English
Related papers

Related papers: Off-Path Attacking the Web

200 papers

In a spoofing attack, an attacker impersonates a legitimate user to access or modify data belonging to the latter. Typical approaches for spoofing detection in the physical layer declare an attack when a change is observed in certain…

Signal Processing · Electrical Eng. & Systems 2023-10-18 Daniel Romero , Tien Ngoc Ha , Peter Gerstoft

Cross-Site Request Forgery (CSRF) vulnerabilities are a severe class of web vulnerabilities that have received only marginal attention from the research and security testing communities. While much effort has been spent on countermeasures…

Cryptography and Security · Computer Science 2017-08-30 Giancarlo Pellegrino , Martin Johns , Simon Koch , Michael Backes , Christian Rossow

IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the…

Networking and Internet Architecture · Computer Science 2021-10-05 Jasper Eumann , Raphael Hiesgen , Thomas C. Schmidt , Matthias Wählisch

Web applications are becoming truly pervasive in all kinds of business models and organizations. Today, most critical systems such as those related to health care, banking, or even emergency response, are relying on these applications. They…

Cryptography and Security · Computer Science 2009-06-01 Joaquin Garcia-Alfaro , Guillermo Navarro-Arribas

Web-fraud is one of the most unpleasant features of today's Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright…

Cryptography and Security · Computer Science 2015-03-13 Mishari Al Mishari , Emiliano De Cristofaro , Karim El Defrawy , Gene Tsudik

Web application (WA) expands its usages to provide more and more services and it has become one of the most essential communication channels between service providers and the users. To augment the users experience many web applications are…

Cryptography and Security · Computer Science 2009-08-31 Suman Saha

In this digital era, our lives highly depend on the internet and worldwide technology. Wide usage of technology and platforms of communication makes our lives better and easier. But on the other side it carries out some security issues and…

Cryptography and Security · Computer Science 2024-04-18 Muhammad Shoaib Farooq , Hina jabbar

Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies. Since many applications rely on untrusted training data, an attacker can easily craft malicious samples and inject them into…

Cryptography and Security · Computer Science 2021-12-01 Nicolas M. Müller , Simon Roschmann , Konstantin Böttinger

Internet resources form the basic fabric of the digital society. They provide the fundamental platform for digital services and assets, e.g., for critical infrastructures, financial services, government. Whoever controls that fabric…

Cryptography and Security · Computer Science 2022-05-12 Tianxiang Dai , Philipp Jeitner , Haya Shulman , Michael Waidner

In the growing world of the internet, the number of ways to obtain crucial data such as passwords and login credentials, as well as sensitive personal information has expanded. Page impersonation, often known as phishing, is one method of…

Cryptography and Security · Computer Science 2022-09-07 Aman Rangapur , Tarun Kanakam , Dhanvanthini P

DNS is important in nearly all interactions on the Internet. All large DNS operators use IP anycast, announcing servers in BGP from multiple physical locations to reduce client latency and provide capacity. However, DNS is easy to spoof:…

Cryptography and Security · Computer Science 2020-11-30 Lan Wei , John Heidemann

We analyzed the generation of protocol header fields in the implementations of multiple TCP/IP network stacks and found new ways to leak information about global protocol states. We then demonstrated new covert channels by remotely…

Cryptography and Security · Computer Science 2022-09-02 Amit Klein

In this paper, we uncover a new side-channel vulnerability in the widely used NAT port preservation strategy and an insufficient reverse path validation strategy of Wi-Fi routers, which allows an off-path attacker to infer if there is one…

Cryptography and Security · Computer Science 2024-04-09 Yuxiang Yang , Xuewei Feng , Qi Li , Kun Sun , Ziqiang Wang , Ke Xu

We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS…

Cryptography and Security · Computer Science 2022-05-13 Tianxiang Dai , Philipp Jeitner , Haya Shulman , Michael Waidner

Recently, self-supervised learning (SSL) was shown to be vulnerable to patch-based data poisoning backdoor attacks. It was shown that an adversary can poison a small part of the unlabeled data so that when a victim trains an SSL model on…

Computer Vision and Pattern Recognition · Computer Science 2023-04-05 Ajinkya Tejankar , Maziar Sanjabi , Qifan Wang , Sinong Wang , Hamed Firooz , Hamed Pirsiavash , Liang Tan

With the proliferation of LLM-driven multi-agent systems (MAS), the security of Web links has become a critical concern. Once MAS is induced to trust a malicious link, attackers can use it as a springboard to expand the attack surface. In…

Cryptography and Security · Computer Science 2026-01-08 Dezhang Kong , Hujin Peng , Yilun Zhang , Lele Zhao , Zhenhua Xu , Shi Lin , Changting Lin , Meng Han

Distributed Denial of Service (DDoS) attacks exhaust victim's bandwidth or services. Traditional architecture of Internet is vulnerable to DDoS attacks and an ongoing cycle of attack & defense is observed. In this paper, different types and…

Cryptography and Security · Computer Science 2014-03-24 Muhammad Aamir , Mustafa Ali Zaidi

WebView is an essential component in Android and iOS. It enables applications to display content from on-line resources. It simplifies task of performing a network request, parsing the data and rendering it. WebView uses a number of APIs…

Cryptography and Security · Computer Science 2013-04-30 A B Bhavani

Website Fingerprinting (WF) attacks can effectively identify the websites visited by Tor clients via analyzing encrypted traffic patterns. Existing attacks focus on identifying different websites, but their accuracy dramatically decreases…

Cryptography and Security · Computer Science 2024-09-09 Xiyuan Zhao , Xinhao Deng , Qi Li , Yunpeng Liu , Zhuotao Liu , Kun Sun , Ke Xu

In webpage fingerprinting, an on-path adversary infers the specific webpage loaded by a victim user by analysing the patterns in the encrypted TLS traffic exchanged between the user's browser and the website's servers. This work studies…

Cryptography and Security · Computer Science 2023-10-30 Vasilios Mavroudis , Jamie Hayes