* update 2023-11-16 06:16:37

arXiv_db/Malware/2023.md

@@ -3238,3 +3238,27 @@
 
 </details>
 
+<details>
+
+<summary>2023-11-13 20:46:12 - Measuring CDNs susceptible to Domain Fronting</summary>
+
+- *Karthika Subramani, Roberto Perdisci, Pierros Skafidas*
+
+- `2310.17851v3` - [abs](http://arxiv.org/abs/2310.17851v3) - [pdf](http://arxiv.org/pdf/2310.17851v3)
+
+> Domain fronting is a network communication technique that involves leveraging (or abusing) content delivery networks (CDNs) to disguise the final destination of network packets by presenting them as if they were intended for a different domain than their actual endpoint. This technique can be used for both benign and malicious purposes, such as circumventing censorship or hiding malware-related communications from network security systems. Since domain fronting has been known for a few years, some popular CDN providers have implemented traffic filtering approaches to curb its use at their CDN infrastructure. However, it remains unclear to what extent domain fronting has been mitigated.   To better understand whether domain fronting can still be effectively used, we propose a systematic approach to discover CDNs that are still prone to domain fronting. To this end, we leverage passive and active DNS traffic analysis to pinpoint domain names served by CDNs and build an automated tool that can be used to discover CDNs that allow domain fronting in their infrastructure. Our results reveal that domain fronting is feasible in 22 out of 30 CDNs that we tested, including some major CDN providers like Akamai and Fastly. This indicates that domain fronting remains widely available and can be easily abused for malicious purposes.
+
+</details>
+
+<details>
+
+<summary>2023-11-13 21:21:39 - Ransomware Detection Using Federated Learning with Imbalanced Datasets</summary>
+
+- *Aldin Vehabovic, Hadi Zanddizari, Nasir Ghani, G. Javidi, S. Uluagac, M. Rahouti, E. Bou-Harb, M. Safaei Pour*
+
+- `2311.07760v1` - [abs](http://arxiv.org/abs/2311.07760v1) - [pdf](http://arxiv.org/pdf/2311.07760v1)
+
+> Ransomware is a type of malware which encrypts user data and extorts payments in return for the decryption keys. This cyberthreat is one of the most serious challenges facing organizations today and has already caused immense financial damage. As a result, many researchers have been developing techniques to counter ransomware. Recently, the federated learning (FL) approach has also been applied for ransomware analysis, allowing corporations to achieve scalable, effective detection and attribution without having to share their private data. However, in reality there is much variation in the quantity and composition of ransomware data collected across multiple FL client sites/regions. This imbalance will inevitably degrade the effectiveness of any defense mechanisms. To address this concern, a modified FL scheme is proposed using a weighted cross-entropy loss function approach to mitigate dataset imbalance. A detailed performance evaluation study is then presented for the case of static analysis using the latest Windows-based ransomware families. The findings confirm improved ML classifier performance for a highly imbalanced dataset.
+
+</details>
+