4^ Springer. Proceedings European Computer. Conference on Network Defense. of the 3rd. Vasilios Sins Sotiris Ioannidis

Transcription

1 Vasilios Sins Sotiris Ioannidis Kostas Anagnostakis Panagiotis Trimintzios Editors Proceedings European Computer of the 3rd Conference on Network Defense 4^ Springer

2 Contents 1 Tales from the Crypt: Fingerprinting Attacks on Encrypted Channels by Way of Retain ting 1 Michael Valkering, Asia Slowinska, andherbert Bos 1 Introduction 1 2 Architecture Tracking Issues Retainting Determining the Tag Identifying the SSL Conversation Interposition Details 9 3 Signature Generation Pattern-Based Signatures Signatures for Polymorphic Buffer Overflows 13 4 Filters 14 5 Results 15 6 Related Work 17 7 Conclusions 18 References 18 2 Towards High Assurance Networks ofvirtual Machines 21 Fabrizio Baiardi anddaniele Sgandurra 1 Introduction 21 2 Psyco-Virt Overview Overall Architecture IntrospectionVM Monitored VM 27 3 Current Prototype Introspection Functions 27 4 Security Detecting Kernel Modifications Running Processes Checker Loaded Modules Authenticator Promiscuous Mode Checker Anti-Spoofing 29 and Performance Results 29

3 viii Contents 4.1 Effectiveness Performance Overhead Limitations 31 5 Related Works 31 6 Conclusions and Future Developments 32 Acknowledgments 32 References 32 3 Intrusion Detection Using Cost-Sensitive Classification 35 AikateriniMitrokotsa, ChristosDimitrakakis, andchristosdouligeris 1 Introduction 35 2 Cost Sensitive Classification Choice ofthe Cost Matrix Algorithmic Comparisons and Alternative Quality Metrics Models 38 3 Experiments Databases Technical Details Results 42 4 Conclusions 45 References 46 4 A Novel Approach for Anomaly Detection over High-Speed Networks 49 Osman Salem, Sandrine Vaton, andannie Gravey 1 Introduction 49 2 Related Work 52 3 Background Count-Min Sketch Multi-Channel Cumulative Sum Algorithm 54 4 Proposed Approach 57 5 Experiments Results 61 6 Conclusions 66 Acknowledgments 67 References 67 5 Elastic Block Ciphers in Practice: Constructions and Modes of Encryption 69 DebraL. Cook, Moti Yung, and Angelos D. Keromytis 1 Introduction 69 2 Elastic Block Cipher Examples Overview 70

4 Contents ix 2.2 Common Items Elastic AES Elastic Camellia Elastic MISTY Elastic RC Randomness Test Results Key Schedules 81 3 Modes of Encryption Overview Elastic Chaining Mode Elastic ECB Mode 86 4 Conclusions 88 Acknowledgments 90 References 90 6 Vulnerability Response Decision Assistance 93 Hal Burch, Art Manion, and Yurie Ito 1 Introduction 93 2VRDA Facts Light-Weight Affected Product Tags Data Exchange Decision Modeling Current Usage Future Direction Related Work Common Vulnerability Scoring System (CVSS) Exchange Formats Other Work 104 References Alice, What Did You Do Last Time? Fighting Phishing Using Past Activity Tests 107 Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos 1 Introduction PACT Architecture PACT Definition Example PACTs PACT evaluation PACT Resistance PACT Suspension Policy 110

5 x Contents 3.3 PACT Limitations Case Studies Ill 4.1 A PACT Enabled Service A PACT Enabled E-Commerce Service Results Related Work Conclusions 116 References QuiGon: The First Tool Against Clone Attack on Internet Relay Chat 119 Thibaut Henin and Corinne Huguennet 1 Introduction Clone Attack on Internet Relay Chat Internet Relay Chat Bots and Botnets Clone Attacks How to Prevent Such Attacks? Usual Protections Passwords to Enter the Network Blacklist Use Simple Regexp 4Qui-Gon The Temporal Oracle The Distinguishing Oracle Tests and Validation of the Distinguishing Oracle Test Against Existing Attacks Test Against a More Clever Attack Conclusions 127 References Defending Against Next Generation Through Network/ Endpoint Collaboration and Interaction 131 Spiros Antonatos, Michael Locasto, Stelios Sidiroglou Angelos D. Keromytis, andevangelos Markatos 1 Introduction Impact of Failing to Solve the Problem Research Directions Honey@home Application Communities Conclusions 139

6 A Contents xi Acknowledgments 139 References ISi-LANA - Secure Basic Architecture for Networks Connected to the Internet 143 Thomas Haeberlen 1 Introduction Basic Architecture Using Internet Services Providing Internet Services Administration and Monitoring Implementation and Operations Discussion Overall Structure Structure of the Security Gateway Structure of the Management Network Structure of the Internal Network Conclusions 150 Author Index 153 Subject Index 155