Title: Network dialog minimization and network dialog diffing: Two novel primitives for network security applications
Authors: Rafique, M Zubair
Caballero, Juan
Huygens, Christophe
Joosen, Wouter
Issue Date: Dec-2014
Host Document: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC 2014) pages:166-175
Conference: Annual Computer Security Applications Conference location:New Orleans, Louisiana, USA date:8-12 December 2014
Abstract: In this work, we present two fundamental primitives for network security: network dialog minimization and network dialog diffing. Network dialog minimization (NDM) simplifies an original dialog with respect to a goal, so that the minimized dialog when replayed still achieves the goal, but requires minimal network communication, achieving significant time and bandwidth savings. We present network delta debugging, the first technique to solve NDM. Network dialog diffing compares two dialogs, aligns them, and identifies their common and different parts. We propose a novel dialog diffing technique that aligns two dialogs by finding a mapping that maximizes similarity.
We have applied our techniques to 5 applications. We apply our dialog minimization approach for: building drive-by download milkers for 9 exploit kits, integrating them in a infrastructure that has collected over 14,000 malware samples running from a single machine; efficiently measuring the percentage of popular sites that allow cookie replay, finding that 31% do not destroy the server-side state when a user logs out and that 17% provide cookies that live over a month; simplifying a cumbersome user interface, saving our institution 3 hours of time per year and employee; and finding a new vulnerability in a SIP server. We apply our dialog diffing approach for clustering benign (F-Measure = 100%) and malicious (F-Measure = 87.6%) dialogs.
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
ndm_acsac14_cr.pdf Published 811KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.