Journal of Computer Security - Volume 21, issue 2

Authors: Geigel, Arturo

Article Type: Research Article

Abstract: This paper presents a proof of concept of a neural network Trojan. The neural network Trojan consists of a neural network that has been trained with a compromised dataset and modified code. The Trojan implementation is carried out by insertion of a malicious payload encoded into the weights alongside with the data of the intended application. The neural Trojan is specifically designed so that when a specific entry is fed into the trained neural network, it triggers the interpretation of the data as payload. The paper presents a background on which this attack is based and provides the assumptions that …make the attack possible. Two embodiments of the attack are presented consisting of a basic backpropagation network and a Neural Network Trojan with Sequence Processing Connections (NNTSPC). The two alternatives are used depending on the underlying circumstances on which the compromise is launched. Experimental results are carried out with synthetic as well as a chosen existing binary payload. Practical issues of the attack are also discussed, as well as a discussion on detection techniques. Show more

Keywords: Neural network, Trojan, malware, artificial intelligence, machine learning

DOI: 10.3233/JCS-2012-0460

Citation: Journal of Computer Security, vol. 21, no. 2, pp. 191-232, 2013

Authors: Phatak, Dhananjay | Sherman, Alan T. | Joshi, Nikhil | Sonawane, Bhushan | Relan, Vivek G. | Dawalbhakta, Amol

Article Type: Research Article

Abstract: We present and experimentally evaluate Spread Identity (SI) – a new dynamic network address remapping mechanism that provides anonymity and DDoS defense capabilities for Internet communications. For each session between a source and destination host, the trusted source gateway dynamically and randomly assigns an IP address for the source host from the pool of all routable IP addresses allocated to the source organization. Similarly, in response to a name resolution query from the source gateway, the trusted authoritative DNS server for the destination organization dynamically assigns an IP address for the destination host from the pool of all routable IP …addresses allocated to the destination organization. These assignments depend upon the state of the server (including load, residual capacity, time of day) and policy. Different hosts can share the same IP address when communicating with distinct peers. Each gateway creates a NAT entry, valid for the communication session, based on the dynamic assignment by its organization. An eavesdropper listening to packets flowing through the Internet between the source and destination gateways learns only the source and destination domains; the eavesdropper cannot see the actual complete IP addresses of the source and destination hosts. In addition, SI enhances DDoS defense capabilities by enabling packet filtering based on destination addresses. With multiple IP addresses for the same destination, filtering based on destination addresses can block attackers without necessarily blocking legitimate users. Deploying SI requires changes to organizational gateways and, possibly, to the edge-routers that interface with organizational gateways; but network mechanisms farther upstream, including the core routers in the Internet, remain unchanged. Likewise, the installed base of operating systems running individual hosts in the internal network, together with the end-user application suites they support, remain untouched. SI mechanisms are backward compatible, incrementally deployable, and robustly scalable. A naïve implementation of SI can increase the DNS traffic; however, when SI is implemented at both the source and the destination ends, it is possible for SI to reduce DNS traffic. Ns-2 simulations and experiments on the DeterLab test bed corroborate the main hypotheses and demonstrate advantages of the SI paradigm. Ns-2 simulations demonstrate that file transfer success rates for our SI DDoS protection mechanism are similar to those of filter- and capability-based approaches, with lower file transfer times than for filter-based approaches. DeterLab trials demonstrate that SI consumes similar resources (connection establishment time, network address translation table size, packet forwarding rate and memory) to those of a typical single NAT system, though with higher name resolution times. Show more

Keywords: Address-hopping, address pooling, anonymity, applied cryptography, Distributed Denial of Service (DDoS) attacks, Domain Name Server (DNS), Internet Protocol (IP), Network Address Translation (NAT), network security, spread identity, statistical address multiplexing

DOI: 10.3233/JCS-2012-0463

Citation: Journal of Computer Security, vol. 21, no. 2, pp. 233-281, 2013

Authors: Kolesnikov, Vladimir | Sadeghi, Ahmad-Reza | Schneider, Thomas

Article Type: Research Article

Abstract: General two-party Secure Function Evaluation (SFE) allows mutually distrusting parties to correctly compute any function on their private input data, without revealing the inputs. Two-party SFE can benefit almost any client-server interaction where privacy is required, such as privacy-preserving credit checking, medical classification, or face recognition. Today, SFE is a subject of immense amount of research in a variety of directions and is not easy to navigate. In this article, we systematize the most practically important works of the vast research knowledge on general SFE. We argue that in many cases the most efficient SFE protocols are obtained by …combining several basic techniques, e.g., garbled circuits and (additively) homomorphic encryption. As a valuable methodological contribution, we present a framework in which today's most efficient techniques for general SFE can be viewed as building blocks with well-defined interfaces that can be easily combined into a complete efficient solution. Further, our approach naturally allows automated protocol generation (compilation) and has been implemented partially in the TASTY framework. In summary, we provide a comprehensive guide in state-of-the-art SFE, with the additional goal of extracting, systematizing and unifying the most relevant and promising general SFE techniques. Our target audience are graduate students wishing to enter the SFE field and advanced engineers seeking to develop SFE solutions. We hope our guide paints a high-level picture of the field, including most common approaches and their trade-offs and gives precise and numerous pointers to formal treatment of its specific aspects. Show more

Keywords: Framework, protocol design, privacy-preserving protocols, homomorphic encryption, garbled functions

DOI: 10.3233/JCS-130464

Citation: Journal of Computer Security, vol. 21, no. 2, pp. 283-315, 2013