Mohamed El Massad, Siddharth Garg and Mahesh Tripunitara. Integrated circuit (IC) camouflaging is a promising technique to protect the design of a chip from reverse engineering. However, recent work has shown that even camouflaged ICs can be reverse engineered from the observed input/output behaviour of a chip using SAT solvers. However, these so-called SAT attacks have so...
Category: Publications
DPFEE: A High Performance Scalable Pre-processor for Network Security Systems
Vinayaka Jyothi, Sateesh K. Addepalli and Ramesh Karri Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We...
Game-Theoretic Design of Secure and Resilient Distributed Support Vector Machines with Adversaries
Rui Zhang and Quanyan Zhu With a large number of sensors and control units in networked systems, distributed support vector machines (DSVMs) play a fundamental role in scalable and efficient multisensor classification and prediction tasks. However, DSVMs are vulnerable to adversaries who can modify and generate data to deceive the system to misclassification and misprediction....
An Information Theoretic Framework for Active De-anonymization in Social Networks Based on Group Memberships
Farhad Shirani, Siddharth Garg, and Elza Erkip In this paper, a new mathematical formulation for the problem of de-anonymizing social network users by actively querying their membership in social network groups is introduced. In this formulation, the attacker has access to a noisy observation of the group membership of each user in the social network....
Rethinking Split Manufacturing: An Information-Theoretic Approach with Secure Layout Techniques
Abhrajit Sengupta, Satwik Patnaik, Johann Knechtel, Mohammed Ashraf, Siddharth Garg and Ozgur Sinanoglu Split manufacturing is a promising technique to defend against fab-based malicious activities such as IP piracy, overbuilding, and insertion of hardware Trojans. However, a network flow-based proximity attack, proposed by Wang et al. (DAC’16) [1], has demonstrated that most prior art on split manufacturing is highly...
Manipulating Adversary’s Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security
Karel Horák, Quanyan Zhu and Branislav Bošanský. Due to the sophisticated nature of current computer systems, traditional defense measures, such as firewalls, malware scanners, and intrusion detection/prevention systems, have been found inadequate. These technological systems suffer from the fact that a sophisticated attacker can study them, identify their weaknesses and thus get an advantage over the defender. To prevent this...
Dynamics of Strategic Protection Against Virus Propagation in Heterogeneous Complex Networks
Yezekael Hayel and Quanyan Zhu With an increasing number of wide-spreading cyber-attacks on networks such as the recent WannaCry and Petya Ransomware, protection against malware and virus spreading in large scale networks is essential to provide security to network systems. In this paper, we consider a network protection game in which heterogeneous agents decide their...
Strategic Defense Against Deceptive Civilian GPS Spoofing of Unmanned Aerial Vehicles
Tao Zhang and Quanyan Zhu The Global Positioning System (GPS) is commonly used in civilian Unmanned Aerial Vehicles (UAVs) to provide geolocation and time information for navigation. However, GPS is vulnerable to many intentional threats such as the GPS signal spoofing, where an attacker can deceive a GPS receiver by broadcasting incorrect GPS signals. Defense...
Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks
Haizhong Zheng, Minhui Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang and Keith Ross. Popular User-Review Social Networks (URSNs)-such as Dianping, Yelp, and Amazon-are often the targets of reputation attacks in which fake reviews are posted in order to boost or diminish the ratings of listed products and services. These attacks often emanate from a collection of accounts, called...
Linking Amplification DDoS Attacks to Booter Services
Johannes Krupp, Mohammad Karami, Christian Rossow, Damon McCoy and Michael Backes We present techniques for attributing amplification DDoS attacks to the booter services that launched the attack. Our k-Nearest Neighbor (k-NN) classification algorithm is based on features that are characteristic for a DDoS service, such as the set of reflectors used by that service. This...