针对Web-mail邮箱的跨站网络钓鱼攻击的研究

客户端脚本植入攻击是近年来攻击者常用的一种攻击手段,给Web应用程序带来了相当大的安全隐患。介绍了跨站脚本攻击和网络钓鱼攻击的原理及防御。分析了两种攻击在获取用户信息时的不全面,从而提出了一种针对Web-mail邮箱的跨站网络钓鱼攻击方法。这种攻击方法结合了跨站脚本攻击和网络钓鱼攻击,不仅能够获取用户邮箱的cookie、账号及密码,而且还可以获取用户的个人相关信息。最后,针对提出的攻击方法给出了防御措施。     

Defending against phishing attacks: taxonomy of methods,current issues and future directions

Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people’s lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly inventive. One such a serious threat is “phishing”, in which, attackers attempt to steal the user’s credentials using fake emails or websites or both. It is true that both industry and academia are working hard to develop solutions to combat against phishing threats. It is therefore very important that organisations to pay attention to end-user awareness in phishing threat prevention. Therefore, aim of our paper is twofold. First, we will discuss the history of phishing attacks and the attackers’ motivation in details. Then, we will provide taxonomy of various types of phishing attacks. Second, we will provide taxonomy of various solutions proposed in literature to protect users from phishing based on the attacks identified in our taxonomy. Moreover, we have also discussed impact of phishing attacks in Internet of Things (IoTs). We conclude our paper discussing various issues and challenges that still exist in the literature, which are important to fight against with phishing threats.     

网络钓鱼攻击分析和防范探讨

网络钓鱼攻击诱导用户访问虚假网站窃取用户姓名、账号、密码等敏感信息进而侵犯用户经济利益和隐私信息,影响极为恶劣。文章探讨了网络钓鱼攻击的方法、方式、检测技术、危害和预防措施,旨在为预防网络钓鱼攻击提供参考。     

利用地址解析协议的地址空间欺骗技术

信息攻防之间的不对称性要求信息安全领域亟需一种新的解决方案.而信息欺骗技术可以有效地增加攻击者的负担,减低其攻击效率,同时为安全管理员提供攻击者的意图和攻击方法等信息.本文提出的利用地址解析协议实现地址空间的欺骗可以有效增加攻击者的攻击难度,并为后续攻击信息的获取提供基础.演示结果证明了该方法的有效性。     

Wormhole Attack Detection System for IoT Network: A Hybrid Approach

Many errors in data communication cause security attacks in Internet of Things (IoT). Routing errors at network layer are prominent errors in IoT which degrade the quality of data communication. Many attacks like sinkhole attack, blackhole attack, selective forwarding attack and wormhole attack enter the network through the network layer of the IoT. This paper has an emphasis on the detection of a wormhole attack because it is one of the most uncompromising attacks at the network layer of IoT protocol stack. The wormhole attack is the most disruptive attack out of all the other attacks mentioned above. The wormhole attack inserts information on incorrect routes in the network; it also alters the network information by causing a failure of location-dependent protocols thus defeating the purpose of routing algorithms. This paper covers the design and implementation of an innovative intrusion detection system for the IoT that detects a wormhole attack and the attacker nodes. The presence of a wormhole attack is identified using location information of any node and its neighbor with the help of Received Signal Strength Indicator (RSSI) values and the hop-count. The proposed system is energy efficient hence it is beneficial for a resource-constrained environment of IoT. It also provides precise true-positive (TPR) and false-positive detection rate (FPR).

     

Resilient,bandwidth scalable and energy efficient hybrid PON architecture

The existing anti-phishing approaches use the blacklist methods or features based machine learning techniques. Blacklist methods fail to detect new phishing attacks and produce high false positive rate. Moreover, existing machine learning based methods extract features from the third party, search engine, etc. Therefore, they are complicated, slow in nature, and not fit for the real-time environment. To solve this problem, this paper presents a machine learning based novel anti-phishing approach that extracts the features from client side only. We have examined the various attributes of the phishing and legitimate websites in depth and identified nineteen outstanding features to distinguish phishing websites from legitimate ones. These nineteen features are extracted from the URL and source code of the website and do not depend on any third party, which makes the proposed approach fast, reliable, and intelligent. Compared to other methods, the proposed approach has relatively high accuracy in detection of phishing websites as it achieved 99.39% true positive rate and 99.09% of overall detection accuracy.     

Circumventing security toolbars and phishing filters via rogue wireless access points

One of the solutions that has been widely used by naive users to protect against phishing attacks is security toolbars or phishing filters in web browsers. The present study proposes a new attack to bypass security toolbars and phishing filters via local DNS poisoning without the need of an infection vector. A rogue wireless access point (AP) is set up, poisoned DNS cache entries are used to forge the results provided to security toolbars, and thus misleading information is displayed to the victim. Although there are several studies that demonstrate DNS poisoning attacks, none to our best knowledge investigate whether such attacks can circumvent security toolbars or phishing filters. Five well‐known security toolbars and three reputable browser built‐in phishing filters are scrutinized, and none of them detect the attack. So ineptly, security toolbars provide the victim with false confirmative indicators that the phishing site is legitimate. Copyright © 2009 John Wiley & Sons, Ltd.     

规避网络钓鱼给证券行业带来的安全风险

网上交易作为证券行业进行业务开展的主要手段之后,网上交易的安全性就成了人们日益关注的话题。在网上交易过程中,网络钓鱼攻击是一种重要的攻击方式。由于此方式的特殊性,导致被害用户损失严重。所以做好网络钓鱼的防范,对于证券行业具有很大的现实意义。这里从网络钓鱼的实施过程、社会危害及防范方法等几个角度,对网络钓鱼进行全面的阐述,详细描述了恶意分子如何引导用户去访问恶意网站,以及网络钓鱼的主要防范技术,如黑白名单检测技术、页面相似度检查技术,从技术角度和用户的上网行为角度,提出了相关的方法,尽量规避网络钓鱼技术给证券行业带来的安全风险。     

基于NCL电路的抗故障攻击设计研究

作为旁路攻击的一种重要方式,故障攻击为攻击者对密码系统实施攻击提供了更加丰富的信息和手段,并几乎攻破了当前所有主流的密码体制。针对故障攻击的防御问题,大量的防御方案被提出,但大都在空间/时间代价、故障覆盖率等方面存在不足。该文以NCL(Null Convention Logic)电路及双轨编码的强鲁棒性特点为基础,通过综合运用轨间信号同步、传播延迟匹配、非法编码检测及自反馈等手段,提出一种电路级故障攻击防御方法。分析及实验表明,该防御方法能够以较小的代价实现有效的故障检测,抑制各类故障的传播,并能非常方便地扩展至自动化综合过程中。     

Throughput of cognitive radio networks with improved energy detector under security threats

Spectrum sensing in cognitive radio networks (CRNs) is subjected to some security threats such as primary user emulation (PUE) attack and spectrum sensing data falsification (SSDF) attack. In PUE attack, a malicious user (MU_PUE) transmits an emulated primary signal throughout the spectrum sensing interval to secondary users (SUs) to forestall them from accessing the primary user (PU) spectrum bands. In SSDF attack, malicious users (MU_SSDF) intentionally report false sensing decisions to the fusion center (FC) to influence the overall decision. While most of the existing literatures have studied the effects of these 2 types of attacks separately, the present paper evaluates the secondary network performance in terms of throughput under both the PUE and SSDF attacks with improved energy detectors (IEDs) where SU's spectrum access is hybrid, ie, either in overlay or in underlay mode. An analytical expression on throughput of SU under the simultaneous influence of both of these attacks is developed. Impact of several parameters such as IED parameter, attacker probabilities, and attacker strength on the throughput of SU is investigated. Performance of the present scheme is also compared with only PUE and only SSDF attacks. A simulation test bed is developed in MATLAB to validate our analytical results.     

基于浏览器的钓鱼网站检测技术研究

目前,网络钓鱼攻击给互联网用户带来严重的威胁。为了应对这种威胁,许多软件厂商与组织提出了各种反钓鱼策略。论文针对基于浏览器的钓鱼网站检测技术进行了分析研究。     

Adversarial Attacks on Voice Recognition Based on Hyper Dimensional Computing

Recently, there is a great demand for experimenting with Artificial Intelligence (AI) algorithms on the Internet of Things (IoT) devices that have only limited computing or transmission resources. Hyper-Dimensional Computing (HDC), which can effectively run on low-cost CPUs, is one of the solutions. However, since the AI algorithms are proved to be vulnerable to Adversarial Examples (AE) in recent research, it is then important to investigate the same security issues on other intelligent algorithms such as HDC. In our paper, motivated by the AE attacks for AI algorithms, we propose an attack measured based on the Differential Evolution (DE), which does not rely on the gradient. By attacking the VoiceHD model in the Isolet dataset, we prove that HDC is also vulnerable to AEs. In our experimentation, we can launch non-targeted attacks on the VoiceHD with the highest 85.7% success rate.

     

SeRWA: A secure routing protocol against wormhole attacks in sensor networks

A wormhole attack is particularly harmful against routing in sensor networks where an attacker receives packets at one location in the network, tunnels and then replays them at another remote location in the network. A wormhole attack can be easily launched by an attacker without compromising any sensor nodes. Since most of the routing protocols do not have mechanisms to defend the network against wormhole attacks, the route request can be tunneled to the target area by the attacker through wormholes. Thus, the sensor nodes in the target area build the route through the attacker. Later, the attacker can tamper the data, messages, or selectively forward data messages to disrupt the functions of the sensor network. Researchers have used some special hardware such as the directional antenna and the precise synchronized clock to defend the sensor network against wormhole attacks during the neighbor discovery process. In this paper, we propose a Secure Routing protocol against wormhole attacks in sensor networks (SeRWA). SeRWA protocol avoids using any special hardware such as the directional antenna and the precise synchronized clock to detect a wormhole. Moreover, it provides a real secure route against the wormhole attack. Simulation results show that SeRWA protocol only has very small false positives for wormhole detection during the neighbor discovery process (less than 10%). The average energy usage at each node for SeRWA protocol during the neighbor discovery and route discovery is below 25 mJ, which is much lower than the available energy (15 kJ) at each node. The cost analysis shows that SeRWA protocol only needs small memory usage at each node (below 14 kB if each node has 20 neighbors), which is suitable for the sensor network.     

智能卡差分能量分析实验平台实现与数据优化

随着密码学和密码芯片的广泛应用,针对密码芯片的攻击也日益增多.差分能量分析（Differential Power Analysis,DPA）攻击是最常见的一种侧信道攻击方法.DPA攻击者无须了解加密算法的具体细节,而只通过密码设备的能量迹分析即可破解出设备的密钥.因此,研究DPA攻击十分必要.实现了智能卡DPA实验系统,并对于此系统的能量迹测量数据进行优化处理,从而更有利于针对此类攻击的分析和相应防御措施的设计.     

Compressive Sensing Node Localization Method Using Autonomous Underwater Vehicle Network

This framework attempts to introduce a new Distributed denial-of-service (DDoS) attack detection and mitigation model. It is comprised of two stages, namely DDoS attack detection and mitigation. The first stage consists of three important phases like feature extraction, optimal feature selection, and classification. In order to optimally select the features of obtained feature sets, a new improved algorithm is implanted named Improved Update oriented Rider Optimization Algorithm (IU-ROA), which is the modification of the Rider Optimization Algorithm (ROA) algorithm. The optimal features are subjected to classification using the Deep Convolutional Neural Network (CNN) model, in which the presence of network attacks can be detected. The second stage is the mitigation of the attacker node. For this, a bait detection mechanism is launched, which provides the effective mitigation of malicious nodes having Distributed Denial-of-Service (DDoS) attacks. The experimentation is done on the KDD cup 99 dataset and the experimental analysis proves that the proposed model generates a better result which is 90.06% in mitigation analysis and the overall performance analysis of the proposed model on DDoS Attack Detection is 96% better than conventional methods.

     

Design and performance analysis of an efficient single flow IP traceback technique in the AS level

Network security is a major challenge for big and small companies. The Internet topology is vulnerable to Distributed Denial of Service (DDoS) attacks as it provides an opportunity to an attacker to send a large volume of traffic to a victim, which can limit its Internet availability. The main problem in the prevention of the DDoS attack, also known as the flooding attack, is how to find the source of traffic flooding. This is because the spoofed source Internet protocol (IP) address of packets is not affected on its routing. As a result, IP traceback techniques are proposed to find the source of attack and in general, to find the source of any packet. Doing so, the IP traceback techniques can help us to prevent the Denial of Service (DoS) and DDoS attacks. In this paper, we propose an efficient Single Flow IP Traceback (SFT) technique in the Autonomous System (AS) level. Furthermore, a path signature generation algorithm is presented for detecting and filtering the spoofed traffic. Our solution assumes a secure Border Gateway Protocol (BGP)‐routing infrastructure for exchanging authenticated messages in order to learn the path signatures, and it uses a marking algorithm in the flow level for transmission of the traceback messages. Because in our technique less bits are required to mark the IP header packet, the required storage space for any unique path to the victim is significantly decreased. Compared with the other existing techniques, the obtained results demonstrate that our technique has the least marking rate, overhead processing on the middle nodes, and destination's computational cost while offering the highest accuracy in tracebacking attack.     

A time stamp-based algorithm to improve security and performance of mobile ad hoc network

Mobile ad hoc network is open medium and infrastructure-less network. Mobile ad hoc network is susceptible to various security attacks such as, black hole attack, gray hole attack, bad mouthing attack, sybil attack and worm hole attack due to open medium, infrastructure-less features and lack of in-built security. In black hole attack and gray hole attack, attacker falsely sends route reply and dropped data packets received from source node. Due to these attacks, performance of mobile ad hoc network decreases. This paper proposes a time stamp-based algorithm which is an enhanced version of existing IDSNAODV algorithm. Proposed algorithm modifies existing palling process to validate identity of observer nodes using a time stamp-based approach. Based on defined set of rules and recorded activities report, source node decides the nature of target node. The performance of proposed algorithm is evaluated using the network simulator. The proposed algorithm shows improved performance for packet delivery ratio, throughput and routing overhead as compared to existing algorithm.

     

网络地址变换对不同扫描攻击的防御优势分析

网络地址变换通过动态地改变或映射主机的网络地址,使得攻击者收集到的地址信息变得无效,然而对于扫描到主机即发起攻击的扫描攻击,网络地址变换的防御性能有所下降,很少有研究从理论上分析网络地址变换对不同扫描策略的扫描攻击的防御优势。该文考虑均匀变换和非重复变换两种网络地址变换策略,给出不同扫描策略的扫描攻击在静态地址环境以及网络地址变换环境下的概率模型,概率模型分析了攻击者命中至少一台主机的概率以及攻击者命中主机的数量;通过理论计算两种网络地址变换策略相比于静态地址环境的防御优势。分析结果表明对于可重复扫描攻击,两种网络地址变换策略相比于静态地址环境不具有防御优势;对于非重复扫描攻击,均匀变换仅当主机数量较少时才具有概率优势,非重复变换仅当主机数量占地址空间比例较小时才具有较高的比例优势。     

针对钓鱼攻击的防范技术研究

论文从网络攻击的角度,提炼出了三种钓鱼攻击的模型,并对其实现机理、关键技术进行了比较详细的剖析。然后,针对钓鱼攻击本身的特点,提出了一种同时具备双因素认证和双向认证优点的认证模型来防御钓鱼攻击。     

A decision‐making approach for detecting the primary user emulation attack in cognitive radio networks

Cognitive radio network (CRN) is a promising technology, which enables secondary users to use the free spectrum channels without causing detrimental interference with the primary user (PU). Nevertheless, CRN is subject to numerous cyber attacks that have a negative impact on its performance. Among the CRN attacks, the primary user emulation (PUE) attack is known to be one of the malicious attacks threatening CRN security. Several attacks detection techniques, based on attacker localization, have been investigated in the literature. These techniques include the trilateration, received signal strength indication (RSSI), and network coding approach as well. However, most of these techniques do not consider the uncertainty related to CRN, which can be modeled by a cost function defined as a weighted sum of conditional probabilities. In this paper, a localization technique, relied on a trilateration computation and a Bayesian model, is proposed for PUE position detection purpose under uncertainty conditions assumption. Particularly, the estimation of PUE position is performed through trilateration method based on RSSI at the anchor nodes for the signal coming from either PU or PUE, whereas, the Bayesian decision model, based on a cost function, is involved to check the PU legitimacy. The simulation results show that the decision‐making approach "Security, productivity, Balancing" influences directly the zone of the PUE attack detection.