Systems and methods for automated detection of application vulnerabilities

*/Board of Regents, University of Texas Syste

Emulation of Poincaré return maps with Gaussian Kriging models

In this paper we investigate the use of Gaussian emulators to give an accurate and computationally fast method to approximate return maps, a tool used to study the dynamics of differential equations. One advantage of emulators over other approximation techniques is that they encode deterministic data exactly, so where values of the return map are known these are also outputs of the emulator output, another is that emulators allow us to simultaneously emulate a parameterized family of ODEs giving a tool to assess the behavior of perturbed systems. The methods introduced here are illustrated using two well-known dynamical systems: The Rossler equations, and the Billiard system. We show that the method can be used to look at return maps and discuss the further implications for full computation of differential equation outputs

Simulation-assisted control in building energy management systems

Technological advances in real-time data collection, data transfer and ever-increasing computational power are bringing simulation-assisted control and on-line fault detection and diagnosis (FDD) closer to reality than was imagined when building energy management systems (BEMSs) were introduced in the 1970s. This paper describes the development and testing of a prototype simulation-assisted controller, in which a detailed simulation program is embedded in real-time control decision making. Results from an experiment in a full-scale environmental test facility demonstrate the feasibility of predictive control using a physically-based thermal simulation program

DL-Droid: Deep learning based android malware detection using real devices

open access articleThe Android operating system has been the most popular for smartphones and tablets since 2012. This popularity has led to a rapid raise of Android malware in recent years. The sophistication of Android malware obfuscation and detection avoidance methods have significantly improved, making many traditional malware detection methods obsolete. In this paper, we propose DL-Droid, a deep learning system to detect malicious Android applications through dynamic analysis using stateful input generation. Experiments performed with over 30,000 applications (benign and malware) on real devices are presented. Furthermore, experiments were also conducted to compare the detection performance and code coverage of the stateful input generation method with the commonly used stateless approach using the deep learning system. Our study reveals that DL-Droid can achieve up to 97.8% detection rate (with dynamic features only) and 99.6% detection rate (with dynamic + static features) respectively which outperforms traditional machine learning techniques. Furthermore, the results highlight the significance of enhanced input generation for dynamic analysis as DL-Droid with the state-based input generation is shown to outperform the existing state-of-the-art approaches

Defending against Sybil Devices in Crowdsourced Mapping Services

Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based {\em Sybil devices} that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on {\em co-location edges}, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large {\em proximity graphs} that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio