Moving target defense (MTD) is a feasible idea for reducing the ratio of successful attacks by altering or diversifying the attributes or parameters of a protected system. As a result of applying MTD techniques to a system, an attacker would have more difficulties in launching attacks. Although several MTD techniques have been proposed for different types of attack, estimating the effectiveness of combining these MTDs remains a challenge. With the aim of setting up a method for evaluating MTDs, we first propose a model composed of two MTD diversification techniques to compare an attack success ratio between theoretical and experimental probability. To validate the proposed model, we conducted an experiment involving an actual attack and then analyzed how our MTD model can adequately estimate a binary-code injection attack. Results show that the rate of attack success is 100% when MTD diversification is not implemented, while the rate is reduced depending on how many variants can be diversified in a target system. Our method is an important first step toward establishing a method for evaluating MTDs, as well as predicting an MTD’s defensive abilities.

抄録全体を表示

Considering diversified HTTP types, the performance bottleneck of signature-based classification must be resolved. We define a signature model classifying the traffic in multiple dimensions and suggest a hierarchical signature structure to remove signature redundancy and minimize search space. Our experiments on campus traffic demonstrated 1.8 times faster processing speed than the Aho-Corasick matching algorithm in Snort.

抄録全体を表示

This paper reports the result of a comparison between reduced instruction set computing and the transport triggered architecture. Because of the simplicity and efficiency of the transport triggered architecture, its processor requires less execution cycles compared to the OpenRisc processor. This paper also presents a case study about designing an Architecture Definition File for a transport triggered architecture-based design tool, and it depicts how the Architecture Definition File structures are responsible for implementing high-speed design. In a custom Architecture Definition File, a new function unit is designed to improve processor performance, and it shows that the cycle count required to implement the Cyclic Redundancy Check algorithm drops to 7 executions from 5031.

抄録全体を表示

Conventional microcontroller (MCU)-based devices provide fixed services by executing statically compiled software in on-chip flash memory. In this paper, a newly designed on-demand remote code execution layer of the microcontroller bus architecture is proposed that enables seamless execution of the accessed instructions, which are dynamically loaded from the cloud side in the runtime. The proposed concept is applied to commercial MCUs based on ARM Cortex-M0™, which are implemented using 0.18 um CMOS process with about a 10,000 2-input NAND gates overhead. The experimental results show that the proposed approach results in a 65% reduction of total chip area by eliminating on-chip flash memory, still requiring reasonable code access latency.

抄録全体を表示

A drastic increase in cyberattacks targeting Internet of Things (IoT) devices using telnet protocols has been observed. IoT malware continues to evolve, and the diversity of OS and environments increases the difficulty of executing malware samples in an observation setting. To address this problem, we sought to develop an alternative means of investigation by using the telnet logs of IoT honeypots and analyzing malware without executing it. In this paper, we present a malware classification method based on malware binaries, command sequences, and meta-features. We employ both unsupervised or supervised learning algorithms and text-mining algorithms for handling unstructured data. Clustering analysis is applied for finding malware family members and revealing their inherent features for better explanation. First, the malware binaries are grouped using similarity analysis. Then, we extract key patterns of interaction behavior using an N-gram model. We also train a multiclass classifier to identify IoT malware categories based on common infection behavior. For misclassified subclasses, second-stage sub-training is performed using a file meta-feature. Our results demonstrate 96.70% accuracy, with high precision and recall. The clustering results reveal variant attack vectors and one denial of service (DoS) attack that used pure Linux commands.

抄録全体を表示

Windows Application Programming Interface (API) is an important data source for analysts to effectively understand the functions of malware. Due to this, malware authors are likely to hide the imported APIs in their malware by taking advantage of various obfuscation techniques. In this paper, we first build a formal model of the Import Address Table (IAT) reconstruction procedure to keep our description independent of specific implementations and then formally point out that the current IAT reconstruction is vulnerable to position obfuscation techniques, which are anti-analysis techniques obfuscating the positions of loaded APIs or Dynamic Link Libraries (DLLs). Next, we introduce an approach for API name resolution, which is an essential step in IAT reconstruction, on the basis of taint analysis to defeat position obfuscation techniques. The key idea of our approach is that we first define taint tags, each of which has a unique value for each API, apply the taint of the API to each of its instructions, track the movement of the API instructions by propagating the tags, and then resolve API names from the propagated tags for IAT reconstruction after acquiring a memory dump of the process under analysis. Finally, we experimentally demonstrate that a system in which our proposed API name resolution has been implemented enables us to correctly identify imported APIs even when malware authors apply various position obfuscation techniques to their malware.

抄録全体を表示

Field-programmable gate arrays (FPGAs) have garnered significant interest in research on high-performance computing because their computation and communication capabilities have drastically improved in recent years due to advances in semiconductor integration technologies that rely on Moore's Law. In addition to improving FPGA performance, toolchains for the development of FPGAs in OpenCL have been developed and offered by FPGA vendors that reduce the programming effort required. These improvements reveal the possibility of implementing a concept to enable on-the-fly offloading computation at which CPUs/GPUs perform poorly to FPGAs while performing low-latency data movement. We think that this concept is key to improving the performance of heterogeneous supercomputers using accelerators such as the GPU. In this paper, we propose a GPU-FPGA-accelerated simulation based on the concept and show our implementation with CUDA and OpenCL mixed programming for the proposed method. The results of experiments show that our proposed method can always achieve a better performance than GPU-based implementation and we believe that realizing GPU-FPGA-accelerated simulation is the most significant difference between our work and previous studies.

抄録全体を表示