Combatting Advanced Persistent Threat via Causality Inference and Program Analysis

Cyber attackers are becoming more and more sophisticated. In particular, Advanced Persistent Threat (APT) is a new class of attack that targets a specifc organization and compromises systems over a long time without being detected. Over the years, we have seen notorious examples of APTs including Stuxnet which disrupted Iranian nuclear centrifuges and data breaches affecting millions of users. Investigating APT is challenging as it occurs over an extended period of time and the attack process is highly sophisticated and stealthy. Also, preventing APTs is diffcult due to ever-expanding attack vectors. In this dissertation, we present proposals for dealing with challenges in attack investigation. Specifcally, we present LDX which conducts precise counter-factual causality inference to determine dependencies between system calls (e.g., between input and output system calls) and allows investigators to determine the origin of an attack (e.g., receiving a spam email) and the propagation path of the attack, and assess the consequences of the attack. LDX is four times more accurate and two orders of magnitude faster than state-of-the-art taint analysis techniques. Moreover, we then present a practical model-based causality inference system, MCI, which achieves precise and accurate causality inference without requiring any modifcation or instrumentation in end-user systems. Second, we show a general protection system against a wide spectrum of attack vectors and methods. Specifcally, we present A2C that prevents a wide range of attacks by randomizing inputs such that any malicious payloads contained in the inputs are corrupted. The protection provided by A2C is both general (e.g., against various attack vectors) and practical (7% runtime overhead)

The Horizon Run 5 Cosmological Hydrodynamic Simulation: Probing Galaxy Formation from Kilo- to Giga-parsec Scales

Horizon Run 5 (HR5) is a cosmological hydrodynamical simulation which captures the properties of the Universe on a Gpc scale while achieving a resolution of 1kpc. Inside the simulation box we zoom-in on a high-resolution cuboid region with a volume of 1049×114×114cMpc3.The sub-grid physics chosen to model galaxy formation includes radiative heating/cooling, UV background, star formation, supernova feedback, chemical evolution tracking the enrichment of oxygen and iron, the growth of supermassive black holes and feedback from active galactic nuclei (AGN) in the form of a dual jet-heating mode. For this simulation we implemented a hybrid MPI-OMP version of RAMSES, specifically targeted for modern many-core many thread parallel architectures. In addition to the traditional simulation snapshots, light-cone data was generated on the fly. For the post-processing, we extended the Friends-of-Friend (FoF) algorithm and developed a new galaxy finder PGalF to analyse the outputs of HR5. The simulation successfully reproduces observations, such as the cosmic star formation history and connectivity of galaxy distribution, We identify cosmological structures at a wide range of scales, from filaments with a length of several cMpc, to voids with a radius of ~100 cMpc. The simulation also indicates that hydrodynamical effects on small scales impact galaxy clustering up to very large scales near and beyond the baryonic acoustic oscillation (BAO) scale. Hence, caution should be taken when using that scale as a cosmic standard ruler: one needs to carefully understand the corresponding biases. The simulation is expected to be an invaluable asset for the interpretation of upcoming deep surveys of the Universe

Combatting Advanced Persistent Threat via Causality Inference and Program Analysis

Cyber attackers are becoming more and more sophisticated. In particular, Advanced Persistent Threat (APT) is a new class of attack that targets a specific organization and compromises systems over a long time without being detected. Over the years, we have seen notorious examples of APTs including Stuxnet which disrupted Iranian nuclear centrifuges and data breaches affecting millions of users. Investigating APT is challenging as it occurs over an extended period of time and the attack process is highly sophisticated and stealthy. Also, preventing APTs is difficult due to ever-expanding attack vectors. In this dissertation, we present proposals for dealing with challenges in attack investigation. Specifically, we present \ldx which conducts precise counter-factual causality inference to determine dependencies between system calls (e.g., between input and output system calls) and allows investigators to determine the origin of an attack (e.g., receiving a spam email) and the propagation path of the attack, and assess the consequences of the attack. \ldx is four times more accurate and two orders of magnitude faster than state-of-the-art taint analysis techniques. Moreover, we then present a practical model-based causality inference system, \mci, which achieves precise and accurate causality inference without requiring any modification or instrumentation in end-user systems. Second, we show a general protection system against a wide spectrum of attack vectors and methods. Specifically, we present \atoc that prevents a wide range of attacks by randomizing inputs such that any malicious payloads contained in the inputs are corrupted. The protection provided by \atoc is both general (e.g., against various attack vectors) and practical (7\% runtime overhead)

Fast Prediction of Dynamic IR-Drop Using Recurrent U-Net Architecture

Recurrent U-Net (RU-Net) is employed for fast prediction of dynamic IR-drop when power distribution network (PDN) contains capacitor components. Each capacitor can be modeled by a resistor and a current source, which is a function of v(t-Δt) node voltages at time t - Δt allow the PDN to be solved at time t which then allows the analysis at t + Δt and so on. Provided that a quick prediction of IR-drop at one time instance can be done by U-Net, a image segmentation model, the analysis of PDN containing capacitors can be done by a number of U-Net instances connected in series, which become RU-Net architecture. Four input maps (effective PDN resistance map, PDN capacitance map, current map, and power pad distance map) are extracted from each layout clip, and are provided to RU-Net for IR-drop prediction. Experiments demonstrate that the proposed IR-drop prediction using the RU-Net is faster than a commercial tool by 16 times with about 12% error, while a simple U-Net-based prediction yields 19% error due to its inability to consider capacitors

Matrix-OPC with fast MEEF prediction using artificial neural network

Matrix-OPC is used to mathematically derive mask bias using mask error enhancement factor (MEEF) matrix. Since MEEF denotes the edge placement error (EPE) change of segment induced by unit mask bias of its neighbor segment, exact MEEF calculation requires lithography simulation before and after perturbing neighbor segments. Therefore, MEEF calculation is a computationally expensive process, which leads to matrix-OPC being applied to only some critical regions in a layout. We propose fast MEEF prediction using an artificial neural network (ANN). MEEF represents the effect of one segment on another, so polar Fourier transform signals extracted from both segments are used as input of ANN. Also, the distance between two segments and the direction of each segment is used as input of ANN. Predicted MEEFs are used to construct MEEF matrices and matrix-OPC is used to derive mask biases. Experimental results show that proposed MEEF prediction is 3.7 times faster than exact MEEF calculation, thus matrix-OPC with predicted MEEFs is 30% faster than matrix-OPC with exact MEEFs

Fast ECO leakage optimization using graph convolutional network

At the very late design stage, engineering change order (ECO) leakage optimization is often performed to swap some cells for the ones with lower leakage, e.g. the cells with higher threshold voltage (Vth) or with longer gate length. It is very effective but time consuming due to iterative nature of swap and timing check with correction. We introduce a graph convolutional network (GCN) for quick ECO leakage optimization. GCN receives a number of input parameters that model the current timing information of a netlist as well as the connectivity of the cells in a form of a weighted connectivity matrix. Once it is trained, GCN predicts exact Vth (with Vth given by commercial ECO leakage optimization as a reference) of 83% of cells, on average of test circuits. The remaining 17% of cells are responsible for some negative timing slack. To correct such timing as well as to remove any minimum implant width (MIW) violations, we propose a heuristic Vth reassignment. The combined GCN and heuristic achieve 52% reduction of leakage, which can be compared to 61% reduction from commercial ECO, but with less than half of runtime

Optical proximity correction using bidirectional recurrent neural network (BRNN)

Machine learning (ML) techniques have been applied for quick optical proximity correction (OPC) processing. A key limitation of previous ML-OPC approaches lies in the fact that a layout segment is corrected while the correction result for other segments is not reflected yet. Bidirectional recurrent neural network (BRNN) model is adopted in this paper to alleviate this problem. BRNN consists of multiple neural network instances, which are serially linked through hidden layer connections in both forward- A nd backward-directions. Each instance corresponds to one layout segment, so BRNN processing corrects a group of nearby segments together. Two key problems are identified and addressed: Mapping between layout segments and neural network instances, and network input features. In experiments, BRNN-OPC achieves 3.9nm average EPE for test M1 layout, which can be compared to 6.7nm average EPE from state-of-the-art ML-OPC method