CAPT:Context-Aware Provenance Tracing for Attack Investigation

APT attacks are prolonged and have multiple stages, and they usually utilize zero-day or one-day exploits to be penetrating and stealthy. Among all kinds of security tech- niques, provenance tracing is regarded as an important approach to attack investigation, as it discloses the root cause, the attacking path, and the results of attacks. However, existing techniques either suffer from the limitation of only focusing on the log type, or are high- ly susceptible to attacks, which hinder their applications in investigating APT attacks. We present CAPT, a context-aware provenance tracing system that leverages the advantages of virtualization technologies to transparently collect system events and network events out of the target machine, and processes them in the specific host which introduces no space cost to the target. CAPT utilizes the contexts of collected events to bridge the gap between them, and provides a panoramic view to the attack investigation. Our evaluation results show that CAPT achieves the efi＇ective prov- enance tracing to the attack cases, and it only produces 0.21 MB overhead in 8 hours. With our newly-developed technology, we keep the run-time overhead averages less than 4%.

A Router Based Packet Filtering Scheme for Defending Against DoS Attacks

The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service （DOS） attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters （termed as collateral damages）; the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.

Resistance against side channel attack for RSA cryptosystem

Based on the structure of the side channel attacks （SCAs） to RSA cryptosystem can resist the fault attack and combine with the randomization method for the message and secret exponent, a new implementation scheme of CRT-based （the Chinese remained theorem） RSA is proposed. The proposed scheme can prevent simple power analysis （SPA）, differential power analysis （DPA） and time attack, and is compatible with the existing RSA-CRT cryptosystem as well. In addition, an improvement for resisting fault attack is proposed, which can reduce extra computation time.

Threat Modeling-Oriented Attack Path Evaluating Algorithm

In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms.

A Novel Distributed LDoS Attack Scheme against Internet Routing

LDoS （Low-rate Denial of Service） attack, exploiting the flaws in the congestion avoidance mechanism of TCP protocol,is periodic, stealthy, and with high efficiency. Since BGP uses TCP as a transport protocol, it is subject to LDoS attacks as well. LDoS attacks can cause table reset, route flapping of BGP protocol. A deliberately constructed distributed low-rate DOS attacks can even generate surge of updates throughout the Internet. In this paper, we investigate the promotion of attack efficiency of this novel attack, and then propose an attack model to simulate the LDoS attack. Experiments prove that this attack model can exponentially lower the attack costs and improve the attack effect.

Attack Resistant Trust Management Model Based on Beta Function for Distributed Routing in Internet of Things

With the rapid development of Internet of Things (IoT),the issue of trust in distributed routing systems has attracted more research attention.The existing trust management frameworks,however,suffer from some possible attacks in hostile environments,such as false accusation,collusion,on-off,and conflicting behavior.Therefore,more comprehensive models should be proposed to predict the trust level of nodes on potential routes more precisely,and to defeat several kinds of possible attacks.This paper makes an attempt to design an attack-resistant trust management model based on beta function for distributed routing strategy in IoT.Our model can evaluate and propagate reputation in distributed routing systems.We first describe possible attacks on existing systems.Our model is then proposed to establish reliable trust relations between self-organized nodes and defeat possible attacks in distributed routing systems.We also propose a theoretical basis and skeleton of our model.Finally,some performance evaluations and security analyses are provided to show the effectiveness and robustness of our model compared with the existing systems.