Detection of intrusions and malware, and vulnerability assessment : 16th International Conference, DIMVA 2019, Gothenburg, Sweden, June 19-20, 2019, proceedings

This book constitutes the proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019, held in Gothenburg, Sweden, in June 2019. The 23 full papers presented in this volume were carefully reviewed and selected from 80 submissions. The contributions were organized in topical sections named: wild wild web; cyber-physical systems; malware; software security and binary analysis; network security; and attack mitigation.

Wild Wild Web.- Wild Extensions: Discovering and Analyzing Unlisted Chrome Extensions.- New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild.- Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting.- On the Perils of Leaking Referrers in Online Collaboration Services.- Cyber-Physical Systems.- Detecting, Fingerprinting and Tracking Reconnaissance Campaigns Targeting Industrial Control Systems.- Overshadow PLC to Detect Remote Control-Logic Injection Attacks.- A Security Evaluation of Industrial Radio Remote Controllers.- Understanding the Security of Traffic Signal Infrastructure.- Malware.- Practical Enclave Malware with Intel SGX.- How does Malware Use RDTSC? A Study on Operations Executed by Malware for CPU Cycle Measurement.- On Deception-Based Protection Against Cryptographic Ransomware.- PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware.- Software Security and Binary Analysis.- Memory Categorization: Separating Attacker-Controlled Data.- TypeMiner: Recovering Types in Binary Programs using Machine Learning.- SAFE: Self-Attentive Function Embeddings for Binary Similarity.- Triggerflow: Regression Testing by Advanced Execution Path Inspection.- Network Security.- Large-scale Analysis of Infrastructure-leaking DNS Servers.- Security In Plain TXT: Observing the Use of DNS TXT Records in the Wild.- No Need to Marry to Change Your Name! Attacking Profinet IO Automation Networks Using DCP.- DPX: Data-Plane eXtensions for SDN Security Service Instantiation.- Attack Mitigation.- Practical Password Hardening based on TLS.- Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks.- BinTrimmer: Towards Static Binary Debloating through Abstract Interpretation.