Science of Cyber Security: 5th International Conference, SciSec 2023, Melbourne, VIC, Australia, July 11–14, 2023, Proceedings (Lecture Notes in Computer Science)

Preface
Organization
Contents
Network and System Security
ACDroid: Detecting Collusion Applications on Smart Devices
1 Introduction
2 Security Model
3 Framework Design
3.1 IACIList Construct
3.2 Permission Groups Combine
3.3 Machine Learning
4 Empirical Evaluation
4.1 RQ1: Our Data Set and Effectiveness of Static Analysis
4.2 RQ2: Performance
4.3 RQ3: Effectiveness of Permission Groups Combine
4.4 RQ4: Comparison with Alternative Approaches
5 Discussion and Limitations
6 Related Work
7 Conclusions and Future Work
8 Appendix
References
DomainIsolation: Lightweight Intra-enclave Isolation for Confidential Virtual Machines
1 Introduction
2 Background
2.1 Trusted Execution Environment (TEE)
2.2 Enclave Abstraction Model
2.3 Assumptions and Threat Model
3 Design
3.1 Overview
3.2 Page-Table-Based Lightweight Isolation
3.3 Security Domain Life Cycle
4 Implementations
4.1 Supporting Occlum on HyperEnclave
4.2 Supporting Enarx on AMD SEV
4.3 Case Studies
5 Performance Evaluation
5.1 Micro-Benchmarks
5.2 Real-World Workloads
6 Related Works
7 Conclusion
A Appendix
References
Keeping Your Enemies Closer: Shedding Light on the Attacker's Optimal Strategy
1 Introduction
2 Related Work
2.1 Optimal Attack Strategy
2.2 Attackers' Characteristics Affect Task Behaviors
2.3 Feasibility
3 Model Description
3.1 POMDP
3.2 POMDP-Based APEC
3.3 The Principle of Betrayal
3.4 Sunk Cost and Silence Speaks Volumes
3.5 Backward Induction
4 Experiment Scenarios
4.1 Experiment Scenario 1
4.2 Experiment Scenario 2
4.3 Experimental Setup
5 Results and Discussion
5.1 The Effect of Attacker's Patience
5.2 The Effect of Attacker's Experience
5.3 The Effect of Attacker's Curiosity
6 Summary and Future Work
References
Cyber Attacks Against Enterprise Networks: Characterization, Modeling and Forecasting
1 Introduction
2 Dataset and Its Cybersecurity Implications
2.1 Data Description
2.2 Attack Report Length, Attack Newness and Attack Sophistication
3 Characterizing Time Series Xt,Yt,Zt
3.1 Basic Characteristics
3.2 LRD Analysis
3.3 Burstiness Analysis
4 Modeling and Forecasting Xt, Yt, and Zt
4.1 Model Fitting Xt, Yt and Zt for 1t 266
4.2 Forecasting Xt, Yt and Zt for 267t 366
5 Conclusion and Discussion
A Statistical Preliminaries
References
Cryptography and Authentication
MCVDSSE: Secure Multi-client Verifiable Dynamic Symmetric Searchable Encryption
1 Introduction
2 Related Work
2.1 Multi-user Searchable Searchable Encryption
2.2 Verifiable Searchable Symmetric Encryption (VSSE)
3 Preliminaries
3.1 Broadcast Encryption Scheme
3.2 Merkle Patricia Tree
3.3 Incremental Hash
4 Problem Statement
4.1 System Model
4.2 Security Definition
5 The Proposed Scheme
6 Security
7 Efficiency Analysis
8 Conclusion
References
A Graphical Password Scheme Based on Rounded Image Selection
1 Introduction
2 Related Work
3 Our Approach
3.1 Scheme Design
3.2 Variable Setting and Probability Calculation
4 Implementation and Evaluation
4.1 System Deployment
4.2 Initial User Study
4.3 Discussion
5 Conclusion
References
Implementation of the Elliptic Curve Method
1 Introduction
2 Preliminaries
2.1 Twisted Edwards Curves
2.2 Twisted Hessian Curves
2.3 Montgomery Curves
2.4 Double-Base Number System
2.5 Lucas Chains
2.6 The Elliptic Curve Method
3 A Overview of Scalar Multiplication
4 Our Implementation of ECM
4.1 Combination of Blocks for ECM
4.2 Individual Representation
4.3 Mixed Representation
5 Conclusion
References
Almost Injective and Invertible Encodings for Jacobi Quartic Curves
1 Introduction
2 Background
3 The Map and the Inverse Map
4 Hash into Jacobi Quartic Curves
4.1 B-Well-Distributed Property
4.2 Indifferentiable from Random Oracle
4.3 Points Indistinguishable from Uniform Random Strings
5 Time Complexity
6 Conclusion
References
SeeStar: An Efficient Starlink Asset Detection Framework
1 Introduction
2 Related Works
3 Starlink Architecture and Assets Definition
4 Starlink Asset Detection Framework
4.1 Deteciton
4.2 Convergence
4.3 Analysis
5 Evaluation
5.1 Implementation
5.2 Application
6 Discussion
7 Conclusion
References
Privacy-Enhanced Anonymous and Deniable Post-quantum X3DH
1 Introduction
1.1 Signal Protocol
1.2 Privacy-Enhanced Anonymity and Deniability
1.3 Reconciliation
1.4 Related Work
1.5 Our Contribution
2 Preliminaries
2.1 Notations
2.2 Ring Learning with Errors
2.3 Hint Function and Extractor
2.4 Other Definitions
3 Security Model
3.1 Execution Environment
3.2 Security Definition
3.3 Security Model
3.4 Anonymity
3.5 Deniability
4 Our Constructions
4.1 Our Concept of B-X3DH
4.2 B-X3DH Construction
5 Security Analysis
6 Conclusion
A The Full Proof for the HSM Security and PFS of B-X3DH
References
AI for Security
Enhancing the Anti-steganalysis Ability of Image Steganography via Multiple Adversarial Networks
1 Introduction
2 Related Work
3 Proposed Method
3.1 Overview of the Proposed Model
3.2 The Structure of Generator G
3.3 Loss Functions
4 Experiments Results
4.1 Steganalytic Networks Ablation Experiments
4.2 Channel Attention Modules Ablation Experiments
4.3 The Quality of Adversarial Images
4.4 Comparative Experiments
5 Conclusion
References
An Empirical Study of AI Model's Performance for Electricity Load Forecasting with Extreme Weather Conditions
1 Introduction
2 Related Works
3 Dataset and Methodology
3.1 Data Exploration
3.2 Data Pre-processing
3.3 Methodology
3.4 Measurement Method
4 Evaluation
4.1 Evaluation Results
4.2 Discussion
5 Conclusion and Future Work
References
Threat Detection and Analysis
AST2Vec: A Robust Neural Code Representation for Malicious PowerShell Detection
1 Introduction
2 Related Work
2.1 Obfuscation Techniques
2.2 Detection of Obfuscated Malware
2.3 Deobfuscation Techniques
3 Preliminaries
3.1 Abstract Syntax Tree
3.2 Tree-Based Neural Networks
4 Methodology
4.1 Framework
4.2 Splitting ASTs and Constructing Subtree Sequences
4.3 Encoding Multi-way Subtrees
4.4 Representing the Sequence of Subtrees
4.5 Malicious PowerShell Detection
5 Experiments and Results
5.1 Dataset Description
5.2 Experiment Settings
5.3 Evaluation on Detection Task
5.4 Results
6 Discussion
6.1 Generality of Our Approach
6.2 Necessity of Obfuscation for Malicious PowerShell Detection
7 Conclusion
References
Real-Time Aggregation for Massive Alerts Based on Dynamic Attack Granularity Graph
1 Introduction
2 Related Work
2.1 Similarity-Based Approach
2.2 Statistical-Based Approach
2.3 Knowledge-Based Approach
2.4 Machine Learning-Based Approach
2.5 Evolutionary-Based Approach
2.6 Time Series-Based Approach
3 Attack Graph Model
3.1 Graph Model
3.2 Gragh Initialization and Update
3.3 Gragh Vertices and Edges Deletion
4 Aggregate Methodology
4.1 Methodology Framework
4.2 Aggregate Mode
4.3 Threshold Update Dynamically
4.4 Selection and Deletion Strategy
4.5 Aggregation Procedure
5 Implementation
6 Experiments and Results
6.1 Experiment DataSets
6.2 Baselines
6.3 Environment
6.4 Metrics
6.5 Evaluation Results
7 Conclusion
References
Decompilation Based Deep Binary-Source Function Matching
1 Introduction
2 Related Work
2.1 Library Matching
2.2 Function Matching
3 Methodology
3.1 Problem Formulation
3.2 Decompilation
3.3 Code Property Graph Generation
3.4 Feature Extraction
3.5 Self-attention Based Siamese Network
4 Experiments
4.1 Datasets Preparation
4.2 Baseline Methods
4.3 Metric
4.4 Implementation
4.5 Main Results
4.6 Training Analysis
4.7 Components Analysis
5 Conclusion
References
Event-Based Threat Intelligence Ontology Model
1 Introduction
2 Related Works
2.1 Ontology Construction Research
2.2 Ontology Research of Threat Intelligence
3 Ontology Model Construction
3.1 Initial Core Ontology Generation
3.2 Ontology Refinement
3.3 Ontology Evaluation
4 Ontology Applications
4.1 Ontology Mapping
4.2 Ontology-Based Intelligence Correlation Analysis
4.3 Ontology-Based Intelligence Sharing
5 Summary and Outlook
Appendix
References
Web and Privacy Security
Optimally Blending Honeypots into Production Networks: Hardness and Algorithms
1 Introduction
2 Problem Statement
3 Hardness and Algorithmic Results
3.1 Hardness Result
3.2 Algorithmic Results
4 Experiment
4.1 Expected Losses Under Different Attack Sequences
4.2 Expected Loss w.r.t. Attacker's Reconnaissance Capability
5 Limitations
6 Related Work
7 Conclusion
A Proof of Theorem 1
B Proof of Lemma 2
References
WebMea: A Google Chrome Extension for Web Security and Privacy Measurement Studies
1 Introduction
2 Related Work
3 Comparing the Two Crawler Implementation Approaches
3.1 Primary Requirements for Crawlers
3.2 Google Chrome DevTools and Extension Approaches
3.3 DevTools Case Study: Puppeteer
3.4 Chrome Extension Case Study: TrackingObserver
4 Proposed Chrome Extension WebMea
4.1 Design of WebMea
4.2 Implementation of WebMea
4.3 Customization of WebMea
5 Conclusion
References
Quantifying Psychological Sophistication of Malicious Emails
1 Introduction
2 Concepts
3 Framework
3.1 Selecting PTechs and PTacs
3.2 Defining Sophistication Metrics
3.3 Designing Grading Rules
3.4 Preparing the Data
3.5 Calibration and Grading
3.6 Analysis
4 Case Study
4.1 Selecting PTechs and PTacs
4.2 Instantiating Sophistication Metrics
4.3 Designing Grading Rules
4.4 Preparing Data
4.5 Calibration and Grading
4.6 Analysis
5 Limitations
6 Conclusion
References
SVFL: Secure Vertical Federated Learning on Linear Models
1 Introduction
1.1 Background
1.2 Related Work
2 Preliminaries
2.1 Vertical Federated Learning
2.2 Key Agreement
3 System Overview
3.1 Threat Model
3.2 The Proposed Framework
4 SVFL
4.1 Verifiable Inner Product Computation
4.2 Initialization
4.3 Model Training
5 Security and Privacy Analysis
6 Experiments and Efficiency Analysis
7 Conclusion
References
Cryptography and Authentication II
Multiprime Strategies for Serial Evaluation of eSIDH-Like Isogenies
1 Introduction
2 Mathematical Background: Isogenies
3 eSIDH Protocol Description
4 Strategies and Their Applications to (e)SIDH
4.1 Applying Strategies and Measures to Isogeny-Based Protocols
4.2 Optimized Strategies for Multiprime Large-Degree Isogenies
4.3 Evaluating the Costs of Multiprime Strategies
4.4 Expanding eSIDH to More Primes
5 Software Implementation
6 Conclusions
A SIDH Protocol Description
References
Adaptively Secure Constrained Verifiable Random Function
1 Introduction
2 Preliminaries
3 Definition of CVRF: Algorithms and Properties (Security)
4 The Existence of Single-Key Secure CVRF
4.1 For Circuit Set Containing poly() Punch Points
4.2 For Any Circuit Set
5 Adaptively Secure CVRF
5.1 Proof of the Construction
6 Possible Implications on Micro-Payment
References
A Robust Reversible Data Hiding Algorithm Based on Polar Harmonic Fourier Moments
1 Introduction
2 Proposed Method
2.1 Robust Embedding Stage
2.2 Extraction of Secret Data and Recovery of the Image
3 Experimental Results
3.1 Design of Experiments
3.2 Comparison of Data Embedding Capacity with Other Schemes
3.3 Comparison of Robustness with Other Schemes
4 Conclusion
References
Advanced Threat Detection Techniques and Blockchain
VaultBox: Enhancing the Security and Effectiveness of Security Analytics
1 Introduction
2 Threat Model
3 Architecture
3.1 VaultBox Components
3.2 Initialization
3.3 Adding Logs
3.4 Retrieving Logs
3.5 Key Evolution
3.6 Fisher-Yates Shuffle
4 Related Work
5 Security Evaluation
6 Experimental Analysis
7 Conclusion
A Security Definitions
B Security Analysis
References
Two-Stage Anomaly Detection in LEO Satellite Network
1 Introduction
2 Related Work
3 Problem Formulations
3.1 Time Series Anomaly Detection
3.2 Definitions
4 Anomaly Signal Detection Method
4.1 Background
4.2 Two-Stage Framework
5 Experiments
5.1 Datasets
5.2 Implementation Details
5.3 Classification Result
5.4 Anomaly Detection Result
6 Conclusion
References
Hydra: An Efficient Asynchronous DAG-Based BFT Protocol
1 Introduction
2 Related Work
3 Preliminaries
3.1 System Model
3.2 Building Blocks
3.3 Problem Definition
4 Overview
5 An Efficient Bufferpool
5.1 Request Preprocessing
5.2 The AVID-M Protocol
6 The Hydra Protocol
7 Conclusion
A Appendix
A.1 Correctness
A.2 Communication and Time Complexity
References
Redactable Blockchain in the Permissioned Setting
1 Introduction
2 Preliminaries
2.1 Notation
2.2 Algebraic Group Model
2.3 Aggregate Signature
2.4 Schnorr Signature
2.5 Blockchain Basics
3 Schnorr-Based Multiple Signature Aggregation Scheme
3.1 Our Schnorr-Based Multiple Signature Aggregation Scheme
3.2 Security
4 Blockchain Redacting Protocol
4.1 Blockchain Protocol
4.2 Protocol Description
4.3 Redactable Blockchain System
4.4 Analysis
5 Conclusion
References
Workshop Session
A Multi-level Sorting Prediction Enhancement-Based Two-Dimensional Reversible Data Hiding Algorithm for JPEG Images
1 Introduction
2 Propose Scheme
2.1 Inter-block DCT Coefficients Error Prediction
2.2 Two-Dimensional Embedding Algorithm Based on Pairing Principle
3 Experimental Results
4 Conclusion
References
Research on Encrypted Malicious 5G Access Network Traffic Identification Based on Deep Learning
1 Introduction
2 Related Work
2.1 Traffic Identification Methods
2.2 Smallcell Introduction
2.3 Convolutional Neural Network
3 5G Signaling Hijacking System
3.1 Design of Signaling Hijacking System
3.2 Implementation of Signaling Hijacking System
4 Encrypted Malicious Traffic Identification Framework
4.1 Data Collection and Processing
4.2 Model Construction
4.3 Classification Experiments Design
5 Experiment and Result Analysis
5.1 Experiment Environment Setup
5.2 Experimental Evaluation Metrics
5.3 Experimental Comparison and Validation
5.4 Experimental Results and Evaluation
6 Conclusion
References
A Design of Network Attack Detection Using Causal and Non-causal Temporal Convolutional Network
1 Introduction
1.1 Background
1.2 Related Work
1.3 Contribution
2 Terminology
2.1 Temporal Convolutional Network
2.2 Benchmarks Metrics
3 Methodology
4 Experiment
4.1 Datasets and Experiment Environment
4.2 NSL-KDD Dataset Benchmark
4.3 Mqtt-IoT-2020 Dataset Benchmark
4.4 Discussion
5 Conclusion and Future Work
References
Author Index