49,816 research outputs found
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
As ISPs face IPv4 address scarcity they increasingly turn to network address
translation (NAT) to accommodate the address needs of their customers.
Recently, ISPs have moved beyond employing NATs only directly at individual
customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply
address translation to many independent and disparate endpoints spanning
physical locations, a phenomenon that so far has received little in the way of
empirical assessment. In this work we present a broad and systematic study of
the deployment and behavior of these middleboxes. We develop a methodology to
detect the existence of hosts behind CGNs by extracting non-routable IP
addresses from peer lists we obtain by crawling the BitTorrent DHT. We
complement this approach with improvements to our Netalyzr troubleshooting
service, enabling us to determine a range of indicators of CGN presence as well
as detailed insights into key properties of CGNs. Combining the two data
sources we illustrate the scope of CGN deployment on today's Internet, and
report on characteristics of commonly deployed CGNs and their effect on end
users
Do galaxies that leak ionizing photons have extreme outflows?
To reionize the early universe, high-energy photons must escape the galaxies
that produce them. It has been suggested that stellar feedback drives galactic
outflows out of star-forming regions, creating low density channels through
which ionizing photons escape into the inter-galactic medium. We compare the
galactic outflow properties of confirmed Lyman continuum (LyC) leaking galaxies
to a control sample of nearby star-forming galaxies to explore whether the
outflows from leakers are extreme as compared to the control sample. We use
data from the Cosmic Origins Spectrograph on the Hubble Space Telescope to
measure the equivalent widths and velocities of Si II and Si III absorption
lines, tracing neutral and ionized galactic outflows. We find that the Si II
and Si III equivalent widths of the LyC leakers reside on the low-end of the
trend established by the control sample. The leakers' velocities are not
statistically different than the control sample, but their absorption line
profiles have a different asymmetry: their central velocities are closer to
their maximum velocities. The outflow kinematics and equivalent widths are
consistent with the scaling relations between outflow properties and host
galaxy properties -- most notably metallicity -- defined by the control sample.
Additionally, we use the Ly\alpha\ profiles to show that the Si II equivalent
width scales with the Ly\alpha\ peak velocity separation. We determine that the
low equivalent widths of the leakers are likely driven by low metallicities and
low H I column densities, consistent with a density-bounded ionization region,
although we cannot rule out significant variations in covering fraction. While
we do not find that the LyC leakers have extreme outflow velocities, the low
maximum-to-central velocity ratios demonstrate the importance of the
acceleration and density profiles for LyC and Ly\alpha\ escape. [abridged]Comment: 17 pages, 8 Figures. Accepted for publication in Astronomy &
Astrophysic
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
It is well known that apps running on mobile devices extensively track and
leak users' personally identifiable information (PII); however, these users
have little visibility into PII leaked through the network traffic generated by
their devices, and have poor control over how, when and where that traffic is
sent and handled by third parties. In this paper, we present the design,
implementation, and evaluation of ReCon: a cross-platform system that reveals
PII leaks and gives users control over them without requiring any special
privileges or custom OSes. ReCon leverages machine learning to reveal potential
PII leaks by inspecting network traffic, and provides a visualization tool to
empower users with the ability to control these leaks via blocking or
substitution of PII. We evaluate ReCon's effectiveness with measurements from
controlled experiments using leaks from the 100 most popular iOS, Android, and
Windows Phone apps, and via an IRB-approved user study with 92 participants. We
show that ReCon is accurate, efficient, and identifies a wider range of PII
than previous approaches.Comment: Please use MobiSys version when referencing this work:
http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob
A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization
Existing Android malware detection approaches use a variety of features such
as security sensitive APIs, system calls, control-flow structures and
information flows in conjunction with Machine Learning classifiers to achieve
accurate detection. Each of these feature sets provides a unique semantic
perspective (or view) of apps' behaviours with inherent strengths and
limitations. Meaning, some views are more amenable to detect certain attacks
but may not be suitable to characterise several other attacks. Most of the
existing malware detection approaches use only one (or a selected few) of the
aforementioned feature sets which prevent them from detecting a vast majority
of attacks. Addressing this limitation, we propose MKLDroid, a unified
framework that systematically integrates multiple views of apps for performing
comprehensive malware detection and malicious code localisation. The rationale
is that, while a malware app can disguise itself in some views, disguising in
every view while maintaining malicious intent will be much harder.
MKLDroid uses a graph kernel to capture structural and contextual information
from apps' dependency graphs and identify malice code patterns in each view.
Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted
combination of the views which yields the best detection accuracy. Besides
multi-view learning, MKLDroid's unique and salient trait is its ability to
locate fine-grained malice code portions in dependency graphs (e.g.,
methods/classes). Through our large-scale experiments on several datasets
(incl. wild apps), we demonstrate that MKLDroid outperforms three
state-of-the-art techniques consistently, in terms of accuracy while
maintaining comparable efficiency. In our malicious code localisation
experiments on a dataset of repackaged malware, MKLDroid was able to identify
all the malice classes with 94% average recall
- …