462 research outputs found

    Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization

    Full text link
    In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20\% of total network attacks, making them the most prevalent type of attack ex-aequo with browser based vulnerabilities. These attacks have sometimes catastrophic consequences, and understanding their fundamental limits may play an important role in the risk assessment of password-secured systems, and in the design of better security protocols. While some solutions exist to prevent online brute-force attacks that arise from one single IP address, attacks performed by botnets are more challenging. In this paper, we analyze these distributed attacks by using a simplified model. Our aim is to understand the impact of distribution and asynchronization on the overall computational effort necessary to breach a system. Our result is based on Guesswork, a measure of the number of queries (guesses) required of an adversary before a correct sequence, such as a password, is found in an optimal attack. Guesswork is a direct surrogate for time and computational effort of guessing a sequence from a set of sequences with associated likelihoods. We model the lack of synchronization by a worst-case optimization in which the queries made by multiple adversarial agents are received in the worst possible order for the adversary, resulting in a min-max formulation. We show that, even without synchronization, and for sequences of growing length, the asymptotic optimal performance is achievable by using randomized guesses drawn from an appropriate distribution. Therefore, randomization is key for distributed asynchronous attacks. In other words, asynchronous guessers can asymptotically perform brute-force attacks as efficiently as synchronized guessers.Comment: Accepted to IEEE Transactions on Information Forensics and Securit

    Unachievable Region in Precision-Recall Space and Its Effect on Empirical Evaluation

    Get PDF
    Precision-recall (PR) curves and the areas under them are widely used to summarize machine learning results, especially for data sets exhibiting class skew. They are often used analogously to ROC curves and the area under ROC curves. It is known that PR curves vary as class skew changes. What was not recognized before this paper is that there is a region of PR space that is completely unachievable, and the size of this region depends only on the skew. This paper precisely characterizes the size of that region and discusses its implications for empirical evaluation methodology in machine learning.Comment: ICML2012, fixed citations to use correct tech report numbe

    Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization

    Get PDF
    In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20% of total network attacks, making them the most prevalent type of attack ex-aequo with browser based vulnerabilities. These attacks have sometimes catastrophic consequences, and understanding their fundamental limits may play an important role in the risk assessment of password-secured systems, and in the design of better security protocols. While some solutions exist to prevent online brute-force attacks that arise from one single IP address, attacks performed by botnets are more challenging. In this paper, we analyze these distributed attacks by using a simplified model. Our aim is to understand the impact of distribution and asynchronization on the overall computational effort necessary to breach a system. Our result is based on Guesswork, a measure of the number of password queries (guesses) before the correct one is found in an optimal attack, which is a direct surrogate for the time and the computational effort. We model the lack of synchronization by a worst-case optimization in which the queries are received in the worst possible order, resulting in a min-max formulation. We show that even without synchronization and for sequences of growing length, the asymptotic optimal performance is achievable by using randomized guesses drawn from an appropriate distribution. Therefore, randomization is key for distributed asynchronous attacks. In other words, asynchronous guessers can asymptotically perform brute-force attacks as efficiently as synchronized guessers.Comment: 13 pages, 4 figure

    Enhancing Diversity in the Nursing Workforce: An Evaluation of Multicare’s Nurse Pipeline Program

    Get PDF
    Associations exist between poor racial/ethnic representation in the healthcare workforce and lower quality of care, increased disability and mortality in communities of color (Jones et al., 2021; The Sullivan Commission 2004). Research supports that pipeline programs introducing underrepresented students to careers in nursing and allied health are effective at increasing diversity in nursing, student self-efficacy and influence them toward such careers in healthcare (Butler & Ampadu, 2020; Crews et al., 2020; Mei et al., 2022). This study is a program evaluation utilizing a descriptive mixed methods survey to assess the influence of Multicare’s nurse camp on alumni from the 2016-2020 cohorts. 489 eligible alumni were sent a 30 item Qualtrics survey collecting demographic data, career data, self-efficacy scores utilizing Chen et al.’s (2001) New General Self-Efficacy scale and short answer questions collecting qualitative data on program influence and barriers to careers in nursing for underrepresented students. 111 responses were received with 88% of all respondents reporting intent to pursue careers in nursing or healthcare. The mean self-efficacy scores for all alumni was 35.82/40 signifying high self-efficacy. Job shadowing and hands-on skills were the most influential experiences from camp. Barriers to pursuing nursing include challenging college applications, financial constraints and changes to the educational landscape due to the COVID-19 pandemic. Multicare’s nurse camp is effective at recruiting underrepresented students and influencing them towards careers in nursin

    A Review of Adversarial Attacks in Computer Vision

    Full text link
    Deep neural networks have been widely used in various downstream tasks, especially those safety-critical scenario such as autonomous driving, but deep networks are often threatened by adversarial samples. Such adversarial attacks can be invisible to human eyes, but can lead to DNN misclassification, and often exhibits transferability between deep learning and machine learning models and real-world achievability. Adversarial attacks can be divided into white-box attacks, for which the attacker knows the parameters and gradient of the model, and black-box attacks, for the latter, the attacker can only obtain the input and output of the model. In terms of the attacker's purpose, it can be divided into targeted attacks and non-targeted attacks, which means that the attacker wants the model to misclassify the original sample into the specified class, which is more practical, while the non-targeted attack just needs to make the model misclassify the sample. The black box setting is a scenario we will encounter in practice
    • …
    corecore