RAID 2024 – The 27th International Symposium on Research in Attacks, Intrusions and Defenses

Program

Monday 30/09/2024

08:30 - 09:00	Registration
09:00 - 09:30	Opening
09:30 - 10:30	Keynote I
Lorenzo Cavallaro Trustworthy AI... for Systems Security Abstract: No day goes by without reading machine learning (ML) success stories across various application areas. Systems security is no exception, where ML’s tantalizing performance leave one to wonder whether there are any unsolved problems left. However, machine learning has no clairvoyant abilities and once the magic wears off, we’re left in uncharted territory. Is machine learning truly capable of ensuring systems security? In this keynote, we will take malware research as a representative example of a long-studied, thriving, yet challenging subject and, after offering a quick historical perspective, we will illustrate some of the open issues that are affecting learning-based malware models. When relevant, we will also delve into behind-the-scenes aspects to encourage reflection on the reproducibility crisis. Our goal is to foster a deeper understanding of machine learning’s role in systems security along with a discussion on promising directions the research community is and should be pursuing to address such challenges and open problems. Bio: Lorenzo Cavallaro grew up on pizza, spaghetti, and Phrack, and soon developed a passion for underground and academic research. He is a Full Professor of Computer Science at University College London (UCL), where he leads the Systems Security Research Lab. Lorenzo’s research vision is to enhance the effectiveness of machine learning for systems security in adversarial settings. He works with his team to investigate the interplay among program analysis abstractions, representations, and ML models, and their crucial role in creating Trustworthy AI for Systems Security. Lorenzo publishes at and sits on the Program Committee of leading conferences in computer security and ML, received the Distinguished Paper Award at USENIX Security 2022, and an ICML 2024 Spotlight Paper. He is also Associate Editor of ACM TOPS and IEEE TDSC. In addition to his love for food, Lorenzo finds his Flow in science, music, and family.
10:30 - 11:00	Break
11:00 - 12:30	Web Security and Privacy
Understanding Web Fingerprinting with a Protocol-Centric Approach Bogdan Cebere, CISPA Helmholtz Center for Information Security Christian Rossow, CISPA Helmholtz Center for Information Security Blocklist-Forecast: Proactive Domain Blocklisting by Identifying Malicious Hosting Infrastructure Udesh Kumarasinghe, Purdue University Mohamed Nabeel, Palo Alto Networks Charitha Elvitigala, SCoRe Lab From Victims to Defenders: An Exploration of the \\Phishing Attack Reporting Ecosystem Zhibo Sun, Drexel University Faris Bugra Kokulu, Arizona State University Penghui Zhang, Arizona State University Adam Oest, PayPal Gianluca Stringhini, Boston University Tiffany Bao, Arizona State University Ruoyu Wang, Arizona State University Yan Shoshitaishvili, Arizona State University Adam Doupé, Arizona State University Gail-Joon Ahn, Arizona State University Hidden Web Caches Discovery Matteo Golinelli, University of Trento Bruno Crispo, University of Trento Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies Bahruz Jabiyev, Dartmouth College Anthony Gavazzi, Northeastern University Kaan Onarlioglu, Akamai Technologies Engin Kirda, Northeastern University
12:30 - 14:00	Lunch
14:00 - 15:30	Malware & Unwanted Software (I)
What do malware analysts want from academia? A survey on the state-of-the-practice to guide research developments Marcus Botacin, Texas A&M University Cross-Regional Malware Detection via Model Distilling and Federated Learning Marcus Botacin, Texas A&M University Heitor Gomes, Victoria University of Wellington ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files Aakanksha Saha, TU Wien Jorge Blasco, Universidad Politécnica de Madrid Lorenzo Cavallaro, University College London Martina Lindorfer, TU Wien How to Train your Antivirus: RL-based Hardening through the Problem Space Ilias Tsingenopoulos, imec-DistriNet, KU Leuven Jacopo Cortellazzi, King's College London Branislav Bosansky, Gen Digital Simone Aonzo, EURECOM Davy Preuveneers, KU Leuven Wouter Joosen, KU Leuven Fabio Pierazzi, King's College London Lorenzo Cavallaro, University College London Down to earth! Guidelines for DGA-based Malware Detection Bogdan Cebere, CISPA Helmholtz Center for Information Security Jonathan Lasse Bennet Flueren, CISPA Helmholtz Center for Information Security Silvia Sebastián, CISPA Helmholtz Center for Information Security Daniel Plohmann, Fraunhofer FKIE Christian Rossow, CISPA Helmholtz Center for Information Security
15:30 - 16:00	Break
16:00 - 17:30	IDS and Network Security
Mateen: Adaptive Ensemble Learning for Network Anomaly Detection Fahad Alotaibi, Imperial College London Sergio Maffeis, Imperial College London Obfuscating Provenance-Based Forensic Investigations with Mapping System Meta-Behavior Anyuan Sang, Xidian University Yuchen Wang, Xidian University Li Yang, Xidian University, Shaanxi Key Laboratory of Network and System Security Junbo Jia, Xidian University Lu Zhou, Xidian University AudiTrim: A Real-time, General, Efficient, and Low-overhead Data Compaction System for Intrusion Detection Hongbin Sun, Zhongguancun Laboratory Su Wang, Zhongguancun Laboratory Zhiliang Wang, Tsinghua University Zheyu Jiang, Tsinghua University Dongqi Han, Beijing University of Posts and Telecommunications Jiahai Yang, Tsinghua University No Need for Details: Effective Anomaly Detection for Process Control Traffic in Absence of Protocol and Attack Knowledge Franka Schuster, Brandenburg University of Technology Cottbus-Senftenberg Hartmut König, Brandenburg University of Technology Cottbus-Senftenberg Leveraging Deep Reinforcement Learning for Cyber-Attack Paths Prediction: Formulation, Generalization, and Evaluation Franco Terranova, Université de Lorraine, CNRS, Inria, LORIA Abdelkader Lahmadi, Université de Lorraine, CNRS, Inria, LORIA Isabelle Chrisment, Université de Lorraine, CNRS, Inria, LORIA
17:30	Welcome Reception

Tuesday 01/10/2024

09:30 - 10:30	Malware & Unwanted Software (II)
Encrypted Endpoints: Defending Online Services from Illegitimate Bot Automation August See, Universität Hamburg Kevin Röbert, Universität Hamburg Mathias Fischer, Universität Hamburg Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware Carlos Novo, INESC TEC, HASLab and DCC FCUP Sofia Romeiro, INESC-ID / Instituto Superior Técnico, Universidade de Lisboa Bernardo Portela, INESC TEC, HASLab and DCC FCUP Diogo Barradas, University of Waterloo Nuno Santos, INESC-ID / Instituto Superior Técnico, Universidade de Lisboa BluePrint: Automatic Malware Signature Generation for Internet Scanning Kevin Stevens, Georgia Institute of Technology Mert Erdemir, Georgia Institute of Technology Hang Zhang, Indiana University Bloomington Taesoo Kim, Georgia Institute of Technology Paul Pearce, Georgia Institute of Technology
10:30 - 11:00	Break
11:00 - 12:30	Cyber Crime and Security Measurements
Honeyquest: Rapidly Measuring the Enticingness of Cyber Deception Techniques with Code-based Questionnaires Mario Kahlhofer, Dynatrace Research, Johannes Kepler University Linz Stefan Achleitner, Dynatrace Research Stefan Rass, Johannes Kepler University Linz, LIT Secure and Correct Systems Lab René Mayrhofer, Johannes Kepler University Linz The "Big Beast to Tackle": Practices in Quality Assurance for Cyber Threat Intelligence Thomas Geras, HM Munich University of Applied Sciences Thomas Schreck, HM Munich University of Applied Sciences Unraveling the Web of Disinformation: Exploring the Larger Context of State-Sponsored Influence Campaigns on Twitter Mohammad Hammas Saeed, Boston University Shiza Ali, Boston University Pujan Paudel, Boston University Jeremy Blackburn, Binghamton University Gianluca Stringhini, Boston University You Might Have Known It Earlier: Analyzing the Role of Underground Forums in Threat Intelligence Tommaso Paladini, Politecnico di Milano Lara Ferro, Politecnico di Milano Mario Polino, Politecnico di Milano Stefano Zanero, Politecnico di Milano Michele Carminati, Politecnico di Milano Security of Cross-chain Bridges: Attack Surfaces, Defenses, and Open Problems Mengya Zhang, The Ohio State University Xiaokuan Zhang, George Mason University Yinqian Zhang, Southern University of Science and Technology Zhiqiang Lin, The Ohio State University
12:30 - 14:00	Lunch
14:00 - 15:30	Software Security
KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities Bonan Ruan, National University of Singapore Jiahao Liu, National University of Singapore Chuqi Zhang, National University of Singapore Zhenkai Liang, National University of Singapore Tango: Extracting Higher-Order Feedback through State Inference Ahmad Hazimeh, EPFL; BugScale Duo Xu, EPFL Qiang Liu, EPFL Yan Wang, Huawei Mathias Payer, EPFL Integrating Static Analyses for High-Precision Control-Flow Integrity Florian Kasten, Fraunhofer AISEC Philipp Zieris, Fraunhofer AISEC Julian Horsch, Fraunhofer AISEC Beyond REST: Introducing APIF for Comprehensive API Vulnerability Fuzzing Yu Wang, Tsinghua University Larry Xu, TrustAI Pte.Ltd. Efficiently Rebuilding Coverage in Hardware-Assisted Greybox Fuzzing Tai Yue, National University of Defense Technology and Southern University of Science and Technology Yibo Jin, Southern University of Science and Technology Fengwei Zhang, Southern University of Science and Technology (SUSTech) Zhenyu Ning, Hunan University Pengfei Wang, National University of Defense Technology Xu Zhou, National University of Defense Technology Kai Lu, National University of Defense Techonology
15:30 - 16:00	Break
16:00 - 17:30	ML and Adversarial Learning for Security
Breaking Privacy in Model-Heterogeneous Federated Learning Atharva Haldankar, Virginia Tech Arman Riasi, Virginia Tech Hoang-Dung Nguyen, Virginia Tech Tran Phuong, University of Arkansas at Little Rock Thang Hoang, Virginia Tech KGDist: A Prompt-Based Distillation Attack against LMs Augmented with Knowledge Graphs Hualong Ma, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China Peizhuo Lv, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China Kai Chen, Institute of Information Engineering, Chinese Academy of Sciences, China Jiachen Zhou, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China Enhancing Model Poisoning Attacks to Byzantine-Robust Federated Learning via Critical Learning Periods Gang Yan, UC Merced Hao Wang, Stevens Institute of Technology Xu Yuan, University of Delaware Jian Li, Stony Brook University AI-Generated Faces in the Real World: A Large-Scale Case Study of Twitter Profile Images Jonas Ricker, Ruhr University Bochum Dennis Assenmacher, GESIS - Leibniz Institute for the Social Sciences Thorsten Holz, CISPA Helmholtz Center for Information Security Asja Fischer, Ruhr University Bochum Erwin Quiring, Ruhr University Bochum, International Computer Science Institute Berkeley
20:00	Social Dinner at Pedrocchi Cafè & Awards Announcements

Wednesday 02/10/2024

09:30 - 10:30	Keynote II
Marcel Böhme How to Solve Cybersecurity Once and For All Abstract: In Pwn2Own this year, a single person (Manfred Paul) demonstrated successful exploits for all major browsers: Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge. Chrome alone is used by 3.5 billion people. Today, thanks to Paul, these major security flaws are fixed. Last year, evidently, the majority of people in the world accessed the internet with the door open to potential attackers—despite decades of research in defensive security, despite an abundance of mitigations, despite dedicated red teams. -- But why? Software is entirely virtual and can be described completely: A program’s source code is meant to formally express the programmer’s intention using the syntactic and semantic rules of the programming language. As the behavior of a software system arises from well-defined instructions, we must be able to formally reason about all its properties. Surely there exists an approach that will forever guarantee the security of our systems. Only, we haven't found it, yet? In this keynote, I will explore what fundamentally prevents us from making reliable statements about the security of a software system. I will try to substantiate each argument by demonstrating how the corresponding challenge in our defensive strategies is routinely exploited to attack a system despite credible assurances about the absence of security flaws. After the successful deconstruction of the prevalent philosophy, I will introduce a philosophy of vulnerability-guided hardening, where we seek to falsify claims of security using successful attacks as counterexamples. Bio: Marcel Böhme leads the Software Security research group at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. His group is interested in the automatic discovery of security flaws in software systems at the very large scale. Apart from the development of practical techniques for vulnerability discovery (incl., fuzzing), his group seeks to identify fundamental limits of existing techniques, studies empirical methods (incl. statistical and causal reasoning) for program analysis, and explores the assurances that software testing provides when no bugs are found. Find us at https://mpi-softsec.github.io/.
10:30 - 11:00	Break
11:00 - 12:30	CPS / IoT / Critical Infrastructures Security
Context-Aware Anomaly Detection Using Vehicle Dynamics Chun-Yu Chen, The University of Michigan Kang G. Shin, The University of Michigan Soodeh Dadras, Ford Motor Company Deception-Resistant Stochastic Manufacturing for Automated Production Lines Zeyu Yang, Zhejiang University Hongyi Pu, Zhejiang University Liang He, University of Colorado Denver Chengtao Yao, Zhejiang University Jianying Zhou, Singapore University of Technology and Design Peng Cheng, Zhejiang University Jiming Chen, Zhejiang University Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols Carlotta Tagliaro, TU Wien Martina Komsic, TU Wien Andrea Continella, University of Twente Kevin Borgolte, Ruhr University Bochum Martina Lindorfer, TU Wien CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning Jianing Wang, National University of Singapore Shanqing Guo, Shandong University Wenrui Diao, Shandong University Yue Liu, Southeast University; QI-ANXIN Group Haixin Duan, Tsinghua University; Zhongguancun Laboratory; Quancheng Laboratory Yichen Liu, Indiana University Bloomington Zhenkai Liang, National University of Singapore A Comprehensive, Automated Security Analysis of the Uptane Automotive Over-the-Air Update Framework Robert Lorch, The University of Iowa Daniel Larraz, The University of Iowa Cesare Tinelli, The University of Iowa Omar Chowdhury, Stony Brook University
12:30 - 14:00	Lunch
14:00 - 16:00	Mobile and Hardware Security
Catch You Cause I Can: Busting Rogue Base Stations using CellGuard and the Apple Cell Location Database Lukas Arnold, TU Darmstadt, Secure Mobile Networking Lab Matthias Hollick, TU Darmstadt, Secure Mobile Networking Lab Jiska Classen, Hasso Plattner Institute A Second Look at the Portability of Deep Learning Side-Channel Attacks over EM Traces Mabon Ninan, University of Cincinnati Evan Nimmo, University of Cincinnati Shane Reilly, University of Cincinnati Channing Smith, College of Charleston Wenhai Sun, Purdue University, West Lafayette, USA Boyang Wang, University of Cincinnati John M. Emmert, University of Cincinnati VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel Extensions Luis Gerhorst, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) Henriette Herzog, Ruhr-Universität Bochum (RUB) Peter Wägemann, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) Maximilian Ott, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) Rüdiger Kapitza, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) Timo Hönig, Ruhr-Universität Bochum (RUB) Henriette Hofmeier, Ruhr-Universität Bochum (RUB) Replay-resistant Disk Fingerprinting via Unintentional Electromagnetic Emanations Wenfan Song, Zhejiang University Jianwei Liu, Zhejiang University, Hangzhou City University Yajie Liu, Zhejiang University Jinsong Han, Zhejiang University Prob-Hashcat: Accelerating Probabilistic Password Guessing with Hashcat by Hundreds of Times Ziyi Huang, Nankai University Ding Wang, Nankai University Yunkai Zou, Nankai University Fixing Insecure Cellular System Information Broadcasts For Good Alexander J. Ross, North Carolina State University Bradley Reaves, North Carolina State University Yomna Nasser, Google Gil Cukierman, Google Roger Piqueras Jover, Google
16:00	Closing Remarks

Organized by

polyu

Sponsors

Diamond

KAUST

Platinum