Related papers: Browser-Based Covert Data Exfiltration
Ensuring that information flowing through a network is secure from manipulation and eavesdropping by unauthorized parties is an important task for network administrators. Many cyber attacks rely on a lack of network-level information flow…
This paper proposes an idea of data computing in the covert domain (DCCD). We show that with information hiding some data computing tasks can be executed beneath the covers like images, audios, random data, etc. In the proposed framework, a…
Imagine a group of citizens willing to collectively contribute their personal data for the common good to produce socially useful information, resulting from data analytics or machine learning computations. Sharing raw personal data with a…
In this paper we present three attacks on private internal networks behind a NAT and a corresponding new protection mechanism, Internal Network Policy, to mitigate a wide range of attacks that penetrate internal networks behind a NAT. In…
JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by…
The never-ending barrage of malicious emails, such as spam and phishing, is of constant concern for users, who rely on countermeasures such as email filters to keep the intended recipient safe. Modern email filters, one of our few defence…
To exchange complex data structures in distributed systems, documents written in context-free languages are exchanged among communicating parties. Unparsing these documents correctly is as important as parsing them correctly because errors…
With web applications becoming a preferred method of presenting graphical user interfaces to users, software vulnerabilities affecting web applications are becoming more and more prevalent and devastating. Some of these vulnerabilities,…
Fully Encrypted Protocols (FEPs) have arisen in practice as a technique to avoid network censorship. Such protocols are designed to produce messages that appear completely random. This design hides communications metadata, such as version…
The Domain Name System (DNS) is central to all Internet user activity, resolving accessed domain names into Internet Protocol (IP) addresses. As a result, curious DNS resolvers can learn everything about Internet users' interests. Public…
Social networks, instant messages and file sharing systems are common communication means among friends, families, coworkers, etc. Due to concerns of personal privacy, identify thefts, data misuse, freedom of speech and government…
We identify class of covert channels in browsers that are not mitigated by current defenses, which we call "pool-party" attacks. Pool-party attacks allow sites to create covert channels by manipulating limited-but-unpartitioned resource…
Web browsers are the most common tool to perform various activities over the internet. Along with normal mode, all modern browsers have private browsing mode. The name of the mode varies from browser to browser but the purpose of the…
In the Internet age, cyber-attacks occur frequently with complex types. Traffic generated by access activities can record website status and user request information, which brings a great opportunity for network attack detection. Among…
Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser's internal structure, thus leaving a hole for…
Coded caching schemes on broadcast networks with user caches help to offload traffic from peak times to off-peak times by prefetching information from the server to the users during off-peak times and thus serving the users more efficiently…
Covert channels is a vital setup in the analysing the strength of security in a network.Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation.The trapdoor set in such channels…
Cybersecurity continues to be a difficult issue for society especially as the number of networked systems grows. Techniques to protect these systems range from rules-based to artificial intelligence-based intrusion detection systems and…
The domain name system (DNS) is an important protocol in today's Internet operation, and is the standard naming convention between domain names, names that are easy to read, understand, and remember by humans, to IP address of Internet…
Privacy of users in P2P networks goes far beyond their current usage and is a fundamental requirement to the adoption of P2P protocols for legal usage. In a climate of cold war between these users and anti-piracy groups, more and more users…