Advanced Malware: Attacks, Defenses, and Open Challenges
Abstract: Although much research work has been done on analyzing, detecting, and mitigating malware, it still remains one of the most pressing problems on the Internet today. Unfortunately, malware is often a component in most of the cyber-attacks we are observing against organizations. In this talk, I will be giving an overview on advanced malware, and will be discussing some of the current attacks, the defenses that are in place (including their strengths and weaknesses), and the current open challenges that the research community is facing. I will also be talking about how automated techniques (e.g., AI) can help us in the fight against malware and compromises.
Session Chair: Andreas Uhl
IBWH: An Intermittent Block Withholding Attack with Optimal Mining Reward Rate
Junming Ke, Qiuliang Xu (Shandong University); Paweł Szałachowski, Zheng Yang, Jianying Zhou (Singapore University of Technology and Design)
Full Database Reconstruction with Access and Search Pattern Leakage
(Best Student Paper Award)
Evangelia Anna Markatou, Roberto Tamassia (Brown University)
Cube Cryptanalysis of Round-Reduced ACORN
Jingchun Yang, Meicheng Liu, Dongdai Lin (1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; 2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China)
Session Chair: Masahiro Mambo
Auditable Compressed Storage
Iraklis Leontiadis (Inpher); Reza Curtmola (NJIT)
Decentralized Evaluation of Quadratic Polynomials on Encrypted Data
Chloé Hébant (ENS, CNRS, Inria); Duong Hieu Phan (Université Limoges); David Pointcheval; (ENS, CNRS, Inria)
Robust Distributed Pseudorandom Functions for mNP access structures
(Best Paper Award)
Bei Liang, Aikaterini Mitrokotsa (Chalmers University of Technology, Gothenburg, Sweden)
Session Chair: Iraklis Leontiadis
Can Today's Machine Learning Pass Image-Based Turing Tests?
Apostolis Zarras (Maastricht University); Ilias Gerostathopoulos, Daniel Méndez Fernández (Technical University of Munich)
L(a)ying in (Test)Bed: How biased datasets produce impractical results for actual malware families' classification
Tamy Beppler, Marcus Botacin, Fabricio J. O. Ceschin, Luiz E. S. Oliveira, Andre Gregio (Federal University of Paraná)
Rethinking Large-Scale Consensus
Abstract: Although distributed consensus has been studied by for three decades, they were not deployed at a large scale until decentralized cryptocurrencies like Bitcoin. In this talk, I will explain why the classical theoretical foundation for distributed systems is insufficient for capturing the robustness and game theoretic properties we care about for new decentralized environments. Specifically, I will demonstrate why almost all classical “synchronous” consensus protocols are underspecified and thus unimplementable in practice. I will then describe a new model called “best-possible partition tolerance” that allows us to achieve honest-majority consensus while providing resilience to network partitions (the combination of which was classically deemed impossible due to a well-known lower bound by Dwork, Lynch, and Stockmeyer).
Session Chair: Zhiqiang Lin
Code-Based Zero Knowledge PRF Arguments
Carlo Brunetta, Bei Liang, Aikaterini Mitrokotsa (Chalmers University of Technology)
On New Zero-Knowledge Proofs for Lattice-Based Group Signatures with Verifier-Local Revocation
Yanhua Zhang (Zhengzhou University of Light Industry); Yupu Hu (Xidian University); Qikun Zhang (Zhengzhou University of Light Industry); Huiwen Jia (Guangzhou University)
Session Chair: Naipeng Dong
When The Attacker Knows A Lot: The GAGA Graph Anonymizer
Arash Alavi, Rajiv Gupta, Zhiyun Qian (University of California, Riverside)
Mitigation Techniques for Attacks on 1-Dimensional Databases that Support Range Queries
Evangelia Anna Markatou, Roberto Tamassia (Brown University)
Session Chair: William Robertson
Getting Under Alexa's Umbrella: Infiltration Attacks Against Internet Top Domain Lists
Walter Rweyemamu (Northeastern University); Tobias Lauinger (University of Chicago); Christo Wilson, William Robertson, Engin Kirda (Northeastern University)
Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Cryptojacking
Panagiotis Papadopoulos (FORTH, Greece); Panagiotis Ilia (University of Illinois at Chicago, USA); Evangelos P. Markatos (FORTH, Greece)
Session Chair: Ben Fuller
LightSense: A Novel Side Channel for Zero-permission Mobile User Tracking
Quanqi Ye (Advanced Digital Sciences Center); Yan Zhang (University of Science and Technology of China); Guangdong Bai (Griffith university); Naipeng Dong, Zhenkai Liang, Jin Song Dong (National University of Singapore); Haoyu Wang (Beijing University of Posts and Telecommunications)
Robust covert channels based on DRAM power consumption
Thales Bandiera Paiva (Institute of Mathematics and Statistics, University of Sao Paulo); Javier Navaridas (School of Computer Science, University of Manchester); Routo Terada (Institute of Mathematics and Statistics, University of Sao Paulo)
Session Chair: Michalis Polychronakis
Barnum: Detecting Document Malware via Control Flow Anomalies in Hardware Traces
Carter Yagemann (Georgia Institute of Technology); Salmin Sultana, Li Chen (Intel Labs); Wenke Lee (Georgia Institute of Technology)
An Analysis of Malware Trends in Enterprise Networks
Abbas Acar (Florida International University); Long Lu (Northeastern University); Selcuk Uluagac (Florida International University); Engin Kirda (Northeastern University)
PD-ML-Lite: Private Distributed Machine Learning from Lightweight Cryptography
Maksim Tsikhanovich (Bloomberg LP); Malik Magdon-Ismail (Computer Science Department, RPI); Muhammad Ishaq, Vassilis Zikas (School of Informatics, University of Edinburgh)
Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics
Syed Ali Qasim (Virginia Commonwealth University); Juan Lopez Jr. (Oak Ridge National Laboratory); Irfan Ahmed (Virginia Commonwealth University)
Session Chair: Charalampos Papamanthou
Secure Stern Signatures in Quantum Random Oracle Model
Hanwen Feng, Jianwei Liu, Qianhong Wu (School of Cyber Science and Technology, Beihang University)
Generic Construction of Linkable Ring Signature
Xueli Wang, Yu Chen, Xuecheng Ma (State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences.)
Cryptographic Authentication from the Iris
Sailesh Simhadri (Google Inc.); James Steel, Benjamin Fuller (University of Connecticut)