Man-in-the-Middle Attack to the HTTPS Protocol

As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are!     

论Man-in-the-Middle Attack对“云”资源威胁

本文主要论述了Man-in-the-Middle Attack（中间人攻击）原理以及中间人攻击如何对＂云＂资源进行攻击可行性,并讨论了相应的防御机制,最后对云资源安全做出了总结和展望。     

可安全抵抗中间攻击的认证密钥交换

提出一种基于身份认证的密钥交换新方案,其安全性是同时基于离散对数和大整数分解难问题的。在进行密钥交换时,该方案能同时实现通信双方的身份认证和交换密钥的一致性认证,有效地抵抗冒名者的中间攻击和入侵者的重放攻击,提高了密钥交换的安全性和可靠性。特别是,该方案的交换密钥具有随机性,克服了Diffie-Hellman方案中交换密钥固定不变的弱点;通信双方一旦发现当前交换密钥泄露,可生成一个新的交换密钥,而不需修改系统的任何公开数据和用户的密钥。     

一种对中间人攻击的防范策略的研究

本文针对目前出现的对PKI的中间人攻击,分析了PKI中的两种安全隐患：如果客户端不能提供身份认证或者不能获得服务器证书的有效性检验,攻击者利用中间人攻击方法就 可以完全偷听会话内容。文章还讨论了防范中间人攻击的策略,运用这种防范策略可以达到有效地防止中间人攻击的目的;最后对防范策略作了安全性分析。     

Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks

In this paper, we propose a new mechanism for counteracting ARP (Address Resolution Protocol) poisoning-based Man-in-the-Middle (MITM) attacks in a subnet, where wired and wireless nodes can coexist. The key idea is that even a new node can be protected from an ARP cache poisoning attack if the mapping between an IP and the corresponding MAC addresses is resolved through fair voting among neighbor nodes under the condition that the number of good nodes is larger than that of malicious nodes. Providing fairness in voting among the nodes that are heterogeneous in terms of the processing capability and access medium is quite a challenge. We attempt to achieve fairness in voting using the uniform transmission capability of Ethernet LAN cards and smaller medium access delays of Ethernet than for wireless LAN. Although there is another scheme that resolves the same issue based on voting, i.e. MR-ARP, the voting fairness is improved further by filtering the voting reply messages from the too-early responding nodes, and the voting-related key parameters are determined analytically considering the fairness in voting. This paper shows that fairness in voting can be achieved using the proposed approach, overcoming the limitations of other voting-based schemes, and ARP poisoning-based MITM attacks can be mitigated in a more generalized environment through experiments.     

Catching the malicious insider

This paper looks at the issue of the malicious insider and at a range of the environmental and technical issues that have led to the current situation. The paper also examines why the threat from the malicious insider is changing and looks at a range of measures that can be taken in order to minimise the likelihood of an attack and to enhance the probability of detection in the case of an attack.     

点击欺诈群体检测与发现*

在线广告中的欺诈点击(click fraud)是指所有利用欺诈性手段或带有欺诈意图并被搜索引擎承认的点击行为。传统点击欺诈检测主要集中在检测个体用户点击的合法性。然而,目前存在很多的发布商雇佣大批网络用户,以群体形式进行欺诈点击。针对这一问题,提出了一种检测点击欺诈群组的方法。首先使用频繁项集挖掘算法来发现共同点击过大量广告的个体用户,作为疑似欺诈组。然后,在对组内用户点击行为属性分析的基础上,运用孤立点检测方法找到与组内其它用户有显著差异的疑似欺诈用户。最后,运用贝叶斯分类方法对检测到的所有疑似欺诈成员分类,得到真正的欺诈群组和欺诈用户。在真实数据集上的实验结果证明了方法的可行性与有效性。     

Identifying the signs of fraudulent accounts using data mining techniques

In today’s technological society there are various new means to commit fraud due to the advancement of media and communication networks. One typical fraud is the ATM phone scams. The commonality of ATM phone scams is basically to attract victims to use financial institutions or ATMs to transfer their money into fraudulent accounts. Regardless of the types of fraud used, fraudsters can only collect victims’ money through fraudulent accounts. Therefore, it is very important to identify the signs of such fraudulent accounts and to detect fraudulent accounts based on these signs, in order to reduce victims’ losses. This study applied Bayesian Classification and Association Rule to identify the signs of fraudulent accounts and the patterns of fraudulent transactions. Detection rules were developed based on the identified signs and applied to the design of a fraudulent account detection system. Empirical verification supported that this fraudulent account detection system can successfully identify fraudulent accounts in early stages and is able to provide reference for financial institutions.     

Data Mining techniques for the detection of fraudulent financial statements

This paper explores the effectiveness of Data Mining (DM) classification techniques in detecting firms that issue fraudulent financial statements (FFS) and deals with the identification of factors associated to FFS. In accomplishing the task of management fraud detection, auditors could be facilitated in their work by using Data Mining techniques. This study investigates the usefulness of Decision Trees, Neural Networks and Bayesian Belief Networks in the identification of fraudulent financial statements. The input vector is composed of ratios derived from financial statements. The three models are compared in terms of their performances.     

Topological pattern discovery and feature extraction for fraudulent financial reporting

Fraudulent financial reporting (FFR) involves conscious efforts to mislead others regarding the financial condition of a business. It usually consists of deliberate actions to deceive regulators, investors or the general public that also hinder systematic approaches from effective detection. The challenge comes from distinguishing dichotomous samples that have their major attributes falling in the same distribution. This study pioneers a novel dual GHSOM (Growing Hierarchical Self-Organizing Map) approach to discover the topological patterns of FFR, achieving effective FFR detection and feature extraction. Specifically, the proposed approach uses fraudulent samples and non-fraudulent samples to train a pair of dual GHSOMs under the same training parameters and examines the hypotheses for counterpart relationships among their subgroups taking advantage of unsupervised learning nature and growing hierarchical structures from GHSOMs. This study further presents (1) an effective classification rule to detect FFR based on the topological patterns and (2) an expert-competitive feature extraction mechanism to capture the salient characteristics of fraud behaviors. The experimental results against 762 annual financial statements from 144 public-traded companies in Taiwan (out of which 72 are fraudulent and 72 are non-fraudulent) reveal that the topological pattern of FFR follows the non-fraud-central spatial relationship, as well as shows the promise of using the topological patterns for FFR detection and feature extraction.     

捕捉瞬间的设计灵感

“它来自于对纽约的爱，以及它的本土性和规律性。”斯蒂芬a亚利斯克（StephenAlesch），他和搭档在曼哈顿的街道展示自己的本土化风格，近期的《WALLPAPER》杂志为我们介绍了这对设计搭档StephenAlesch和RobinStandefer的设计理念以及带领我们一饱曼哈顿的砖楼的风采。     

一种基于IPv6邻居发现协议的中间人攻击方法

通过分析邻居发现协议的工作原理指出邻居发现协议的安全漏洞是地址自动配置无安全认证机制,针对此漏洞提出攻击方法并实现了一种NDP-MITM工具。     

Catching a viral video

The sharing and re-sharing of videos on social sites, blogs e-mail, and other means has given rise to the phenomenon of viral videos—videos that become popular through internet sharing. In this paper we seek to better understand viral videos on YouTube by analyzing sharing and its relationship to video popularity using millions of YouTube videos. The socialness of a video is quantified by classifying the referrer sources for video views as social (e.g. an emailed link, Facebook referral) or non-social (e.g. a link from related videos). We find that viewership patterns of highly social videos are very different from less social videos. For example, the highly social videos rise to, and fall from, their peak popularity more quickly than less social videos. We also find that not all highly social videos become popular, and not all popular videos are highly social. By using our insights on viral videos we are able develop a method for ranking blogs and websites on their ability to spread viral videos.     

基于贝叶斯网络的电信话费欺诈模型的研究及应用

根据对恶意欠费欺诈客户已有的通话行为进行分析,建立一个恶意欠费欺诈行为模型,为电信运营商防范欺诈行为提供技术支持,是迫切需要。将电信业务人员的经验知识和样本数据相结合,在数据挖掘技术的基础上,提出了一种基于贝叶斯网络的电信话费欺诈建模方法。实验表明,基于OLAP分析和贝叶斯网络的话费欺诈预测效果良好,是一种有效的客户欺诈分析工具。     

Detecting fraudulent labeling of rice samples using computer vision and fuzzy knowledge

Pakistan’s climate allows growing several types of crops, among them is rice. Basmati is one of the most harvested and most profitable varieties of rice because of its unique fragrance. Rice varieties are difficult to differentiate accurately by visual inspection. Therefore, dishonest dealers could easily mislabel or adulterate basmati rice with less valuable assortments that look similar. We need a way to guard the interests of our trade partners. Many different approaches have been proposed to detect adulteration or fraud labeling of rice, in particular, to detect mixtures of authentic basmati and non-basmati varieties. These techniques employ characteristics such as morphological parameters, physicochemical properties, DNA, protein, or metabolites and are expensive and time-consuming. In this paper, we propose a novel and inexpensive technique to detect fraudulent labeling. We use computer vision and a fuzzy classification database for detecting fault labels. For classification, we employ a neural network based approach, and for detecting fraudulent labels, we create a fuzzy classification knowledge database to label rice samples accurately. Our proposed approach is novel and achieves a precision of more than 90% (for 10 gram sample) in identifying fraudulent labels of rice. We conclude that our approach can help in identifying the rice varieties with a higher accuracy.