An official website of the United States government
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user’s computer and the secure network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of sending a small amount of malicious JavaScript code to the target user’s computer. The malicious code mounts a cache side-channel attack, which exploits the effects of contention on the CPU’s cache, to identify other websites being browsed. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. We show that cache website fingerprinting attacks in JavaScript are highly feasible. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last-level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed-world models. We further show that our attack is more resistant than network-based fingerprinting to the effects of response caching, and that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack. To protect against cache-based website fingerprinting, new defense mechanisms must be introduced to privacy-sensitive browsers and websites. We investigate one such mechanism, and show that generating artificial cache activity reduces the effectiveness of the attack and completely eliminates it when used in the Tor Browser
more »
« less
Local alliances and rivalries shape near-repeat terror activity of al-Qaeda, ISIS, and insurgents
We study the spatiotemporal correlation of terrorist attacks by al-Qaeda, the Islamic State of Iraq and Syria (ISIS), and local insurgents, in six geographical areas identified via k-means clustering applied to the Global Terrorism Database. All surveyed organizations exhibit near-repeat activity whereby a prior attack increases the likelihood of a subsequent one by the same group within 20 km and on average 4 (al-Qaeda) to 10 (ISIS) weeks. Near-response activity, whereby an attack by a given organization elicits further attacks from a different one, is found to depend on the adversarial, neutral, or collaborative relationship between the two. When in conflict, local insurgents respond quickly to attacks by global terror groups while global terror groups delay their responses to local insurgents, leading to an asymmetric dynamic. When neutral or allied, attacks by one group enhance the response likelihood of the other, regardless of hierarchy. These trends arise consistently in all clusters for which data are available. Government intervention and spillover effects are also discussed; we find no evidence of outbidding. Understanding the regional dynamics of terrorism may be greatly beneficial in policy making and intervention design.
more »
« less
- Award ID(s):
- 1814090
- PAR ID:
- 10240319
- Date Published:
- Journal Name:
- Proceedings of the National Academy of Sciences
- Volume:
- 116
- Issue:
- 42
- ISSN:
- 0027-8424
- Page Range / eLocation ID:
- 20898 to 20903
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
In November 2001, a nationally representative sample of Americans (N = 973, ages 13–88), queried via WebTVs at home, judged the probability of five terror-related events (e.g., being injured in an attack) and three “routine” risks (e.g., being a victim of other violent crime), in the following 12 months. Judgments of terror risks, but not routine risks, were related to whether respondents were within 100 mi of the World Trade Center. This relationship was found only in the following demographic groups, and not their complements: men, adults, whites, and Republicans. These differential responses to risk have both theoretical and policy implications.more » « less
-
null (Ed.)Terrorist attacks carried out by individuals or single cells have significantly accelerated over the last 20 years. This type of terrorism, defined as lone-actor (LA) terrorism, stands as one of the greatest security threats of our time. Research on LA behavior and characteristics has emerged and accelerated over the last decade. While these studies have produced valuable information on demographics, behavior, classifications, and warning signs, the relationship among these characters are yet to be addressed. Moreover, the means of radicalization and attacking have changed over decades. This study first identifies 25 binary behavioral characteristics of LAs and analyzes 192 LAs recorded on three different databases. Next, the classification is carried out according to first ideology, then to incident scene behavior via a virtual attacker-defender game, and, finally, according to the clusters obtained from the data. In addition, within each class, statistically significant associations and temporal relations are extracted using the A-priori algorithm. These associations would be instrumental in identifying the attacker type and intervene at the right time. The results indicate that while pre-9/11 LAs were mostly radicalized by the people in their environment, post-9/11 LAs are more diverse. Furthermore, the association chains for different LA types present unique characteristic pathways to violence and after-attack behavior.more » « less
-
null (Ed.)Federated learning (FL) is an emerging machine learning paradigm. With FL, distributed data owners aggregate their model updates to train a shared deep neural network collaboratively, while keeping the training data locally. However, FL has little control over the local data and the training process. Therefore, it is susceptible to poisoning attacks, in which malicious or compromised clients use malicious training data or local updates as the attack vector to poison the trained global model. Moreover, the performance of existing detection and defense mechanisms drops significantly in a scaled-up FL system with non-iid data distributions. In this paper, we propose a defense scheme named CONTRA to defend against poisoning attacks, e.g., label-flipping and backdoor attacks, in FL systems. CONTRA implements a cosine-similarity-based measure to determine the credibility of local model parameters in each round and a reputation scheme to dynamically promote or penalize individual clients based on their per-round and historical contributions to the global model. With extensive experiments, we show that CONTRA significantly reduces the attack success rate while achieving high accuracy with the global model. Compared with a state-of-the-art (SOTA) defense, CONTRA reduces the attack success rate by 70% and reduces the global model performance degradation by 50%.more » « less
-
Dragonfly networks have been proposed to exploit high-radix routers and optical links for high performance computing (HPC) systems. Such networks divide the switches into groups, with a local link between each pair of switches in a group and a global link between each group. Which specific switch serves as the endpoint of each global link is determined by the network’s global link arrangement. We propose two new global link arrangements, each designed using intuition of how to optimize bisection bandwidth when global links have high bandwidth relative to local links. Despite this, the new arrangements generally outperform previously-known arrangements for all bandwidth relationships.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1073/pnas.1904418116
