Matching Items (78)
Description
The pervasive use of social media gives it a crucial role in helping the public perceive reliable information. Meanwhile, the openness and timeliness of social networking sites also allow for the rapid creation and dissemination of misinformation. It becomes increasingly difficult for online users to find accurate and trustworthy information. As witnessed in recent incidents of misinformation, it escalates quickly and can impact social media users with undesirable consequences and wreak havoc instantaneously. Different from some existing research in psychology and social sciences about misinformation, social media platforms pose unprecedented challenges for misinformation detection. First, intentional spreaders of misinformation will actively disguise themselves. Second, content of misinformation may be manipulated to avoid being detected, while abundant contextual information may play a vital role in detecting it. Third, not only accuracy, earliness of a detection method is also important in containing misinformation from being viral. Fourth, social media platforms have been used as a fundamental data source for various disciplines, and these research may have been conducted in the presence of misinformation. To tackle the challenges, we focus on developing machine learning algorithms that are robust to adversarial manipulation and data scarcity.
The main objective of this dissertation is to provide a systematic study of misinformation detection in social media. To tackle the challenges of adversarial attacks, I propose adaptive detection algorithms to deal with the active manipulations of misinformation spreaders via content and networks. To facilitate content-based approaches, I analyze the contextual data of misinformation and propose to incorporate the specific contextual patterns of misinformation into a principled detection framework. Considering its rapidly growing nature, I study how misinformation can be detected at an early stage. In particular, I focus on the challenge of data scarcity and propose a novel framework to enable historical data to be utilized for emerging incidents that are seemingly irrelevant. With misinformation being viral, applications that rely on social media data face the challenge of corrupted data. To this end, I present robust statistical relational learning and personalization algorithms to minimize the negative effect of misinformation.
The main objective of this dissertation is to provide a systematic study of misinformation detection in social media. To tackle the challenges of adversarial attacks, I propose adaptive detection algorithms to deal with the active manipulations of misinformation spreaders via content and networks. To facilitate content-based approaches, I analyze the contextual data of misinformation and propose to incorporate the specific contextual patterns of misinformation into a principled detection framework. Considering its rapidly growing nature, I study how misinformation can be detected at an early stage. In particular, I focus on the challenge of data scarcity and propose a novel framework to enable historical data to be utilized for emerging incidents that are seemingly irrelevant. With misinformation being viral, applications that rely on social media data face the challenge of corrupted data. To this end, I present robust statistical relational learning and personalization algorithms to minimize the negative effect of misinformation.
ContributorsWu, Liang (Author) / Liu, Huan (Thesis advisor) / Tong, Hanghang (Committee member) / Doupe, Adam (Committee member) / Davison, Brian D. (Committee member) / Arizona State University (Publisher)
Created2019
Description
Defending against spoofing is an important part of security throughout the internet. With- out the ability to authenticate, within a certain confidence, that a person is in fact who they say are, can allow attackers to go unrecognized after performing an attack. It is much too easy for attackers today to hide their identity or pretend to be someone else through the means of spoof- ing. Researchers must focus their efforts on defenses that are scalable and effective in counter- ing spoofing. This thesis focuses on surveying different types of spoofing as well as attacks that lever- age spoofing with the hopes to hide the attacker's identity or leverage identity theft to perform an attack. It also looks at current defenses that hope to counter attacks that leverage spoofing and evaluates how realistic is to implement the defenses in terms of scalability and effective- ness. By surveying different attacks and defenses, researchers will be able to better focus their efforts on more effective and scalable defenses to spoofing and attacks that leverage spoofing.
ContributorsTorrence, Ryan Michael (Author) / Dasgupta, Partha (Thesis director) / Doupe, Adam (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2015-05
Description
Penetration testing is regarded as the gold-standard for understanding how well an organization can withstand sophisticated cyber-attacks. However, the recent prevalence of markets specializing in zero-day exploits on the darknet make exploits widely available to potential attackers. The cost associated with these sophisticated kits generally precludes penetration testers from simply obtaining such exploits – so an alternative approach is needed to understand what exploits an attacker will most likely purchase and how to defend against them. In this paper, we introduce a data-driven security game framework to model an attacker and provide policy recommendations to the defender. In addition to providing a formal framework and algorithms to develop strategies, we present experimental results from applying our framework, for various system configurations, on real-world exploit market data actively mined from the darknet.
ContributorsRobertson, John James (Author) / Shakarian, Paulo (Thesis director) / Doupe, Adam (Committee member) / Electrical Engineering Program (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-05
Description
In the area of hardware, reverse engineering was traditionally focused on developing clones—duplicated components that performed the same functionality of the original component. While reverse engineering techniques have been applied to software, these techniques have instead focused on understanding high-level software designs to ease the software maintenance burden. This approach works well for traditional applications that contain source code, however, there are circumstances, particularly regarding web applications, where it would be very beneficial to clone a web application and no source code is present, e.g., for security testing of the application or for offline mock testing of a third-party web service. We call this the web application cloning problem.
This thesis presents a possible solution to the problem of web application cloning. Our approach is a novel application of inductive programming, which we call inductive reverse engineering. The goal of inductive reverse engineering is to automatically reverse engineer an abstraction of the web application’s code in a completely black-box manner. We build this approach using recent advances in inductive programming, and we solve several technical challenges to scale the inductive programming techniques to realistic-sized web applications. We target the initial version of our inductive reverse engineering tool to a subset of web applications, i.e., those that do not store state and those that do not have loops. We introduce an evaluation methodology for web application cloning techniques and evaluate our approach on several real-world web applications. The results indicate that inductive reverse engineering can effectively reverse engineer specific types of web applications. In the future, we hope to extend the power of inductive reverse engineering to web applications with state and to learn loops, while still maintaining tractability.
This thesis presents a possible solution to the problem of web application cloning. Our approach is a novel application of inductive programming, which we call inductive reverse engineering. The goal of inductive reverse engineering is to automatically reverse engineer an abstraction of the web application’s code in a completely black-box manner. We build this approach using recent advances in inductive programming, and we solve several technical challenges to scale the inductive programming techniques to realistic-sized web applications. We target the initial version of our inductive reverse engineering tool to a subset of web applications, i.e., those that do not store state and those that do not have loops. We introduce an evaluation methodology for web application cloning techniques and evaluate our approach on several real-world web applications. The results indicate that inductive reverse engineering can effectively reverse engineer specific types of web applications. In the future, we hope to extend the power of inductive reverse engineering to web applications with state and to learn loops, while still maintaining tractability.
ContributorsLiao, Kevin (Author) / Doupe, Adam (Thesis director) / Ahn, Gail-Joon (Committee member) / Zhao, Ziming (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / W. P. Carey School of Business (Contributor) / Barrett, The Honors College (Contributor)
Created2017-05
Description
Third-party mixers are used to heighten the anonymity of Bitcoin users. The mixing techniques implemented by these tools are often untraceable on the blockchain, making them appealing to money launderers. This research aims to analyze mixers currently available on the deep web. In addition, an in-depth case study is done on an open-source bitcoin mixer known as Penguin Mixer. A local version of Penguin Mixer was used to visualize mixer behavior under specific scenarios. This study could lead to the identification of vulnerabilities in mixing tools and detection of these tools on the blockchain.
ContributorsPakki, Jaswant (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2018-12
Description
Despite the more tightly controlled permissions and Java framework used by most programs in the Android operating system, an attacker can use the same classic vulnerabilities that exist for traditional Linux binaries on the programs in the Android operating system. Some classic vulnerabilities include stack overows, string formats, and heap meta-information corruption. Through the exploitation of these vulnerabilities an attacker can hijack the execution ow of an application. After hijacking the execution ow, an attacker can then violate the con_dentiality, integrity, or availability of the operating system. Over the years, the operating systems and compliers have implemented a number of protections to prevent the exploitation of vulnerable programs. The most widely implemented protections include Non-eXecutable stack (NX Stack), Address Space Layout Randomization (ASLR), and Stack Canaries (Canaries). NX Stack protections prevent the injection and execution of arbitrary code through the use of a permissions framework within a program. Whereas, ASLR and Canaries rely on obfuscation techniques to protect control ow, which requires su_cient entropy between each execution. Early in the implementation of these protections in Linux, researchers discovered that without su_cient entropy between executions, ASLR and Canaries were easily bypassed. For example, the obfuscation techniques were useless in programs that ran continuously because the programs did not change the canaries or re-randomize the address space. Similarly, aws in the implementation of ASLR and Canaries in Android only re-randomizes the values after rebooting, which means the address space locations and canary values remain constant across the executions of an Android program. As a result, an attacker can hijack the control ow Android binaries that contain control ow vulnerabilities. The purpose of this paper is to expose these aws and the methodology used to verify their existence in Android versions 4.1 (Jelly Bean) through 8.0 (Oreo).
ContributorsGibbs, Wil (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2018-12
Description
Smart cars are defined by the European Union Agency for Network and Information Security (ENISA) as systems providing connected, added-value features in order to enhance car users' experience or improve car safety. Because of their extra features, smart cars utilize sophisticated computer systems. These systems, particularly the Controller Area Network (CAN) bus and protocol, have been shown to provide information that can be used to accurately identify individual Electronic Control Units (ECUs) within a car and the driver that is operating a car. I expand upon this work to consider how information from in-vehicle computer systems can be used to identify individual vehicles. I consider fingerprinting vehicles as a means of aiding in stolen car recovery, thwarting VIN forgery, and supporting an intrusion detection system for networks of smart and autonomous vehicles in the near future. I provide an overview of in-vehicle computer systems and detail my work toward building an ECU testbed and fingerprinting vehicles.
ContributorsDavison, Paulina (Author) / Zhao, Ziming (Thesis director) / Ahn, Gail-Joon (Committee member) / Shoshitaishvili, Yan (Committee member) / Doupe, Adam (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2018-05
Description
Node.js is an extremely popular development framework for web applications. The appeal of its event-driven, asynchronous flow and the convenience of JavaScript as its programming language have driven its rapid growth, and it is currently deployed by leading companies in retail, finance, and other important sectors. However, the tools currently available for Node.js developers to secure their applications against malicious attackers are notably scarce. While there has been a substantial amount of security tools created for web applications in many other languages such as PHP and Java, very little exists for Node.js applications. This could compromise private information belonging to companies such as PayPal and WalMart. We propose a tool to statically analyze Node.js web applications for five popular vulnerabilites: cross-site scripting, SQL injection, server-side request forgery, command injection, and code injection. We base our tool off of JSAI, a platform created to parse client-side JavaScript for security risks. JSAI is novel because of its configuration capabilities, which allow a user to choose between various analysis options at runtime in order to select the most thorough analysis with the least amount of processing time. We contribute to the development of our tool by rigorously analyzing and documenting vulnerable functions and objects in Node.js that are relevant to the vulnerabilities we have selected. We intend to use this documentation to build a robust Node.js static analysis tool and we hope that other developers will also incorporate this analysis into their Node.js security projects.
ContributorsWasserman, Jonathan Kanter (Author) / Doupe, Adam (Thesis director) / Ahn, Gail-Joon (Committee member) / Zhao, Ziming (Committee member) / School of Historical, Philosophical and Religious Studies (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2017-05
Description
Ethereum smart contracts are susceptible not only to those vulnerabilities common to all software development domains, but also to those arising from the peculiar execution model of the Ethereum Virtual Machine. One of these vulnerabilities, a susceptibility to re-entrancy attacks, has been at the center of several high-profile contract exploits. Currently, there exist many tools to detect these vulnerabilties, as well as languages which preempt the creation of contracts exhibiting these issues, but no mechanism to address them in an automated fashion. One possible approach to filling this gap is direct patching of source files. The process of applying these patches to contracts written in Solidity, the primary Ethereum contract language, is discussed. Toward this end, a survey of deployed contracts is conducted, focusing on prevalence of language features and compiler versions. A heuristic approach to mitigating a particular class of re-entrancy vulnerability is developed, implemented as the SolPatch tool, and examined with respect to its limitations. As a proof of concept and illustrative example, a simplified version of the contract featured in a high-profile exploit is patched in this manner.
ContributorsLehman, Maxfield Chance Christian (Author) / Bazzi, Rida (Thesis director) / Doupe, Adam (Committee member) / School of Mathematical and Statistical Sciences (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2018-12
Description
The purpose of this project was to implement and analyze a new proposed rootkit that claims a greater level of stealth by hiding in cache. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known as TrustZone. It provides an isolated execution environment within the embedded device that enables us to run various memory integrity and malware detection tools to identify possible breaches in security to the normal world. Although TrustZone provides this additional layer of security, it also adds another layer of complexity, and thus comes with its own set of vulnerabilities. This new rootkit identifies and exploits a cache incoherence in the ARM device as a result of TrustZone. The newly proposed rootkit, called CacheKit, takes advantage of this cache incoherence to avoid memory introspection from tools in secure world. We implement CacheKit on the i.MX53 development board, which features a single ARM Cortex A8 processor, to analyze the limitations and vulnerabilities described in the original paper. We set up the Linux environment on the computer to be able to cross-compile for the development board which will be running the FreeScale android 2.3.4 platform with a 2.6.33 Linux kernel. The project is implemented as a kernel module that once installed on the board can manipulate cache as desired to conceal the rootkit. The module exploits the fact that in TrustZone, the secure world does not have access to the normal world cache. First, a technique known as Cache-asRAM is used to ensure that the rootkit is loaded only into cache of the normal world where it can avoid detection from the secure world. Then, we employ the cache maintenance instructions and resisters provided in the cp15 coprocessor to keep the code persistent in cache. Furthermore, the cache lines are mapped to unused I/O address space so that if cache content is flushed to RAM for inspection, the data is simply lost. This ensures that even if the rootkit were to be flushed into memory, any trace of the malicious code would be lost. CacheKit prevents defenders from analyzing the code and destroys any forensic evidence. This provides attackers with a new and powerful tool that is excellent for certain scenarios that were previously thought to be secure. Finally, we determine the limitations of the prototype to determine possible areas for future growth and research into the security of networked embedded devices.
ContributorsGutierrez Barnett, Mauricio Antonio (Author) / Zhao, Ziming (Thesis director) / Doupe, Adam (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12