45 research outputs found
Computational Science, Demystified...the Future, Revealed...and CiSE, 2013
What are some of the exciting avenues that computational science is exploring, and how can we best give a voice to such emerging ideas
Report of the 2014 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure
This event was supported in part by the National Science Foundation under Grant Number 1234408. Any opinions, findings, and conclusions or recommendations expressed at the event or in this report are those of the authors and do not necessarily reflect the views of the National Science Foundation
Recommended from our members
In Search of a “Fair Explanation”: Helping Young People to Consider the Possibilities, Limitations, and Risks of Computer- and Data-Mediated Systems
Significant resources have been directed towards K-12 computing and data education over the past ten years, as part of what has come to be known as the CSforAll initiative. This initiative has focused on raising awareness of computing education among parents and students, developing situated learning progressions that resonate with many different interests and pursuits, training teachers, and addressing issues of underrepresentation in computing among females and racial minorities. In this dissertation, I argue that as the CSforAll initiative continues to expand, it is important for the education community to also reflect on the forms of knowledge that are believed to be essential, and the presumed benefits of computing and data education. Specifically, how might the goal of producing citizens with robust computing and data literacies change what is considered to be fundamental to a computing education; as well as the kinds of contexts in which computing and data science are situated?I use the term sociotechnical literacy to name this vision for computing education, which I define as a broad set of social and technical practices, strategies, ideas, and dispositions that can help people to reason about the computer-mediated systems that shape their everyday lives. As the term suggests, I argue that it is important for learners to engage with technical ideas as well as their social applications and implications. To examine what this might mean for teaching and learning, I describe two design experiments that I conducted with young people (ages 14 – 22). Each approach aimed to make the applications of computing primary (rather than treating applications as the backdrop from which the abstractions of computation are motivated), so that learners could examine some of the specific ways in which data and computing might be directed to particular goals, subject to real possibilities and constraints, and in relation to alternative forms of participation. I examine the possibilities and limitations of each approach. I also analyze some of the assumptions that framed the design experiments – which were naïve, but also reflective of a broader ethos that pervades CSforAll. I reflect on what these studies collectively reveal about the possibilities, limitations, and risks of data and computing, as situated in the lives of young people; as well as what this might mean for helping young people develop a robust sociotechnical literacy. There are very real limits to what can be accomplished with computing and data alone. There are also significant benefits and risks associated with the many sociotechnical systems that shape our lives. As such, I argue that rather than positioning computing education as a remedy to various social ills, we instead offer young people a fair explanation of what computing is and is not capable of, grounded within specific contexts involving real people. I conclude with what this fair explanation might include, and how it might be fostered
Manifesto for the Humanities: Transforming Doctoral Education in Good Enough Times
After a remarkable career in higher education, Sidonie Smith offers Manifesto for the Humanities as a reflective contribution to the current academic conversation over the place of the Humanities in the 21st century. Her focus is on doctoral education and opportunities she sees for its reform. Grounding this manifesto in background factors contributing to current “crises” in the humanities, Smith advocates for a 21st century doctoral education responsive to the changing ecology of humanistic scholarship and teaching. She elaborates a more expansive conceptualization of coursework and dissertation, a more robust, engaged public humanities, and a more diverse, collaborative, and networked sociality
Algorithmic Analysis Techniques for Molecular Imaging
This study addresses image processing techniques for two medical imaging
modalities: Positron Emission Tomography (PET) and Magnetic Resonance
Imaging (MRI), which can be used in studies of human body functions and
anatomy in a non-invasive manner.
In PET, the so-called Partial Volume Effect (PVE) is caused by low
spatial resolution of the modality. The efficiency of a set of PVE-correction
methods is evaluated in the present study. These methods use information
about tissue borders which have been acquired with the MRI technique. As
another technique, a novel method is proposed for MRI brain image segmen-
tation. A standard way of brain MRI is to use spatial prior information
in image segmentation. While this works for adults and healthy neonates,
the large variations in premature infants preclude its direct application.
The proposed technique can be applied to both healthy and non-healthy
premature infant brain MR images. Diffusion Weighted Imaging (DWI) is
a MRI-based technique that can be used to create images for measuring
physiological properties of cells on the structural level. We optimise the
scanning parameters of DWI so that the required acquisition time can be
reduced while still maintaining good image quality.
In the present work, PVE correction methods, and physiological DWI
models are evaluated in terms of repeatabilityof the results. This gives in-
formation on the reliability of the measures given by the methods. The
evaluations are done using physical phantom objects, correlation measure-
ments against expert segmentations, computer simulations with realistic
noise modelling, and with repeated measurements conducted on real pa-
tients. In PET, the applicability and selection of a suitable partial volume
correction method was found to depend on the target application. For MRI,
the data-driven segmentation offers an alternative when using spatial prior is
not feasible. For DWI, the distribution of b-values turns out to be a central
factor affecting the time-quality ratio of the DWI acquisition. An optimal
b-value distribution was determined. This helps to shorten the imaging time
without hampering the diagnostic accuracy.Siirretty Doriast
Generative Adversarial Networks for Annotating Images of Otoliths
This thesis explores the use of generative adversarial networks (GANs) for annotating images of otoliths to determine the age of fish. The proposed solution not only provides accurate age determinations, but also visual representations of the otolith images with growth rings marked with dots, making it applicable as explainable artificial intelligence. The convolutional neural network models I propose are based on Pix2Pix GANs and Wasserstein GANs, with the latter showing the success in my experiments. The successful models achieve an accuracy of 82.8% and 81.5% in age determination, including an offset of plus-minus 2 from the real ages of the dataset.Masteroppgave i informatikkINF399MAMN-PROGMAMN-IN
Towards the implementation of a fully-fledged electronic service for citizens: the case for local government in South Africa
The current literature on e-government implementation in South Africa informs this research that there is no framework to guide the implementation of e-government for local municipalities. The public sector does not adopt models that are designed and developed for their context. SA as a developing nation still battles with the implementation of e-government for local government. The research findings in this research depict that the implementation of electronic services is complicated, stagnant, and incoherent due to various factors that hinder its swift implementation. The research commenced its pursuit to identify the factors that hinder the implementation of e-government through conducting four areas of investigations, firstly, the study investigated 205 existing municipal electronic portals to establish the extent to which eportal offers the relevant e-services to the citizens; secondly, the study conducted a research survey and a sample of 579 citizens gave their perspective about e-government services that they receive from local municipalities; thirdly, the study also evaluated the City of Cape Town electronic services to ascertain its adoption; and finally, the study conducted in-depth interviews with 35 e-government experts to understand the factors that hinder the implementation of e-government in SA. The study selected three social theoretical approaches, namely structuration, activity, and agency theories to address the different contexts of the research. Structuration theory has aided the research to ask critical questions about the social structures in local government that affect implementation. The activity theory was used to provide some guidelines to investigate how e-government activities are implemented within the identified social structure. Finally, the agency theory was used to develop a model to guide the implementation of a successful egovernment model by employing a deductive approach. Keywords: e-government, collaboration, citizens, agents, actors, implementation, structuration theory, activity theory, agency theory, and municipalitie
Autonomous Business Reality
Society tends to expect technology to do more than it can actually achieve, at a faster pace than it can actually move. The resulting hype cycle infects all forms of discourse around technology. Unfortunately, the discourse on law and technology is no exception to this rule. The resulting discussion is often characterized by two or more positions at opposite ends of the spectrum, such that participants in the discussion speak past each other, rather than to each other. The rich context that sits in the middle ground goes disregarded altogether. This dynamic most recently surfaced in the legal literature regarding autonomous businesses. This Article seeks to fill the gap in the current discussion by creating a taxonomy of autonomous businesses and using that taxonomy to demonstrate that automation, standing alone, is not what makes autonomous businesses exceptional. Rather, the capacity of autonomous businesses to make radical governance changes more prevalent in the market pushes the boundaries of current choice of entity and governance paradigms while also illuminating low-technology functional equivalents that may offer more traditional businesses a path to governance reform.
To make these claims, this Article begins in Part I by briefly introducing the two emerging technologies that enable business automation. Part II reviews the existing literature and argues that by focusing on only one specific segment of the current autonomous business landscape, the literature misses key opportunities to evolve business law. Part III builds a map of existing autonomous businesses, demonstrating the differences among them and explaining them as a function of design trade-offs. Part III then uses that map to build a taxonomy of autonomous businesses and offers a framework for considering the broader impacts of autonomous businesses on law. Part IV examines ways that autonomous business reality may incentivize reforms in traditional corporations while simultaneously emphasizing the need for continued research and innovation in choice of business entity, organizational governance, and regulatory compliance
Techniques for advanced android malware triage
Mención Internacional en el título de doctorAndroid is the leading operating system in smartphones with a big difference.
Statistics show that 88% of all smartphones sold to end users in
the second quarter of 2018 were phones with the Android OS. Regardless
of the operating systems which are running on smartphones, most of
the functionalities of these devices are offered through applications. There
are currently over 2 million apps only on the official Google store, known
as Google Play. This huge market with billions of users is tempting for
attackers to develop and distribute their malicious apps (or malware).
Mobile malware has raised explosively since 2009. Symantec reported
an increase of 54% in the new mobile malware variants in 2017 as compared
to the previous year. Additionally, more incentive has been provided
for profit-driven malware by the growth of black markets. This rise has
happened for Android malware as well since only 20% of devices are running
the newest major version of Android OS based on Symantec report in
2018. Android continued to be the most targeted platform with the biggest
number of attacks in 2015. After that year, attacks against the Android
platform slowed for the first time as attackers were faced with improved
security architectures though Android is still the main appealing target OS
for attackers. Moreover, advanced types of Android malware are found
which make use of extensive anit-analysis techniques to evade static or
dynamic analysis.
To address the security and privacy concerns of complex Android malware,
this dissertation focuses on three main objectives. First of all, we
propose a light-weight yet efficient method to identify risky Android applications.
Next, we present a precise approach to characterize Android
malware based on their malicious behavior. Finally, we propose an adaptive learning system to address the security concerns of obfuscation in Android
malware.
Identifying potentially dangerous and risky applications is an important
step in Android malware analysis. To this end, we develop a triage system
to rank applications based on their potential risk. Our approach, called TriFlow, relies on static features which are quick to obtain. TriFlow combines
a probabilistic model to predict the existence of information flows with a
metric of how significant a flow is in benign and malicious apps. Based
on this, TriFlow provides a score for each application that can be used to
prioritize analysis. It also provides the analysts with an explanatory report
of the associated risk. Our tool can also be used as a complement with
computationally expensive static and dynamic analysis tools.
Another important step towards Android malware analysis lies in their
accurate characterization. Labeling Android malware is challenging yet
crucially important, as it helps to identify upcoming malware samples and
threats. A key challenge is that different researchers and anti-virus vendors
assign labels using their own criteria, and it is not known to what
extent these labels are aligned with the apps’ real behavior. Based on this,
we propose a new behavioral characterization method for Android apps
based on their extracted information flows. As information flows can be
used to track why and how apps use specific pieces of information, a flowbased
characterization provides a relatively easy-to-interpret summary of
the malware sample’s behavior.
Not all Android malware are easy to analyze due to advanced and easyto-apply anti-analysis techniques that are available nowadays. Obfuscation
is the most common anti-analysis technique that Android malware use to
evade detection. Obfuscation techniques modify an app’s source (or machine)
code in order to make it more difficult to analyze. This is typically
applied to protect intellectual property in benign apps, or to hinder the process
of extracting actionable information in the case of malware. Since
malware analysis often requires considerable resource investment, detecting
the particular obfuscation technique used may contribute to apply the
right analysis tools, thus leading to some savings.
Therefore, we propose AndrODet, a mechanism to detect three popular
types of obfuscation in Android applications, namely identifier renaming, string encryption, and control flow obfuscation. AndrODet leverages online
learning techniques, thus being suitable for resource-limited environments
that need to operate in a continuous manner. We compare our results
with a batch learning algorithm using a dataset of 34,962 apps from both
malware and benign apps. Experimental results show that online learning
approaches are not only able to compete with batch learning methods in
terms of accuracy, but they also save significant amount of time and computational
resources.
Finally, we present a number of open research directions based on the
outcome of this thesis.Android es el sistema operativo líder en teléfonos inteligentes (también
denominados con la palabra inglesa smartphones), con una gran diferencia
con respecto al resto de competidores. Las estadísticas muestran que el
88% de todos los smartphones vendidos a usuarios finales en el segundo
trimestre de 2018 fueron teléfonos con sistema operativo Android. Independientemente
de su sistema operativo, la mayoría de las funcionalidades
de estos dispositivos se ofrecen a través de aplicaciones. Actualmente hay
más de 2 millones de aplicaciones solo en la tienda oficial de Google, conocida
como Google Play. Este enorme mercado con miles de millones de
usuarios es tentador para los atacantes, que buscan distribuir sus aplicaciones
malintencionadas (o malware).
El malware para dispositivos móviles ha aumentado de forma exponencial
desde 2009. Symantec ha detectado un aumento del 54% en las nuevas
variantes de malware para dispositivos móviles en 2017 en comparación
con el año anterior. Además, el crecimiento del mercado negro (es decir,
plataformas no oficiales de descargas de aplicaciones) supone un incentivo
para los programas maliciosos con fines lucrativos. Este aumento también
ha ocurrido en el malware de Android, aprovechando la circunstancia de
que solo el 20% de los dispositivos ejecutan la versión mas reciente del sistema
operativo Android, de acuerdo con el informe de Symantec en 2018.
De hecho, Android ha sido la plataforma que ha centrado los esfuerzos de
los atacantes desde 2015, aunque los ataques decayeron ligeramente tras
ese año debido a las mejoras de seguridad incorporadas en el sistema operativo.
En todo caso, existen formas avanzadas de malware para Android
que hacen uso de técnicas sofisticadas para evadir el análisis estático o
dinámico.
Para abordar los problemas de seguridad y privacidad que causa el malware
en Android, esta Tesis se centra en tres objetivos principales. En
primer lugar, se propone un método ligero y eficiente para identificar aplicaciones
de Android que pueden suponer un riesgo. Por otra parte, se presenta
un mecanismo para la caracterización del malware atendiendo a su
comportamiento. Finalmente, se propone un mecanismo basado en aprendizaje
adaptativo para la detección de algunos tipos de ofuscación que son
empleados habitualmente en las aplicaciones maliciosas.
Identificar aplicaciones potencialmente peligrosas y riesgosas es un
paso importante en el análisis de malware de Android. Con este fin, en
esta Tesis se desarrolla un mecanismo de clasificación (llamado TriFlow)
que ordena las aplicaciones según su riesgo potencial. La aproximación
se basa en características estáticas que se obtienen rápidamente, siendo de
especial interés los flujos de información. Un flujo de información existe
cuando un cierto dato es recibido o producido mediante una cierta función
o llamada al sistema, y atraviesa la lógica de la aplicación hasta que
llega a otra función. Así, TriFlow combina un modelo probabilístico para
predecir la existencia de un flujo con una métrica de lo habitual que es
encontrarlo en aplicaciones benignas y maliciosas. Con ello, TriFlow proporciona
una puntuación para cada aplicación que puede utilizarse para
priorizar su análisis. Al mismo tiempo, proporciona a los analistas un informe
explicativo de las causas que motivan dicha valoración. Así, esta
herramienta se puede utilizar como complemento a otras técnicas de análisis
estático y dinámico que son mucho más costosas desde el punto de vista
computacional.
Otro paso importante hacia el análisis de malware de Android radica
en caracterizar su comportamiento. Etiquetar el malware de Android es
un desafío de crucial importancia, ya que ayuda a identificar las próximas
muestras y amenazas de malware. Una cuestión relevante es que los
diferentes investigadores y proveedores de antivirus asignan etiquetas utilizando
sus propios criterios, de modo no se sabe en qué medida estas etiquetas
están en línea con el comportamiento real de las aplicaciones. Sobre
esta base, en esta Tesis se propone un nuevo método de caracterización de
comportamiento para las aplicaciones de Android en función de sus flujos
de información. Como dichos flujos se pueden usar para estudiar el uso de
cada dato por parte de una aplicación, permiten proporcionar un resumen relativamente sencillo del comportamiento de una determinada muestra de
malware.
A pesar de la utilidad de las técnicas de análisis descritas, no todos los
programas maliciosos de Android son fáciles de analizar debido al uso de
técnicas anti-análisis que están disponibles en la actualidad. Entre ellas, la
ofuscación es la técnica más común que se utiliza en el malware de Android
para evadir la detección. Dicha técnica modifica el código de una
aplicación para que sea más difícil de entender y analizar. Esto se suele
aplicar para proteger la propiedad intelectual en aplicaciones benignas o
para dificultar la obtención de pistas sobre su funcionamiento en el caso
del malware. Dado que el análisis de malware a menudo requiere una inversión
considerable de recursos, detectar la técnica de ofuscación que se
ha utilizado en un caso particular puede contribuir a utilizar herramientas
de análisis adecuadas, contribuyendo así a un cierto ahorro de recursos.
Así, en esta Tesis se propone AndrODet, un mecanismo para detectar tres
tipos populares de ofuscación, a saber, el renombrado de identificadores,
cifrado de cadenas de texto y la modificación del flujo de control de la aplicación.
AndrODet se basa en técnicas de aprendizaje automático en línea
(online machine learning), por lo que es adecuado para entornos con recursos
limitados que necesitan operar de forma continua, sin interrupción.
Para medir su eficacia respecto de las técnicas de aprendizaje automático
tradicionales, se comparan los resultados con un algoritmo de aprendizaje
por lotes (batch learning) utilizando un dataset de 34.962 aplicaciones de
malware y benignas. Los resultados experimentales muestran que el enfoque
de aprendizaje en línea no solo es capaz de competir con el basado
en lotes en términos de precisión, sino que también ahorra una gran cantidad
de tiempo y recursos computacionales.
Tras la exposición de las contribuciones anteriormente mencionadas,
esta Tesis concluye con la identificación de una serie de líneas abiertas de
investigación con el fin de alentar el desarrollo de trabajos futuros en esta
dirección.Omid Mirzaei is a Ph.D. candidate in the Computer Security Lab (COSEC)
at the Department of Computer Science and Engineering of Universidad
Carlos III de Madrid (UC3M). His Ph.D. is funded by the Community
of Madrid and the European Union through the research project CIBERDINE
(Ref. S2013/ICE-3095).Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Gregorio Martínez Pérez.- Secretario: Pedro Peris López.- Vocal: Pablo Picazo Sánche