type of the Domain Name System (DNS) error responses, indicating that the queried domain name does not exist and cannot be resolved. Unfortunately, little research has focused on understanding why and how NXDomain responses are generated, utilized, and exploited. In this paper, we conduct the first comprehensive and systematic study on NXDomain by investigating its scale, origin, and security implications. Utilizing a large-scale passive DNS database, we identify 146,363,745,785 NXDomains queried by DNS users between 2014 and 2022. Within these 146 billion NXDomains, 91 million of them hold historic WHOIS records, of which 5.3 million …

A Survey Of Using Machine Learning In Iot Security And The Challenges Faced By Researchers, Khawlah M. Harahsheh, Chung-Hao Chen

Electrical & Computer Engineering Faculty Publications

The Internet of Things (IoT) has become more popular in the last 15 years as it has significantly improved and gained control in multiple fields. We are nowadays surrounded by billions of IoT devices that directly integrate with our lives, some of them are at the center of our homes, and others control sensitive data such as military fields, healthcare, and datacenters, among others. This popularity makes factories and companies compete to produce and develop many types of those devices without caring about how secure they are. On the other hand, IoT is considered a good insecure environment for cyber …

Cyber Deception For Critical Infrastructure Resiliency, Md Ali Reza Al Amin

Computational Modeling & Simulation Engineering Theses & Dissertations

The high connectivity of modern cyber networks and devices has brought many improvements to the functionality and efficiency of networked systems. Unfortunately, these benefits have come with many new entry points for attackers, making systems much more vulnerable to intrusions. Thus, it is critically important to protect cyber infrastructure against cyber attacks. The static nature of cyber infrastructure leads to adversaries performing reconnaissance activities and identifying potential threats. Threats related to software vulnerabilities can be mitigated upon discovering a vulnerability and-, developing and releasing a patch to remove the vulnerability. Unfortunately, the period between discovering a vulnerability and applying a …

Passing Time And Syncing Secrets: Demonstrating Covert Channel Vulnerabilities In Precision Time Protocol (Ptp), Aron J. Smith-Donovan

Mathematics, Statistics, and Computer Science Honors Projects

Covert channels use steganographic approaches to transfer secret digital communications; when applied to network protocols, these strategies can facilitate undetectable data exfiltration and insertion attacks. Because covert channel techniques are protocol- and implementation-specific, individual case studies are necessary to assess for vulnerabilities under different conditions. While several investigations have been published evaluating covert channel potential in infrastructure- and manufacturing-based contexts, no existing research explores Precision Time Protocol (PTP), a time synchronization protocol commonly used in industrial control systems. This study aims to fill this gap by demonstrating the feasibility of a covert channel-based attack on a PTP-enabled network.

"Mystify": A Proactive Moving-Target Defense For A Resilient Sdn Controller In Software Defined Cps, Mohamed Azab, Mohamed Samir, Effat Samir

Electrical & Computer Engineering Faculty Publications

The recent devastating mission Cyber–Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure …

Secure And Verifiable Inference In Deep Neural Networks, Guowen Xu, Hongwei Li, Hao Ren, Jianfei Sun, Shengmin Xu, Jianting Ning, Haoming Yang, Kan Yang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Outsourced inference service has enormously promoted the popularity of deep learning, and helped users to customize a range of personalized applications. However, it also entails a variety of security and privacy issues brought by untrusted service providers. Particularly, a malicious adversary may violate user privacy during the inference process, or worse, return incorrect results to the client through compromising the integrity of the outsourced model. To address these problems, we propose SecureDL to protect the model’s integrity and user’s privacy in Deep Neural Networks (DNNs) inference process. In SecureDL, we first transform complicated non-linear activation functions of DNNs to low-degree …

Understanding Android Voip Security: A System-Level Vulnerability Assessment, En He, Daoyuan Wu, Robert H. Deng

Research Collection School Of Computing and Information Systems

VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android’s VoIP integration at the system level. In this paper, we first demystify Android VoIP’s protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, …

Superb: Superior Behavior-Based Anomaly Detection Defining Authorized Users' Traffic Patterns, Daniel Karasek

Master of Science in Computer Science Theses

Network anomalies are correlated to activities that deviate from regular behavior patterns in a network, and they are undetectable until their actions are defined as malicious. Current work in network anomaly detection includes network-based and host-based intrusion detection systems. However, network anomaly detection schemes can suffer from high false detection rates due to the base rate fallacy. When the detection rate is less than the false positive rate, which is found in network anomaly detection schemes working with live data, a high false detection rate can occur. To overcome such a drawback, this paper proposes a superior behavior-based anomaly detection …

A Virtual Machine Introspection Based Multi-Service, Multi-Architecture, High-Interaction Honeypot For Iot Devices, Cory A. Nance

Masters Theses & Doctoral Dissertations

Internet of Things (IoT) devices are quickly growing in adoption. The use case for IoT devices runs the gamut from household applications (such as toasters, lighting, and thermostats) to medical, battlefield, or Industrial Control System (ICS) applications used in life or death situations. A disturbing trend is that for IoT devices is that they are not developed with security in mind. This lack of security has led to the creation of massive botnets that conduct nefarious acts. A clear understanding of the threat landscape IoT devices face is needed to address these security issues. One technique used to understand threats …

Anomaly Detection In Bacnet/Ip Managed Building Automation Systems, Matthew Peacock

Theses: Doctorates and Masters

Building Automation Systems (BAS) are a collection of devices and software which manage the operation of building services. The BAS market is expected to be a $19.25 billion USD industry by 2023, as a core feature of both the Internet of Things and Smart City technologies. However, securing these systems from cyber security threats is an emerging research area. Since initial deployment, BAS have evolved from isolated standalone networks to heterogeneous, interconnected networks allowing external connectivity through the Internet. The most prominent BAS protocol is BACnet/IP, which is estimated to hold 54.6% of world market share. BACnet/IP security features are …

Attacker Capability Based Dynamic Deception Model For Large-Scale Networks, Md Ali Reza Al Amin, Sachhin Shetty, Laurent Njilla, Deepak K. Tosh, Charles Kamhoua

Computational Modeling & Simulation Engineering Faculty Publications

In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users. Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an advanced level cyber-attack plan. To thwart the reconnaissance mission and counterattack plan, the cyber defender needs to come up with a state-of-the-art cyber defense strategy. In this paper, we model a dynamic deception system (DDS) which will not only thwart reconnaissance mission but also steer the attacker towards fake network to achieve a fake goal state. In our model, we also capture the attacker’s capability …

Paul Baran, Network Theory, And The Past, Present, And Future Of Internet, Christopher S. Yoo

All Faculty Scholarship

Paul Baran’s seminal 1964 article “On Distributed Communications Networks” that first proposed packet switching also advanced an underappreciated vision of network architecture: a lattice-like, distributed network, in which each node of the Internet would be homogeneous and equal in status to all other nodes. Scholars who have subsequently embraced the concept of a lattice-like network approach have largely overlooked the extent to which it is both inconsistent with network theory (associated with the work of Duncan Watts and Albert-László Barabási), which emphasizes the importance of short cuts and hubs in enabling networks to scale, and the actual way, the Internet …

Sclib: A Practical And Lightweight Defense Against Component Hijacking In Android Applications, Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a vulnerable component in victim apps, an attack app can escalate its privilege for operations originally prohibited. Many prior studies have been performed to understand and mitigate this issue, but no defense is being deployed in the wild, largely due to the deployment difficulties and performance concerns. In this paper we present SCLib, a secure component library that performs in-app mandatory access control on behalf of app …

How Much Should We Spend To Protect Privacy?: Data Breaches And The Need For Information We Do Not Have, Richard Warner, Robert Sloan

All Faculty Scholarship

A cost/benefit approach to privacy confronts two tradeoff issues. One is making appropriate tradeoffs between privacy and many goals served by the collection, distribution, and use of information. The other is making tradeoffs between investments in preventing unauthorized access to information and the variety of other goals that also make money, time, and effort demands. Much has been written about the first tradeoff. We focus on the second. The issue is critical. Data breaches occur at the rate of over three a day, and the aggregate social cost is extremely high. The puzzle is that security experts have long explained …

Secure Smart Metering Based On Lora Technology, Yao Cheng, Hendra Saputra, Leng Meng Goh, Yongdong Wu

Research Collection School Of Computing and Information Systems

Smart metering allows Substation Automation System (SAS) to remotely and timely read smart meters. Despite its advantages, smart metering brings some challenges. a) It introduces cyber attack risks to the metering system, which may lead to user privacy leakage or even the compromise of smart metering systems. b) Although the majority of meters are located within a regional power supply area, some hard-to-reach nodes are geographically far from the clustered area, which account for a big portion of the entire smart metering operation cost. Facing the above challenges, we propose a secure smart metering infrastructure based on LoRa technology which …

Transferable Multiparty Computation, Michael R. Clark, Kenneth M. Hopkinson

AFIT Patents

A method and apparatus are provided for secure multiparty computation. A set of first parties is selected from a plurality of first parties for computation. Inputs for computation associated with each party in the set of first parties are divided into shares to be sent to other parties in the set of first parties. The computation on the shares is performed by the set of first parties using multiparty computation functions. In response to a trigger event, shares of the set of first parties are transferred to a set of second parties selected from a plurality of second parties. The …

Genomic Security (Lest We Forget), Tatiana Bradley, Xuhua Ding, Gene Tsudik

Research Collection School Of Computing and Information Systems

Genomic privacy has attracted much attention from the research community, because its risks are unique and breaches can lead to terrifying leakage of sensitive information. The less-explored topic of genomic security must address threats of digitized genomes being altered, which can have dire consequences in medical or legal settings.

A Centralised Platform For Digital Forensic Investigations In Cloud-Based Environments, Shaunak Mody, Alastair Nisbet

Australian Digital Forensics Conference

Forensic investigations of digital media traditionally involve seizing a device and performing a forensic investigation. Often legal and physical obstructions must be overcome so that the investigator has access to the device and the right to secure it for investigation purposes. Taking a forensic image of a hard disk may need to be done in the field but analysis can usually be performed at a later time. With the rapid increase in hard disk size, the acquiring of a forensic image can take hours or days. This poses significant issues for forensic investigators when potential evidence resides in the cloud. …

Bloom Filters Optimized Wu-Manber For Intrusion Detection, Monther Aldwairi, Koloud Al-Khamaiseh, Fatima Alharbi, Babar Shah

Journal of Digital Forensics, Security and Law

With increasing number and severity of attacks, monitoring ingress and egress network traffic is becoming essential everyday task. Intrusion detection systems are the main tools for capturing and searching network traffic for potential harm. Signature-based intrusion detection systems are the most widely used, and they simply use a pattern matching algorithms to locate attack signatures in intercepted network traffic. Pattern matching algorithms are very expensive in terms of running time and memory usage, leaving intrusion detection systems unable to detect attacks in real-time. We propose a Bloom filters optimized Wu-Manber pattern matching algorithm to speed up intrusion detection. The Bloom …

Controlled Access To Cloud Resources For Mitigating Economic Denial Of Sustainability (Edos) Attacks, Zubair A. Baig, Sadiq M. Sait, Farid Binbeshr

Research outputs 2014 to 2021

Cloud computing is a paradigm that provides scalable IT resources as a service over the Internet. Vulnerabilities in the cloud infrastructure have been readily exploited by the adversary class. Therefore, providing the desired level of assurance to all stakeholders through safeguarding data (sensitive or otherwise) which is stored in the cloud, is of utmost importance. In addition, protecting the cloud from adversarial attacks of diverse types and intents, cannot be understated. Economic Denial of Sustainability (EDoS) attack is considered as one of the concerns that has stalled many organizations from migrating their operations and/or data to the cloud. This is …

Teaching Cybersecurity Using The Cloud, Khaled Salah, Mohammad Hammoud, Sherali Zeadally

Information Science Faculty Publications

Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our …

Intelligent Network Intrusion Detection Using An Evolutionary Computation Approach, Samaneh Rastegari

Theses: Doctorates and Masters

With the enormous growth of users' reliance on the Internet, the need for secure and reliable computer networks also increases. Availability of effective automatic tools for carrying out different types of network attacks raises the need for effective intrusion detection systems.

Generally, a comprehensive defence mechanism consists of three phases, namely, preparation, detection and reaction. In the preparation phase, network administrators aim to find and fix security vulnerabilities (e.g., insecure protocol and vulnerable computer systems or firewalls), that can be exploited to launch attacks. Although the preparation phase increases the level of security in a network, this will never completely …

Usability And Security Support Offered Through Adsl Router User Manuals, Patryk Szewczyk

Australian Information Security Management Conference

ADSL routers are often used as either the target or the means for cyber crime. Many ADSL router threats could be mitigated through the effective use of inbuilt security controls and firmware updates available from vendors. Unfortunately, end‐users typically lack the technical expertise to correctly configure and secure the device. Subsequently, end‐users are reliant on well documented procedures provided by vendors in their user manuals and quick start guides. This study investigates the usability and security recommendations and encouragements put forth by vendors in their user manuals. The study demonstrates that user manual usability does not conform to ideal technical …

A Simulation-Based Study Of Server Location Selection Rules In Manets Utilising Threshold Cryptography, Alastair Nisbet

Australian Information Security Management Conference

Truly Ad Hoc wireless networks where a spontaneous formation of a network occurs and there is no prior knowledge of nodes to each other present significant security challenges, especially as entirely online configuration of nodes with encryption keys must be performed. Utilising threshold cryptography in this type of MANET can greatly increase the security by requiring servers to collaborate to form a single Certificate Authority (CA). In this type of CA responsibility for certificate services is shared between a threshold of servers, greatly increasing security and making attack against the CA considerably more difficult. Choosing which nodes to take on …

Testing A Distributed Denial Of Service Defence Mechanism Using Red Teaming, Samaneh Rastegari, Philip Hingston, Chiou-Peng Lam, Murray Brand

Research outputs 2013

The increased number of security threats against the Internet has made communications more vulnerable to attacks. Despite much research and improvement in network security, the number of denial of service (DoS) attacks has rapidly grown in frequency, severity, and sophistication in recent years. Thus, serious attention needs to be paid to network security. However, to create a secure network that can stay ahead of all threats, detection and response features are real challenges. In this paper, we look at the the interaction between the attacker and the defender in a Red Team/Blue Team exercise. We also propose a quantitative decision …

Exposing Potential Privacy Issues With Ipv6 Address Construction, Clinton Carpene, Andrew Woodward

Australian Information Security Management Conference

The usage of 128 bit addresses with hexadecimal representation in IPv6 poses significant potential privacy issues. This paper discusses the means of allocating IPv6 addresses, along with the implications each method may have upon privacy in different usage scenarios. The division of address space amongst the global registries in a hierarchal fashion can provide geographical information about the location of an address, and its originating device. Many IPv6 address configuration methods are available, including DHCPv6, SLAAC (with or without privacy extensions), and Manual assignment. These assignment techniques are dissected to expose the identifying characteristics of each technique. It is seen …

Active Malware Analysis Using Stochastic Games, Simon Williamson, Pradeep Reddy Varakantham, Debin Gao, Chen Hui Ong

Research Collection School Of Computing and Information Systems

Cyber security is increasingly important for defending computer systems from loss of privacy or unauthorised use. One important aspect is threat analysis - how does an attacker infiltrate a system and what do they want once they are inside. This paper considers the problem of Active Malware Analysis, where we learn about the human or software intruder by actively interacting with it with the goal of learning about its behaviours and intentions, whilst at the same time that intruder may be trying to avoid detection or showing those behaviours and intentions. This game-theoretic active learning is then used to obtain …

A Survey Of Computer And Network Security Support From Computer Retailers To Consumers In Australia, Patryk Szewczyk

Australian Information Security Management Conference

Previously undertaken research suggests that novice end-users rely on computer retailers for security advice and support during and after a sale has occurred. This paper documents the survey results of computer and network security support provided to consumers by retailers in Perth, Western Australia between 2011 and 2012. The conducted survey shows that in the majority of cases, computers retailers were favourable in providing support and recommendations. However, these views were found to be flawed, confusing and do little to ensure that end-users are not victimized by cyber crime.

Insecurity By Obscurity Continues: Are Adsl Router Manuals Putting End-Users At Risk, Kim Andersson, Patryk Szewczyk

Australian Information Security Management Conference

The quantity and sophistication of threats targeting ADSL routers is on a steady increase. There is a reliance on end-users to ensure that their ADSL router is secure by continually updating the firmware, using strong authentication credentials, and enabling the in-built firewall. However, to do this, the end-user must be presented with well written procedural instructions, and an explanation of why this is important. This paper examines the design quality and security content provided by vendors in ADSL router manuals. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and …

Network Security Isn’T All Fun And Games: An Analysis Of Information Transmitted While Playing Team Fortress 2, Brett Turner, Andrew Woodward

Australian Information Security Management Conference

In the world of online gaming, information is exchanged as a matter of course. What information is exchanged behind the scenes is something that is not obvious to the casual user. People who play these games trust that the applications they are using are securely written and in this case, communicate securely. This paper looks at the traffic that is transmitted by the game Team Fortress 2 and incidentally the supporting authentication traffic of the Steam network. It was discovered through packet analysis that there is quite a lot of information which should be kept private being broadcast in the …