It is trivial to write malicious code that hogs up a particular resource, for example, memory, disk, etc. Such malicious code can be written by intent (in order to degrade the system performance considerably) or by mistake (for example, memory leaks). As an effect of running such code the other applications running on the same machine suffer and their performance degrade considerably. The syste...

Vulnerable Android applications are traditionally exploited via malicious apps. In this paper, we study an underexplored class of Android attacks which do not require the user to install malicious apps, but merely to visit a malicious website in an Android browser. We call them web-to-app injection (or W2AI) attacks, and distinguish between different categories of W2AI sideeffects. To estimate ...

Many areas such as electronic commerce, network management and information retrieval can benefit from the application of mobile agents technologies. The exploitation of mobile agents offers several advantages such as reduction of network latency, asynchronous execution, fault-tolerant behavior. However, a wider use of mobile agents is currently limited by the lack of a comprehensive security fr...

The cloud computing is the architecture in which hosts, virtual machines and users are involved in the communication. The cloud is the decentralized nature due to which malicious nodes enter the network and trigger various types of attacks. The impersonate attack is the denial of service attack and it reduced the efficiency of the cloud architecture. In this work, zombie attack will be isolated...

Ensuring strong security properties in some cases requires participants to carry out tests during the execution of a protocol. A classical example is electronic voting: participants are required to verify the presence of their ballots on a bulletin board, and to verify the computation of the election outcome. The notion of certificate transparency is another example, in which participants in th...

P2P networks have become increasingly popular in the recent years. However, their open, distributed and anonymous nature makes them very vulnerable against malicious users who provide bad responses to requests from other peers. Motivated by this observation, various solutions for distributed reputation systems have been presented recently. In this paper, we describe the first reputation system ...

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alt...

Contribution of this paper is twofold: First we introduce weaknesses of two Mix-nets claimed to be robust in the literature. Since such flaws are due to their weak security definitions, we then present a stronger security definition by regarding a Mix-net as a batch decryption algorithm of a CCA secure public-key encryption scheme. We show two concrete attacks on the schemes proposed in [1] and...

Mobile agent system is a distributed computing environment that is perceived as a flexible alternative to client server technology. Mobile agents can travel autonomously through a computer network in order to perform some computation or gather information on behalf of a human user or an application. This helps in reducing network traffic to a large extent. However, it has not become popular due...

We present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity. Hulk elicits malicious behavior in extensions in two ways. First, Hulk leverages HoneyPages, which are dynamic pages that adapt to an extension’s expectations in web page structure and content. Second, Hulk employs a fuzzer to drive t...