Where can buy Security and Privacy in Communication Networks 16th EAI International Conference SecureComm 2020 Washington DC USA October 21 23 2020 Proceedings Part II Noseong Park ebook with cheap price
Where can buy Security and Privacy in Communication Networks 16th EAI International Conference SecureComm 2020 Washington DC USA October 21 23 2020 Proceedings Part II Noseong Park ebook with cheap price
Where can buy Security and Privacy in Communication Networks 16th EAI International Conference SecureComm 2020 Washington DC USA October 21 23 2020 Proceedings Part II Noseong Park ebook with cheap price
com
https://textbookfull.com/product/security-and-
privacy-in-communication-networks-16th-eai-
international-conference-
securecomm-2020-washington-dc-usa-
october-21-23-2020-proceedings-part-ii-noseong-
park/
DOWLOAD NOW
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-16th-eai-international-conference-
securecomm-2020-washington-dc-usa-october-21-23-2020-proceedings-
part-i-noseong-park/
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-15th-eai-international-conference-
securecomm-2019-orlando-fl-usa-october-23-25-2019-proceedings-
part-ii-songqing-chen/
https://textbookfull.com/product/social-cultural-and-behavioral-
modeling-13th-international-conference-sbp-brims-2020-washington-
dc-usa-october-18-21-2020-proceedings-robert-thomson/
https://textbookfull.com/product/computer-vision-eccv-2020-16th-
european-conference-glasgow-uk-august-23-28-2020-proceedings-
part-ii-andrea-vedaldi/
https://textbookfull.com/product/e-learning-e-education-and-
online-training-6th-eai-international-conference-
eleot-2020-changsha-china-june-20-21-2020-proceedings-part-ii-
shuai-liu/
https://textbookfull.com/product/computer-aided-
verification-32nd-international-conference-cav-2020-los-angeles-
ca-usa-july-21-24-2020-proceedings-part-ii-shuvendu-k-lahiri/
Noseong Park · Kun Sun ·
Sara Foresti · Kevin Butler ·
Nitesh Saxena (Eds.)
336
Part 2
Lecture Notes of the Institute
for Computer Sciences, Social Informatics
and Telecommunications Engineering 336
123
Editors
Noseong Park Kun Sun
Yonsei University George Mason University
Seoul, Korea (Republic of) Fairfax, VA, USA
Sara Foresti Kevin Butler
Dipartimento di Informatica University of Florida
Universita degli Studi Gainesville, FL, USA
Milan, Milano, Italy
Nitesh Saxena
Division of Nephrology
University of Alabama
Birmingham, AL, USA
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, expressed or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.
This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
We are delighted to introduce the proceedings of the 16th EAI International Conference
on Security and Privacy in Communication Networks (SecureComm 2020). This
conference has brought together researchers, developers, and practitioners from around
the world who are leveraging and developing security and privacy technology for a safe
and robust system or network.
These proceedings contain 60 papers, which were selected from 120 submissions
(an acceptance rate of 50%) from universities, national laboratories, and the private
sector from across the USA as well as other countries in Europe and Asia. All the
submissions went through an extensive review process by internationally-recognized
experts in cybersecurity.
Any successful conference requires the contributions of different stakeholder groups
and individuals, who have selflessly volunteered their time and energy in disseminating
the call for papers, submitting their research findings, participating in the peer reviews
and discussions, etc. First and foremost, we would like to offer our gratitude to the
entire Organizing Committee for guiding the entire process of the conference. We are
also deeply grateful to all the Technical Program Committee members for their time
and effort in reading, commenting, debating, and finally selecting the papers. We also
thank all the external reviewers for assisting the Technical Program Committee in their
particular areas of expertise as well as all the authors, participants, and session chairs
for their valuable contributions. Support from the Steering Committee and EAI staff
members was also crucial in ensuring the success of the conference. It was a great
privilege to work with such a large group of dedicated and talented individuals.
We hope that you found the discussions and interactions at SecureComm 2020,
which was held online, enjoyable and that the proceedings will simulate further
research.
Steering Committee
Imrich Chlamtac University of Trento, Italy
Guofei Gu Texas A&M University, USA
Peng Liu Penn State University, USA
Sencun Zhu Penn State University, USA
Organizing Committee
General Co-chairs
Kun Sun George Mason University, USA
Sara Foresti Università degli Studi di Milano, Italy
Local Chair
Hemant Purohit George Mason University, USA
Workshops Chair
Qi Li Tsinghua University, China
Publications Chair
Noseong Park Yonsei University, South Korea
Web Chair
Pengbin Feng George Mason University, USA
Panels Chair
Massimiliano Albanese George Mason University, USA
viii Organization
Tutorials Chair
Fabio Scotti Università degli Studi di Milano, Italy
POQ: A Consensus Protocol for Private Blockchains Using Intel SGX . . . . . . 141
Golam Dastoger Bashar, Alejandro Anzola Avila, and Gaby G. Dagher
A Machine Learning Based Smartphone App for GPS Spoofing Detection . . . 235
Javier Campos, Kristen Johnson, Jonathan Neeley, Staci Roesch,
Farha Jahan, Quamar Niyaz, and Khair Al Shamaileh
The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels . . . . 152
Fatemeh Rezaei, Shahrzad Naseri, Ittay Eyal, and Amir Houmansadr
Ruming Tang1,2 , Cheng Huang3 , Yanti Zhou4 , Haoxian Wu3 , Xianglin Lu1,2 ,
Yongqian Sun5 , Qi Li1,2(B) , Jinjin Li4 , Weiyao Huang4 , Siyuan Sun4 ,
and Dan Pei1,2
1
Tsinghua University, Beijing, China
trm14@mails.tsinghua.edu.cn, {peidan,qli01}@tsinghua.edu.cn
2
Beijing National Research Center for Information Science and Technology
(BNRist), Beijing, China
everl@bupt.edu.cn
3
BizSeer Technologies Co., Ltd., Beijing, China
huangcheng@bizseer.com, MOVIEGEORGE@pku.edu.cn
4
Bank of Communications, Shanghai, China
{zhouyt,lijj,huangweiyao,sunsiyuan}@bankcomm.com
5
Nankai University, Tianjin, China
sunyongqian@nankai.edu.cn
1 Introduction
As a core infrastructure on the Internet, the Domain Name System (DNS)
is commonly used in all kinds of Internet applications, to translate easy-to-
c ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
Published by Springer Nature Switzerland AG 2020. All Rights Reserved
N. Park et al. (Eds.): SecureComm 2020, LNICST 336, pp. 1–21, 2020.
https://doi.org/10.1007/978-3-030-63095-9_1
2 R. Tang et al.
Fig. 1. Examples of (a) normal DNS lookups, (b) DNS-based data exfiltration, and (c)
DNS-based C&C.
recognize domain names into IP addresses. Unfortunately, the DNS system suf-
fers from known vulnerabilities, such as DDoS [27], spoofing [24] and other
exploits [8,30,36]. To defend against these attacks, approaches such as [10,18,24]
have been proposed. Unlike those traditional attacks which target DNS system
itself, DNS covert communication is leveraged to transmit messages cross the
boundary between an enterprise’s LAN (i.e., office network and datacenter) and
the Internet, through DNS messages in a stealthy and unauthorized manner.
However, the defense against DNS covert communication in enterprises is still
not well-studied, and is the focus of this paper.
In enterprises, security tools are commonly deployed to closely monitor the
traffic between the enterprise’s LAN and the Internet to detect serious security
attacks such as data exfiltration (which transmits valuable internal data to the
Internet), command-and-control (C&C) of internal hosts by external attackers,
and so on. However, those data exfiltration and C&C using covert communication
via the DNS traffic [7,8,22,23,28] are still hard to detect.
Figure 1 shows examples of normal DNS lookup and DNS covert communi-
cation. In the normal DNS lookup in Fig. 1(a), a normal host queries its local
DNS server about google.com, and the local DNS server then iteratively queries
DNS root server and .com top-level domain server (both are omitted in the
figure) and relays the response (which indicates the corresponding IP address is
172.217.164.100 ) from the authoritative name server for google.com to the host.
Figure 1(b) shows an example of real point of sale (POS) malware, in which POS
A Practical Machine Learning-Based Framework 3
malware exfiltrated credit card information in the domain names of the DNS
queries [20]. Such exfiltration incidents (e.g., MULTIGRAIN [20], UDPoS [28])
caused many loss to the users and providers. The compromised host encodes the
stolen credit card information as subdomains in the domain name to be queried,
and when the query arrives at the authoritative name server controlled by the
attacker, the attacker can then easily decode the credit card information from
the queried domain name. Figure 1(c) shows an example of DNS C&C [22] where
a malware-infected host talks to and receives command from its C&C server by
sending a DNS query message to and receiving corresponding DNS response from
the compromised authoritative name server, which is the C&C server. In this
example, the seemingly-random domain name (rohgoruhgsorhugih.nl) queried
are actually dynamically generated by Domain-Generation-Algorithms (DGAs)
and automatically synchronized between the compromised host and the C&C
server [9,13,29,30,35,36].
Therefore, new detection methods are needed to detect these DNS covert
communication because traditional security tools based on blacklists, rules,
signatures cannot enumerate or capture the dynamically changing subdomain
names in the DNS covert communications exemplified in Fig. 1 (b)(c).
Our intuitive idea in detecting DNS covert communication is to apply
machine learning (ML) to capture a suspicious domain based on its features
(see the feature list in Table 2, e.g., the length of the domain). Although this
idea is promising, previous ML-based approaches along this direction have not
been deployed in the real-world enterprises yet, to the best of our knowledge,
due to the following the three challenges.
First, the performance of different ML algorithms might be different for dif-
ferent enterprises because the DNS traffic data distribution might be different.
Furthermore, the machine learning algorithms used in previous works, super-
vised models perform better and are preferred for some kinds of known threat
types, while unsupervised models are more preferred for some unknown but rare
threats. Thus, the algorithms used should be generic and flexible (as opposed to
being fixed) in the detection system. Second, different DNS covert communica-
tion threats might have different patterns, thus previous machine-leaning based
approaches, to the best of our knowledge, so far only focuses on specific types
of such attacks, e.g., [7,8] only detect data exfiltration, and [30] only detects
DGA domains. However, enterprises in the real-world are interested in detect-
ing various attacks, thus are reluctant to deploy the aforementioned piece-meal
approaches that can detect only one type of DNS covert communication. Third,
a practical ML-based detection system needs to have feedback mechanisms to
either add labeled data for re-training in the supervised approaches and/or tune
the parameters in the unsupervised approaches, and also fully utilize (as opposed
to replacing) the traditional DNS security tools such as the domain blacklist.
To tackle the above challenges, in this paper we propose a practical, flexi-
ble and end-to-end ML-based framework, called D 2 C2 (Detecting DNS Covert
Communication), to effectively detect various DNS covert communications in
enterprises by leveraging supervised and unsupervised classifiers trained by var-
4 R. Tang et al.
2 Background
A DNS log contains several important fields: NAME (the queried domain name),
TYPE (A for IPv4 address, CNAME for canonical names, TXT for text records
and etc.), and RDATA (the resource) [21]. For example, the query in Fig. 1(a)
contains the queried name (www.google.com), class (IN ), type (A). The response
log contains the response: RCODE (Response Code), TTL (Time to Live) and
the answer, and the corresponding query. The answer is the IPv4 address(es) for
the queried name. RCODE indicates the condition of the answer, NOERROR
(in this example) means a normal answer, and NXDomain indicates that the
queried name does not exist.
A Practical Machine Learning-Based Framework 5
Although DNS is a fundamental system that many services rely on, some
enterprise operators treat DNS as a “set and forget” infrastructure, and do not
update them from time to time with the latest security mechanisms [17]. For
example, DNSSEC [12] is one security extension of DNS proposed early, but its
adoption is quite slow till recently [10,15]. Some operators may be interested in
the availability of DNS only when DNS servers go wrong.
Figure 2 shows some typical exploits against DNS [17]. Attacks against DNS
infrastructure itself (i.e., DDoS and spoofing) are much easier to be noticed
because it leads to the failures or errors in DNS servers. DDoS (Distributed
Denial of Service) attacks compromise the availability of DNS, and spoofing (to
redirect users to attackers) leads to wrong or unreachable destinations. Besides
these, some attackers take advantage of the lack of monitoring on DNS traffic,
and choose DNS as a channel for covert communication (in bold in Fig. 2), which
is more difficult to notice.
And whether he is the sun, or lord and father of the sun and of the
whole perceptible world, it is not right to believe that he would
deprive the men of to-day of the help of his utterances, for he is the
author and supporter of our life, and the master of our intelligence.
Nor is it reasonable to suppose that Providence, which, like a kind
and tender mother, has given us all that we possess, should wish to
punish us in one single point alone—by taking away from us that
prophetic aid which was once given to us. Just as if the wicked were
not as numerous when the oracles were firmly established in many
parts of the earth! Sit down again, and, in honour of the Pythian
games, make a truce for once with vice, which you are always eager
to chastise, and help us to find out the cause of the failure of the
oracles.’ The only result of my remarks was that Planetiades went
out-of-doors in silence.[300] After a brief silence, Ammonius turned
to me and said, ‘Come, Lamprias, we must be careful not to deprive
the god of all agency in this matter. For if we maintain that the
cessation of the oracles is due to any other cause than the will of
God, we can hardly escape the conclusion that their foundation also
was not His work. If the prophetic power of the oracles is, indeed,
the work of God, we can imagine no greater or stronger power than
that required to destroy it. Planetiades’ remarks were displeasing to
me, particularly on account of the inconstancy which he attributes to
God in His attitude towards men’s wickedness, now punishing and
now protecting it, as if God were some king or tyrant excluding
vicious men at one door while welcoming and rewarding them at
another. We ought to start with the principle that God’s action is
always marked by an adaptation of means to ends, that He does not
furnish an excess of what is not required, and should then observe
that Greece has shared in a particular degree that general
depopulation which wars and revolutions have effected in all parts of
the world, to such an extent, indeed, that the whole of Greece could
now barely furnish the 3000 hoplites which were Megara’s
contingent to Platæa.[301] If we were to do this we should
accurately display our own judgment; for how could the god leave
his oracles with us for the mere purpose of marking the desolation of
our land? For who would be the better if its ancient oracle were still
left to Tegyra, or at Ptoum, where after searching whole days you
can hardly find a single herdsman tending his cattle? Even this most
ancient and famous oracle at Delphi is related to have been for a
long period reduced to a state of desolation and inaccessibility by a
terrible monster in the shape of a serpent. But this desolation is not
rightly explained. The solitude brought the serpent, not the serpent
the solitude. But when, in the great purpose of God, Greece again
grew strong in its cities, and the land was replenished with mankind,
the temple was served by two priestesses, who took alternate duties
on the tripod, and a third was appointed to be available in case of
emergency. But now there is but one Pythia; and her we find enough
for all our needs. For the prophetic inspiration that yet remains is
sufficient to send all comers away with their requirements satisfied.
Agamemnon employed nine heralds; and even so he was hard put to
it to control the assembly of the Greeks, so numerous it was. But
within a few days you will have an opportunity of observing that one
voice will easily reach the ears of everybody in the Theatre here. In
a similar manner the prophetic influence of the god issued by a
greater number of voices when the population was greater. But as
things at present are, the real cause for astonishment would be that
the god should allow the prophetic agency to waste like water, or his
voice to sound in vain like the cries of shepherds and sheep re-
echoing among the rocky solitudes.’[302] Ammonius ceased, and I
remained silent. But Cleombrotus, turning to me, said: ‘Was it not
you who, just now, maintained that it is the god himself who not
only gives, but also takes away the oracles?’ ‘No, indeed,’ replied I,
‘on the contrary, I assert that the god has taken away neither oracle
nor sacred shrine. But just as the god bestows upon us many other
things which are subject to decay and destruction by natural
processes—or, rather, the original substance, containing a principle
of change and movement in its own nature, often dissolves itself and
reshapes itself without the intervention of the original creator—so in
like manner, I think, the oracles undergo darkenings and declines,
being included in the truth of the statement that the god bestows
many fair gifts on men, but not one of them to last for ever; or, as
Sophocles has it, “the gods immortal are, but not their
works”’”—“The foundation of oracles is rightly assigned to God,”
continues Plutarch, “but the law of their existence and its operation
we must seek for in nature and in matter. For it is nothing but the
most childish folly to look upon God as a sort of ventriloquist: like
the fellows once called Eurycleis and nowadays Pythons, inserting
Himself into the bodies of the prophets, using their mouths and
vocal chords as instruments of His messages. For he who puts God
into this personal contact with human weaknesses and necessities,
sins against His glory, and deprives Him of the excellence and
grandeur of His Virtue.” This strong insistence upon the splendour of
the Divine Nature is, as we know, one of the most characteristic
elements of Plutarch’s philosophy, and, so long as he can preserve
this intact, he is not careful of consistency in his arguments on less
important points of doctrine. We have seen him shrinking in
conversation from too close an identification with Rationalism; and
we are also prepared to find him giving importance to a view which
introduces a supernatural element even into the operation of
secondary causes. Hence Cleombrotus is represented as saying how
difficult it is to draw the line exactly at the direct interposition of
Providence in human affairs; since those who exclude God from
second causes, and those who see Him everywhere, are equally in
error. Hence the pious student of Theology is permitted to give a full
exposition of the doctrines of Dæmonology as applied to the
question of Oracles and Inspiration. “Plato delivered Philosophy from
many difficulties when he discovered Matter as the substratum of
phenomenal qualities; but those who invented the science of
Dæmonology have solved greater difficulties still.” We are already
familiar with the nature and activities of the Dæmons; it remains to
see how their existence is applied to the question under discussion.
“Let us not listen,” says Cleombrotus, “to those who say that oracles
are not divinely inspired, or that religious rites and ceremonies are
disregarded by the gods: nor, on the other hand, let us approve of
the view that God is actively, personally, and directly concerned in
these matters; but let us believe that the Dæmons are
superintendents of, and participators in, the sacred sacrifices and
mysteries, justly assigning these functions to Lieutenants of the
gods, as it were to Servants and Secretaries, while others go about
and punish great and notorious acts of injustice.”[303] This belief, in
the opinion of Cleombrotus, furnishes an explanation of the silent
periods of the oracles. “I am not afraid to say, as many others have
said before me, that when the Dæmons who have been appointed to
administer prophetic shrines and oracles leave them finally, then the
shrines and oracles finally decline. If these guardians flee and go
elsewhither, and then return after a long interval, the oracles, silent
during their absence, become again, as of old, the means of
conveying responses to those who come to consult them.” “But,”
says Demetrius, “it is impossible to assert that the oracles are silent
owing to their desertion by the Dæmons, unless we are first
reassured respecting the method by which the Dæmons, when in
actual superintendence of the oracles, make them actively
inspired.”[304] Plutarch here introduces a rationalistic argument
imputing prophetic inspiration to subterrestrial exhalations, and
draws down upon himself the reproof from Ammonius that he has
followed up the abstraction of Divination from the gods by now
depriving the Dæmons of that power and referring it to “exhalations,
winds, and vapours.” Plutarch, however, though adhering to
Rationalism to the extent of insisting on the operation of secondary
causes, saves his piety by explicitly placing them under the
superintendence of the Dæmons. “There are two causes of
generation: the Zeus of the ancient poets and theologians, and the
physical causes of the natural philosophers. The study of either of
these sets of causes, to the exclusion of the other, leads to defective
philosophy. But he who first made use of both these principles,
combining creative Reason with created Matter, freed us from fear of
criticism either on the ground of impiety or unreason. For we deprive
prophetic inspiration neither of God nor of Reason when we allow as
its material the human soul, and assign as its instrument the
inspiring exhalation.[305] The Earth, indeed, breeds these
exhalations, but he that implants in the earth its tempering and
transforming power—I mean the Sun—is regarded as a god in our
ancestral religion. Then, if we leave the Dæmons as presidents and
attendants and guardians, to secure the due harmonizing of the
various elements of the inspiring exhalation, now slackening and
now tightening it, now restraining its excessive power of phrensy
and confusion, and gently tempering its stimulating force so that it
becomes harmless and painless to those under its influence—if we
adopt these views, we shall be in perfect harmony with reason and
possibility.”[306]
The one thing that is conspicuously evident throughout these
discussions on important questions of Religion is the earnest
sincerity with which they are universally approached. We notice
everywhere that combination of piety with philosophy, which is
characteristic of Plutarch’s own genius, and which appears to be no
less characteristic of the society in which he constantly moves. Even
the Epicurean Boethus, an excellent man with his witty stories and
courtly compliments, finds it somehow in his power to defend the
dignity of the prophetic God against those who would “mix Him up
with every piece of stone or brass,” while those who are most
solicitously inclined to a pious reverence of the ancient faith—
Serapion for a prominent example—never for long forget that spirit
of critical detachment proper to the inquiring philosopher.[307]
“There is no one here present,” says Heracleon,“who is profane and
uninitiated, and holds views of the gods inconsistent with our own;
but we must take care that we ourselves do not unconsciously admit
absurd and far-reaching hypotheses in support of our
arguments.”[308] But it is Plutarch himself who, shunning the
“falsehood of extremes,” most conspicuously represents this spirit of
compromise. It is Theon-Plutarch who finds a middle way between
the views of Boethus and those of Serapion on the subject of
prophecy, and it is Lamprias-Plutarch who, knowing that these things
involve many contentions and are open to numerous contradictions,
combines the belief in an original divine inspiration, with a
recognition of the scientific importance of subsidiary causes, moving
unchecked in the sphere of Nature. “The power of the exhalation
which inspires the Pythia is in truth divine and dæmonic, but it is not
exempt from the operation of causes that bring silence, age, decay
and destruction on all that lives between the earth and moon.”[309]
Plutarch here strikes with clear emphasis a note not out of harmony
with the spirit of modern Theology; and had he pushed this view to
its logical conclusion, as the Epicurean Boethus[310] did, the
Dæmons would have disappeared, and their places would have been
wholly occupied by natural causes operating under the Divine
impetus inspired by the great First Cause. But the necessity for a
personality, human on one aspect, Divine on the other, to stand
between God and man, was too strongly felt by Plutarch to enable
him to accept without qualification the conclusions of pure
rationalism. The blank between the Creator and His creatures is
occupied, therefore, partly by natural causes, partly by the Dæmons,
whose existence and mode of operation are now involved in the
working of natural causes regarded as under their superintendence,
and now appear as supernatural agencies vaguely dependent upon
the will of the Supreme Power.
CHAPTER VIII.
Sincerity of Plutarch’s belief in Dæmons—Function of the Dæmons as Mediators
not confined to oracular inspiration—Dæmons in their personal relationship
with the human soul—The De Dæmonio Socratis—This tract not a formal
treatise on Demonology—Various explanations of the Socratic “Dæmon”—
Ethical value of the conception of Dæmons as spiritual guardians of individual
men—“Men may rise on stepping-stones of their dead selves to higher
things”—Dangers of the conception—Superstition: Plutarch’s general attitude
towards that Vice.