Digital Threats: Research and Practice

The phenomenon of the non-consensual distribution of intimate or sexually explicit digital images of adults, a.k.a. non-consensual pornography (NCP) or revenge pornography, is under the spotlight for the toll it is taking on society. Law enforcement statistics confirm a dramatic global rise in abuses. For this reason, the research community is investigating different strategies to fight and mitigate the abuses and their effects. Since the phenomenon involves different aspects of personal and social interaction among users of social media and content sharing platforms, in the literature it is addressed under different academic disciplines. However, while most of the literature reviews focus on non-consensual pornography either from a social science or psychological perspective, to the best of our knowledge a systematic review of the research on the technical aspects of the problem is still missing. In this work, we present a Systematic Mapping Study (SMS) of the literature, looking at this interdisciplinary phenomenon through a technical lens. Therefore, we focus on the cyber side of the crime of non-consensual pornography with the aim of describing the state-of-the-art and the future lines of research from a technical and quantitative perspective.

Mattia Falduti

Sergio Tessaris

Digital Threats Research and Practice

Mapping the Interdisciplinary Research on Non-consensual Pornography: Technical and Quantitative Perspectives

非同意色情内容的跨学科研究图谱：技术与定量视角

In real life, distinct runs of the same artifact lead to the exploration of different paths, due to either system's natural randomness or malicious constructions. These variations might completely change execution outcomes (extreme case). Thus, to analyze malware beyond theoretical models, we must consider the execution of multiple paths. The academic literature presents many approaches for multipath analysis (e.g., fuzzing, symbolic, and concolic executions), but it still fails to answer What's the current state of multipath malware tracing? This work aims to answer this question and also to point out What developments are still required to make them practical? Thus, we present a literature survey and perform experiments to bridge theory and practice. Our results show that (i) natural variation is frequent; (ii) fuzzing helps to discover more paths; (iii) fuzzing can be guided to increase coverage; (iv) forced execution maximizes path discovery rates; (v) pure symbolic execution is impractical, and (vi) concolic execution is promising but still requires further developments.

Marcus Botacin

Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and Experiments

模糊测试与符号执行在多路径恶意软件追踪中的应用：通过调查与实验连接理论与实践

With the significant advances in deep generative models for image and video synthesis, Deepfakes and manipulated media have raised severe societal concerns. Conventional machine learning classifiers for deepfake detection often fail to cope with evolving deepfake generation technology and are susceptible to adversarial attacks. Alternatively, invisible image watermarking is being researched as a proactive defense technique that allows media authentication by verifying an invisible secret message embedded in the image pixels. A handful of invisible image watermarking techniques introduced for media authentication have proven vulnerable to basic image processing operations and watermark removal attacks. In response, we have proposed a semi-fragile image watermarking technique that embeds an invisible secret message into real images for media authentication. Our proposed watermarking framework is designed to be fragile to facial manipulations or tampering while being robust to benign image-processing operations and watermark removal attacks. This is facilitated through a unique architecture of our proposed technique consisting of critic and adversarial networks that enforce high image quality and resiliency to watermark removal efforts, respectively, along with the backbone encoder-decoder and the discriminator networks. This allows images shared over the Internet to retain the verifiable watermark as long as facial manipulations or any other Deepfake modification technique is not applied. Thorough experimental investigations on SOTA facial Deepfake datasets demonstrate that our proposed model can embed a \(64\) -bit secret as an imperceptible image watermark that can be recovered with a high-bit recovery accuracy when benign image processing operations are applied while being non-recoverable when unseen Deepfake manipulations are applied. In addition, our proposed watermarking technique demonstrates high resilience to several white-box and black-box watermark removal attacks. Thus, obtaining state-of-the-art performance.

Aakash Varma Nadimpalli

Ajita Rattani

Social Media Authentication and Combating Deepfakes using Semi-fragile Invisible Image Watermarking

社交媒体认证与利用半脆弱不可见图像水印技术对抗深度伪造

Sharing the alerts from intrusion detection systems among multiple computer networks and organizations allows for seeing the “big picture” of the network security situation and improves the capabilities of cyber incident response. However, such a task requires a number of technical and non-technical issues to be resolved, from data collection and distribution to proper categorization, data quality management, and issues of trust and privacy. In this field note, we illustrate the concepts and provide lessons learned on the example of SABU, an alert sharing and analysis platform used by academia and partner organizations in the Czech Republic. We discuss the initial willingness to share the data that was later weakened by the uncertainties around personal data protection, the issues of high volume and low quality of the data that prevented their straightforward use, and that the management of the community is a more severe issue than the technical implementation of alert sharing.

Martin Husák

Pavol Sokol

Martin Žádník

Václav Bartoš

Martin Horák

Lessons Learned from Automated Sharing of Intrusion Detection Alerts: The Case of the SABU Platform

从SABU平台自动化共享入侵检测警报中吸取的教训

To tackle issues associated with phishing website attacks, the study conducted rigorous experiments on RF, GB, and CATB classifiers. Since each classifier was an ensemble learner on their own; we integrated them into stacking and majority vote ensemble architectures to create hybrid-ensemble learning. Due to ensemble learning methods being known for their high computational time costs, the study applied the UFS technique to address these concerns and obtained promising results. Since the scalability and performance consistency of the phishing website detection system across numerous datasets is critical to combating various variants of phishing website attacks, we used three distinct phishing website datasets (DS-1, DS-2, and DS-3) to train and test each ensemble learning method to identify the best-performed one in terms of accuracy and model computational time. Our experimental findings reveal that the CATB classifier demonstrated scalable, consistent, and superior accuracy across three distinct datasets (attained 97.9% accuracy in DS-1, 97.36% accuracy in DS-2, and 98.59% accuracy in DS-3). When it comes to model computational time, the RF classifier was discovered to be the fastest when applied to all datasets, while the CATB classifier was discovered to be the second quickest when applied to all datasets.

Kibreab Adane

Berhanu Beyene

Mohammed Abebe

Single and Hybrid-Ensemble Learning-Based Phishing Website Detection: Examining Impacts of Varied Nature Datasets and Informative Feature Selection Technique

基于单一和混合集成学习的钓鱼网站检测：探究不同性质数据集和信息特征选择技术的影响

Understanding the modus operandi of adversaries aids organizations to employ efficient defensive strategies and share intelligence in the community. This knowledge is often present in unstructured natural language text within threat analysis reports. A translation tool is needed to interpret the modus operandi explained in the sentences of the threat report and convert it into a structured format. This research introduces a methodology named TTPXHunter for automated extraction of threat intelligence in terms of Tactics, Techniques, and Procedures (TTPs) from finished cyber threat reports. It leverages cyber domain-specific state-of-the-art natural language model to augment sentences for minority class TTPs and refine pinpointing the TTPs in threat analysis reports significantly. We create two datasets: an augmented sentence-TTP dataset of \(39,296\) sentence samples and a \(149\) real-world cyber threat intelligence report-to-TTP dataset. Further, we evaluate TTPXHunter on the augmented sentence and report datasets. The TTPXHunter achieves the highest performance of \(92.42\%\) f1-score on the augmented dataset, and it also outperforms existing state-of-the-art TTP extraction method by achieving an f1-score of \(97.09\%\) when evaluated over the report dataset. TTPXHunter significantly improves cybersecurity threat intelligence by offering quick, actionable insights into attacker behaviors. This advancement automates threat intelligence analysis and provides a crucial tool for cybersecurity professionals to combat cyber threats.

Nanda Rani

Bikash Saha

Vikas Maurya

Sandeep Kumar Shukla

TTPXHunter: Actionable Threat Intelligence Extraction as TTPs from Finished Cyber Threat Reports

TTPXHunter：从已完成网络威胁报告中提取可操作威胁情报作为TTPs

Advanced persistent threat (APT) attacks present a significant challenge for any organization, as they are difficult to detect due to their elusive nature and characteristics. In this paper, we conduct a comprehensive literature review to investigate the various APT attack detection systems and approaches and classify them based on their threat model and detection method. Our findings reveal common obstacles in APT attack detection, such as correctly attributing anomalous behavior to APT attack activities, limited availability of public datasets and inadequate evaluation methods, challenges with detection procedures, and misinterpretation of requirements. Based on our findings, we propose a reference architecture to enhance the comparability of existing systems and provide a framework for classifying detection systems. In addition, we look in detail at the problems encountered in current evaluations and other scientific gaps, such as a neglected consideration of integrating the systems into existing security architectures and their adaptability and durability. While no one-size-fits-all solution exists for APT attack detection, this review shows that graph-based approaches hold promising potential. However, further research is required for real-world usability, considering the systems’ adaptability and explainability.

Robin Buchta

George Gkoktsis

Felix Heine

Carsten Kleiner

Advanced Persistent Threat Attack Detection Systems: A Review of Approaches, Challenges, and Trends

高级持续性威胁攻击检测系统：方法、挑战与趋势综述

Extended Reality (XR) platforms can expose users to novel attacks including embodied abuse and/or AI attacks-at-scale. The expanded attack surfaces of XR technologies may expose users of shared online platforms to psychological/social and physiological harms via embodied interactions with potentially millions of other humans or artificial humans, causing what we define as an inter-reality attack. The past twenty years have demonstrated how social and other harms (e.g. bullying, assault and stalking) can and do shift to digital social media and gaming platforms. XR technologies becoming more mainstream has led to investigations of ethical and technical consequences of these expanded input surfaces. However, there is limited literature that investigates social attacks, particularly toward vulnerable communities, and how AI technologies may accelerate generative attacks-at-scale. This paper employs human-centred research methods and a harms-centred Cybersecurity framework to co-design a testbed of socio-technical attack scenarios in XR social gaming platforms. It uses speculative fiction to further extrapolate how these could reach attacks-at-scale by applying generative AI techniques. It develops an Inter-Reality Threat Model to outline how actions in virtual environments can impact on the real-world. As AI capability continues to rapidly develop, this paper articulates the urgent need to consider a future where XR-AI attacks-at-scale could become commonplace.

Moya Kate Baldry

Jassim Happa

Anthony Steed

Simon Smith

Mashhuda Glencross

<i>From Embodied Abuse to Mass Disruption</i> : Generative, Inter-Reality Threats in Social, Mixed-Reality Platforms

从身体虐待到大规模破坏：社交混合现实平台中的生成性跨现实威胁

ISSN	2576-5337, 2692-1626
h-index	10

出版信息	出版商: Association for Computing Machinery (ACM)，出版周期: ，期刊类型: journal，开源期刊: 否
基本数据	创刊年份: 2020，原创研究文献占比: ，自引率:， Gold OA占比:

Digital Threats: Research and Practice

期刊引文格式

有 1 位以上作者的期刊

有 2 位作者的期刊

有 3 位作者的期刊

有 5 位以上作者的期刊

书籍引用格式

学位论文引用格式

网页引用格式

专利引用格式

手工熬夜修改参考文献？研飞自动匹配期刊，一键轻松成稿，支持 Word/WPS

投稿经验分享

Mapping the Interdisciplinary Research on Non-consensual Pornography: Technical and Quantitative Perspectives

Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and Experiments

Social Media Authentication and Combating Deepfakes using Semi-fragile Invisible Image Watermarking

Lessons Learned from Automated Sharing of Intrusion Detection Alerts: The Case of the SABU Platform

Single and Hybrid-Ensemble Learning-Based Phishing Website Detection: Examining Impacts of Varied Nature Datasets and Informative Feature Selection Technique

Social Media Authentication and Combating Deepfakes using Semi-fragile Invisible Image Watermarking

Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and Experiments

TTPXHunter: Actionable Threat Intelligence Extraction as TTPs from Finished Cyber Threat Reports

Advanced Persistent Threat Attack Detection Systems: A Review of Approaches, Challenges, and Trends

From Embodied Abuse to Mass Disruption : Generative, Inter-Reality Threats in Social, Mixed-Reality Platforms