5,209 research outputs found
A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization
Existing Android malware detection approaches use a variety of features such
as security sensitive APIs, system calls, control-flow structures and
information flows in conjunction with Machine Learning classifiers to achieve
accurate detection. Each of these feature sets provides a unique semantic
perspective (or view) of apps' behaviours with inherent strengths and
limitations. Meaning, some views are more amenable to detect certain attacks
but may not be suitable to characterise several other attacks. Most of the
existing malware detection approaches use only one (or a selected few) of the
aforementioned feature sets which prevent them from detecting a vast majority
of attacks. Addressing this limitation, we propose MKLDroid, a unified
framework that systematically integrates multiple views of apps for performing
comprehensive malware detection and malicious code localisation. The rationale
is that, while a malware app can disguise itself in some views, disguising in
every view while maintaining malicious intent will be much harder.
MKLDroid uses a graph kernel to capture structural and contextual information
from apps' dependency graphs and identify malice code patterns in each view.
Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted
combination of the views which yields the best detection accuracy. Besides
multi-view learning, MKLDroid's unique and salient trait is its ability to
locate fine-grained malice code portions in dependency graphs (e.g.,
methods/classes). Through our large-scale experiments on several datasets
(incl. wild apps), we demonstrate that MKLDroid outperforms three
state-of-the-art techniques consistently, in terms of accuracy while
maintaining comparable efficiency. In our malicious code localisation
experiments on a dataset of repackaged malware, MKLDroid was able to identify
all the malice classes with 94% average recall
Watch and Learn: Semi-Supervised Learning of Object Detectors from Videos
We present a semi-supervised approach that localizes multiple unknown object
instances in long videos. We start with a handful of labeled boxes and
iteratively learn and label hundreds of thousands of object instances. We
propose criteria for reliable object detection and tracking for constraining
the semi-supervised learning process and minimizing semantic drift. Our
approach does not assume exhaustive labeling of each object instance in any
single frame, or any explicit annotation of negative data. Working in such a
generic setting allow us to tackle multiple object instances in video, many of
which are static. In contrast, existing approaches either do not consider
multiple object instances per video, or rely heavily on the motion of the
objects present. The experiments demonstrate the effectiveness of our approach
by evaluating the automatically labeled data on a variety of metrics like
quality, coverage (recall), diversity, and relevance to training an object
detector.Comment: To appear in CVPR 201
False memory and aging: an event-related potential study
The DRM paradigm is used to examine false memoryâwhen a list of highly associated words (e.g. SEWING, THREAD, THIMBLE) is studied, a nonpresented but associated false target (e.g. NEEDLE) is often confidently (but incorrectly) identified as having been studied. An ERP study was conducted with a sample of young and older adults to examine age differences in false memory and neurological distinctions between true and false recognition. DRM words were presented in a lateralized fashion, with the prediction that a contralateral sensory signature would be present for true but not false memories. ERP data was largely inconclusive, but does suggest that processing during the DRM paradigm may largely be carried out in the left hemisphere.Paul Verhaeghen - Faculty Mentor ; Audrey Duarte - Committee Member/Second Reade
Dynamic Analysis of Executables to Detect and Characterize Malware
It is needed to ensure the integrity of systems that process sensitive
information and control many aspects of everyday life. We examine the use of
machine learning algorithms to detect malware using the system calls generated
by executables-alleviating attempts at obfuscation as the behavior is monitored
rather than the bytes of an executable. We examine several machine learning
techniques for detecting malware including random forests, deep learning
techniques, and liquid state machines. The experiments examine the effects of
concept drift on each algorithm to understand how well the algorithms
generalize to novel malware samples by testing them on data that was collected
after the training data. The results suggest that each of the examined machine
learning algorithms is a viable solution to detect malware-achieving between
90% and 95% class-averaged accuracy (CAA). In real-world scenarios, the
performance evaluation on an operational network may not match the performance
achieved in training. Namely, the CAA may be about the same, but the values for
precision and recall over the malware can change significantly. We structure
experiments to highlight these caveats and offer insights into expected
performance in operational environments. In addition, we use the induced models
to gain a better understanding about what differentiates the malware samples
from the goodware, which can further be used as a forensics tool to understand
what the malware (or goodware) was doing to provide directions for
investigation and remediation.Comment: 9 pages, 6 Tables, 4 Figure
ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks
Despite the fact that cyberattacks are constantly growing in complexity, the
research community still lacks effective tools to easily monitor and understand
them. In particular, there is a need for techniques that are able to not only
track how prominently certain malicious actions, such as the exploitation of
specific vulnerabilities, are exploited in the wild, but also (and more
importantly) how these malicious actions factor in as attack steps in more
complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses
temporal word embeddings to model how attack steps are exploited in the wild,
and track how they evolve. We test ATTACK2VEC on a dataset of billions of
security events collected from the customers of a commercial Intrusion
Prevention System over a period of two years, and show that our approach is
effective in monitoring the emergence of new attack strategies in the wild and
in flagging which attack steps are often used together by attackers (e.g.,
vulnerabilities that are frequently exploited together). ATTACK2VEC provides a
useful tool for researchers and practitioners to better understand cyberattacks
and their evolution, and use this knowledge to improve situational awareness
and develop proactive defenses
We are archivists, but are we OK?
Purpose â The purpose of this paper is to show that the digital
environment of the early twenty-first century is forcing the information
sciences to revisit practices and precepts built around paper and physical
objects over centuries. The training of archivists, records managers,
librarians and museum curators has had to accommodate this new reality.
Often the response has been to superimpose a digital overlay on existing
curricula. A few have taken a radical approach by scrutinising the
fundamentals of the professions and the ontologies of the materials they
handle.
Design/methodology/approach â The article explores a wide range of the
issues exposed by this critique through critical analysis of ideas and
published literature.
Findings â The authors challenge archive and records management educators
to align their curricula with contemporary need and to recognise that
partnership with other professionals, particularly in the area of
technology, is essential.
Practical implications â The present generation owe it to future
generations of archivists and records managers to ensure that the
education that they get to prepare them for professional life is
forward-looking in the same way.
Originality/value â This paper aims to raise awareness of the educational
needs of twenty-first century archives and records professionals
The oculomotor resonance effect in spatial-numerical mapping.
We investigated automatic Spatial-Numerical Association of Response Codes (SNARC) effect in auditory number processing. Two experiments continually measured spatial characteristics of ocular drift at central fixation during and after auditory number presentation. Consistent with the notion of a spatially oriented mental number line, we found spontaneous magnitude-dependent gaze adjustments, both with and without a concurrent saccadic task. This fixation adjustment (1) had a small-number/left-lateralized bias and (2) it was biphasic as it emerged for a short time around the point of lexical access and it received later robust representation around following number onset. This pattern suggests a two-step mechanism of sensorimotor mapping between numbers and space - a first-pass bottom-up activation followed by a top-down and more robust horizontal SNARC. Our results inform theories of number processing as well as simulation-based approaches to cognition by identifying the characteristics of an oculomotor resonance phenomenon
- âŠ