Anna Shubina scite author profile

Anna Shubina

5Publications

135Citation Statements Received

70Citation Statements Given

How they've been cited

218

133

How they cite others

Affiliations

Dartmouth College, Dartmouth Hospital

Publications

Order By: Most citations

On the reliability of wireless fingerprinting using clock skews

Arackaparambil

Bratus

Shubina

et al. 2010

View full text Add to dashboard Cite

Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points.We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.

show abstract

Automated mapping of large binary objects using primitive fragment type classification

Conti

Bratus

Shubina

et al. 2010

Digital Investigation

View full text Add to dashboard Cite

Teaching the principles of the hacker curriculum to undergraduates

Bratus

Shubina

Locasto

2010

View full text Add to dashboard Cite

The "Hacker Curriculum" exists as a mostly undocumented set of principles and methods for learning about information security. Hacking, in our view, is defined by the ability to question the trust assumptions in the design and implementation of computer systems rather than any negative use of such skills.Chief among these principles and methods are two useful pedagogical techniques: (1) developing a cross-layer view of systems (one unconstrained by API definitions or traditional subject matter boundaries) and (2) understanding systems by analyzing their failure modes (this approach works well with learning networking concepts and assessing software vulnerabilities). Both techniques provide a rich contrast to traditional teaching approaches, particularly for information security topics.We relate our experience applying Hacker Curriculum principles to education and training programs for undergraduates, including the Secure Information Systems Mentoring and Training (SISMAT) program and the Cyber Security Initiative at Dartmouth College, which allows undergraduates to perform supervised red team activities on Dartmouth's production systems.

show abstract

Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier

Bratus

Darley

Locasto

et al. 2014

IEEE Secur. Privacy

View full text Add to dashboard Cite

Distributed monitoring of conditional entropy for anomaly detection in streams

Arackaparambil

Bratus

Brody

et al. 2010

View full text Add to dashboard Cite

Abstract-In this work we consider the problem of monitoring information streams for anomalies in a scalable and efficient manner. We study the problem in the context of network streams where the problem has received significant attention.Monitoring the empirical Shannon entropy of a feature in a network packet stream has previously been shown to be useful in detecting anomalies in the network traffic. Entropy is an information-theoretic statistic that measures the variability of the feature under consideration. Anomalous activity in network traffic can be captured by detecting changes in this variability.There are several challenges, however, in monitoring this statistic. Computing the statistic efficiently is non-trivial. Further, when monitoring multiple features, the streaming algorithms proposed previously would likely fail to keep up with the everincreasing channel bandwidth of network traffic streams. There is also the concern that an adversary could attempt to mask the effect of his attacks on variability by a mimicry attack disguising his traffic to mimic the distribution of normal traffic in the network, thus avoiding detection by an entropy monitoring sensor. Also, the high rate of false positives is a big problem with Intrusion Detection Systems, and the case of entropy monitoring is no different.In this work we propose a way to address the above challenges. First, we leverage recent progress in sketching algorithms to develop a distributed approach for computing entropic statistics accurately, at reasonable memory costs. Secondly, we propose monitoring not only regular entropy, but the related statistic of conditional entropy, as a more reliable measure in detecting anomalies. We implement our approach and evaluate it with real data collected at the link layer of an 802.11 wireless network.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Anna Shubina

On the reliability of wireless fingerprinting using clock skews

Automated mapping of large binary objects using primitive fragment type classification

Teaching the principles of the hacker curriculum to undergraduates

Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier

Distributed monitoring of conditional entropy for anomaly detection in streams

Contact Info

Product

Resources

About