Top 10 Arxiv Papers Today in Cryptography And Security


2.06 Mikeys
#1. Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities
Sadegh Farhang, Mehmet Bahadir Kirdan, Aron Laszka, Jens Grossklags
In this paper, we perform a comprehensive study of 2,470 patched Android vulnerabilities that we collect from different data sources such as Android security bulletins, CVEDetails, Qualcomm Code Aurora, AOSP Git repository, and Linux Patchwork. In our data analysis, we focus on determining the affected layers, OS versions, severity levels, and common weakness enumerations (CWE) associated with the patched vulnerabilities. Further, we assess the timeline of each vulnerability, including discovery and patch dates. We find that (i) even though the number of patched vulnerabilities changes considerably from month to month, the relative number of patched vulnerabilities for each severity level remains stable over time, (ii) there is a significant delay in patching vulnerabilities that originate from the Linux community or concern Qualcomm components, even though Linux and Qualcomm provide and release their own patches earlier, (iii) different AOSP versions receive security updates for different periods of time, (iv) for 94% of patched...
more | pdf | html
Figures
None.
Tweets
mobilesecurity_: Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities #MobileSecurity #AndroidSecurity [PAPER] https://t.co/l6rU5oMRH1 https://t.co/ghAJuOj6D2
ProfWoodward: Large scale study of Android patches reveals some interesting aspects of Android security. https://t.co/g2aW8eWQEC
drastichs: Hey #Google, What Exactly Do Your #Security #Patches Tell Us? A Large-Scale #Empirical #Study on #Android Patched #Vulnerabilities Sadegh Farhang, Mehmet Bahadir Kirdan, Aron Laszka May 22 2019 https://t.co/hjKZB4cAfP https://t.co/le2nxhB7O3
cynicalsecurity: S. Farhang et al., “Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities” […a comprehensive study of 2,470 patched Android vulnerabilities that we collect from different...sources…] https://t.co/dTMtRJQepn
devnull0000: RT @ProfWoodward: Large scale study of Android patches reveals some interesting aspects of Android security. https://t.co/g2aW8eWQEC
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 4
Total Words: 0
Unqiue Words: 0

2.031 Mikeys
#2. KNG: The K-Norm Gradient Mechanism
Matthew Reimherr, Jordan Awan
This paper presents a new mechanism for producing sanitized statistical summaries that achieve \emph{differential privacy}, called the \emph{K-Norm Gradient} Mechanism, or KNG. This new approach maintains the strong flexibility of the exponential mechanism, while achieving the powerful utility performance of objective perturbation. KNG starts with an inherent objective function (often an empirical risk), and promotes summaries that are close to minimizing the objective by weighting according to how far the gradient of the objective function is from zero. Working with the gradient instead of the original objective function allows for additional flexibility as one can penalize using different norms. We show that, unlike the exponential mechanism, the noise added by KNG is asymptotically negligible compared to the statistical error for many problems. In addition to theoretical guarantees on privacy and utility, we confirm the utility of KNG empirically in the settings of linear and quantile regression through simulations.
more | pdf | html
Figures
None.
Tweets
BrundageBot: KNG: The K-Norm Gradient Mechanism. Matthew Reimherr and Jordan Awan https://t.co/3qFlz2Edq1
arxivml: "KNG: The K-Norm Gradient Mechanism", Matthew Reimherr, Jordan Awan https://t.co/vTiTi5ELAY
StatsPapers: KNG: The K-Norm Gradient Mechanism. https://t.co/tn70TpsixF
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 2
Total Words: 7018
Unqiue Words: 2051

2.031 Mikeys
#3. Detecting Malicious PowerShell Scripts Using Contextual Embeddings
Amir Rubin, Shay Kels, Danny Hendler
PowerShell is a command line shell, that is widely used in organizations for configuration management and task automation. Unfortunately, PowerShell is also increasingly used by cybercriminals for launching cyber attacks against organizations, mainly because it is pre-installed on Windows machines and it exposes strong functionality that may be leveraged by attackers. This makes the problem of detecting malicious PowerShell scripts both urgent and challenging. We address this important problem by presenting several novel deep learning based detectors of malicious PowerShell scripts. Our best model obtains a true positive rate of nearly 90% while maintaining a low false positive rate of less than 0.1%, indicating that it can be of practical value. Our models employ pre-trained contextual embeddings of words from the PowerShell "language". A contextual word embedding is able to project semantically similar words to proximate vectors in the embedding space. A known problem in the cybersecurity domain is that labeled data is...
more | pdf | html
Figures
Tweets
filar: "Detecting Malicious PowerShell Scripts Using Contextual Embeddings" is a super interesting paper on an important topic. I'd love for their dataset to be opened up to other security researchers. https://t.co/VhQXN5NbrZ
arxivml: "Detecting Malicious PowerShell Scripts Using Contextual Embeddings", Amir Rubin, Shay Kels, Danny Hendler https://t.co/xqBaMtQLVu
arxiv_cs_LG: Detecting Malicious PowerShell Scripts Using Contextual Embeddings. Amir Rubin, Shay Kels, and Danny Hendler https://t.co/GWtzdOMRCQ
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 3
Total Words: 13140
Unqiue Words: 3330

2.017 Mikeys
#4. Privacy-Preserving Obfuscation of Critical Infrastructure Networks
Ferdinando Fioretto, Terrence W. K. Mak, Pascal Van Hentenryck
The paper studies how to release data about a critical infrastructure network (e.g., the power network or a transportation network) without disclosing sensitive information that can be exploited by malevolent agents, while preserving the realism of the network. It proposes a novel obfuscation mechanism that combines several privacy-preserving building blocks with a bi-level optimization model to significantly improve accuracy. The obfuscation is evaluated for both realism and privacy properties on real energy and transportation networks. Experimental results show the obfuscation mechanism substantially reduces the potential damage of an attack exploiting the released data to harm the real network.
more | pdf | html
Figures
None.
Tweets
arxivml: "Privacy-Preserving Obfuscation of Critical Infrastructure Networks", Ferdinando Fioretto, Terrence W.K. Mak, Pasca… https://t.co/e7Cye28j7n
SciFi: Privacy-Preserving Obfuscation of Critical Infrastructure Networks. https://t.co/n30TfZajqp
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 3
Total Words: 0
Unqiue Words: 0

2.011 Mikeys
#5. DoPa: A Fast and Comprehensive CNN Defense Methodology against Physical Adversarial Attacks
Zirui Xu, Fuxun Yu, Xiang Chen
Recently, Convolutional Neural Networks (CNNs) demonstrate a considerable vulnerability to adversarial attacks, which can be easily misled by adversarial perturbations. With more aggressive methods proposed, adversarial attacks can be also applied to the physical world, causing practical issues to various CNN powered applications. Most existing defense works for physical adversarial attacks only focus on eliminating explicit perturbation patterns from inputs, ignoring interpretation and solution to CNN's intrinsic vulnerability. Therefore, most of them depend on considerable data processing costs and lack the expected versatility to different attacks. In this paper, we propose DoPa - a fast and comprehensive CNN defense methodology against physical adversarial attacks. By interpreting the CNN's vulnerability, we find that non-semantic adversarial perturbations can activate CNN with significantly abnormal activations and even overwhelm other semantic input patterns' activations. We improve the CNN recognition process by adding a...
more | pdf | html
Figures
None.
Tweets
arxiv_org: DoPa: A Fast and Comprehensive CNN Defense Methodology against Physical Adversarial Attacks. https://t.co/qqJ96GXAgR https://t.co/RJvMgMZB3m
arxivml: "DoPa: A Fast and Comprehensive CNN Defense Methodology against Physical Adversarial Attacks", Zirui Xu, Fuxun Yu, … https://t.co/hHPsp8LBp2
StatsPapers: DoPa: A Fast and Comprehensive CNN Defense Methodology against Physical Adversarial Attacks. https://t.co/QBvBvdcKfo
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 3
Total Words: 0
Unqiue Words: 0

2.008 Mikeys
#6. DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling
Muhammad Ikram, Pierrick Beaume, Mohamed Ali Kaafar
With the number of new mobile malware instances increasing by over 50\% annually since 2012 [24], malware embedding in mobile apps is arguably one of the most serious security issues mobile platforms are exposed to. While obfuscation techniques are successfully used to protect the intellectual property of apps' developers, they are unfortunately also often used by cybercriminals to hide malicious content inside mobile apps and to deceive malware detection tools. As a consequence, most of mobile malware detection approaches fail in differentiating between benign and obfuscated malicious apps. We examine the graph features of mobile apps code by building weighted directed graphs of the API calls, and verify that malicious apps often share structural similarities that can be used to differentiate them from benign apps, even under a heavily "polluted" training set where a large majority of the apps are obfuscated. We present DaDiDroid an Android malware app detection tool that leverages features of the weighted directed graphs of API...
more | pdf | html
Figures
Tweets
mobilesecurity_: DaDiDroid: an Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling #MobileSecurity #AndroidSecurity [PAPER] https://t.co/zBGZcSLoWG https://t.co/3FjKCJwWXg
cackerman1: DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling https://t.co/ODHKn0oS1X https://t.co/Gcea3Gadiz
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 3
Total Words: 6922
Unqiue Words: 2264

2.008 Mikeys
#7. Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updating
Giulio Lovisotto, Simon Eberz, Ivan Martinovic
In this work, we investigate the concept of biometric backdoors: a template poisoning attack on biometric systems that allows adversaries to stealthily and effortlessly impersonate users in the long-term by exploiting the template update procedure. We show that such attacks can be carried out even by attackers with physical limitations (no digital access to the sensor) and zero knowledge of training data (they know neither decision boundaries nor user template). Based on the adversaries' own templates, they craft several intermediate samples that incrementally bridge the distance between their own template and the legitimate user's. As these adversarial samples are added to the template, the attacker is eventually accepted alongside the legitimate user. To avoid detection, we design the attack to minimize the number of rejected samples. We design our method to cope with the weak assumptions for the attacker and we evaluate the effectiveness of this approach on state-of-the-art face recognition pipelines based on deep neural...
more | pdf | html
Figures
Tweets
drastichs: #Biometric #Backdoors: A Poisoning #Attack Against Unsupervised #Template Updating Giulio Lovisotto, Simon Eberz, Ivan Martinovic May 22 2019 #face #recognition #adversarial #machine #learning https://t.co/FCO71iMaZr https://t.co/7m4HWNNZIn
cackerman1: Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updating - allows adversaries to stealthily and effortlessly impersonate users in the long-term by exploiting the template update procedure https://t.co/YtAoz9Y0AK https://t.co/67ur7DzGnc
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 3
Total Words: 11822
Unqiue Words: 3086

2.008 Mikeys
#8. Two Decades of SCADA Exploitation: A Brief History
Simon Duque Anton, Daniel Fraunholz, Christoph Lipps, Frederic Pohl, Marc Zimmermann, Hans D. Schotten
Since the early 1960, industrial process control has been applied by electric systems. In the mid 1970's, the term SCADA emerged, describing the automated control and data acquisition. Since most industrial and automation networks were physically isolated, security was not an issue. This changed, when in the early 2000's industrial networks were opened to the public internet. The reasons were manifold. Increased interconnectivity led to more productivity, simplicity and ease of use. It decreased the configuration overhead and downtimes for system adjustments. However, it also led to an abundance of new attack vectors. In recent time, there has been a remarkable amount of attacks on industrial companies and infrastructures. In this paper, known attacks on industrial systems are analysed. This is done by investigating the exploits that are available on public sources. The different types of attacks and their points of entry are reviewed in this paper. Trends in exploitation as well as targeted attack campaigns against industrial...
more | pdf | html
Figures
Tweets
cynicalsecurity: S. Anton et al., “Two Decades of SCADA Exploitation: A Brief History” […known attacks on industrial systems are analysed. This is done by investigating the exploits that are available on public sources…] https://t.co/EfDQDyJQ7Z
cackerman1: https://t.co/RYGFXQ8kOc Two Decades of SCADA Exploitation: A Brief History https://t.co/J0V3mdKBK1 https://t.co/NEPhSgpA9w
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 6
Total Words: 6187
Unqiue Words: 2581

2.007 Mikeys
#9. Simulation-Based Cyber Data Collection Efficacy
David Thaw, Bret Barkley, Gerry Bella, Carrie Gardner
Building upon previous research in honeynets and simulations, we present efforts from a two-and-a-half-year study using a representative simulation to collect cybersecurity data. Unlike traditional honeypots or honeynets, our experiment utilizes a full-scale operational network to model a small business environment. The simulation uses default security configurations to defend the network, testing the assumption that given standard security baseline, devices networked to the public Internet will necessarily be hacked. Given network activity appropriate for its context, results support the conclusion that no actors where able to break in, despite only default security settings.
more | pdf | html
Figures
None.
Tweets
cynicalsecurity: D. Thaw et al., “Simulation-Based Cyber Data Collection Efficacy” […utilizes a full-scale operational network to model a small business environment…results support…conclusion that no actors where able to break in despite only default security settings] https://t.co/PE28VGzGh8
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 4
Total Words: 0
Unqiue Words: 0

2.007 Mikeys
#10. SynFuzz: Efficient Concolic Execution via Branch Condition Synthesis
Wookhyun Han, Md Lutfor Rahman, Yuxuan Chen, Chengyu Song, Byoungyoung Lee, Insik Shin
Concolic execution is a powerful program analysis technique for exploring execution paths in a systematic manner. Compare to random-mutation-based fuzzing, concolic execution is especially good at exploring paths that are guarded by complex and tight branch predicates (e.g., (a*b) == 0xdeadbeef). The drawback, however, is that concolic execution engines are much slower than native execution. One major source of the slowness is that concolic execution engines have to the interpret instructions to maintain the symbolic expression of program variables. In this work, we propose SynFuzz, a novel approach to perform scalable concolic execution. SynFuzz achieves this goal by replacing interpretation with dynamic taint analysis and program synthesis. In particular, to flip a conditional branch, SynFuzz first uses operation-aware taint analysis to record a partial expression (i.e., a sketch) of its branch predicate. Then it uses oracle-guided program synthesis to reconstruct the symbolic expression based on input-output pairs. The last...
more | pdf | html
Figures
None.
Tweets
cynicalsecurity: W. Han et al., “SynFuzz: Efficient Concolic Execution via Branch Condition Synthesis” […replacing interpretation with dynamic taint analysis and program synthesis…] https://t.co/JBlh8wxq5t
Github
None.
Youtube
None.
Other stats
Sample Sizes : None.
Authors: 6
Total Words: 14796
Unqiue Words: 3679

About

Assert is a website where the best academic papers on arXiv (computer science, math, physics), bioRxiv (biology), BITSS (reproducibility), EarthArXiv (earth science), engrXiv (engineering), LawArXiv (law), PsyArXiv (psychology), SocArXiv (social science), and SportRxiv (sport research) bubble to the top each day.

Papers are scored (in real-time) based on how verifiable they are (as determined by their Github repos) and how interesting they are (based on Twitter).

To see top papers, follow us on twitter @assertpub_ (arXiv), @assert_pub (bioRxiv), and @assertpub_dev (everything else).

To see beautiful figures extracted from papers, follow us on Instagram.

Tracking 131,277 papers.

Search
Sort results based on if they are interesting or reproducible.
Interesting
Reproducible
Categories
All
Astrophysics
Cosmology and Nongalactic Astrophysics
Earth and Planetary Astrophysics
Astrophysics of Galaxies
High Energy Astrophysical Phenomena
Instrumentation and Methods for Astrophysics
Solar and Stellar Astrophysics
Condensed Matter
Disordered Systems and Neural Networks
Mesoscale and Nanoscale Physics
Materials Science
Other Condensed Matter
Quantum Gases
Soft Condensed Matter
Statistical Mechanics
Strongly Correlated Electrons
Superconductivity
Computer Science
Artificial Intelligence
Hardware Architecture
Computational Complexity
Computational Engineering, Finance, and Science
Computational Geometry
Computation and Language
Cryptography and Security
Computer Vision and Pattern Recognition
Computers and Society
Databases
Distributed, Parallel, and Cluster Computing
Digital Libraries
Discrete Mathematics
Data Structures and Algorithms
Emerging Technologies
Formal Languages and Automata Theory
General Literature
Graphics
Computer Science and Game Theory
Human-Computer Interaction
Information Retrieval
Information Theory
Machine Learning
Logic in Computer Science
Multiagent Systems
Multimedia
Mathematical Software
Numerical Analysis
Neural and Evolutionary Computing
Networking and Internet Architecture
Other Computer Science
Operating Systems
Performance
Programming Languages
Robotics
Symbolic Computation
Sound
Software Engineering
Social and Information Networks
Systems and Control
Economics
Econometrics
General Economics
Theoretical Economics
Electrical Engineering and Systems Science
Audio and Speech Processing
Image and Video Processing
Signal Processing
General Relativity and Quantum Cosmology
General Relativity and Quantum Cosmology
High Energy Physics - Experiment
High Energy Physics - Experiment
High Energy Physics - Lattice
High Energy Physics - Lattice
High Energy Physics - Phenomenology
High Energy Physics - Phenomenology
High Energy Physics - Theory
High Energy Physics - Theory
Mathematics
Commutative Algebra
Algebraic Geometry
Analysis of PDEs
Algebraic Topology
Classical Analysis and ODEs
Combinatorics
Category Theory
Complex Variables
Differential Geometry
Dynamical Systems
Functional Analysis
General Mathematics
General Topology
Group Theory
Geometric Topology
History and Overview
Information Theory
K-Theory and Homology
Logic
Metric Geometry
Mathematical Physics
Numerical Analysis
Number Theory
Operator Algebras
Optimization and Control
Probability
Quantum Algebra
Rings and Algebras
Representation Theory
Symplectic Geometry
Spectral Theory
Statistics Theory
Mathematical Physics
Mathematical Physics
Nonlinear Sciences
Adaptation and Self-Organizing Systems
Chaotic Dynamics
Cellular Automata and Lattice Gases
Pattern Formation and Solitons
Exactly Solvable and Integrable Systems
Nuclear Experiment
Nuclear Experiment
Nuclear Theory
Nuclear Theory
Physics
Accelerator Physics
Atmospheric and Oceanic Physics
Applied Physics
Atomic and Molecular Clusters
Atomic Physics
Biological Physics
Chemical Physics
Classical Physics
Computational Physics
Data Analysis, Statistics and Probability
Physics Education
Fluid Dynamics
General Physics
Geophysics
History and Philosophy of Physics
Instrumentation and Detectors
Medical Physics
Optics
Plasma Physics
Popular Physics
Physics and Society
Space Physics
Quantitative Biology
Biomolecules
Cell Behavior
Genomics
Molecular Networks
Neurons and Cognition
Other Quantitative Biology
Populations and Evolution
Quantitative Methods
Subcellular Processes
Tissues and Organs
Quantitative Finance
Computational Finance
Economics
General Finance
Mathematical Finance
Portfolio Management
Pricing of Securities
Risk Management
Statistical Finance
Trading and Market Microstructure
Quantum Physics
Quantum Physics
Statistics
Applications
Computation
Methodology
Machine Learning
Other Statistics
Statistics Theory
Feedback
Online
Stats
Tracking 131,277 papers.