Reconceptualising adaptation to climate change as part of pathways of change and response

The need to adapt to climate change is now widely recognised as evidence of its impacts on social and natural systems grows and greenhouse gas emissions continue unabated. Yet efforts to adapt to climate change, as reported in the literature over the last decade and in selected case studies, have not led to substantial rates of implementation of adaptation actions despite substantial investments in adaptation science. Moreover, implemented actions have been mostly incremental and focused on proximate causes; there are far fewer reports of more systemic or transformative actions. We found that the nature and effectiveness of responses was strongly influenced by framing. Recent decision-oriented approaches that aim to overcome this situation are framed within a "pathways" metaphor to emphasise the need for robust decision making within adaptive processes in the face of uncertainty and inter-temporal complexity. However, to date, such "adaptation pathways" approaches have mostly focused on contexts with clearly identified decision-makers and unambiguous goals; as a result, they generally assume prevailing governance regimes are conducive for adaptation and hence constrain responses to proximate causes of vulnerability. In this paper, we explore a broader conceptualisation of "adaptation pathways" that draws on 'pathways thinking' in the sustainable development domain to consider the implications of path dependency, interactions between adaptation plans, vested interests and global change, and situations where values, interests, or institutions constrain societal responses to change. This re-conceptualisation of adaptation pathways aims to inform decision makers about integrating incremental actions on proximate causes with the transformative aspects of societal change. Case studies illustrate what this might entail. The paper ends with a call for further exploration of theory, methods and procedures to operationalise this broader conceptualisation of adaptation

Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks

Malware still constitutes a major threat in the cybersecurity landscape, also due to the widespread use of infection vectors such as documents. These infection vectors hide embedded malicious code to the victim users, facilitating the use of social engineering techniques to infect their machines. Research showed that machine-learning algorithms provide effective detection mechanisms against such threats, but the existence of an arms race in adversarial settings has recently challenged such systems. In this work, we focus on malware embedded in PDF files as a representative case of such an arms race. We start by providing a comprehensive taxonomy of the different approaches used to generate PDF malware, and of the corresponding learning-based detection systems. We then categorize threats specifically targeted against learning-based PDF malware detectors, using a well-established framework in the field of adversarial machine learning. This framework allows us to categorize known vulnerabilities of learning-based PDF malware detectors and to identify novel attacks that may threaten such systems, along with the potential defense mechanisms that can mitigate the impact of such threats. We conclude the paper by discussing how such findings highlight promising research directions towards tackling the more general challenge of designing robust malware detectors in adversarial settings

Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery

Over the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our vision and scientific posture on how artificial intelligence techniques and a smart use of security knowledge may assist system administrators in better defending their networks. To that end, we put forward a research roadmap involving three complimentary axes, namely, (I) the use of FCA-based mechanisms for managing configuration vulnerabilities, (II) the exploitation of knowledge representation techniques for automated security reasoning, and (III) the design of a cyber threat intelligence mechanism as a CKDD process. Then, we describe a machine-assisted process for cyber threat analysis which provides a holistic perspective of how these three research axes are integrated together

Adversarial Detection of Flash Malware: Limitations and Open Issues

During the past four years, Flash malware has become one of the most insidious threats to detect, with almost 600 critical vulnerabilities targeting Adobe Flash disclosed in the wild. Research has shown that machine learning can be successfully used to detect Flash malware by leveraging static analysis to extract information from the structure of the file or its bytecode. However, the robustness of Flash malware detectors against well-crafted evasion attempts - also known as adversarial examples - has never been investigated. In this paper, we propose a security evaluation of a novel, representative Flash detector that embeds a combination of the prominent, static features employed by state-of-the-art tools. In particular, we discuss how to craft adversarial Flash malware examples, showing that it suffices to manipulate the corresponding source malware samples slightly to evade detection. We then empirically demonstrate that popular defense techniques proposed to mitigate evasion attempts, including re-training on adversarial examples, may not always be sufficient to ensure robustness. We argue that this occurs when the feature vectors extracted from adversarial examples become indistinguishable from those of benign data, meaning that the given feature representation is intrinsically vulnerable. In this respect, we are the first to formally define and quantitatively characterize this vulnerability, highlighting when an attack can be countered by solely improving the security of the learning algorithm, or when it requires also considering additional features. We conclude the paper by suggesting alternative research directions to improve the security of learning-based Flash malware detectors

MASTER’S PROJECT: CHALLENGING STRUCTURAL RACISM IN PHILANTHROPY THROUGH CREATIVE EXPRESSION AND DEEP LISTENING

This capstone project is an account of a personal transformation journey that started in March of 2017. It follows my deep and personal exploration of challenging systemic racism as I spoke with many leaders in the philanthropic and artistic communities. In addition, I created artwork to help incorporate and synthesize my emotions around white supremacy and process what I was learning. The qualitative information that was gathered was abundant and the supporting art journaling technique was useful in the translation of that information

Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning

Learning-based pattern classifiers, including deep networks, have shown impressive performance in several application domains, ranging from computer vision to cybersecurity. However, it has also been shown that adversarial input perturbations carefully crafted either at training or at test time can easily subvert their predictions. The vulnerability of machine learning to such wild patterns (also referred to as adversarial examples), along with the design of suitable countermeasures, have been investigated in the research field of adversarial machine learning. In this work, we provide a thorough overview of the evolution of this research area over the last ten years and beyond, starting from pioneering, earlier work on the security of non-deep learning algorithms up to more recent work aimed to understand the security properties of deep learning algorithms, in the context of computer vision and cybersecurity tasks. We report interesting connections between these apparently-different lines of work, highlighting common misconceptions related to the security evaluation of machine-learning algorithms. We review the main threat models and attacks defined to this end, and discuss the main limitations of current work, along with the corresponding future challenges towards the design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201

Scaling Success: Lessons from Adaptation Pilots in the Rainfed Regions of India

"Scaling Success" examines how agricultural communities are adapting to the challenges posed by climate change through the lens of India's rainfed agriculture regions. Rainfed agriculture currently occupies 58 percent of India's cultivated land and accounts for up to 40 percent of its total food production. However, these regions face potential production losses of more than $200 billion USD in rice, wheat, and maize by 2050 due to the effects of climate change. Unless action is taken soon at a large scale, farmers will see sharp decreases in revenue and yields.Rainfed regions across the globe have been an important focus for the first generation of adaptation projects, but to date, few have achieved a scale that can be truly transformational. Drawing on lessons learnt from 21 case studies of rainfed agriculture interventions, the report provides guidance on how to design, fund and support adaptation projects that can achieve scale

Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 1

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. Part 2: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines