Full Chapter Security and Privacy in Communication Networks 16Th Eai International Conference Securecomm 2020 Washington DC Usa October 21 23 2020 Proceedings Part I Noseong Park PDF

Security and Privacy in Communication
Networks 16th EAI International

Conference SecureComm 2020
Washington DC USA October 21 23
2020 Proceedings Part I Noseong Park
Visit to download the full and correct content document:
https://textbookfull.com/product/security-and-privacy-in-communication-networks-16th
-eai-international-conference-securecomm-2020-washington-dc-usa-october-21-23-2
020-proceedings-part-i-noseong-park/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Security and Privacy in Communication Networks 16th EAI

International Conference SecureComm 2020 Washington DC
USA October 21 23 2020 Proceedings Part II Noseong Park
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-16th-eai-international-conference-
securecomm-2020-washington-dc-usa-october-21-23-2020-proceedings-
part-ii-noseong-park/
Security and Privacy in Communication Networks 15th EAI

International Conference SecureComm 2019 Orlando FL USA
October 23 25 2019 Proceedings Part II Songqing Chen
communication-networks-15th-eai-international-conference-
securecomm-2019-orlando-fl-usa-october-23-25-2019-proceedings-
part-ii-songqing-chen/
Social Cultural and Behavioral Modeling 13th

International Conference SBP BRiMS 2020 Washington DC
USA October 18 21 2020 Proceedings Robert Thomson
https://textbookfull.com/product/social-cultural-and-behavioral-
modeling-13th-international-conference-sbp-brims-2020-washington-
dc-usa-october-18-21-2020-proceedings-robert-thomson/
Security and Privacy in Communication Networks 14th

International Conference SecureComm 2018 Singapore
Singapore August 8 10 2018 Proceedings Part I Raheem
Beyah
communication-networks-14th-international-conference-
securecomm-2018-singapore-singapore-august-8-10-2018-proceedings-
International Conference SecureComm 2016 Guangzhou
China October 10 12 2016 Proceedings 1st Edition Robert
Deng
securecomm-2016-guangzhou-china-
october-10-12-2016-proceedings-1st-edition-robert-deng/

International Conference SecureComm 2018 Singapore
Singapore August 8 10 2018 Proceedings Part II Raheem
Beyah
securecomm-2018-singapore-singapore-august-8-10-2018-proceedings-
part-ii-raheem-beyah/
Intelligent Computing Theories and Application 16th

International Conference ICIC 2020 Bari Italy October 2
5 2020 Proceedings Part I De-Shuang Huang
https://textbookfull.com/product/intelligent-computing-theories-
and-application-16th-international-conference-icic-2020-bari-
italy-october-2-5-2020-proceedings-part-i-de-shuang-huang/
Computer Aided Verification 32nd International

Conference CAV 2020 Los Angeles CA USA July 21 24 2020
Proceedings Part I Shuvendu K. Lahiri
https://textbookfull.com/product/computer-aided-
verification-32nd-international-conference-cav-2020-los-angeles-
ca-usa-july-21-24-2020-proceedings-part-i-shuvendu-k-lahiri/
Applied Cryptography and Network Security 18th

International Conference ACNS 2020 Rome Italy October
19 22 2020 Proceedings Part I Mauro Conti
https://textbookfull.com/product/applied-cryptography-and-
network-security-18th-international-conference-acns-2020-rome-
italy-october-19-22-2020-proceedings-part-i-mauro-conti/
Noseong Park · Kun Sun ·
Sara Foresti · Kevin Butler ·
Nitesh Saxena (Eds.)
335
Security and Privacy

in Communication
Networks
16th EAI International Conference, SecureComm 2020
Washington, DC, USA, October 21–23, 2020
Proceedings, Part I
Part 1
Lecture Notes of the Institute
for Computer Sciences, Social Informatics
and Telecommunications Engineering 335
Editorial Board Members

Ozgur Akan
Middle East Technical University, Ankara, Turkey
Paolo Bellavista
University of Bologna, Bologna, Italy
Jiannong Cao
Hong Kong Polytechnic University, Hong Kong, China
Geoffrey Coulson
Lancaster University, Lancaster, UK
Falko Dressler
University of Erlangen, Erlangen, Germany
Domenico Ferrari
Università Cattolica Piacenza, Piacenza, Italy
Mario Gerla
UCLA, Los Angeles, USA
Hisashi Kobayashi
Princeton University, Princeton, USA
Sergio Palazzo
University of Catania, Catania, Italy
Sartaj Sahni
University of Florida, Gainesville, USA
Xuemin (Sherman) Shen
University of Waterloo, Waterloo, Canada
Mircea Stan
University of Virginia, Charlottesville, USA
Xiaohua Jia
City University of Hong Kong, Kowloon, Hong Kong
Albert Y. Zomaya
University of Sydney, Sydney, Australia
More information about this series at http://www.springer.com/series/8197
Noseong Park Kun Sun
• •
Sara Foresti Kevin Butler

• •
Nitesh Saxena (Eds.)
Security and Privacy

in Communication
Networks
16th EAI International Conference, SecureComm 2020
Washington, DC, USA, October 21–23, 2020
Proceedings, Part I
123
Editors
Noseong Park Kun Sun
Yonsei University George Mason University
Seoul, Korea (Republic of) Fairfax, VA, USA
Sara Foresti Kevin Butler
Dipartimento di Informatica University of Florida
Universita degli Studi Gainesville, FL, USA
Milan, Milano, Italy
Nitesh Saxena
Division of Nephrology
University of Alabama
Birmingham, AL, USA
ISSN 1867-8211 ISSN 1867-822X (electronic)

Lecture Notes of the Institute for Computer Sciences, Social Informatics
and Telecommunications Engineering
ISBN 978-3-030-63085-0 ISBN 978-3-030-63086-7 (eBook)
https://doi.org/10.1007/978-3-030-63086-7
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, expressed or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.
This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
We are delighted to introduce the proceedings of the 16th EAI International Conference
on Security and Privacy in Communication Networks (SecureComm 2020). This
conference has brought together researchers, developers, and practitioners from around
the world who are leveraging and developing security and privacy technology for a safe
and robust system or network.
These proceedings contain 60 papers, which were selected from 120 submissions
(an acceptance rate of 50%) from universities, national laboratories, and the private
sector from across the USA as well as other countries in Europe and Asia. All the
submissions went through an extensive review process by internationally-recognized
experts in cybersecurity.
Any successful conference requires the contributions of different stakeholder groups
and individuals, who have selflessly volunteered their time and energy in disseminating
the call for papers, submitting their research findings, participating in the peer reviews
and discussions, etc. First and foremost, we would like to offer our gratitude to the
entire Organizing Committee for guiding the entire process of the conference. We are
also deeply grateful to all the Technical Program Committee members for their time
and effort in reading, commenting, debating, and finally selecting the papers. We also
thank all the external reviewers for assisting the Technical Program Committee in their
particular areas of expertise as well as all the authors, participants, and session chairs
for their valuable contributions. Support from the Steering Committee and EAI staff
members was also crucial in ensuring the success of the conference. It was a great
privilege to work with such a large group of dedicated and talented individuals.
We hope that you found the discussions and interactions at SecureComm 2020,
which was held online, enjoyable and that the proceedings will simulate further
research.
October 2020 Kun Sun

Sara Foresti
Kevin Butler
Nitesh Saxena
Organization
Steering Committee
Imrich Chlamtac University of Trento, Italy
Guofei Gu Texas A&M University, USA
Peng Liu Penn State University, USA
Sencun Zhu Penn State University, USA
Organizing Committee
General Co-chairs
Kun Sun George Mason University, USA
Sara Foresti Università degli Studi di Milano, Italy
TPC Chair and Co-chair

Kevin Butler University of Florida, USA
Nitesh Saxena University of Alabama at Birmingham, USA
Sponsorship and Exhibit Chair

Liang Zhao George Mason University, USA
Local Chair
Hemant Purohit George Mason University, USA
Workshops Chair
Qi Li Tsinghua University, China
Publicity and Social Media Chairs

Emanuela Marasco George Mason University, USA
Carol Fung Virginia Commonwealth University, USA
Publications Chair
Noseong Park Yonsei University, South Korea
Web Chair
Pengbin Feng George Mason University, USA
Panels Chair
Massimiliano Albanese George Mason University, USA
viii Organization
Tutorials Chair
Fabio Scotti Università degli Studi di Milano, Italy
Technical Program Committee

Adwait Nadkarni William & Mary, USA
Amro Awad Sandia National Laboratories, USA
An Wang Case Western Reserve University, USA
Aziz Mohaisen University of Central Florida, USA
Birhanu Eshete University of Michigan - Dearborn, USA
Byron Williams University of Florida, USA
Cliff Zou University of Central Florida, USA
Cong Wang City University of Hong Kong, Hong Kong
Daniel Takabi Georgia State University, USA
Dave (Jing) Tian Purdue University, USA
David Barrera Carleton University, Canada
Debin Gao Singapore Management University, Singapore
Dinghao Wu Penn State University, USA
Eric Chan-Tin Loyola University Chicago, USA
Eugene Vasserman Kansas State University, USA
Fatima M. Anwar University of Massachusetts Amherst, USA
Fengyuan Xu Nanjing University, China
Girish Revadigar University of New South Wales, Australia
Gokhan Kul University of Massachusetts Dartmouth, USA
Huacheng Zeng University of Louisville, USA
Hyoungshick Kim Sungkyunkwan University, South Korea
Jeffrey Spaulding Canisius College, USA
Jian Liu The University of Tennessee at Knoxville, USA
Jiawei Yuan University of Massachusetts Dartmouth, USA
Jun Dai California State University, Sacramento, USA
Kai Bu Zhejiang University, China
Kai Chen Institute of Information Engineering, Chinese Academy
of Sciences, China
Karim Elish Florida Polytechnic University, USA
Kuan Zhang University of Nebraska-Lincoln, USA
Le Guan University of Georgia, USA
Maliheh Shirvanian Visa Research, USA
Martin Strohmeier University of Oxford, UK
Mengjun Xie The University of Tennessee at Chattanooga, USA
Mohamed Shehab University of North Carolina at Charlotte, USA
Mohammad Mannan Concordia University, Canada
Murtuza Jadliwala The University of Texas at San Antonio, USA
Neil Gong Duke University, USA
Patrick McDaniel Penn State University, USA
Pierangela Samarati Università degli Studi di Milano, Italy
Organization ix
Qiang Tang New Jersey Institute of Technology, USA

Rongxing Lu University of New Brunswick, Canada
Sankardas Roy Bowling Green State University, USA
Selcuk Uluagac Florida International University, USA
Seungwon Shin KAIST, South Korea
Shouhuai Xu The University of Texas at San Antonio, USA
Simon Woo SUNY Korea, South Korea
Suzanne Wetzel Stevens Institute of Technology, USA
Taegyu Kim Purdue University, USA
Thomas Moyer University of North Carolina at Charlotte, USA
Tzipora Halevi Brooklyn College, USA
Vinnie Monaco Naval Postgraduate School, USA
Wenhai Sun Purdue University, USA
Wenjing Lou Virginia Polytechnic Institute and State University,
USA
Wensheng Zhang Iowa State University, USA
Xiao Zhang Palo Alto Networks, USA
Xingliang Yuan Monash University, Australia
Yanchao Zhang Arizona State University, USA
Yingying Chen Rutgers University, USA
Yinzhi Cao Johns Hopkins University, USA
Yong Guan Iowa State University, USA
Yuan (Alex) Zhang Nanjing University, China
Yuan Zhang Fudan University, China
Z. Berkay Celik Purdue University, USA
Zhiqiang Lin Ohio State University, USA
Contents – Part I
Email Address Mutation for Proactive Deterrence Against Lateral

Spear-Phishing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Md Mazharul Islam, Ehab Al-Shaer,
and Muhammad Abdul Basit Ur Rahim
ThreatZoom: Hierarchical Neural Network for CVEs

to CWEs Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Ehsan Aghaei, Waseem Shadid, and Ehab Al-Shaer
Detecting Dictionary Based AGDs Based on Community Detection . . . . . . . 42

Qianying Shen and Futai Zou
On the Accuracy of Measured Proximity of Bluetooth-Based Contact

Tracing Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Qingchuan Zhao, Haohuang Wen, Zhiqiang Lin, Dong Xuan,
and Ness Shroff
A Formal Verification of Configuration-Based Mutation Techniques

for Moving Target Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Muhammad Abdul Basit Ur Rahim, Ehab Al-Shaer, and Qi Duan
Coronavirus Contact Tracing App Privacy: What Data Is Shared

by the Singapore OpenTrace App? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Douglas J. Leith and Stephen Farrell
The Maestro Attack: Orchestrating Malicious Flows with BGP . . . . . . . . . . . 97

Tyler McDaniel, Jared M. Smith, and Max Schuchard
pyDNetTopic: A Framework for Uncovering What Darknet Market Users

Talking About . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Jingcheng Yang, Haowei Ye, and Futai Zou
MisMesh: Security Issues and Challenges in Service Meshes . . . . . . . . . . . . 140

Dalton A. Hahn, Drew Davidson, and Alexandru G. Bardas
The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels . . . . 152
Fatemeh Rezaei, Shahrzad Naseri, Ittay Eyal, and Amir Houmansadr
MAAN: A Multiple Attribute Association Network for Mobile Encrypted

Traffic Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Fengzhao Shi, Chao Zheng, Yiming Cui, and Qingyun Liu
xii Contents – Part I
Assessing Adaptive Attacks Against Trained JavaScript Classifiers . . . . . . . . 190

Niels Hansen, Lorenzo De Carli, and Drew Davidson
An Encryption System for Securing Physical Signals. . . . . . . . . . . . . . . . . . 211

Yisroel Mirsky, Benjamin Fedidat, and Yoram Haddad
A Cooperative Jamming Game in Wireless Networks Under Uncertainty . . . . 233

Zhifan Xu and Melike Baykal-Gürsoy
SmartSwitch: Efficient Traffic Obfuscation Against Stream Fingerprinting . . . 255

Haipeng Li, Ben Niu, and Boyang Wang
Misreporting Attacks in Software-Defined Networking. . . . . . . . . . . . . . . . . 276

Quinn Burke, Patrick McDaniel, Thomas La Porta, Mingli Yu,
and Ting He
A Study of the Privacy of COVID-19 Contact Tracing Apps . . . . . . . . . . . . 297

Haohuang Wen, Qingchuan Zhao, Zhiqiang Lin, Dong Xuan,
and Ness Shroff
Best-Effort Adversarial Approximation of Black-Box Malware Classifiers . . . 318

Abdullah Ali and Birhanu Eshete
Review Trade: Everything Is Free in Incentivized Review Groups. . . . . . . . . 339

Yubao Zhang, Shuai Hao, and Haining Wang
Integrity: Finding Integer Errors by Targeted Fuzzing . . . . . . . . . . . . . . . . . 360

Yuyang Rong, Peng Chen, and Hao Chen
Improving Robustness of a Popular Probabilistic Clustering Algorithm

Against Insider Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Sayed M. Saghaian N. E., Tom La Porta, Simone Silvestri,
and Patrick McDaniel
Automated Bystander Detection and Anonymization

in Mobile Photography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
David Darling, Ang Li, and Qinghua Li
SmartWiFi: Universal and Secure Smart Contract-Enabled WiFi Hotspot . . . . 425

Nikolay Ivanov, Jianzhi Lou, and Qiben Yan
ByPass: Reconsidering the Usability of Password Managers . . . . . . . . . . . . . 446

Elizabeth Stobert, Tina Safaie, Heather Molyneaux,
Mohammad Mannan, and Amr Youssef
Anomaly Detection on Web-User Behaviors Through Deep Learning . . . . . . 467

Jiaping Gui, Zhengzhang Chen, Xiao Yu, Cristian Lumezanu,
and Haifeng Chen
Contents – Part I xiii
Identity Armour: User Controlled Browser Security. . . . . . . . . . . . . . . . . . . 474

Ross Copeland and Drew Davidson
Connecting Web Event Forecasting with Anomaly Detection: A Case Study

on Enterprise Web Applications Using Self-supervised Neural Networks . . . . 481
Xiaoyong Yuan, Lei Ding, Malek Ben Salem, Xiaolin Li, and Dapeng Wu
Performance Analysis of Elliptic Curves for VoIP Audio Encryption Using

a Softphone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Nilanjan Sen, Ram Dantu, and Mark Thompson
TCNN: Two-Way Convolutional Neural Network for Image Steganalysis . . . 509

Zhili Chen, Baohua Yang, Fuhu Wu, Shuai Ren, and Hong Zhong
PrivyTRAC – Privacy and Security Preserving Contact Tracing System . . . . . 515

Ssu-Hsin Yu
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

Contents – Part II
A Practical Machine Learning-Based Framework to Detect DNS Covert

Communication in Enterprises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Ruming Tang, Cheng Huang, Yanti Zhou, Haoxian Wu, Xianglin Lu,
Yongqian Sun, Qi Li, Jinjin Li, Weiyao Huang, Siyuan Sun, and Dan Pei
CacheLoc: Leveraging CDN Edge Servers for User Geolocation . . . . . . . . . . 22

Mingkui Wei, Khaled Rabieh, and Faisal Kaleem
Modeling Mission Impact of Cyber Attacks on Energy Delivery Systems. . . . 41

Md Ariful Haque, Sachin Shetty, Charles A. Kamhoua,
and Kimberly Gold
Identifying DApps and User Behaviors on Ethereum via Encrypted Traffic . . . 62

Yu Wang, Zhenzhen Li, Gaopeng Gou, Gang Xiong, Chencheng Wang,
and Zhen Li
TransNet: Unseen Malware Variants Detection Using Deep

Transfer Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Candong Rong, Gaopeng Gou, Mingxin Cui, Gang Xiong, Zhen Li,
and Li Guo
A Brokerage Approach for Secure Multi-Cloud Storage

Resource Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Muhammad Ihsan Haikal Sukmana, Kennedy Aondona Torkura,
Sezi Dwi Sagarianti Prasetyo, Feng Cheng, and Christoph Meinel
On the Effectiveness of Behavior-Based Ransomware Detection . . . . . . . . . . 120

Jaehyun Han, Zhiqiang Lin, and Donald E. Porter
POQ: A Consensus Protocol for Private Blockchains Using Intel SGX . . . . . . 141
Golam Dastoger Bashar, Alejandro Anzola Avila, and Gaby G. Dagher
Share Withholding in Blockchain Mining. . . . . . . . . . . . . . . . . . . . . . . . . . 161

Sang-Yoon Chang
PEDR: A Novel Evil Twin Attack Detection Scheme Based on Phase

Error Drift Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Jiahui Zhang, Qian Lu, Ruobing Jiang, and Haipeng Qu
Differentially Private Social Graph Publishing for Community Detection . . . . 208

Xuebin Ma, Jingyu Yang, and Shengyi Guan
xvi Contents – Part II
LaaCan: A Lightweight Authentication Architecture for Vehicle Controller

Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Syed Akib Anwar Hridoy and Mohammad Zulkernine
A Machine Learning Based Smartphone App for GPS Spoofing Detection . . . 235
Javier Campos, Kristen Johnson, Jonathan Neeley, Staci Roesch,
Farha Jahan, Quamar Niyaz, and Khair Al Shamaileh
AOMDroid: Detecting Obfuscation Variants of Android Malware Using

Transfer Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Yu Jiang, Ruixuan Li, Junwei Tang, Ali Davanian, and Heng Yin
ML-Based Early Detection of IoT Botnets . . . . . . . . . . . . . . . . . . . . . . . . . 254

Ayush Kumar, Mrinalini Shridhar, Sahithya Swaminathan,
and Teng Joon Lim
Post-Quantum Cryptography in WireGuard VPN. . . . . . . . . . . . . . . . . . . . . 261

Quentin M. Kniep, Wolf Müller, and Jens-Peter Redlich
Evaluating the Cost of Personnel Activities in Cybersecurity Management:

A Case Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Rafał Leszczyna
SGX-Cube: An SGX-Enhanced Single Sign-On System Against

Server-Side Credential Leakage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Songsong Liu, Qiyang Song, Kun Sun, and Qi Li
EW256357 : A New Secure NIST P-256 Compatible Elliptic Curve

for VoIP Applications’ Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Nilanjan Sen, Ram Dantu, and Kirill Morozov
Ucam: A User-Centric, Blockchain-Based and End-to-End Secure Home IP

Camera System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Xinxin Fan, Zhi Zhong, Qi Chai, and Dong Guo
Private Global Generator Aggregation from Different Types

of Local Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Chunling Han and Rui Xue
Perturbing Smart Contract Execution Through the Underlying Runtime . . . . . 336

Pinchen Cui and David Umphress
Blockchain Based Multi-keyword Similarity Search Scheme over

Encrypted Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Mingyue Li, Chunfu Jia, and Wei Shao
Contents – Part II xvii
Using the Physical Layer to Detect Attacks on Building

Automation Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Andreas Zdziarstek, Willi Brekenfelder, and Felix Eibisch
Formalizing Dynamic Behaviors of Smart Contract Workflow in Smart

Healthcare Supply Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Mohammad Saidur Rahman, Ibrahim Khalil, and Abdelaziz Bouras
Malware Classification Using Attention-Based Transductive

Learning Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Liting Deng, Hui Wen, Mingfeng Xin, Yue Sun, Limin Sun,
and Hongsong Zhu
COOB: Hybrid Secure Device Pairing Scheme in a Hostile Environment . . . . 419

Sameh Khalfaoui, Jean Leneutre, Arthur Villard, Jingxuan Ma,
and Pascal Urien
A Robust Watermarking Scheme with High Security and Low

Computational Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Liangjia Li, Yuling Luo, Junxiu Liu, Senhui Qiu, and Lanhang Li
Selecting Privacy Enhancing Technologies for IoT-Based Services . . . . . . . . 455

Immanuel Kunz, Christian Banse, and Philipp Stephanow
Khopesh - Contact Tracing Without Sacrificing Privacy . . . . . . . . . . . . . . . . 475

Friedrich Doku and Ethan Doku
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Email Address Mutation for Proactive
Deterrence Against Lateral
Spear-Phishing Attacks
Md Mazharul Islam1(B) , Ehab Al-Shaer2 ,

and Muhammad Abdul Basit Ur Rahim1
1
University of North Carolina at Charlotte, Charlotte, NC 28223, USA
{mislam7,mabdulb1}@uncc.edu
2
INI/CyLab, Carnegie Mellon University, Pittsburgh, PA 15213, USA
ehab@cmu.edu
Abstract. Email spear-phishing attack is one of the most devastat-

ing cyber threat against individual and business victims. Using spear-
phishing emails, adversaries can manage to impersonate authoritative
identities in order to incite victims to perform actions that help adver-
saries to gain financial and/hacking goals. Many of these targeted spear-
phishing can be undetectable based on analyzing emails because, for
example, they can be sent from compromised benign accounts (called
lateral spear-phishing attack).
In this paper, we developed a novel proactive defense technique using
sender email address mutation to protect a group of related users against
lateral spear-phishing. In our approach, we frequently change the sender
email address randomly that can only be verified by trusted peers, with-
out imposing any overhead or restriction on email communication with
external users. Our Email mutation technique is transparent, secure, and
effective because it allows users to use their email as usual, while they
are fully protected from such stealthy spear-phishing.
We present the Email mutation technique (algorithm and protocol)
and develop a formal model to verify its correctness. The processing over-
head due to mutation is a few milliseconds, which is negligible with the
prospective of end-to-end email transmission delay. We also describe a
real-world implementation of the Email mutation technique that works
with any email service providers such as Gmail, Apple iCloud, Yahoo
Mail, and seamlessly integrates with standard email clients such as Gmail
web clients (mail.google.com), Microsoft Outlook, and Thunderbird.
Keywords: Lateral spear-phishing attack · Spoofing attack · Email

phishing · Targeted attack · Moving target defense
1 Introduction
In recent years, email spear-phishing becomes the most effective cyber threat
against individual and business victims. It has been reported that 90% of data
c ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
Published by Springer Nature Switzerland AG 2020. All Rights Reserved
N. Park et al. (Eds.): SecureComm 2020, LNICST 335, pp. 1–22, 2020.
https://doi.org/10.1007/978-3-030-63086-7_1
2 M. M. Islam et al.
breaches in 2017–2018 included a phishing element, 74% of public sector cyber-

espionage, and 64% of organizations’ attacks involve spear-phishing attacks,
where 30% of these attacks are targeted [4]. Over $26B has been lost to spear-
phishing and account takeover in 2019 [1]. Only in the US, 71.4% of phishing
attacks and data breaches associated with nation-state or state-affiliated actors
used spear-phishing [29].
Unlike phishing, where adversaries send generic emails with malicious attach-
ments or links to a massive number of users indiscriminately hoping that someone
will take the bait, spear-phishing is more targeted. In spear-phishing attacks,
adversaries impersonate key personnel or authoritative identities in order to
incite victims to perform such actions that help them to gain certain goals.
Adversaries carefully select their targets and send them well-crafted phishing
emails that closely resemble what they usually receive. Mostly, these attack
emails mimic a familiar style and signature of a known person to the victims,
where both the email headers and body merely deviate from benign emails. Yet,
the email contains a ‘lure’ that is convincing enough to engage the victim into
an ‘exploit’ [13].
A common technique for spear-phishing attack is to spoof the name or email
address of the sender, known as source spoofing, to convince the victim that
the email is sent from a trusted source [13]. Solutions like SPF [19], DKIM [8],
and DMARC [21] that verifies the sender authenticity may prevent email source
spoofing [14]. However, adversaries are continuously evolving and adapting their
attack strategies. As a result, a more stealthy variation of spear-phishing attack
has been encountered recently, known as lateral spear-phishing attack, where
adversary uses compromised email accounts of someone either socially or pro-
fessionally connected with the victim to initiate the phishing email [12]. These
phishing emails are very hard to detect because of the cleverly crafted content
created by deep analyzing the prior conversation with the victim from that com-
promised account. Therefore, adversaries inherently win the cyber game against
defenders in the lateral spear-phishing attack by evading any existing security
regarding sender email authentication as the phishing email coming directly from
a legitimate account and defeating behavioral anomaly detectors by accessing
human anchoring as the email seemingly composed by a trusted entity [12]. These
facts motivate our research to develop a proactive mechanism for protecting the
number one targeted attack vector, email.
The current state of the art for detecting lateral spear-phishing emails mainly
depends on email headers and body [5,10–13,15,18,27]. These defense techniques
require users’ historical data to model a behavioral profile for the sender or
receiver in order to detect the anomalous behavior of the phishing email. They
also depend on analyzing the content of phishing emails searching for malicious
URLs or attachments, domains with low reputation, etc. However, spear-phishers
can easily evade detection by mimicking users’ behavior (from previous emails)
and avoiding the use of bad features [12].
To address these limitations, we developed a novel moving target defense
technique called sender Email address Mutation (EM) to proactively protect a
Email Mutation 3
group of users against lateral spear-phishing and spoofing attacks. EM is devel-

oped as a cloud-based service that can be easily integrated with existing email
infrastructure for any organization to offer scalable email protection against
spear-phishing with minimal management overhead. It deploys a secure gate-
way in the cloud that works transparently between end-users and email service
providers. EM defends a group of socially or professionally connected members,
called the VIP users. It creates a number of random shadow email addresses
(accounts) associated with each VIP user besides their actual email address.
These shadow email addresses are used as the sender for email delivery but are
hidden to both end-users.
While two VIP members communicate with each other through EM, the email
first goes to the secure email mutation gateway (EMG) in the cloud, where EMG
translates the sender email address to a shadow email address corresponding to
the sender before forwarding it. Similarly, when the receiver VIP user fetches
that email, the EMG verifies the shadow email address and delivers the email
to the recipient, if the verification is successful. Therefore, knowing the pub-
lic email address will not be sufficient to attack the VIP users. Spear-phisher
adversaries must correctly guess the current shadow email being used by each
individual user in order to successfully impersonate a VIP user in an email sent
to another VIP user. While EM achieves this protection between VIP users, it
also maintains the email open communication model by allowing VIP users to
receive and send emails to any external users without any restriction. Thus, EM
can protect a group of socially or organizationally connected (VIP) users from
any phishing emails that impersonate a VIP user even if the email is coming
from a compromised VIP email account, without impacting users’ usability or
interaction with external users.
PGP[6], S/MIME [24], Two-factor authentication (2FA)[3] can be used to
authenticate email senders and prevent email account hijacking. However, these
techniques are not widely used in practice due to many users’ transparency,
usability, and management challenges [25,26,28]. For instance, PGP signature
and encryption obfuscate the plaintext emails into cyphertext, immediately los-
ing the content’s visibility. Therefore, existing IDS and content-based behavioral
analysis tools can not work with PGP encryption. Furthermore, PGP requires
user training on Public key infrastructure (PKI) and maintains complex key
management systems. Moreover, PGP signatures in email can be spoofed [23].
EM provides an alternative proactive mechanism for the majority of email users
who are not using PGP and/or 2FA to protect against spear-phishing without
compromising transparency, usability, or manageability. Therefore, although EM
does not use a cryptographic approach like PGP or 2FA, it can provide compa-
rable protection while maintaining high usability and deployability.
Our key contribution is three-fold:
– First, we introduced a novel protocol called EM, as a proactive defense against

highly stealthy lateral spear-phishing attacks.
– Second, we verified that the EM protocol is valid and can be integrated with
any existing email service provider.
– Third, we implemented the EM system (code available on GitHub) and

deployed it in a real-world environment without imposing any usability or
performance overhead on users or service providers.
2 Related Work
A vast amount of research has been done to detect phishing and spear-
phishing attacks [9–15,18,27]. The majority of these works depend on email
content or headers. For instance, Ho et al. presented a learning-based classifier
to detect lateral spear-phishing by seeking malicious URLs embedded in the
phishing email [12,13]. However, these solutions will not work against motivated
adversaries trying to evade detection simply just by not adding any malicious
ULR or no URL at all in the phishing email.
Spear-phishing detectors like EmailProfiler [10] and IdentityMailer [27] also
depend on email headers and body to build behavioral profiles for each sender
based on stylometric features in the content, senders writing habits, common
recipients, usual email forwarding time, etc. New emails get compared with the
profile to measure the deviation determining whether they are spear-phishing
email or not. These solutions can not detect lateral spear-phishing emails when
the contents are carefully crafted to avoid deviation from the norm. Moreover,
they show a high false-positive rate (10%), which becomes unacceptable when it
comes to the large volume of emails in a real-world enterprise network.
Gascon et al. [11] proposed a context agnostic spear-phishing email detector
by building behavioral profiles for all senders in a given user mailbox. They
create such profiles from the common traits a sender follows while composing an
email, like attachments types, different header fields, etc. However, in the lateral
spear-phishing attack, email headers do not deviate from the usual structure as
it is coming from a legitimate account. In addition, building profiles for each
sender can induce massive overhead in large scale deployment.
Existing sender authentication protocols such as SPF [19], DKIM [8], and
DMARC [21] can not detect lateral spear-phishing emails because they are not
spoofed and composed from valid email accounts. Other solutions, such as signing
emails with PGP [6], S/MIME [24], or 2FA [3] can prevent the lateral spear-
phishing attack. Unfortunately, these techniques are not widely used because of
usability, manageability, and transparency issues [25,26,28]. Moreover, a recent
study showed that PGP signatures in the email could be spoofed as well [23].
Email Mutation 5
3 Threat Model
3.1 Attack Taxonomy
In the lateral spear-phishing attack, adversaries send phishing emails to vic-

tims from a compromised account. To make such attacks trustworthy and effec-
tive, adversaries carefully choose those compromised accounts that are closely
related to the victims, such as employees from the same organization [12]. There-
fore, the attacker easily bypasses traditional email security systems like sender
authentication, as the email is come from a legitimate account and make the
victim fall for the attack, as it is seemingly composed by a person they already
trust.
Listing 1 depicts an example of lateral spear-phishing email. Adversary Trudy
compromises the email account of Alice, CEO of an organization (org.com). By
examining her inbox, Trudy obtains that Alice directed Bob, finance department
head of org.com, to make some wire transactions for arranging an upcoming
business meeting. Exploiting this analysis, Trudy composes a phishing email
from Alice’s email account to Bob, directing him to make a wire transaction in
Trudy’s bank account. These types of lateral phishing are crafted carefully by
observing previous emails and may not contain any malicious attachments or
URLs that make it very hard to detect.
3.2 Attack Model
The EM protocol detects lateral spear-phishing and spoofing attacks where

adversaries send phishing emails to the victim from a compromised benign email
account or impersonate a benign person that the victim already trusts. Com-
promising an email account means adversary gain access only to that email
account, not the physical machine such as laptop, desktop, or cell phone itself
of the user. Moreover, any compromised account who never communicated with
the victim before can hardly be successful in exploiting the victim. Therefore,
EM solely focuses on compromised accounts and impersonated entities that are
connected with the victim, e.g., employees from the same organization or dif-
ferent organization, but communicates frequently. The people who use EM to
protect themselves against spear-phishing attacks are denoted as VIP users. To
launch a lateral spear-phishing attack, an adversary needs to send the phishing
email from a compromised account, Alice, for instance, whom Bob already con-
nected with. EM can protect Bob against such an attack if both Bob and Alice
are agreed prior to use EM; therefore, they are in the VIP user list. EM also
protects VIP users from spoofing if the adversary impersonates any of the VIP
users in the phishing email.
4 Email Mutation System
Fig. 1. Email Mutation overview. Alice and Bob send emails using their shadow email
addresses (dashed line, single arrow).
4.1 Overview
Figure 1 depicts an overview of sender email address mutation, where two VIP
users Alice and Bob from an organization (org.com), agreed to use EM to protect
themselves against lateral spear-phishing attacks. Previously, they communicate
with each other using their real email address (double arrow solid line), called
Real channel communication (RCC). However, after EM starts, each VIP user
gets a list of shadow email accounts. For instance, Alice and Bob get n and m
number of shadow email accounts (addresses), respectively. Thus, each new email
Alice composes for Bob now uses a different shadow email address as a sender
instead of her real email address, and the modified (mutated) email is forwarded
to Bob (dashed line single arrow). This is called Shadow channel communica-
tion (SCC). Sending an email in SCC by mutating the sender email address
is known as mutation. When Bob receives such an email, the shadow email
address gets verified for lateral spear-phishing detection. This is called verifica-
tion. Similarly, when Bob composes a new email for Alice, the email is forwarded
through SCC by mutating Bob’s real email address to one of his shadow email
addresses. Although Alice and Bob use shadow email addresses as the sender to
communicate with each other through SCC, they use their real email address to
communicate with external users (non-VIP), e.g., Ron from enterprise.com.
VIP users group can comprise people from different organizations having differ-
ent domains. For instance, John (not shown in the figure) from gov.com can be
a VIP member with Alice and Bob from org.com.
Email Mutation 7
Shadow Email Accounts. The shadow emails are a list of pre-created email
accounts assigned to all VIP users but being kept hidden from them. These
accounts are only used in email transmission as a sender address. Only EMG
conducts with these email accounts. Depending on the impacts, the number of
shadow email addresses assigned to a VIP user varies. EM is flexible to the
creation of shadow email accounts as long as the shadow email domain is the
same as the real email domain. However, in our experiment, we used a pre-
fix “sid” (shadow ID) in the shadow email address to make a clear difference
with the real email address. A possible shadow email address may look like:
real.email.address.x@domain, where x is at least 16 byte long random alphanu-
meric sequence. For instance, alice.sid8aiy5vgia0ta4uec@org.com can be one of
the shadow email addresses for Alice’s real email address alice@org.com, where
x = sid8aiy5vgia0ta4uec.
4.2 Architecture
The mutation and verification hap-
pens in the cloud by mutation gate-
ways (EMG). Figure 2 illustrates the
architecture of EM. Clients can use
multiple devices such as laptops,
desktop, or cell phones for access-
ing emails; therefore, EM provides
Fig. 2. Email mutation architecture.
an EM agent (EMA) for each of the
devices. While sending an email, the
agent delivers the email to the EMG for mutation. After mutation, the EMG
forwards the mutated email to corresponding mail servers (SMTP/MTA). Sim-
ilarly, while fetching a new email, the agent receives it from the EMG. The
EMG first gets the email from the mail server and then verifies it to detect a
lateral spear-phishing attack before responding to the agent. In large enterprise
networks, multiple EMGs can be used for load balancing.
4.3 Algorithm
The VIP users supposedly send emails to each other, which use as ground truth
G next time they send any new emails. For instance, when a VIP user i sends
an email to another VIP user j, the last l emails between them will be used
as ground truth Gi,j to generate a mutation ID, mID. By indexing the mID, a
shadow email address gets selected from a secret arrangement of shadow email
addresses Si assigned for the sender i. The shadow email address then used to
forward the email. Similarly, as the receiver j has the identical ground truth, j
can generate the exact mID to find the same shadow email address from Si for
verification.
Algorithm 1 shows the pseudocode Algorithm 1. Shadow Selection

of shadow email address selection. A
hash function SHA-512 is used to get 1: procedure selectShadow(Gi,j , Si )
2: h ← SHA-512(Gi,j )
the digest of Gi,j , which then modulo
3: mID ← h mod len(Si )
with the size of Si to select the current 4: shadow ← Si [mID]
shadow email index, mID. Although 5: return shadow
from a compromised VIP user account,
the adversary can achieve the ground truth Gi,j to calculate mID, yet can not get
the correct shadow email address because of not having the secret arrangement
of Si . Therefore, the adversary can not send an email with the right shadow
email address, which immediately gets detected by the EMG.
4.4 Protocol
Communication Between VIP Users. Figure 3 explains the EM protocol
through email communication between VIP users Alice and Bob. (1) Alice com-
poses an email to Bob {from: alice@org.com, to: bob@org.com}. (2) Alice’s EMA
delivers the email to EMG, where EMG uses the ground truth between them
in Algorithm 1, to select a shadow email address for Alice. Assume that the
selected address is alice.x@org.com. Therefore, the EMG forwards the email to
the mail server as {from: alice.x@org.com, to: bob@org.com}. (3) When Bob’s
EMA fetches for a new email, EMG receives the email from the mail server and
deduce that the sender address is one of Alice’s shadow email addresses. There-
fore, EMG uses the ground truth between Bob and Alice in Algorithm 1 to select
the current shadow email address for Alice. If the retrieved address matches
alice.x@org.com, the email is benign. Otherwise, it is phishing. EMG delivers
the benign email to Bob’s EMA as {from: alice@org.com, to: bob@org.com}.
Bob receives the email as how Alice composed it, making the whole EM mech-
anisms transparent to end-users. The replies from Bob to Alice is similar to the
above three steps. The only secret in the protocol is the arrangement of the
sender shadow emails.
Communication with External

Users. EM only protects VIP users.
Therefore, the EMG bypasses the
following emails with external (non-
VIP) users to decrease the overall
email traffic processing:
No Mutation. A VIP user sends
an email to a non-VIP user. For- Fig. 3. EM protocol, demonstrating email
mally: communication between VIP users.
{sender : x, recipient : y; where, x ∈ R and y ∈

/ R}
where R is the list of real email addresses of all VIP users.
Email Mutation 9
No Verification. A VIP user receives an email from a non-VIP user. Formally:
{sender : x, recipient : y; where, x ∈

/ R and y ∈ R}
4.5 Identifying Lateral Spear-Phishing Attack
In EM, the legitimate email communication between VIP users happens through
SCC, where the sender address is always a valid shadow email address. Therefore,
EMG detects an incoming email as phishing while fetching new emails that
have a real email address of a VIP member as the sender’s address. However,
the adversary may send phishing emails by guessing or randomly generating a
shadow email address to bypass EM. We call such phishing attempts as EM
engineering attack. To formalize the detection process, let’s assume that R is
the real email address list, and S is the set of shadow email address lists of all
VIP users.
Lateral Spear-phishing and Spoofing Attack. By compromising a VIP

user’s email account or impersonating a VIP user, the adversary sends a phishing
email to another VIP user. Formally:
{sender : x, recipient : y; where, x, y ∈ R}
That means both the sender and receiver email address is enlisted in the VIP
user list. EMG immediately detects such an email as a phishing email.
EM Engineering Attack. The adversary sends a phishing email to any VIP

user by randomly guessing a shadow email address as the sender’s address. For-
mally:
{sender : x, recipient : y; where, x ∈ S and y ∈ R}
To evade EM, adversaries may randomly guess or mimic the mutation mechanism
to generate a legitimate shadow email address. However, EM creates shadow
email addresses from a space of at least 16 byte long alphanumeric sequence.
Therefore, the probability of guessing a correct shadow email address is 1/2128 ,
which is nearly zero.
5 Email Mutation – Challenges and Solutions
Handling Multiple Shadow Email Accounts. In EM, each VIP user has a
set of shadow email accounts for sending emails to another VIP user. However,
VIP users only discern about their real email account. Therefore, sending emails
from multiple shadow accounts and keeping track of all sent emails into one real
email account is challenging. EM overcome this challenge by following means.
First, shadow email accounts only used for sending emails while the receiver
email address will always be the real email address. Therefore, each VIP user
receives all emails into their real email account inbox. Second, while forwarding
an email from a shadow account, the EMG uses an IMAP APPEND command to
populate that email into the real email sent-box after a successful email delivery
to the recipient. Thus, the real account gets a trace of email delivery. If an email
gets bounced, the EMG sends the bounce email back to the real email account.
Improving Email Mutation Usability. Existing phishing detectors simi-

lar to EM mostly suffer because of low usability. For instance, PGP requires
user training on public-key cryptography and the PGP tool itself [25,26]. PGP
encryption removes the visibility of the email from end-users. Whereas, EM does
not distort the generic user experience of using emails. Every operation such as
mutation, verification, and shadow email address communication entirely segre-
gated from the end-users and processed by the cloud EMGs. Users only need
to use EMAs, for instance, sending an email by pressing the new “Send email
with mutation” button beside the regular “Send” button in the Gmail web client
(mail.google.com) illustrated in Fig. 4a. EM does not modify or add anything
in the email body or headers makes it transparent to mail servers as well. There-
fore, EM can be used with any email service provider and email clients without
further usability and configuration overhead. The transparency of EM also makes
it compatible to work combining with other email security solutions (even with
PGP [6] or S/MIME [24]) and cyber agility frameworks [16,17].
Preserving User Privacy. The secure cloud-based gateways in the EM does

not violate the end-to-end user email privacy because of the following reasons.
Firstly, EMG does not keep any copy of the email. It just either mutates or
verifies the sender’s email address if the communications happen between two
VIP users. All other emails get bypassed. Secondly, EMA connects with EMGs
through secure channels (SSL/TLS) to avoid unauthorized data access during
transmission. Finally, the organization of the VIP members can maintain their
own EMGs to preserve data privacy. The secret shadow email lists can not be
retrievable from any EMGs. Therefore, in a cross-enterprise EM system, EMG
from one organization can not reveal the shadow email list of another organi-
zation. In recent days cloud-based secure email gateways are becoming popular
because of their swift, robust, and effective attack detection with minimal man-
agement overhead. Therefore, many organizations are adopting such solutions
from Cisco, Microsoft, Barracuda, Mimecast, and others [2].
Adding Custom Email Fields is Insufficient. Adding just a new field in

the email headers (such as X-headers [7]) or custom trace on the email body for
sender authentication will not help to detect the lateral spear-phishing attack.
Because adding any extra information into an email will immediately eliminate
its transparency to both the client and the mail server. Second, adversaries
may corrupt such additional data by adding noises into it, which will cause an
interruption in regular email communication, raising high false-positive rates,
Email Mutation 11
Fig. 4. EMA in Google Chrome Browser and Thunderbird, (a) “Send email with muta-
tion” button in mail.google.com, (b) EMA in Thunderbird, (c) EMA icon at Chrome
Menu Bar, and (d) EMA in Chrome Extension Panel.
and opening new security loopholes into the detection system. Finally, moti-
vated adversaries can craft such fields by carefully observing historical emails.
To overcome these challenges, EM uses a random selection of the sender email
address (shadow address) for each new email delivery without adding anything
into the email. This makes the solution transparent to both end-users and mail
servers, but hard for adversaries to guess a correct shadow email address.
Addressing Asynchronous Ground Truth Problem. If a VIP user deletes

any email from his inbox/sentbox that was sent by another VIP user, then the
ground truth between them becomes asynchronous. To solve this problem, EMG
keeps the hashed (SHA-512) digest of the last l number of emails between two
VIP users. Therefore, EMG stores a maximum of (v −1) hashed ground truth for
each VIP user, where v is the number of all VIP users, to prevent asynchronous
ground truth problems. Moreover, sender and receiver EMGs perform this hash
storing operation asynchronously while sending and/or receiving an email. Thus,
the synchronization does not require any communication between EMGs.
Handling Insider Attack. A novel contribution of EM is that it can protect
VIP users from insider attacks. For instance, John is a VIP user who stoles
Alice’s email account credentials. Then, John uses his EMA to send a phishing
email to Bob impersonating Alice. Formally, an attacker i compromises an email
account j and uses i’s EMA to send emails to k impersonating j, where i, j, k ∈ L
and L is the list of all VIP users. EM solves this problem by following: every
VIP user’s EMA is synchronized with its corresponding EMG instance through a
unique authentication token (see Sect. 6.1 for details). That means John’s EMA
can get only his instance of EMG; therefore, it will work only for John himself,
not for Alice or Bob. The EMG keeps track who is forwarding the email by
examining the authentication token of the EMA, and then verifies if that EMA
is associated with the user or not. If the EMA is not assigned for that particular
user but delivers an email anyhow, then EMG identifies that email as an insider
attack.
Minimizing Shadow Email Account Overhead. The shadow email

accounts are only meant to send emails as sender. These accounts do not
receive any emails. Creating multiple shadow accounts for VIP users does not
increase any inbound email traffic. Besides, these accounts do not impose any
memory overhead. Therefore, they create negligible overhead on the service
provider. The shadow email addresses can be selected from a 16-byte long (at
least) sequence. This ensures no collision between shadow email with real email
accounts. Additionally, unique keywords such as “sid” (Sect. 4.1) can be used in
shadow accounts creation to make a fine difference from real email accounts
6 Scalable Implementation and Security Measurement

Evaluating EM in a large scale network requires a scalable implementation that is
compatible with any existing email clients and email service providers. Moreover,
the security measures of each component are necessary to reduce the risk factor
in terms of user privacy and data breach. We measure these matrices for the
primary components of EM: EMA and EMG.
6.1 Email Mutation Agent
Security Measures. EMA operates alongside with regular Mail user agent [20]
or email clients only to deliver or receive new emails from EMGs. It does not
communicate with the mail or SMTP server. Therefore, EMAs neither have any
storage to collect emails nor requires the user email account credential. The
communication between EMA and EMGs happens through a secure channel
(SSL/TLS) to protect data breaches during the transaction.
Implementation. Usually, clients use multiple devices, such as cell phones,

laptops, desktop, and more, to access their email accounts. Therefore, EMA
needs platform-oriented implementation to work on different devices as well.
We implemented three types of EMA for three different platforms, 1) browsers
extension for web clients that will work in laptops, desktop, where a web browser
can run. 2) Shell and python scripts to configure email clients such as Outlook,
Thunderbird, and 3) email client (android/iOS) app for cell phones and tabs.
Figure 4 shows different implementation of EMAs, such as browser extension
(4a) and Thunderbird client (4b). The Chrome browser extension adds a new
button called “Send email with Mutation” (Fig. 4a) alongside with the regular
“Send” button that mail.google.com provides.
Distribution of EMA. A VIP user can get an EMA from their system admin
or download it from the web. The admin gives a unique authentication token to
each VIP user for their first use of EMA to subscribe with the EMGs. Later on,
using that token, they can connect with their corresponding EMG from different
EMAs. This ensures users’ flexibility to use EMA from different devices and
different locations (e.g., public networks). Users can reset the token anytime.
Email Mutation 13
6.2 Email Mutation Gateway

Security Measures. EMG inspects email for detection and modifies for muta-
tion. It does not maintain any mailboxes for users. When a VIP user subscribes
with EMG, it creates an instance for that user. So that later on, the same user
can connect with the EMG from EMAs in different devices. EMG keeps the
arrangement of the shadow email lists secret. Therefore, from an EMA, VIP
users can not retrieve their shadow email list. After a certain mutation interval t
seconds, EMG rearranges all the secret shadow email lits of VIP users randomly.
Besides, an instance of EMG given to a VIP user is not shareable by other VIP
users through EMAs, meaning Alice can not use the EMG instance of Bob from
her EMA. This protects the insider attacks because using her EMA and EMG
instance, Alice can not send emails as Bob, considering that Alice compromises
Bob’s email account. Cloud-based solutions like EMGs are secured, and many
providers like Amazon, Microsoft, Cisco, Barracuda, Mimecast, and more are
nowadays providing secure cloud email gateways for phishing detection [2].
Implementation. We implemented the EMGs as an inbound and outbound

Mail transfer agent [20] that works as an SMTP relay to mutate outgoing emails
and proxy gateway to check incoming emails for spear-phishing detection. We
use python libraries such as smtpd and imaplib, to implement the relay server
and Django framework to make EMG a web service. The code is available on
GitHub.
7 Email Mutation Verification and Evaluation

7.1 System Verification
EM is a new technique; therefore, it is necessary to ensure the design correct-
ness before implementation and deployment over real network. Model checkers
help to formally specify, model, and verify a system in the early design phase
to find any unknown behavior if it exists. This section presents the modeling
of individual components, their interaction, and verification of EM using model
checking tool UPPAAL [22]. The comprehensive system is modeled using timed
automata and verified against user-defined temporal properties. We have illus-
trated the components of EM using the state machine diagram of the system
modeling language, where the circle represents the state, and the arrow shows
the transition among the states. The transitions are annotated with channels,
guards, and actions. Interaction between components using channel (!, ?) where,
“!” and “?” means the sending and receiving signals, respectively.
Modeling of Client and Mail Server. Figure 5a illustrates the functionality

of a client. The client uses the sending signal Send(i, j)! to forward a newly
composed email to the EMG, where i is the sender address, and j is the receiver
address. Using F etch Email(j)!, client j request to fetch any new email from
Fig. 5. State machine diagrams of different components in EM.
EMG. As a response, the client receives a new email from EMG by the receiv-
ing signal Receive(i, j)?, where i is the sender address, and j is the receiver
address. Figure 5b shows the basic functionality of a mail server. The channels
Send T o Server(i, j)?, F etch F rom Server(j)?, and Response F rom Server
(i, j)! represent the transitions for receiving a new email, receiving fetching
request for new emails, and responding new emails respectively.
Modeling of Gateway. Figure 5c describes the functionality of the mutation

gateway (EMG). EMG receives a new email from clients through the receiv-
ing signal send(i, j)? and mutates the sender address i to i using the function
mutate(i). Then forwards the email to the mail server using signal Send T o Serv
er(i , j)!. EMG goes the Fetch state after receiving a F etch(j) signal form client j
and seeks new emails from the mail server by the signal F etch F rom Server(j)!.
As a response, EMG receives new emails by the receiving signal Response F rom
Server(i , j)?, where i is the (mutated) sender address, and j is the receiver
address. After that, EMG verifies i by the function verif y(i ). If verification
pass, then the email will be delivered to the client through the Receive(i, j)?,
where i is the real address of i . Otherwise, the email gets flagged as a threat.
In case of suspicious email, the invariant alert is set to true; otherwise, it is set
to false. Here, the state Threat is presented to flag the email.
Modeling of Adversary. Using channel Send T o Server(l, j)? adversaries

send email to recipient j, where l is the adversary chosen sender address. If
adversaries make a successful guess, their email will be delivered to the client.
Property Verification. UPPAAL takes the model, and user-defined temporal

properties as input to verify the model and generates output, either satisfied
or not satisfied. UPPAAL defines temporal properties in the form of computa-
tional tree logic (CTL), which is a branch of symbolic logic. To verify EM, we
defined the liveness, reachability, and deadlock-freeness as temporal properties.
Table 1 describes the properties along with its UPPAAL supported CTL and
Another random document with
no related content on Scribd:
Here is some of the ancient city, vii. 255.
Here lies Father Clarges, etc., xii. 150.
Here lies a she-Sun, and a he-Moon there, etc., viii. 53; xii. 28.
Here will I set up my everlasting bed, etc., viii. 210.
Here’s a health to ane I lo’e dear, etc., v. 140.
here’s the rub, xii. 234.
hermit poor, xii. 126.
heroic sentiment of, etc., iii. 61.
Hesperus, among the lesser lights, shines like, etc., viii. 164.
hewers of wood, etc., x. 124.
hew you as a carcase, etc., xii. 181.
Hey for Doctor’s Commons, viii. 159.
hiatus in manuscriptis, vii. 8, 198; xii. 305.
Hic jacet, x. 221.
hid from ages, i. 49.
High as our heart, v. 271 n.
High-born Hoel’s harp, etc., xii. 260.
high endeavour and the glad success, the, vi. 28; vii. 125; ix. 318,
373.
high leaves, the, etc., iii. 232; iv. 268.
high grass, the, that by the light of the departing sun, etc., v. 363.
high holiday, of once a year, on some, iii. 172; vii. 75.
High Legitimates the Holy Band, the, xi. 423.
High over hill and over dale he flies, v. 43.
High-way, since you my chief Parnassus be, etc., v. 326.
higher and the lower orders, the, xi. 370.
highest and mightiest, vi. 439.
hill of ages, ix. 69.
himself and the universe, x. 166.
Hinc illæ lachrymæ, xii. 187.
hinder parts are ruinous, its, iv. 201.
his bear dances, vi. 412; viii. 507; ix. 351.
His garment neither was of silk nor say, etc., xi. 437.
His generous ardour no cold medium knows, etc., iv. 263; vi. 253.
his little bark, v. 74.
His locked, lettered, braw brass collar, etc., v. 132.
His lot, though small, He sees that little lot, the lot of all, v. 119.
His plays were works, while others’ works were plays, v. 262.
His principiis nascuntur tyranni, etc., vii. 347.
his ruin meets, v. 301.
his spirits gave him raptures with his cook-maid, xii. 155 n.
his soul was like a star, and dwelt apart, v. 180.
his yoke is not easy, etc., iii. 85.
hitch into a rhyme, viii. 50.
hitch it, iii. 64.
Hitherto shalt thou come and no further, vi. 268; viii. 425; x. 344.
Hoc erat in votis, xii. 126.
Hoisting the bloody flag, x. 374, 376.
hold our hands and check our pride, x. 378.
holds his crown in contempt of the choice of the people, i. 394.
See also contempt.
Holds us a while misdoubting his intent, etc., xi. 123.
holiest of holies, x. 336.
hollow and rueful rumble, with, xi. 374.
holy water sprinkle, dipped in dew, a, iv. 246.
Homer, have not the poems of, i. 23; ix. 28.
Homer, the children of, ix. 429.
honest as this world goes, To be, etc., iii. 259; xii. 218.
honest man’s the noblest work of God, an, iii. 345; viii. 458 n.
honest, sonsie, bawsont face, viii. 450; ix. 184.
Honi soit qui mal y pense, vi. 65; ix. 202, 338.
honour consists in the word honour and nothing else, xi. 125.
honour dishonourable, etc., xii. 247.
Honour of Ireland, and as they were curiosities of the human kind,
for the, i. 54.
honourable vigilance, v. 264.
Hood an ass with reverend purple, etc., viii. 44.
Hoop, do me no harm, iii. 212.
Hope and fantastic expectations spend much of our lives, etc., i. 2.
Hope, thou nurse of young Desire, vi. 293.
Hope told a flattering tale, viii. 298.
Hope travels through, nor quits us till we die, vii. 302.
Hope! with eyes so fair, But thou, oh, etc., vi. 255.
Horace still charms with graceful negligence, etc., v. 75.
Horas non numero nisi serenas, x. 387; xii. 51, 52, 53.
horizon, at the, vi. 150.
horned feet, And with their, etc., xii. 258.
horse-whipping woman, that, viii. 468.
hortus siccus of dissent, the, iii. 264; x. 370.
host of human life, xi. 497.
hour when I escap’d the wrangling crew, The, etc., iii. 225.
house of brother Van I spy, The, etc., xii. 449.
house on the wild sea, with wild usages, v. 153.
housing with wild men, etc., x. 279.
How am I glutted with conceit of this? v. 203.
How apparel makes a man respected, etc., v. 290.
How blest art thou, canst love the country, Wroth, v. 307.
How do you, noble cousin? etc., v. 258.
How happy could I be with either, etc., xi. 426.
How is it, General? i. 209.
how it grew, and it grew, etc., vii. 93; xi. 517.
How little knew’st thou of Calista, iii. 180.
How lov’d, how honour’d once, avails them not, v. 176.
How near am I to happiness, etc., ii. 330; v. 216.
How oft, O Dart! what time the faithful pair, iv. 305 n.
How profound the gulf, etc., xi. 424.
How shall our great discoverers obtain, etc., i. 115.
How shall we part and wander down, etc., xii. 428.
how tall his person is, etc., vii. 211.
howled through the vacant guardrooms, etc., ix. 229.
Hudibras, who used to ponder, and, etc., viii. 66.
huge, dumb heap, vi. 28; ix. 56.
human face divine, x. 77.
human form is the most perfect, the, etc., x. 346.
human reason is like a drunken man, etc., vi. 147.
human understanding resembles a drunken clown, etc., xi. 216.
humanity, a discipline of, i. 123; vii. 78, 184; xii. 122.
Hundred Tales of Love, him of the, xi. 424.
hung armour of the invincible knights of old, is, i. 273; viii. 442.
hung like a cloud upon the mountain; now, etc., vii. 13.
Hunt half a day for a forgotten dream, iv. 323; ix. 64.
hunt the wind, I worship a statue, etc., vi. 97, 236; xii. 435.
hunter of shadows, himself a shade, a, vi. 168.
huntsmen are up in America, the, v. 340 n.
hurt by the archers, iii. 456; iv. 104.
Hussey, hussey, you will be as much ill-used and as much
neglected, etc., v. 108; viii. 194.
Hyde Park, all is a desert, Beyond, vi. 187; vii. 67; viii. 36.
Hymns its good God, and carols sweet of love, xi. 427, 501.
Hypocritical pretensions to virtue, i. 392.
I.
I also was an Arcadian. See Arcadian and painter.
I am afraid, my friend, this letter will never, etc., i. 94.
I am not as this poor Hottentot, iv. 44 n.
I am, on the contrary, persuaded, etc., vi. 126.
I apprehend you, viii. 10.
I cannot, seeing she’s woven of such bad stuff, etc., v. 238.
I cannot marry Crout, xii. 122.
I care not, Fortune, what you me deny, etc., vii. 371.
I’d sooner be a dog, xii. 202.
I hate ye, iv. 272.
I have secur’d my brother, viii. 86.
I hope none living, sir, And, viii. 201.
I knew you could not bear it, viii. 228.
I know he is not dead; I know proud death, etc., v. 208.
I know that all beneath the moon decays, etc., v. 299.
I’ll have a frisk with you, viii. 103.
I’ll walk, to get me an appetite, etc., v. 268 n.
I’m feeble; some widow’s curse, etc., viii. 274.
I never saw you look so like your mother, In all my life, viii. 456.
I never valued fortune but as it was subservient to my pleasure, viii.
72.
I observe, as a fundamental ground common to all the arts, etc., vi.
32.
I pr’ythee, look thou giv’st my little boy some syrup for his cold,
etc., v. 245.
I prythee, spare me, gentle boy; press me no more for that slight
toy, etc., viii. 55.
I rode one evening with Count Maddalo, etc., x. 261.
I see before me the gladiator lie, xi. 425.
I see him sweeter than the nosegay in his hand, etc., i. 65; v. 107.
I set out upon this adventurous journey, etc., xi., 249.
I stood in Venice, on the bridge of sighs, xi. 423.
I, that might have married the famous Mr Bickerstoff, etc., i. 7; viii.
96.
I think not so; her infelicity seem’d to have years too many, etc., v.
246; x. 260.
I think poets are Tories by nature, xii. 241.
I thought of Chatterton, the marvellous boy, etc., v. 122.
I too, whose voice no claims but truth’s e’er moved, etc., i. 379 n.
I’ve heard of hearts unkind, etc., iii. 172; xi. 515.
I was invited yesternight to a solemn supper, etc., viii. 41.
I was not train’d in academic bowers, etc., v. 283.
I will touch it, iii. 127.
I wish I was where Anna lies, iv. 305.
I wish my old hobbling mother, etc., viii. 80.
I wish you would follow Dr Cantwell’s precepts, vii. 189 n.
I would borrow a simile from Burke, etc., iii. 419.
I would not wish to have your eyes, vi. 19.
I would take the Ghost’s word, xii. 88 n.
Ici rugit Cain les cheveux hérissés, etc., xi. 234.
Idea can be like nothing but an idea, an, etc., xi. 109.
Idea, It is true we can form a tolerably distinct, etc., xi. 57.
Idea which in itself is particular becomes general, an, etc., xi. 23.
Ideas, If in having our, in the memory ready at hand, etc., xi. 45 n.
Ideas, operations, and faculties of the mind may be traced, all the,
etc., xi. 167.
Ideas seemed to lie like substances in the brain, iii. 397.
ideas seem to elude the senses, moral, etc., xi. 88.
ideas and operations of the mind proceed? Whence do all the, xi.
171.
idiot and embryo, iii. 270.
Idleness, with light-winged toys of feathered, xii. 58.
If a man lies on his back, etc., x. 341.
If a thousand pardons about your necks were tied, etc., v. 276.
If any author deserved the name of an original, etc., i. 171.
If aught of oaten stop or pastoral song May hope, chaste Eve, to
soothe thy modest ear, etc., v. 116.
If ever chance two wandering lovers brings, etc., v. 76.
If Florence be i’ th’ Court he would not kill me, etc., v. 241.
If his hand were full of truths, etc., ii. 393.
If o’er the cruel tyrant love, vi. 293; viii. 248, 320; xi. 304.
if the poor were to cut the throats of the rich, etc., iii. 132.
If these things are done in the green tree, etc., vii. 140.
If they cannot succeed in what is trifling, etc., vii. 168.
If this man Had but a mind allied unto his words, etc., v. 264.
If to her share, viii. 525.
If to their share some splendid virtues fall, etc., vii. 83.
If we fly into the uttermost parts of the earth, etc., v. 16.
If ye kill’d a thousand in an hour’s space, etc., v. 276.
If you cannot find in your heart to tell him you love him, I’ll sigh it
out of you, etc., v. 290.
If you were to write a fable for little fishes, vii. 163.
If you yield, I die To all affection, etc., v. 255.
ignorance was bliss, vii. 222.
Il avoit une grande puissance de raison, etc., i. 88 n.
Il y a aujourd’hui, jour des Paques Fleuris ... Madame Warens, vi.
24.
Il y a des impressions, etc., iii. 152; xii. 261.
Il y a donc des esprits de deux sortes, etc., xi. 287.
Ils ne pouvoient croire qu’un corps de cette beauté, etc., vi. 200 n.
ils se rejouissoient tristement, xii. 16.
Iliad of woes, iii. 10; iv. 41.
Ille igitur qui protrusit cylindrum, etc., xi. 73.
illustrious obscure, x. 143.
illustrious personages were introduced, These three, etc., vi. 209.
Illustrious predecessors, i. 380.
image and superscription, ix. 330.
image of his mind, the, iv. 372.
imagination étoit la première de ses facultés, etc., i. 88 n.
impeachment, We own the soft, x. 142.
impediments, the first of these, etc., x. 258.
impenetrable whiskers have confronted flames, Those, i. 422; xi.
273 n.
imperium in imperio, vi. 265.
implicité, it is without the copula, etc., x. 121, 129.
imposition of names, some of larger, some of stricter signification,
by this, etc., xi. 129.
Imposture, organised into a comprehensive and self-consistent
whole, etc., iii. 147.
imprisoned wranglers free, set the, iii. 390.
in all things a regular and moderate indulgence, etc., xi. 518.
in corpore vili, iv. 3.
in dallying with interdicted subjects; v. 207.
In doleful dumps, etc., xii. 12 n.
in each hard instance tried, oh soul supreme, x. 375.
In green vine leaves he was right fitly clad, v. 35; x. 74.
In happy hour doth he receive, etc., iii. 49.
in his habit as he lived, xii. 27.
in medio tutissimus ibis, viii. 473.
In my former days of bliss, etc., xi. 284.
In one of Mr Locke’s most noted remarks, etc., xi. 286.
In peace, there’s nothing so becomes a man, xii. 71.
In poetry the same effect is produced by a few abrupt and rapid
gleams of description, etc., v. 33.
in Pyrrho’s maze, iii. 226.
In search of wit these lose their common sense, etc., v. 74.
In spite of these swine-eating Christians, etc., v. 210 n.
in their eyes, in their hands, etc., i. 45; xi. 373.
in their untroubled element shall shine when we are laid in dust,
etc., v. 52.
In vain I haunt the cold and silver springs, etc., v. 302.
Incredulous odi, vii. 102.
independently of his conduct or merits, etc., xi. 417.
Indignatio facit versus, iii. 257, 317; v. 112.
Individual nature produces little beauty, xi. 212.
incapable of its own distress, viii. 450.
inconstant stage, the, viii. 383.
indolence is the source of all mischief, iv. 70.
Indus to the Pole, from, xii. 185, 278.
inexpressive she; The fair, the chaste, the, xii. 205.
inexpressive three, viii. 454.
infidels and fugitives, as, etc., xi. 443.
infants’ skulls, Hell was paved with, vii. 243.
infinite agitation of men’s wit, iv. 314; vi. 312; xi. 323; xii. 441.
infirmity, of our, viii. 402.
informed with music, sentiment, and thought, never to die, v. 274.
inhuman rout, the, v. 89.
inimitable on earth, etc., viii. 55.
innocence and simplicity of poor Charity Boys, ix. 18.
inscribed the cross of Christ, etc., iii. 152.
Insipid levelling morality to which the modern stage is tied down,
etc., xi. 298.
insolent piece of paper, an, xii. 168.
Insensés qui vous plaignez, etc., iv. 100.
instance might be painful; The, but the principle would please, viii.
21.
instinct with fire, viii. 423.
insulted the slavery of Europe, etc., iii. 13.
interlocutions between Lucius and Caius, viii. 417.
interminable babble, vii. 198.
Into a lower world, to theirs obscure And wild—To breathe in other
air, etc., v. 262.
intoxicating, whatever is most, in the odour of a Southern spring,
etc., i. 248.
Intus et in cute, vii. 24, 226; viii., 116; x. 34.
invariable principles, xi. 486.
invention of the enemy, A weak, etc., viii. 355.
inventory of all he said, viii. 103.
invincible knights of old, the, etc., i. 273; viii. 442.
invita Minervâ, vii. 8, 56, 119; viii. 379.
Irish People and the Irish Parliament, xi. 472.
Irishman in a row, like an, etc., xi. 494.
Iron has not entered his soul, The, xii. 277.
Iron mask, the Man in the, iv. 93.
iron rod, the torturing hour, the, xii. 215.
irritabile genus vatum, iii. 221.
island in the watery waste, lone, iv. 190.
Islands of the Blest, ix. 253.
It is a very good office, etc., viii. 2.
it is better to marry than burn, iii. 272.
It is by this and this alone, etc., vi. 135.
It is easier for a camel to go through the eye of a needle, etc., i. 376
n.
It is he who gives the second blow, etc., vi. 396.
It is my father, v. 237.
It is not easy to define in what this great style consists, etc., vi. 123.
It is not with me you are in love ... Sophia Western, etc., i. 44.
It is observable, I know not for what cause, etc., i. 318.
It is the keystone, vi. 36; xi. 581.
It is the same harmless thing that a poor shepherd, etc., v. 343.
it only is when he is out he is acting, vi. 296.
It’s well they’ve got me a husband, viii. 82.
It was even twilight, etc., i. 218.
It was my wish like him to live, etc., v. 362.
It was reserved for Shakespeare to unite purity of heart, i. 253.
it was very good of God, etc., xi. 352.
It will never do, iii. 361; vii. 367.
Italiam, Italiam! ii. 329.
Ithuriel’s spear, ix. 369.
J.
jackdaw just caught in a snare, And looks like a, etc., viii. 238.
Jacobin, Once a, etc., i. 430; iii. 110, 159.
Jacobin who writes in the Chronicle, the true, iii. 175.
Jacques, The melancholy, etc., xii. 285.
Jactet se in aulis, etc., iv. 71 n.
Je suis peintre, non pas teinturier, ix. 435.
jealous God, at sight of human ties, The, etc., xi. 147.
Jew that Shakespeare drew, the, i. 158.
jewels in his crisped hair, Like, xii. 450.
Job’s comforters, vii. 179.
John de Bologna, after he had finished, Thus, etc., vi. 140.
Johnny Keats, vii. 208.
jolly god in triumph comes, etc., the, v. 81.
jovial thigh, the, etc., xii. 196.
joys are lodged beyond the reach of fate, Those, vi. 23.
Joy, joy for ever, my task is done! etc., iv. 357.
judgment, after it has been long passive, the, etc., vi. 128.
judgment is really nothing but a sensation, xi. 86.
Juger est sentir, xi. 87.
Juno’s swans, link’d and inseparable, Like, xi. 472 n.
Jupiter tonans, xi. 308.
Justice is preferable to mercy, xi. 86, 88.
justify before his sovereign, he would not, etc., vi. 100.
justly called the Silent, viii. 13.
justly decried author, a, xi. 167.
K.
Kais is fled, and our tents are forlorn, for, etc., vi. 196.
Kean’s Othello is, we suppose, the finest piece of acting, viii. 414.
keeping his state, viii. 402.
kept in ponderous vases, are, x. 161.
kept like an apple, etc., xii. 171.
kept the even tenor of their way, have, vi. 44; viii. 123; x. 41.
kept under, or himself held up to derision, i. 147, 149.
key-stone that makes up the arch, ’Tis the last, etc., vi. 36; xi. 581.
kill at a blow, the two to, xii. 194.
killing langour, relieve the, etc., iii. 132; v. 357.
Kind and affable to me, etc., xii. 267.
King could live near such a man, no, i. 305.
King is but a king, a, etc., xi. 324.
king of good fellows and wale of old men, the, viii. 103.
kings, As kind as, etc., xii. 140.
Kings are naturally lovers of low company, vi. 159; xi. 442.
kings, if there were no more, etc., i. 387.
King’s Old Courtier, The, etc., iv. 232.
kings, the best of, i. 305; iii. 41.
Kingly Kensington, xii. 275.
Kiuprili, Had’st thou believ’d, etc., xi. 412.
kirk is gude, and the gallows is gude, The, etc., viii. 269.
knaves do work with, called a fool, which, xi. 415.
knavish but keen, iii. 60.
knight had ridden down from Wensley moor, etc., v. 157.
knight himself did after ride, The, etc., viii. 66.
know another well, were to know one’s self, vi. 316.
know my cue without a prompter, vii. 226.
know that I shall become that being, But I, vii. 395.
Know that which made him gracious in your eyes, etc., v. 290.
Know the return of Spring, xi. 317.
know to know no more, v. 67.
Know, virtue were not virtue if the joys, etc., ix. 431.
Know ye that lust of kingdoms hath no law, etc., v. 195.
knoweth whence it cometh, no man, etc., xii. 312.
knowledge, that had I all, etc., vi. 225.
knowledge, Though he should have all, etc., vii. 199; x. 208.
Koran and sugar! the, ix. 56 n.
L.
La ci darem, viii. 364.
La nuit envellopait les champs et les ramparts, etc., xi. 236.
la téte me tourne, etc., xi. 125.
laborious foolery, with, iv. 239; ix. 121, 332; xi. 289.
labour of love, ix. 223.
ladder of life, the, xi. 388.
lady of fashion would admire a star, etc., xi. 499.
lady of a manor, A certain, etc., i. 422; xi. 273 n.
laggard age, xii. 208.
Laid waste the borders and o’erthrew the bowers, iv. 282, 334; vi.
50; viii. 36.
Lancelot of the Lake, a bright romance, ’Twas etc., viii. 441.
landlady, the, and Tam grew gracious, etc., v. 129.
languages a man can speak, for the more, etc., vi. 70.
lapped in luxury, ix. 284.
large heart enclosed, in, xii. 303.
last objection, In regard to the, etc., vi. 141.
last of those bright clouds, the, ix. 477.
last of those fair clouds, the, that on the bosom of bright honour,
etc., v. 345. 369.
lasting woe, vii. 429.
latter end of this system of law, the, xi. 89.
laudator temporis acti, iv. 241.
laugh now who never laugh’d before; Let those, etc., viii. 469; xi.
316.
Laugh to-day and cry to-morrow, viii. 536.
laughed with Rabelais, etc., iv. 217.
Launched on the bosom of the silver Thames, xi. 505.
Law by which mankind suffers, etc., iii. 203.
law of laws, the, etc., iv. 203.
Laws are not, like women, the worse for being old, viii. 22; xii. 161
n.
laws of nature which are the laws of God, etc., iv. 295.
lawful monarch’s bleeding head, his, etc., viii. 309.
lay heavy burthens on the poor and needy, They, iv. 150.
lay the flattering unction, etc., xii. 230.
lay waste a country gentleman, viii. 36.
See Laid.
lay’d a body in the sun, Say I had, etc., vi. 315.
La père des humains voit sa nombreuse race, etc., xi. 233.
Le son des cloches, xii. 58 n.
lean pensioners, vii. 401.
Leaping like wanton kids in pleasant spring, vi. 172.
leaps at once to its effect, xii. 185.
learn her manner, To, etc., ix. 326.
learned the trick of imposing, iii. 16.
leave, oh, leave me to my repose! i. 84; vi. 71, 182, 249; viii. 313; xii.
121.
leave others poor indeed, xii. 219.
leave our country and ourselves, etc., xi. 353.
leave stings, vii. 287; ix. 72.
leave the will puzzled, etc., xi. 446.
Leave then the luggage of your fate behind, etc., v. 357.
leaving the things that are behind, etc., x. 195.
leaving the world no copy, viii. 272.
leaves in October, like, viii. 142.
leaves our passions, afloat, etc., iii. 92.
leer malign, with jealous, xii. 43, 287, 387.
left its little life in air, it, xii. 322.
left the sitting part, he, of the man behind him, viii. 17.
leg? Can it set a, etc., i. 6.
lend it both an understanding, etc., xii. 55.
Lend us a knee, etc., v. 257.
Les Francs à chaque instant voient de nouveaux guerriers, xi. 232.
lest it should be hurried over the precipice, etc., vi. 156.
lest the courtiers offended should be, iii. 45; viii. 457.
Let Europe and her pallid sons go weep, etc., v. 115.
Let go thy hold, etc., iii, 192.
Let honour and preferment go, etc., xii. 323.
Let loose the greyhound, and lock up Hoyden, vi. 414; viii. 82.
Let me not like a worm go by the way, v. 30; xi. 506.
let me light my pipe at her eyes, xii. 455.
Let modest Foster if he will, excel, etc., vi. 367.
Let no rude hand deface it, etc., vi. 89; viii. 91.
Let not rage thy bosom firing, viii. 248, 320.
Let the event, that never-erring arbitrator, tell us, v. 258.
let there be light, viii. 298.
Let those laugh now who never laugh’d before, etc., viii. 469; xi.
316.
letting contemplation have its fill, iv. 215.
leurre de dupe, iv. 5; vii. 225.
Leviathan among all the creatures, the, etc., vii. 276; viii. 32.
Leviathan, the, tumbling about his unwieldy bulk, vii. 13.
liar of the first magnitude, v. 279.
liberalism—lovely liberalism, ix. 233.
liberty was merely a custom of England, xii. 215.
Liceat, quæso, populo, etc., iii. 299.
license of the time, viii. 186.
lie is most unfruitful, The, etc., viii. 456.
lies about us in our infancy, that, i. 250; x. 358.
life, a thing of, ix. 177, 225; xi. 504.
life an exact piece would make, Who to the, etc., ix, 326.
life and death in disproportion met, Like, vi. 96; xii. 127.
life, From the last dregs of, etc., xii. 159.
life is best, This, etc., xii. 321.
Life is a pure flame, etc., xii. 150.
Life knows no return of spring, vi. 292.
life of life was flown, when all the, vi. 24; xii. 159.
Life! thou strange thing, etc., xii. 152.
ligament, fine as it was, that, etc., vii. 227; xi. 306.
light as a bird, as, etc., iii. 313.
light, But once put out their, etc., xi. 197.
light, her glorious, ix. 316.
like a surgeon’s skeleton in a glass case, viii. 350.
Like a tall bully, ix. 482.
Like a worm goes by the way, xi. 514.
Like angel’s visits, few, and far between, iv. 346 and n.; v. 150 and
n.; vii. 38.
Like as the sun-burnt Indians do array, etc., xi. 334.
like Cato, gave his little senate laws, iv. 202.
like importunate Guinea fowls, one note day and night, iii. 60; xi.
338.
like it because it is not vulgar, I, vi. 160.
Like kings who lose the conquest gain’d before, etc., viii. 425.
like master like man, xii. 132.
like morning brought by night, v. 150.
Like old importment’s bastard, v. 258.
Like proud seas under him, iv. 260; vii. 274.
Like Samson his green wythes, xii. 128.
Like some celestial sweetness, the treasure of soft love, v. 253.
Like strength reposing on his own right arm, v. 189.
Like the high leaves upon the holly tree, iii. 232; iv. 268.
Like the swift Alpine torrent, etc., x. 73.
Like to the falling of a star, etc., v. 296.
liked a comedy, better than a tragedy, He, etc., viii. 25.
lily on its stalk green, the, v. 296.
limited fertility and a limited earth, iv. 294.
limner’s art may trace the absent feature, Yes, the, viii. 305.
Linden, when the sun was low, On, etc., iv. 347.
line too labours and the thoughts move slow, The, etc., viii. 313,
331.
line upon line, and precept upon precept, x. 314.
lines are equally good, All his, etc., viii. 287.
Linked each to each by natural piety, xi. 520.
link of peaceful commerce ’twixt dividable shores, i. 144.
liquid texture, mortal wound, And in its, etc., iii. 350.
lisped in numbers, iv. 215; v. 79; xii. 29.
little leaven leaveneth the whole lump, iv. 267.
little man and he had a little soul, There was a, iv. 358 n.
little man, but of high fancy, A, etc., vii. 203.
little sneering sophistries of a collegian, the, xi. 123.
little spot of green, i. 18; v. 100.
little things are great to little man, These, etc., vi. 226.
Little think’st thou, poor flower, etc., viii. 51.
Little think’st thou, poor heart, viii. 52.
Little Will, the scourge of France, etc., v. 106.
live and move and have their being, they, vi. 190.
live, if this may life be called, Yea, thus they, etc., viii. 307.
live in his description, iv. 337; vi. 53.
live to please, he must, etc., viii. 433.
live to think, etc., xii. 147.
lively, audible, etc., xii. 130.
lively sense of future favours, a, viii. 17.
lives and fortunes men, vii. 364; xi. 437.
living with them, There is no, etc., vii. 300.
Lo, here be pardons half a dozen, etc., v. 277.
lobster, like the lady in the, viii. 430.
Lochiel, a far cry to, viii. 425.

Full Chapter Security and Privacy in Communication Networks 16Th Eai International Conference Securecomm 2020 Washington DC Usa October 21 23 2020 Proceedings Part I Noseong Park PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Full Chapter Security and Privacy in Communication Networks 16Th Eai International Conference Securecomm 2020 Washington DC Usa October 21 23 2020 Proceedings Part I Noseong Park PDF

Uploaded by

Copyright:

Available Formats

Security and Privacy in Communication

Networks 16th EAI International

Security and Privacy in Communication Networks 16th EAI

Security and Privacy in Communication Networks 15th EAI

Social Cultural and Behavioral Modeling 13th

Security and Privacy in Communication Networks 14th

Security and Privacy in Communication Networks 14th

Intelligent Computing Theories and Application 16th

Computer Aided Verification 32nd International

Applied Cryptography and Network Security 18th

Security and Privacy

Editorial Board Members

Sara Foresti Kevin Butler

Nitesh Saxena (Eds.)

Security and Privacy

ISSN 1867-8211 ISSN 1867-822X (electronic)

October 2020 Kun Sun

TPC Chair and Co-chair

Sponsorship and Exhibit Chair

Publicity and Social Media Chairs

Technical Program Committee

Qiang Tang New Jersey Institute of Technology, USA

Email Address Mutation for Proactive Deterrence Against Lateral

ThreatZoom: Hierarchical Neural Network for CVEs

Detecting Dictionary Based AGDs Based on Community Detection . . . . . . . 42

On the Accuracy of Measured Proximity of Bluetooth-Based Contact

A Formal Verification of Configuration-Based Mutation Techniques

Coronavirus Contact Tracing App Privacy: What Data Is Shared

The Maestro Attack: Orchestrating Malicious Flows with BGP . . . . . . . . . . . 97

pyDNetTopic: A Framework for Uncovering What Darknet Market Users

MisMesh: Security Issues and Challenges in Service Meshes . . . . . . . . . . . . 140

MAAN: A Multiple Attribute Association Network for Mobile Encrypted

Assessing Adaptive Attacks Against Trained JavaScript Classifiers . . . . . . . . 190

An Encryption System for Securing Physical Signals. . . . . . . . . . . . . . . . . . 211

A Cooperative Jamming Game in Wireless Networks Under Uncertainty . . . . 233

SmartSwitch: Efficient Traffic Obfuscation Against Stream Fingerprinting . . . 255

Misreporting Attacks in Software-Defined Networking. . . . . . . . . . . . . . . . . 276

A Study of the Privacy of COVID-19 Contact Tracing Apps . . . . . . . . . . . . 297

Best-Effort Adversarial Approximation of Black-Box Malware Classifiers . . . 318

Review Trade: Everything Is Free in Incentivized Review Groups. . . . . . . . . 339

Integrity: Finding Integer Errors by Targeted Fuzzing . . . . . . . . . . . . . . . . . 360

Improving Robustness of a Popular Probabilistic Clustering Algorithm

Automated Bystander Detection and Anonymization

SmartWiFi: Universal and Secure Smart Contract-Enabled WiFi Hotspot . . . . 425

ByPass: Reconsidering the Usability of Password Managers . . . . . . . . . . . . . 446

Anomaly Detection on Web-User Behaviors Through Deep Learning . . . . . . 467

Identity Armour: User Controlled Browser Security. . . . . . . . . . . . . . . . . . . 474

Connecting Web Event Forecasting with Anomaly Detection: A Case Study

Performance Analysis of Elliptic Curves for VoIP Audio Encryption Using

TCNN: Two-Way Convolutional Neural Network for Image Steganalysis . . . 509

PrivyTRAC – Privacy and Security Preserving Contact Tracing System . . . . . 515

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

A Practical Machine Learning-Based Framework to Detect DNS Covert

CacheLoc: Leveraging CDN Edge Servers for User Geolocation . . . . . . . . . . 22

Modeling Mission Impact of Cyber Attacks on Energy Delivery Systems. . . . 41

Identifying DApps and User Behaviors on Ethereum via Encrypted Traffic . . . 62

TransNet: Unseen Malware Variants Detection Using Deep

A Brokerage Approach for Secure Multi-Cloud Storage

On the Effectiveness of Behavior-Based Ransomware Detection . . . . . . . . . . 120

Share Withholding in Blockchain Mining. . . . . . . . . . . . . . . . . . . . . . . . . . 161

PEDR: A Novel Evil Twin Attack Detection Scheme Based on Phase

Differentially Private Social Graph Publishing for Community Detection . . . . 208

LaaCan: A Lightweight Authentication Architecture for Vehicle Controller