Sevil Sen

Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains

A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most promising techniques to detect and blacklist domains involved in malicious activities (e.g., phishing, spam, botnets command-and-control, etc.). EXPOSURE is a system we designed to detect such domains in real time, by applying 15 unique features grouped in four categories. We conducted a controlled experiment with a large, real-world dataset consisting of billions of DNS requests. The extremely positive results obtained in the tests convinced us to implement our techniques and deploy it as a free, online service. In this article, we present the Exposure system and describe the results and lessons learned from 17 months of its operation. Over this amount of time, the service detected over 100K malicious domains. The statistics about the time of usage, number of queries, and target IP addresses of each domain are also published on a daily basis on the service Web page.

Evolutionary computation techniques for intrusion detection in mobile ad hoc networks

Intrusion detection on mobile ad hoc networks (MANETs) is difficult. This is because of their dynamic nature, the lack of central points, and their highly resource-constrained nodes. In this paper we explore the use of evolutionary computation techniques, particularly genetic programming and grammatical evolution, to evolve intrusion detection programs for such challenging environments. Cognizant of the particular importance of power efficiency we analyse the power consumption of evolved programs and employ a multi-objective evolutionary algorithm to discover optimal trade-offs between intrusion detection ability and power consumption.

GenTrust: A genetic trust management model for peer-to-peer systems

Abstract In recent years, peer-to-peer systems have attracted significant interest by offering diverse and easily accessible sharing environments to users. However, this flexibility of P2P systems introduces security vulnerabilities. Peers often interact with unknown or unfamiliar peers and become vulnerable to a wide variety of attacks. Therefore, having a robust trust management model is critical for such open environments in order to exclude unreliable peers from the system. In this study, a new trust model for peer-to-peer networks called GenTrust is proposed. GenTrust has evolved by using genetic programming. In this model, a peer calculates the trustworthiness of another peer based on the features extracted from past interactions and the recommendations. Since the proposed model does not rely on any central authority or global trust values, it suits the decentralized nature of P2P networks. Moreover, the experimental results show that the model is very effective against various attackers, namely individual, collaborative, and pseudospoofing attackers. An analysis on features is also carried out in order to explore their effects on the results. This is the first study which investigates the use of genetic programming on trust management.

A survey of attacks and detection mechanisms on intelligent transportation systems

Vehicular ad hoc networks (VANETs) have become one of the most promising and fastest growing subsets of mobile ad hoc networks (MANETs). They are comprised of smart vehicles and roadside units (RSU) which communicate through unreliable wireless media. By their very nature, they are very susceptible to attacks which may result in life-endangering situations. Due to the potential for serious consequences, it is vital to develop security mechanisms in order to detect such attacks against VANETs. This paper aims to survey such possible attacks and the corresponding detection mechanisms that are proposed in the literature. The attacks are classified and explained along with their effects, and the solutions are presented together with their advantages and disadvantages. An evaluation and summary table which provides a holistic view of the solutions surveyed is also presented.

A Survey of Intrusion Detection Systems Using Evolutionary Computation

Abstract Intrusion detection is an indispensable part of a security system. Because new attacks are emerging every day, intrusion detection systems (IDSs) play a key role in identifying possible attacks to the system and giving proper responses. IDSs should adapt to these new attacks and attack strategies, and continuously improve. How to develop effective, efficient, and adaptive IDSs is a question that researchers have been working on for decades. Researchers have been exploring the suitability of different techniques to this research domain. The evolutionary computation (EC) inspired from natural evolution is one of the approaches increasingly studied. Some characteristics, such as producing readable outputs for security experts, producing lightweight solutions, and providing a set of solutions with different trade-offs between conflict objectives, make these techniques a promising candidate for the problem. In this study, we survey the proposed intrusion detection approaches based on EC techniques found in the literature. Each major research area on intrusion detection is investigated thoroughly from the EC point of view. Possible future research directions are also summarized for researchers.

Automatic Generation of Mobile Malwares Using Genetic Programming

The number of mobile devices has increased dramatically in the past few years. These smart devices provide many useful functionalities accessible from anywhere at anytime, such as reading and writing e-mails, surfing on the Internet, showing facilities nearby, and the like. Hence, they become an inevitable part of our daily lives. However the popularity and adoption of mobile devices also attract virus writers in order to harm our devices. So, many security companies have already proposed new solutions in order to protect our mobile devices from such malicious attempts. However developing methodologies that detect unknown malwares is a research challenge, especially on devices with limited resources. This study presents a method that evolves automatically variants of malwares from the ones in the wild by using genetic programming (GP). We aim to evaluate the efficacy of current anti-virus products, using static analysis techniques, in the market. The experimental results show the weaknesses of the static analysis tools available in the market, and the need of new detection techniques suitable for mobile devices.

Evolving a Trust Model for Peer-to-Peer Networks Using Genetic Programming

Peer-to-peer (P2P) systems have attracted significant interest in recent years. In P2P networks, each peer act as both a server or a client. This characteristic makes peers vulnerable to a wide variety of attacks. Having robust trust management is very critical for such open environments to exclude unreliable peers from the system. This paper investigates the use of genetic programming to asses the trustworthiness of peers without a central authority. A trust management model is proposed in which each peer ranks other peers according to local trust values calculated automatically based on the past interactions and recommendations. The experimental results have shown that the model could successfully identify malicious peers without using a central authority or global trust values and, improve the system performance.

On sampling strategies for small and continuous data with the modeling of genetic programming and adaptive neuro-fuzzy inference system

Sampling strategies which have very significant role on examining data characteristics i.e. imbalanced, small, exhaustive have been discussed in the literature for the last couple decades. In this study, the sampling problem encountered on small and continuous data sets is examined. Sampling with measured data by employing k-fold cross validation, and sampling with synthetic data generated by fuzzy c-means clustering are applied, and then the performances of genetic programming GP and adaptive neuro fuzzy inference system ANFIS on these data sets are discussed. Concluding remarks are that when the experimental results are considered, fuzzy c-means based synthetic sampling is more successful than k-fold cross validation while modeling small and continous data sets with ANFIS and GP, so it can be proposed for these type of data sets. Additionally, ANFIS shows slightly better performance than GP when sytnthetic data is employed, but GP is less sensitive to data set and produces ouputs that are narrower range than ANFISs outputs while k-fold cross validation is employed.

Do You Want to Install an Update of This Application? A Rigorous Analysis of Updated Android Applications

Attackers have been searching for security vulnerabilities in Android applications to exploit. One of these security vulnerabilities is that Android applications could load codes at runtime. This helps attackers to avoid being detected by static analysis tools. In this study, we have done a rigorous analysis to see how attackers employ updating techniques in order to exploit this vulnerability, and to assess the security risks of applications using these techniques in the markets. A comprehensive analysis is carried out on nearly 30,000 applications collected from three different Android markets and two malware datasets. Both static and dynamic analysis techniques are employed to monitor malicious activities in such applications. As a result, we found 70 new malicious applications from Google Play. Our work is the first study which monitors updating behaviours of applications during their execution. This analysis allows us to analyse suspicious applications deeply and to develop better security solutions.

Internet of Things security and privacy

Recent advances in information and communication technologies and embedded systems have given rise to a new disruptive technology: the Internet of Things (IoT). This major development will lead to major changes in usage and to a transformation of the technological ecosystem in all its complexity. IoT will allow people and objects in the physical world as well as data and virtual environments to interact with each other so as to create smart environments such as smart transport systems, smart cities, smart health, smart energy, etc., as part of a prosperous digital society. IoT is likely to improve the quality of people’s lives, create new markets and new jobs, increase economic growth and be an impetus for competition. However, IoT raises important questions and introduces new challenges for the security of systems and processes and the privacy of individuals. Some IoT applications are tightly linked to sensitive infrastructures and strategic services such as the distribution of water and electricity and the surveillance of assets. Other applications handle sensitive information about people, such as their location and movements, or their health and purchasing preferences. Confidence in and acceptance of IoT will depend on the protection it provides to people’s privacy and the levels of security it guarantees to systems and processes. IoT will enable objects to become active participants: these objects will be able to recognize events and changes in their environment and to sense and react autonomously without human intervention. Introducing objects into the control processes makes IoT security very difficult to address. Indeed, the Internet of Things is a complex system in which people interact with the technological ecosystem based on smart objects through complex processes. The interactions of these four IoT components: persons, intelligent objects, technological ecosystem, and processes highlight a systemic and cognitive dimension to the security of IoT. The interaction of people with the technological ecosystem requires the protection of their privacy. Similarly, their interaction with control processes requires to guaranteeing their safety. Processes must ensure their reliability and realize the objectives for which they are designed. The move towards a greater autonomy for objects will bring the security of technologies and processes and the privacy of individuals into sharper focus. Furthermore, in parallel with the increasing autonomy of objects to perceive and act on the environment, IoT security should move towards a greater autonomy in perceiving threats and reacting to attacks. The purpose of this special issue is to study and evaluate architectures and solutions that ensure Internet of Things Security and Privacy. The special issue consists of 7 papers proposing solutions for securing Internet of Things, providing efficient privacy and confidentiality in spite of the ubiquitous nature of IoT and the constrained resources and capacities: Paper ‘‘OSCAR: Object Security Architecture for the Internet of Things’’ proposes an architecture for end-toend security in the Internet of Things. It is based on the concept of object security that relates security with the application payload. The architecture includes Authorization Servers that provide clients with Access Secrets that enable them to request resources from constrained CoAP nodes. The results show that OSCAR outperforms a security scheme based on DTLS when the number of nodes increases. OSCAR also results in low energy consumption and latency. The paper ‘‘Survey on Secure Communication Protocols for the Internet of Things’’ presents security challenges in IoT and surveys security protocols for IoT. Then, authors discuss suitability of proposed solutions to IoT context and constraints. In ‘‘Providing Destructive Privacy and Scalability in RFID Systems Using PUFs’’, authors propose a scalable authentication protocol for RFID systems. The solution utilizes Physically Unclonable Functions (PUFs) as a secure storage to keep secrets of the tag in order to achieve higher level of privacy with constant identification time. It provides destructive privacy according to the Vaudenay’s privacy and security