Detection of Intrusions and Malware, and Vulnerability Assessment 18th International Conference, DIMVA 2021, Virtual Event, July 14–16, 2021, Proceedings

This book constitutes the proceedings of the 18th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2021, held virtually in July 2021.

The 18 full papers and 1 short paper presented in this volume were carefully reviewed and selected from 65 submissions. DIMVA serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas.

Chapter “SPECULARIZER: Detecting Speculative Execution Attacks via Performance Tracing” is available open access under a Creative Commons Attribution 4.0 International License via link.springer.com.

You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures.- The Full Gamut of an Attack: An Empirical Analysis of OAuth CSRF in the Wild.- Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs.- Digging Deeper: An Analysis of Domain Impersonation in the Lower DNS Hierarchy.- Help, my Signal has bad Device! - Breaking the Signal Messenger's Post-Compromise Security through a Malicious Device.- Refined Grey-Box Fuzzing with Sivo.- SCRUTINIZER: Detecting Code Reuse in Malware via Decompilation and Machine Learning.- SPECULARIZER: Uncovering Speculative Execution Attacks via Performance Tracing in Commodity Hardware.- Aion Attacks: Exposing Software Timer Problem in Trusted Execution Environment.- Third-Eye: Practical and Context-Aware Inference of Causal Relationship Violations in Commodity Kernels.- Find My Sloths: Automated Comparative Analysis of How Real Enterprise Computers Keep Up with the Software Update Races.- FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security.- Introspect Virtual Machines Like It Is the Linux Kernel!.- Calibration Done Right: Noiseless Flush+Flush Attacks.- Zero Footprint Opaque Predicates: Synthesizing Opaque Predicates From Naturally Occurring Invariants.- PetaDroid: Adaptive Android Malware Detection using Deep Learning.- Spotlight on Phishing: A Longitudinal Study on Phishing Awareness Trainings.- Extended Abstract: A First Large-scale Analysis on Usage of MTA-STS.- Centy: Scalable Server-side Web Integrity Verification System Based on Fuzzy Hashes.