Your search keyword '"Conti, Mauro"' showing total 12 results

1. HTTPScout: A Machine Learning based Countermeasure for HTTP Flood Attacks in SDN

Author

Mohammadi, Reza, Lal, Chhagan, and Conti, Mauro

Published

2023

2. Multi-SpacePhish: Extending the Evasion-space of Adversarial Attacks against Phishing Website Detectors Using Machine Learning.

Author

Yuan, Ying, Apruzzese, Giovanni, and Conti, Mauro

Subjects

PHISHING, DETECTORS, ARTIFICIAL intelligence, DEEP learning, MACHINE learning

Abstract

Existing literature on adversarial Machine Learning (ML) focuses either on showing attacks that break every ML model or defenses that withstand most attacks. Unfortunately, little consideration is given to the actual feasibility of the attack or the defense. Moreover, adversarial samples are often crafted in the "feature-space," making the corresponding evaluations of questionable value. Simply put, the current situation does not allow one to estimate the actual threat posed by adversarial attacks, leading to a lack of secure ML systems. We aim to clarify such confusion in this article. By considering the application of ML for Phishing Website Detection (PWD), we formalize the "evasion-space," in which an adversarial perturbation can be introduced to fool an ML-PWD—demonstrating that even perturbations in the "feature-space" are useful. Then, we propose a realistic threat model describing evasion attacks against ML-PWD that are cheap to stage, and hence intrinsically more attractive for real phishers. After that, we perform the first statistically validated assessment of state-of-the-art ML-PWD against 12 evasion attacks. Our evaluation shows (i) the true efficacy of evasion attempts that are more likely to occur; and (ii) the impact of perturbations crafted in different evasion-spaces; our realistic evasion attempts induce a statistically significant degradation (3–10% at p< 0.05), and their cheap cost makes them a subtle threat. Notably, however, some ML-PWD are immune to our most realistic attacks (p = 0.22). Finally, as an additional contribution of this journal publication, we are the first to propose and empirically evaluate the intriguing case wherein an attacker introduces perturbations in multiple evasion-spaces at the same time. These new results show that simultaneously applying perturbations in the problem- and feature-space can cause a drop in the detection rate from 0.95 to 0. Our contribution paves the way for a much-needed re-assessment of adversarial attacks against ML systems for cybersecurity. [ABSTRACT FROM AUTHOR]

Published

2024

3. Detecting crypto-ransomware in IoT networks based on energy consumption footprint

Author

Azmoodeh, Amin, Dehghantanha, Ali, Conti, Mauro, and Choo, Kim-Kwang Raymond

Published

2018

4. Can machine learning model with static features be fooled: an adversarial machine learning approach.

Author

Taheri, Rahim, Javidan, Reza, Shojafar, Mohammad, Vinod, P., and Conti, Mauro

Subjects

MACHINE learning, JACOBIAN matrices, CLASSIFICATION algorithms, SET functions, ALGORITHMS, MALWARE prevention

Abstract

The widespread adoption of smartphones dramatically increases the risk of attacks and the spread of mobile malware, especially on the Android platform. Machine learning-based solutions have been already used as a tool to supersede signature-based anti-malware systems. However, malware authors leverage features from malicious and legitimate samples to estimate statistical difference in-order to create adversarial examples. Hence, to evaluate the vulnerability of machine learning algorithms in malware detection, we propose five different attack scenarios to perturb malicious applications (apps). By doing this, the classification algorithm inappropriately fits the discriminant function on the set of data points, eventually yielding a higher misclassification rate. Further, to distinguish the adversarial examples from benign samples, we propose two defense mechanisms to counter attacks. To validate our attacks and solutions, we test our model on three different benchmark datasets. We also test our methods using various classifier algorithms and compare them with the state-of-the-art data poisoning method using the Jacobian matrix. Promising results show that generated adversarial samples can evade detection with a very high probability. Additionally, evasive variants generated by our attack models when used to harden the developed anti-malware system improves the detection rate up to 50% when using the generative adversarial network (GAN) method. [ABSTRACT FROM AUTHOR]

Published

2020

5. On defending against label flipping attacks on malware detection systems.

Author

Taheri, Rahim, Javidan, Reza, Shojafar, Mohammad, Pooranian, Zahra, Miri, Ali, and Conti, Mauro

Subjects

FEATURE selection, ALGORITHMS, MACHINE learning, LABELS, MOBILE operating systems, MALWARE prevention, DEEP learning

Abstract

Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the K-nearest neighboring algorithm to defend against such attacks. However, such an approach can suffer from low to miss-classification rate accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on silhouette clustering method, modified for mobile Android platforms. We proposed two convolutional neural network-type deep learning algorithms against this Silhouette Clustering-based Label Flipping Attack. We show the effectiveness of these two defense algorithms—label-based semi-supervised defense and clustering-based semi-supervised defense—in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19% accuracy when compared with the state-of-the-art method in the literature. [ABSTRACT FROM AUTHOR]

Published

2020

6. Cryptomining Cannot Change Its Spots: Detecting Covert Cryptomining Using Magnetic Side-Channel.

Author

Gangwal, Ankit and Conti, Mauro

Abstract

With new cryptocurrencies being frequently introduced to the market, the demand for cryptomining - a fundamental operation associated with most of the cryptocurrencies - has initiated a new stream of earning financial gains. The cost associated with the lucrative cryptomining has driven general masses to unethically mine cryptocurrencies using “plundered” resources in the public organizations (e.g., universities) as well as in the corporate sector that follows Bring Your Own Device (BYOD) culture. Such exploitation of the resources causes financial detriment to the affected organizations, which often discover the abuse when the damage has already been done. In this paper, we present a novel approach that leverages magnetic side-channel to detect covert cryptomining. Our proposed approach works even when the examiner does not have login-access or root-privileges on the suspect device. It merely requires the physical proximity of the examiner and a magnetic sensor, which is often available on smartphones. The fundamental idea of our approach is to profile the magnetic field emission of a processor for the set of available mining algorithms. We built a complete implementation of our system using advanced machine learning techniques. In our experiments, we included all the cryptocurrencies supported by the top-10 mining pools, which collectively comprise the largest share (84% during Q3 2018) of the cryptomining market. Moreover, we tested our methodology primarily on two different laptops. By using the data recorded from the magnetometer of an ordinary smartphone, our classifier achieved an average precision of over 88% and an average F1 score of 87%. Apart from our primary goal - which is to identify covert cryptomining - we also performed four additional experiments to further evaluate our approach. We found that due to its underlying design, our system is future-ready and can readily adapt even to zero-day cryptocurrencies. [ABSTRACT FROM AUTHOR]

Published

2020

7. Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery.

Author

Calzavara, Stefano, Conti, Mauro, Focardi, Riccardo, Rabitti, Alvise, and Tolomei, Gabriele

Abstract

We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software. [ABSTRACT FROM AUTHOR]

Published

2020

8. Detecting Android Malware Leveraging Text Semantics of Network Flows.

Author

Wang, Shanshan, Yan, Qiben, Chen, Zhenxiang, Yang, Bo, Zhao, Chuan, and Conti, Mauro

Abstract

The emergence of malicious apps poses a serious threat to the Android platform. Most types of mobile malware rely on network interface to coordinate operations, steal users’ private information, and launch attack activities. In this paper, we propose an effective and automatic malware detection method using the text semantics of network traffic. In particular, we consider each HTTP flow generated by mobile apps as a text document, which can be processed by natural language processing to extract text-level features. Then, we use the text semantic features of network traffic to develop an effective malware detection model. In an evaluation using 31 706 benign flows and 5258 malicious flows, our method outperforms the existing approaches, and gets an accuracy of 99.15%. We also conduct experiments to verify that the method is effective in detecting newly discovered malware, and requires only a few samples to achieve a good detection result. When the detection model is applied to the real environment to detect unknown applications in the wild, the experimental results show that our method performs significantly better than other popular anti-virus scanners with a detection rate of 54.81%. Our method also reveals certain malware types that can avoid the detection of anti-virus scanners. In addition, we design a detection system on encrypted traffic for bring-your-own-device enterprise network, home network, and 3G/4G mobile network. The detection model is integrated into the system to discover suspicious network behaviors. [ABSTRACT FROM PUBLISHER]

Published

2018

9. Computational Intelligence Approaches for Energy Load Forecasting in Smart Energy Management Grids: State of the Art, Future Challenges, and Research Directions.

Author

Fallah, Seyedeh Narjes, Deo, Ravinesh Chand, Shojafar, Mohammad, Conti, Mauro, and Shamshirband, Shahaboddin

Subjects

SMART power grids, ENERGY management, WIND power, CONSUMERS, ARTIFICIAL neural networks

Abstract

Energy management systems are designed to monitor, optimize, and control the smart grid energy market. Demand-side management, considered as an essential part of the energy management system, can enable utility market operators to make better management decisions for energy trading between consumers and the operator. In this system, a priori knowledge about the energy load pattern can help reshape the load and cut the energy demand curve, thus allowing a better management and distribution of the energy in smart grid energy systems. Designing a computationally intelligent load forecasting (ILF) system is often a primary goal of energy demand management. This study explores the state of the art of computationally intelligent (i.e., machine learning) methods that are applied in load forecasting in terms of their classification and evaluation for sustainable operation of the overall energy management system. More than 50 research papers related to the subject identified in existing literature are classified into two categories: namely the single and the hybrid computational intelligence (CI)-based load forecasting technique. The advantages and disadvantages of each individual techniques also discussed to encapsulate them into the perspective into the energy management research. The identified methods have been further investigated by a qualitative analysis based on the accuracy of the prediction, which confirms the dominance of hybrid forecasting methods, which are often applied as metaheurstic algorithms considering the different optimization techniques over single model approaches. Based on extensive surveys, the review paper predicts a continuous future expansion of such literature on different CI approaches and their optimizations with both heuristic and metaheuristic methods used for energy load forecasting and their potential utilization in real-time smart energy management grids to address future challenges in energy demand management. [ABSTRACT FROM AUTHOR]

Published

2018

10. BLUFADER: Blurred face detection & recognition for privacy-friendly continuous authentication.

Author

Cardaioli, Matteo, Conti, Mauro, Orazi, Gabriele, Tricomi, Pier Paolo, and Tsudik, Gene

Subjects

MACHINE learning, DEEP learning, FACE

Abstract

Authentication and de-authentication phases should occur at the beginning and end of secure user sessions, respectively. A secure session requires the user to pass the former, but the latter is often underestimated or ignored. Unattended or dangling sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, researchers focused on automated de-authentication systems, either as a stand-alone mechanism or as a result of continuous authentication failures. Unfortunately, no single approach offers security, privacy, and usability. Face-recognition methods, for example, may be suitable for security and usability, but they violate user privacy by continuously recording their actions and surroundings. In this work, we propose BLUFADER, a novel continuous authentication system that takes advantage of blurred face detection and recognition to fast, secure, and transparent de-authenticate users, preserving their privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection and recognition continuously. To evaluate BLUFADER's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The de-authentication system was trained and evaluated using the former, while the latter was used to appraise the privacy and increase variance at training time. To guarantee the privacy-preserving effectiveness of the selected physical blurring filter, we show that state-of-the-art deblurring models are not able to revert our physical blur. Further, we demonstrate that our approach outperforms state-of-the-art methods in detecting blurred faces, achieving up to 95% accuracy. Moreover, BLUFADER effectively de-authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements. Last, our continuous authentication face recognition module based on Siamese Neural Network preventively protect users from adversarial attacks, enhancing the overall system security. [ABSTRACT FROM AUTHOR]

Published

2023

11. Distributed denial of service attacks in cloud: State-of-the-art of scientific and commercial solutions.

Author

Bhardwaj, Aanshi, Mangat, Veenu, Vig, Renu, Halder, Subir, and Conti, Mauro

Subjects

DENIAL of service attacks, CLOUD computing, BLENDED learning

Abstract

Cloud computing model provides on demand, elastic and fully managed computer system resources and services to organizations. However, attacks on cloud components can cause inestimable losses to cloud service providers and cloud users. One such category of attacks is the Distributed Denial of Service (DDoS), which can have serious consequences including impaired customer experience, service outage and in severe cases, complete shutdown and total economic unsustainability. Advances in Internet of Things (IoT) and network connectivity have inadvertently facilitated launch of DDoS attacks which have increased in volume, frequency and intensity. Recent DDoS attacks involving new attack vectors and strategies, have precipitated the need for this survey. In this survey, we mainly focus on finding the gaps, as well as bridging those gaps between the future potential DDoS attacks and state-of-the-art scientific and commercial DDoS attack defending solutions. It seeks to highlight the need for a comprehensive detection approach by presenting the recent threat landscape and major cloud attack incidents, estimates of future DDoS, illustrative use cases, commercial DDoS solutions, and the laws governing DDoS attacks in different nations. An up-to-date survey of DDoS detection methods, particularly anomaly based detection, available research tools, platforms and datasets, has been given. This paper further explores the use of machine learning methods for detection of DDoS attacks and investigates features, strengths, weaknesses, tools, datasets, and evaluates results of the methods in the context of the cloud. A summary comparison of statistical, machine learning and hybrid methods has been brought forth based on detailed analysis. This paper is intended to serve as a ready reference for the research community to develop effective and innovative detection mechanisms for forthcoming DDoS attacks in the cloud environment. It will also sensitize cloud users and providers to the urgent need to invest in deployment of DDoS detection mechanisms to secure their assets. • Provides up-to-date listing of major attack incidents on cloud infrastructure and gives observations on upcoming DDoS attacks in advance. • Provides a taxonomy based on the cloud component being attacked for cloud based DDoS attacks. • Presents a detailed taxonomy of anomaly based DDoS detection methods based on recent research works. • Enumerates alternative commercial DDoS solutions. • Depicts sample illustrative DDoS attack scenarios and discusses laws governing DDoS attacks in major nations. [ABSTRACT FROM AUTHOR]

Published

2021

12. Identification of Android malware using refined system calls.

Author

K., Deepa, G., Radhamani, P., Vinod, Shojafar, Mohammad, Kumar, Neeraj, and Conti, Mauro

Subjects

MALWARE prevention, FEATURE selection, ROUGH sets, MALWARE, IDENTIFICATION

Abstract

Summary: The ever increasing number of Android malware has always been a concern for cybersecurity professionals. Even though plenty of anti‐malware solutions exist, we hypothesize that the performance of existing approaches can be improved by deriving relevant attributes through effective feature selection methods. In this paper, we propose a novel two‐step feature selection approach based on Rough Set and Statistical Test named as RSST to extract refined system calls, which can effectively discriminate malware from benign apps. By refined set of system call, we mean the existence of highly relevant calls that are uniformly distributed thought target classes. Moreover, an optimal attribute set is created, which is devoid of redundant system calls. To address the problem of higher dimensional attribute set, we derived suboptimal system call space by applying the proposed feature selection method to maximize the separability between malware and benign samples. Comprehensive experiments conducted on three datasets resulted in an accuracy of 99.9%, Area Under Curve (AUC) of 1.0, with 1% False Positive Rate (FPR). However, other feature selectors (Information Gain, CFsSubsetEval, ChiSquare, FreqSel, and Symmetric Uncertainty) used in the domain of malware analysis resulted in the accuracy of 95.5% with 8.5% FPR. Moreover, the empirical analysis of RSST derived system calls outperformed other attributes such as permissions, opcodes, API, methods, call graphs, Droidbox attributes, and network traces. [ABSTRACT FROM AUTHOR]

Published

2019