Adversarial Attack using Neural Image Modification

In order to help development into analyzing the characteristics of adversarial sample generation in artificial neural networks, this work proposes a framework for an adversarial attack that utilizes neural image modification to generate an adversarial sample. This method proves to be effective in reducing a target network’s accuracy in both untargeted and targeted attacks with good success rates. This method also shows some effectiveness against defensive distillation, but not transferrable between multiple models.

Adversarial Attack using Neural Image Modification

In order to help development into analyzing the characteristics of adversarial sample generation in artificial neural networks, this work proposes a framework for an adversarial attack that utilizes neural image modification to generate an adversarial sample. This method proves to be effective in reducing a target network’s accuracy in both untargeted and targeted attacks with good success rates. This method also shows some effectiveness against defensive distillation, but not transferrable between multiple models.

Adversarial Attack using Neural Image Modification

In order to help development into analyzing the characteristics of adversarial sample generation in artificial neural networks, this work proposes a framework for an adversarial attack that utilizes neural image modification to generate an adversarial sample. This method proves to be effective in reducing a target network’s accuracy in both untargeted and targeted attacks with good success rates. This method also shows some effectiveness against defensive distillation, but not transferrable between multiple models.

A Novel Spherical Fuzzy Rough Aggregation Operators Hybrid with TOPSIS Method and Their Application in Decision Making

Industrial control system (ICS) attacks are usually targeted attacks that use the ICS entry approach to get a foothold within a system and move laterally throughout the organization. In recent decades, powerful attacks such as Stuxnet, Duqu, Flame, and Havex have served as wake-up calls for industrial units. All organizations are faced with the rise of security challenges in technological innovations. This paper aims to develop aggregation operators that can be used to address the decision-making problems based on a spherical fuzzy rough environment. Meanwhile, some interesting properties of idempotence, boundedness, and monotonicity for the proposed operators are analyzed. Moreover, we use this newly constructed framework to select ICS security suppliers and validate its acceptability. Furthermore, a different test has been performed based on a new operator to strengthen the suggested approach. Additionally, comparative analysis based on the novel extended TOPSIS method is presented to demonstrate the superiority of the proposed technique. The results show that the conventional approach has a larger area for information representation, better adaptability to the evaluation environment, and higher reliability of the evaluation results.

Percolation on interdependent networks with different group size distributions under targeted attack

Traditional research studies on interdependent networks with groups ignore the relationship between nodes in dependency groups. In real-world networks, nodes in the same group may support each other through cooperation and tend to fail or survive together. In this paper, based on the framework of group percolation, a cascading failure model on interdependent networks with cooperative dependency groups under targeted attacks is proposed, and the effect of group size distributions on the robustness of interdependent networks is investigated. The mutually giant component and phase transition point of networks with different group size distributions are analyzed. The effectiveness of the theory is verified through simulations. Results show that the robustness of interdependent networks with cooperative dependency groups can be enhanced by increasing the heterogeneity between groups under targeted attacks. The theory can well predict the numerical simulation results. This model provides some theoretical guidance for designing robust interdependent systems in real world.

Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks

<p>Accessing and retrieving users’ browser and network information is a common practice used by advertisers and many online services to deliver targeted ads and explicit improved services to users belonging to a particular group. They provide a great deal of information about a user’s geographical location, ethnicity, language, culture and general interests. However, in the same way these techniques have proven effective in advertising services, they can be used by attackers to launch targeted attacks against specific user groups. Targeted attacks have been proven more effective against user groups than their blind untargeted counterparts (e.g.spam, phishing). Their detection is more challenging as the detection tools need to be located within the targeted user group. This is one of the challenges faced by security researchers and organisations involved in the detection of new malware and exploits, using client honeypots. Client honeypots are detection systems used in the identification of malicious web sites. The client honeypot needs to mimic users in a pre-defined location, system, network and personality for which the malware is intended. The case is amplified by the use of Browser Exploit Packs/kits (BEPs), supporting these features. BEPs provide simplicity in deployment of targeted malicious web sites. They allow attackers to utilise specific geographical locations, network information, visit patterns or browser header information obtained from a visiting user to determine if a user should be subjected to an attack. Malicious web sites that operate based on targeted techniques can disguise themselves as legitimate web sites and bypass detection. Benign content is delivered to attacker-specified users while avoiding delivery to suspicious systems such as well-known or possible subnets that may host client honeypots. A client honeypot deployed in a single location with a single IP address will fail to detect an attack targeted at users in different demographic and network subnets. Failure in detection of such attacks results in high rates of false negatives which affect all honeypots regardless of detection technique or interaction level. BEPs are hugely popular and most include tracking features. The number of malicious web sites that utilise these features is currently unknown. There are very few studies that have addressed identifying the rate and number of malicious web sites utilising these techniques and no available client honeypot system is currently able to detect them. Any failure to detect these web sites will result in unknown numbers of users being exploited and infected with malware. The false negatives resulting from failing to detect these web sites can incorrectly be interpreted as a decline in the number of attacks. In this work, a study of information that can potentially expose users to targeted attack through a browser is examined through experimental analysis. Concrete approaches by attackers to obtain user-specific information in the deployment of targeted attacks through browsers are discussed and analysed. We propose a framework for designing a client honeypot capable of detecting geolocation attacks. Our framework relies on HAZard and OPerability (HAZOP) studies to identify components of the client honeypot, its processes and attributes of the experimental setup which could potentially introduce bias into our study. Any potential bias neglected, would affect the results of our real-world experiments and undermine our analysis through deviation from the intent of the study. To facilitate in our experiments, we developed a low interaction client honeypoy (YALIH) and performed real-world experiments on large selection of web sites. We determined the popularity of targeted malicious attacks based on likely attributes of a visiting user’s system. Our approach relies on previous research performed in the area of online spam detection which has similar attributes to malicious web sites. Our experiments show that referer, via, X-Forwarded-For and browser language attributes of HTTP protocol header, retrieval behaviour (i.e. IP tracking) and geographical location of a visitor identified by an IP address can be used in a targeted attack. These attributes can have significant effect on the number of detected malicious web sites in a study and should therefore be reliably controlled in an experimental setup. This findings in this research can potentially reduce false negative rates in all types of client honeypots, measurement studies of malicious malicious web sites and help researchers and malware analysts capture and analyse new malware and exploit samples from malicious web sites.</p>

Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks

<p>Accessing and retrieving users’ browser and network information is a common practice used by advertisers and many online services to deliver targeted ads and explicit improved services to users belonging to a particular group. They provide a great deal of information about a user’s geographical location, ethnicity, language, culture and general interests. However, in the same way these techniques have proven effective in advertising services, they can be used by attackers to launch targeted attacks against specific user groups. Targeted attacks have been proven more effective against user groups than their blind untargeted counterparts (e.g.spam, phishing). Their detection is more challenging as the detection tools need to be located within the targeted user group. This is one of the challenges faced by security researchers and organisations involved in the detection of new malware and exploits, using client honeypots. Client honeypots are detection systems used in the identification of malicious web sites. The client honeypot needs to mimic users in a pre-defined location, system, network and personality for which the malware is intended. The case is amplified by the use of Browser Exploit Packs/kits (BEPs), supporting these features. BEPs provide simplicity in deployment of targeted malicious web sites. They allow attackers to utilise specific geographical locations, network information, visit patterns or browser header information obtained from a visiting user to determine if a user should be subjected to an attack. Malicious web sites that operate based on targeted techniques can disguise themselves as legitimate web sites and bypass detection. Benign content is delivered to attacker-specified users while avoiding delivery to suspicious systems such as well-known or possible subnets that may host client honeypots. A client honeypot deployed in a single location with a single IP address will fail to detect an attack targeted at users in different demographic and network subnets. Failure in detection of such attacks results in high rates of false negatives which affect all honeypots regardless of detection technique or interaction level. BEPs are hugely popular and most include tracking features. The number of malicious web sites that utilise these features is currently unknown. There are very few studies that have addressed identifying the rate and number of malicious web sites utilising these techniques and no available client honeypot system is currently able to detect them. Any failure to detect these web sites will result in unknown numbers of users being exploited and infected with malware. The false negatives resulting from failing to detect these web sites can incorrectly be interpreted as a decline in the number of attacks. In this work, a study of information that can potentially expose users to targeted attack through a browser is examined through experimental analysis. Concrete approaches by attackers to obtain user-specific information in the deployment of targeted attacks through browsers are discussed and analysed. We propose a framework for designing a client honeypot capable of detecting geolocation attacks. Our framework relies on HAZard and OPerability (HAZOP) studies to identify components of the client honeypot, its processes and attributes of the experimental setup which could potentially introduce bias into our study. Any potential bias neglected, would affect the results of our real-world experiments and undermine our analysis through deviation from the intent of the study. To facilitate in our experiments, we developed a low interaction client honeypoy (YALIH) and performed real-world experiments on large selection of web sites. We determined the popularity of targeted malicious attacks based on likely attributes of a visiting user’s system. Our approach relies on previous research performed in the area of online spam detection which has similar attributes to malicious web sites. Our experiments show that referer, via, X-Forwarded-For and browser language attributes of HTTP protocol header, retrieval behaviour (i.e. IP tracking) and geographical location of a visitor identified by an IP address can be used in a targeted attack. These attributes can have significant effect on the number of detected malicious web sites in a study and should therefore be reliably controlled in an experimental setup. This findings in this research can potentially reduce false negative rates in all types of client honeypots, measurement studies of malicious malicious web sites and help researchers and malware analysts capture and analyse new malware and exploit samples from malicious web sites.</p>

Structural and spectral properties of generative models for synthetic multilayer air transportation networks

To understand airline transportation networks (ATN) systems we can effectively represent them as multilayer networks, where layers capture different airline companies, the nodes correspond to the airports and the edges to the routes between the airports. We focus our study on the importance of leveraging synthetic generative multilayer models to support the analysis of meaningful patterns in these routes, capturing an ATN’s evolution with an emphasis on measuring its resilience to random or targeted attacks and considering deliberate locations of airports. By resorting to the European ATN and the United States ATN as exemplary references, in this work, we provide a systematic analysis of major existing synthetic generation models for ATNs, specifically ANGEL, STARGEN and BINBALL. Besides a thorough study of the topological aspects of the ATNs created by the three models, our major contribution lays on an unprecedented investigation of their spectral characteristics based on Random Matrix Theory and on their resilience analysis based on both site and bond percolation approaches. Results have shown that ANGEL outperforms STARGEN and BINBALL to better capture the complexity of real-world ATNs by featuring the unique properties of building a multiplex ATN layer by layer and of replicating layers with point-to-point structures alongside hub-spoke formations.

Backdoor Attacks to Deep Neural Network-Based System for COVID-19 Detection from Chest X-ray Images

Open-source deep neural networks (DNNs) for medical imaging are significant in emergent situations, such as during the pandemic of the 2019 novel coronavirus disease (COVID-19), since they accelerate the development of high-performance DNN-based systems. However, adversarial attacks are not negligible during open-source development. Since DNNs are used as computer-aided systems for COVID-19 screening from radiography images, we investigated the vulnerability of the COVID-Net model, a representative open-source DNN for COVID-19 detection from chest X-ray images to backdoor attacks that modify DNN models and cause their misclassification when a specific trigger input is added. The results showed that backdoors for both non-targeted attacks, for which DNNs classify inputs into incorrect labels, and targeted attacks, for which DNNs classify inputs into a specific target class, could be established in the COVID-Net model using a small trigger and small fraction of training data. Moreover, the backdoors were effective for models fine-tuned from the backdoored COVID-Net models, although the performance of non-targeted attacks was limited. This indicated that backdoored models could be spread via fine-tuning (thereby becoming a significant security threat). The findings showed that emphasis is required on open-source development and practical applications of DNNs for COVID-19 detection.