Carolina Zarate scite author profile

Carolina Zarate

5Publications

9Citation Statements Received

62Citation Statements Given

How they've been cited

How they cite others

Affiliations

Carnegie Mellon University

Publications

Order By: Most citations

Towards Oblivious Network Analysis using Generative Adversarial Networks

Lin

Moon

Zarate

et al. 2019

View full text Add to dashboard Cite

Modern systems across diverse application domains (e.g., IoT, automotive) have many black-box devices whose internal structures and/or protocol formats are unknown. We currently lack the tools to systematically understand the behavior and learn the security weaknesses of these black-box devices. Such tools could enable many use cases, such as: 1) identifying input packets that lead to network attacks; and 2) inferring the format of unknown protocols. Our goal is to enable oblivious network analysis which can perform the aforementioned tasks for black-box devices. In this work, we explore the use of a recent machine learning tool called generative adversarial networks (GANs) [16] to enable this vision. Unlike other competing approaches, GANs can work in a truly black-box setting and can infer complex dependencies between protocol fields with little to no supervision. We leverage GANs to show the preliminary use cases of our approaches using two case studies: 1) generating synthetic protocol messages given only samples of messages; and 2) generating attack inputs for a black-box system. While there are still many open challenges, our results suggest the early

show abstract

A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data

Zarate¹,

Garfinkel²,

Heffernan³

et al. 2014

View full text Add to dashboard Cite

The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden The Department of the Navy Approved for public release; distribution is unlimited.The views expressed in this report are those of the author and do not reflect the official policy or position of the Department of Defense or the U.S. Government.To determine the usage of XOR and the need to adapt additional tools, we analyzed 2,411 drive images from devices acquired around the world for the use of bytewise XOR as an obfuscation technique. Using a modified version of the open source digital forensics tool bulk˙extractor, evidence of XOR obfuscation was found on 698 drive images, with a maximum of 21,031 XOR-obfuscated features on a single drive. XOR usage in our corpus was observed in files with timestamps between the years 1995 and 2009, but the majority use was found in unallocated space. On the corpus tested, XOR obfuscation was used to circumvent malware detection and reverse engineering, to hide information that was apparently being exfiltrated, and by malware detection tools for their quarantine directory and to distribute malware signatures. We conclude that XOR obfuscation is important to consider when performing malware investigations. To determine the usage of XOR and the need to adapt additional tools, we analyzed 2,411 drive images from devices acquired around the world for the use of bytewise XOR as an obfuscation technique. Using a modified version of the open source digital forensics tool bulk_extractor, evidence of XOR obfuscation was found on 698 drive images, with a maximum of 21,031 XOR-obfuscated features on a single drive. XOR usage in our corpus was observed in files with timestamps between the years 1995 and 2009, but the majority use was found in unallocated space. On the corpus tested, XOR obfuscation was used to circumvent malware detection and reverse engineering, to hide information that was apparently being exfiltrated, and by malware detection tools for their quarantine directory and to distribute malware signatures. We conclude that XOR obfuscation is important to consider when performing malware investigations.

show abstract

Analysis of the Use of XOR as an Obfuscation Technique in a Real Data Corpus

Zarate

Garfinkel

Heffernan

et al. 2014

View full text Add to dashboard Cite

ProtoGANist: Protocol Reverse Engineering using Generative Adversarial Networks

Zarate¹

2019

View full text Add to dashboard Cite

Oh, What a Fragile Web We Weave: Third-party Service Dependencies In Modern Webservices and Implications

Kashaf¹,

Zarate²,

Hanrou³

et al. 2018

Preprint

View full text Add to dashboard Cite

The recent October 2016 DDoS attack on Dyn served as a wakeup call to the security community as many popular and independent webservices (e.g., Twitter, Spotify) were impacted. This incident raises a larger question on the fragility of modern webservices due to their dependence on third-party services. In this paper, we characterize the dependencies of popular webservices on third party services and how these can lead to DoS, RoQ attacks and reduction in security posture. In particular, we focus on three critical infrastructure services: DNS, CDNs, and certificate authorities (CAs). We analyze both direct relationships (e.g., Twitter uses Dyn) and indirect dependencies (e.g.,Netflix uses Symantec as OCSP and Symantec in turn uses Verisign for DNS).Our key findings are: (1) 73.14% of the top 100,000 popular services are vulnerable to reduction in availability due to potential attacks on third-party DNS, CDN, CA services that they exclusively rely on; (2) the use of third-party services is concentrated, so that if the top-10 providers of CDN, DNS and OCSP services go down, they can potentially impact 25%-46% of the top 100K most popular web services; (3) transitive dependencies significantly increase the set of webservices that exclusively depend on popular CDN and DNS service providers, in some cases by ten times (4) targeting even less popular webservices can potentially cause significant collateral damage, affecting upto 20% of the top-100K webservices due to their shared dependencies. Based on our findings, we present a number of key implications and guidelines to guard against such Internetscale incidents in the future.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Carolina Zarate

Towards Oblivious Network Analysis using Generative Adversarial Networks

A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data

Analysis of the Use of XOR as an Obfuscation Technique in a Real Data Corpus

ProtoGANist: Protocol Reverse Engineering using Generative Adversarial Networks

Oh, What a Fragile Web We Weave: Third-party Service Dependencies In Modern Webservices and Implications

Contact Info

Product

Resources

About