摘要 :
Organizations increasingly rely on cyber threat intelligence feeds to protect their infrastructure from attacks. These feeds typically list IP addresses or domains associated with malicious activities such as spreading malware or ...
展开
Organizations increasingly rely on cyber threat intelligence feeds to protect their infrastructure from attacks. These feeds typically list IP addresses or domains associated with malicious activities such as spreading malware or participating in a botnet. Today, there is a rich ecosystem of commercial and free cyber threat intelligence feeds, making it difficult, yet essential, for network defenders to quantify the quality and to select the optimal set of feeds to follow. Selecting too many or low- quality feeds results in many false alerts, while considering too few feeds increases the risk of missing relevant threats. Na?ve individual metrics like size and update rate give a somewhat good overview about a feed, but they do not allow conclusions about its quality and they can easily be manipulated by feed providers. In this paper, we present FeedRank, a novel ranking approach for cyber threat intelligence feeds. In contrast to individual metrics, FeedRank is robust against tampering attempts by feed providers. FeedRank's key insight is to rank feeds according to the originality of their content and the reuse of entries by other feeds. Such correlations between feeds are modelled in a graph, which allows FeedRank to find temporal and spatial correlations without requiring any ground truth or an operator's feedback. We illustrate FeedRank's usefulness with two characteristic examples: (i) selecting the best feeds that together contain as many distinct entries as possible; and (ii) selecting the best feeds that list new entries before they appear on other feeds. We evaluate FeedRank based on a large set of real feeds. The evaluation shows that FeedRank identifies dishonest feeds as outliers and that dishonest feeds do not achieve a better FeedRank score than the top-rated real feeds.
收起
摘要 :
Organizations increasingly rely on cyber threat intelligence feeds to protect their infrastructure from attacks. These feeds typically list IP addresses or domains associated with malicious activities such as spreading malware or ...
展开
Organizations increasingly rely on cyber threat intelligence feeds to protect their infrastructure from attacks. These feeds typically list IP addresses or domains associated with malicious activities such as spreading malware or participating in a botnet. Today, there is a rich ecosystem of commercial and free cyber threat intelligence feeds, making it difficult, yet essential, for network defenders to quantify the quality and to select the optimal set of feeds to follow. Selecting too many or low- quality feeds results in many false alerts, while considering too few feeds increases the risk of missing relevant threats. Naïve individual metrics like size and update rate give a somewhat good overview about a feed, but they do not allow conclusions about its quality and they can easily be manipulated by feed providers. In this paper, we present FeedRank, a novel ranking approach for cyber threat intelligence feeds. In contrast to individual metrics, FeedRank is robust against tampering attempts by feed providers. FeedRank's key insight is to rank feeds according to the originality of their content and the reuse of entries by other feeds. Such correlations between feeds are modelled in a graph, which allows FeedRank to find temporal and spatial correlations without requiring any ground truth or an operator's feedback. We illustrate FeedRank's usefulness with two characteristic examples: (i) selecting the best feeds that together contain as many distinct entries as possible; and (ii) selecting the best feeds that list new entries before they appear on other feeds. We evaluate FeedRank based on a large set of real feeds. The evaluation shows that FeedRank identifies dishonest feeds as outliers and that dishonest feeds do not achieve a better FeedRank score than the top-rated real feeds.
收起
摘要 :
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are d...
展开
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers' purchase histories have on the consumers' location privacy. We show that using a small set of low-priced product prices from the consumers' purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers' purchase history (e.g., for privacy reasons), information about the consumers' location is leaked. The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.
收起
摘要 :
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are d...
展开
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers' purchase histories have on the consumers' location privacy. We show that using a small set of low-priced product prices from the consumers' purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers' purchase history (e.g., for privacy reasons), information about the consumers' location is leaked. The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.
收起
摘要 :
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are d...
展开
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers' purchase histories have on the consumers' location privacy. We show that using a small set of low-priced product prices from the consumers' purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers' purchase history (e.g., for privacy reasons), information about the consumers' location is leaked. The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.
收起
摘要 :
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are d...
展开
Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers' purchase histories have on the consumers' location privacy. We show that using a small set of low-priced product prices from the consumers' purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers' purchase history (e.g., for privacy reasons), information about the consumers' location is leaked. The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.
收起
摘要 :
Modern aviation systems increasingly use satellite channels for data communication. However, many SATCOM providers do not offer encryption below the application layer by default, making their services vulnerable to eavesdroppers a...
展开
Modern aviation systems increasingly use satellite channels for data communication. However, many SATCOM providers do not offer encryption below the application layer by default, making their services vulnerable to eavesdroppers and creating security concerns. This research analyses such vulnerabilities specifically with regard to the aviation domain. We show that even low-resourced attackers can exploit this lack of security. We capture a broad range of SATCOM transmissions in the Ku-Band frequencies using a TV Tuner Card and widely available low-budget equipment for under 400 US dollars. Over 370 GB of aviation-related satellite-downstream data from high-throughput satellites were analysed from a measurement site in Central Europe. The results of this campaign reveal both security and privacy concerns across the whole spectrum of the industry. We identify unencrypted SATCOM usage comprising usage from in-flight entertainment systems to leaked private encrypted keys. Furthermore, we identified 328 specific aircraft broadcasting their live operations, including three government aircraft that actively blocked any information on their flights from air-traffic tracking sites. This work concludes with recommendations for both satellite service providers and aviation stakeholders on how these issues could be solved by using encryption at different network layers.
收起
摘要 :
The present work investigates the feasibility to exfiltrate a large amount of data from a computer by leveraging the unintended electromagnetic emanations of an HDMI cable to reconstruct its content. The low signal strength and no...
展开
The present work investigates the feasibility to exfiltrate a large amount of data from a computer by leveraging the unintended electromagnetic emanations of an HDMI cable to reconstruct its content. The low signal strength and noise of the leaked signals make difficult to recover any useful information, particularly when the content information is text based, since it suffers from low readability. We consider a targeted attack in which malicious software executed inside the victim's machine encodes the desired information into QR codes, which are then modulated on the HDMI cable and in turn received and reconstructed by the attacker. The efficiency of this method is evaluated under practical conditions showing that the system is capable of achieving a data exfiltration rate up to 12.67 Kbps under optimal conditions or 2.08 Kbps at 50 m distance. To the best of our knowledge, these results outperform, in terms of distance range and exfiltration rate, previous work in the field of electromagnetic leakage from the literature.
收起