Proceedings of the 6th International Conference on Information Systems Security and Privacy, February 25-27, 2020, in Valletta, Malta
This book contains the proceedings of the 6th International Conference on Information Systems Security and Privacy (ICISSP 2020) held in Valletta, Malta, from the 25th to the 27th of February 2020, which was sponsored by the Institute for Systems and Technologies of Information, Control and Communication (INSTICC). ICISSP 2020 is held in cooperation with the Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI), the Trusted Computing Group, the ISACA Lisbon Chapter, and the European Association for e-Identity and Security (EEMA). The Conference Program included oral presentations (full papers and short papers) and posters, organized in different technical sessions. We are proud to announce that the program also included three plenary keynote lectures, given by internationally distinguished researchers, namely – Sokratis K. Katsikas (Norwegian University of Science and Technology, Norway) Leveraging Blockchain Technology to Enhance Security and Privacy in the Internet of Things, Stefan Schmid (University of Vienna, Austria) Jump, Crawl, Attract, Propagate: Security Challenges in Emerging Communication Networks, and Mauro Barni (Università di Siena, Italy) Backdooring Deep Learning Architectures: Threats and (some) Opportunities. ICISSP 2020 received 114 paper submissions from 36 countries, in all continents. To evaluate each submission, a double-blind paper review was performed by the Program Committee, whose members are highly qualified researchers in ICISSP topic areas. From these, 18 papers were selected for publication and presentation at the Conference as full papers. These numbers, leading to a full-paper acceptance ratio of 16%, show the intention of preserving a high-quality forum for this conference, a quality that we intend to maintain in the future, for the next editions of this conference. A short list of papers presented at the conference will be selected for publication of extended and revised versions in the CCIS (Communications in Computer and Information Science) Series book by Springer. All papers presented at this conference will be available at the SCITEPRESS Digital Library. The Conference was also held in conjunction with the 4th International Workshop on FORmal methods for Security Engineering (ForSE 2020), which contributed to the community with oral presentations (full and short papers), as well as posters, which have also been included in the proceedings book. Furthermore, a short list of revised and extended papers from the workshop will be selected for a special issue of the Journal of Computer Virology and Hacking Techniques, published by Springer. Conferences are also meeting places where collaboration projects can emerge from social contacts amongst the participants. Therefore, in order to promote the development of research and professional networks, the conference includes in its program a Conference Social Event & Banquet in the evening of the 25th of February. We would like to express our thanks to all the people who contributed to ICISSP 2020. First of all to the authors, whose quality work has been essential for this conference; secondly to all members of the Program Committee and auxiliary reviewers, who helped us with their expertise and valuable time; and to Prof. Cinzia Bernardeschi, who chaired the Doctoral Consortium to provide a platform for PhD students to share their work. We would also like to deeply thank the invited speakers for their excellent contribution in sharing their knowledge and vision. Finally, a word of appreciation for the hard work of the Steering Committee: organizing a conference of this level is a task that can only be achieved by the collaborative effort of a dedicated and highly capable team. We wish you all an inspiring conference and an unforgettable stay in the lovely city of Valletta, Malta. We hope to meet you again next year for ICISSP 2021, details of which will soon be available at http://www.icissp.org.
In the domain of web security, websites want to prevent themselves from data gathering performed by automatic programs called bots. In that way, crawler traps are an efficient brake against this kind of programs. By creating similar pages or random content dynamically, crawler traps give fake information to the bot and resulting by wasting time and resources. Nowadays, there is no available bots able to detect the presence of a crawler trap. Our aim was to find a generic solution to escape any type of crawler trap. Since the random generation is potentially endless, the only way to perform crawler trap detection is on the fly. Using machine learning, it is possible to compute the comparison between datasets of webpages extracted from regular websites from those generated by crawler traps. Since machine learning requires to use distances, we designed our system using information theory. We used wild used distances compared to a new one designed to take into account heterogeneous data. Indeed, two pages does not have necessary the same words and it is operationally impossible to know all possible words by advance. To solve our problematic, our new distance compares two webpages and the results showed that our distance is more accurate than other tested distances. By extension, we can say that our distance has a much larger potential range than just crawler traps detection. This opens many new possibilities in the scope of data classification and data mining.
This paper delves into the state of the art of computer virology formalisation then tackles the development of a new malware algorithm. It details how the work leveraged Blockchain to create an undetectable malware depicting two versions of the new malware, starting from a first naive version to achieve an advanced armoured undetectable k-ary malware that leverages decentralized storage namely IPFS. The detection of the new malware algorithm has been proven NP-complete.