Embedded noninteractive continuous bot detection

Multiplayer online computer games are quickly growing in popularity, with millions of players logging in every day. While most play in accordance with the rules set up by the game designers, some choose to utilize artificially intelligent assistant programs, a.k.a. bots, to gain an unfair advantage over other players. In this article we demonstrate how an embedded noninteractive test can be used to prevent automatic artificially intelligent players from illegally participating in online game-play. Our solution has numerous advantages over traditional tests, such as its nonobtrusive nature, continuous verification, and simple noninteractive and outsourcing-proof design. © 2008 ACM

DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

Embedded non-interactive CAPTCHA for Fischer Random Chess.

Cheating in chess can take many forms and has existed almost as long as the game itself. The advent of computers has introduced a new form of cheating into the game. Thanks to the computational power of modern-day computers, a player can use a program to calculate thousands of moves for him or her, and determine the best possible scenario for each move and counter-move. These programs are often referred to as “bots,” and can even play the game without any user interaction. In this paper, we describe a methodology aimed at preventing bots from participating in online chess games. The proposed approach is based on the integration of a CAPTCHA protocol into a game scenario, and the subsequent inability of bots to accurately track the game states. Preliminary experimental results provide favorable feedback for further development of the proposed algorithm

Text stylometry for chat bot identification and intelligence estimation.

Authorship identification is a technique used to identify the author of an unclaimed document, by attempting to find traits that will match those of the original author. Authorship identification has a great potential for applications in forensics. It can also be used in identifying chat bots, a form of intelligent software created to mimic the human conversations, by their unique style. The online criminal community is utilizing chat bots as a new way to steal private information and commit fraud and identity theft. The need for identifying chat bots by their style is becoming essential to overcome the danger of online criminal activities. Researchers realized the need to advance the understanding of chat bots and design programs to prevent criminal activities, whether it was an identity theft or even a terrorist threat. The more research work to advance chat bots’ ability to perceive humans, the more duties needed to be followed to confront those threats by the research community. This research went further by trying to study whether chat bots have behavioral drift. Studying text for Stylometry has been the goal for many researchers who have experimented many features and combinations of features in their experiments. A novel feature has been proposed that represented Term Frequency Inverse Document Frequency (TFIDF) and implemented that on a Byte level N-Gram. Term Frequency-Inverse Token Frequency (TF-ITF) used these terms and created the feature. The initial experiments utilizing collected data demonstrated the feasibility of this approach. Additional versions of the feature were created and tested for authorship identification. Results demonstrated that the feature was successfully used to identify authors of text, and additional experiments showed that the feature is language independent. The feature successfully identified authors of a German text. Furthermore, the feature was used in text similarities on a book level and a paragraph level. Finally, a selective combination of features was used to classify text that ranges from kindergarten level to scientific researches and novels. The feature combination measured the Quality of Writing (QoW) and the complexity of text, which were the first step to correlate that with the author’s IQ as a future goal

Analysis and Concealment of Malware in an Adversarial Environment

Nowadays, users and devices are rapidly growing, and there is a massive migration of data and infrastructure from physical systems to virtual ones. Moreover, people are always connected and deeply dependent on information and communications. Thanks to the massive growth of Internet of Things applications, this phenomenon also affects everyday objects such as home appliances and vehicles. This extensive interconnection implies a significant rate of potential security threats for systems, devices, and virtual identities. For this reason, malware detection and analysis is one of the most critical security topics. The used detection strategies are well suited to analyze and respond to potential threats, but they are vulnerable and can be bypassed under specific conditions. In light of this scenario, this thesis highlights the existent detection strategies and how it is possible to deceive them using malicious contents concealment strategies, such as code obfuscation and adversarial attacks. Moreover, the ultimate goal is to explore new viable ways to detect and analyze embedded malware and study the feasibility of generating adversarial attacks. In line with these two goals, in this thesis, I present two research contributions. The first one proposes a new viable way to detect and analyze the malicious contents inside Microsoft Office documents (even when concealed). The second one proposes a study about the feasibility of generating Android malicious applications capable of bypassing a real-world detection system. Firstly, I present Oblivion, a static and dynamic system for large-scale analysis of Office documents with embedded (and most of the time concealed) malicious contents. Oblivion performs instrumentation of the code and executes the Office documents in a virtualized environment to de-obfuscate and reconstruct their behavior. In particular, Oblivion can systematically extract embedded PowerShell and non-PowerShell attacks and reconstruct the employed obfuscation strategies. This research work aims to provide a scalable system that allows analysts to go beyond simple malware detection by performing a real, in-depth inspection of macros. To evaluate the system, a large-scale analysis of more than 40,000 Office documents has been performed. The attained results show that Oblivion can efficiently de-obfuscate malicious macro-files by revealing a large corpus of PowerShell and non-PowerShell attacks in a short amount of time. Then, the focus is on presenting an Android adversarial attack framework. This research work aims to understand the feasibility of generating adversarial samples specifically through the injection of Android system API calls only. In particular, the constraints necessary to generate actual adversarial samples are discussed. To evaluate the system, I employ an interpretability technique to assess the impact of specific API calls on the evasion. It is also assessed the vulnerability of the used detection system against mimicry and random noise attacks. Finally, it is proposed a basic implementation to generate concrete and working adversarial samples. The attained results suggest that injecting system API calls could be a viable strategy for attackers to generate concrete adversarial samples. This thesis aims to improve the security landscape in both the research and industrial world by exploring a hot security topic and proposing two novel research works about embedded malware. The main conclusion of this research experience is that systems and devices can be secured with the most robust security processes. At the same time, it is fundamental to improve user awareness and education in detecting and preventing possible attempts of malicious infections

An Investigation of Reliability Models for Ceramic Matrix Composites and their Implementation into Finite Element Codes

The development of modeling approaches for the failure analysis of ceramic-based material systems used in high temperature environments was the primary objective of this research effort. These materials have the potential to support many key engineering technologies related to the design of aeropropulsion systems. Monolithic ceramics exhibit a number of useful properties such as retention of strength at high temperatures, chemical inertness, and low density. However, the use of monolithic ceramics has been limited by their inherent brittleness and a large variation in strength. This behavior has motivated material scientists to reinforce the monolithic material with a ceramic fiber. The addition of a second ceramic phase with an optimized interface increases toughness and marginally increases strength. The primary purpose of the fiber is to arrest crack growth, not to increase strength. The material systems of interest in this research effort were laminated ceramic matrix composites, as well as two- and three- dimensional fabric reinforced ceramic composites. These emerging composite systems can compete with metals in many demanding applications. However, the ongoing metamorphosis of ceramic composite material systems, and the lack of standardized design data has in the past tended to minimize research efforts related to structural analysis. Many structural components fabricated from ceramic matrix composites (CMC) have been designed by "trial and error." The justification for this approach lies in the fact that during the initial developmental phases for a material system fabrication issues are paramount. Emphasis is placed on demonstrating feasibility rather than fully understanding the processes controlling mechanical behavior. This is understandable during periods of rapid improvements in material properties for any composite system. But to avoid the ad hoc approach, the analytical methods developed under this effort can be used to develop rational structural design protocols

온라인 게임에서 유저의 행태에 관한 연구

학위논문 (박사)-- 서울대학교 대학원 : 경영대학 경영학과, 2018. 2. 유병준.This dissertation consists of two essays on user behavior in online games. In the first essay, I identified multi-botting cheaters and measured their impacts using basic information in database such as user ID, playtime and item purchase record. I addressed the data availability issue and proposed a method for companies with limited data and resources. I also avoided large-scale transaction processing or complex development, which are fairly common in existing cheating detection methods. With respect to identifying cheaters, we used algorithms named DTW (Dynamic Time Warping) and JWD (Jaro–Winkler distance). I also measured the effects of using hacking tool by employing DID (Difference in Differences). My analysis results show some counter-intuitive results. Overall, cheaters constitute a minute part of users in terms of numbers – only about 0.25%. However, they hold approximately 12% of revenue. Furthermore, the usage of hacking tools causes a 102% and 79% increase in playtime and purchase respectively right after users start to use hacking tools. According to additional analysis, it could be shown that the positive effects of hacking tools are not just short-term. My granger causality test also reveals that cheating users activity does not affect other users' purchases or playtime trend. In the second essay, I propose a methodology to deal with churn prediction that meets two major purposes in the mobile casual game context. First, reducing the cost of data preparation, which is growing its importance in the big-data environment. Second, coming up with an algorithm that shows favorable performance comparable to that of the state-of-the-art. As a result, we succeed in greatly lowering the cost of the data preparation process by employing the sequence structure of the log data as it is. In addition, our sequence classification model based on CNN-LSTM shows superior results compared to the models of previous studies.Essay 1. Is Cheating Always Bad? A study of cheating identification and measurement of the effect 1 1. Introduction 2 2. Literature Review 8 3. Data 16 4. Hypotheses 17 5. Methodology 20 5.1 Cheating Identification 20 5.2 Measurement of Cheating Tool Usage Effect 28 6. Result 33 6.1 Cheating Identification 33 6.2 Measurement of Cheating Tool Usage Effect 33 7. Additional Analysis 35 7.1 Lifespan of Cheating Users 35 7.2 Granger Causality Test 36 8. Discussion and Conclusion 37 9. References 48 Essay 2. Churn Prediction in Mobile Casual Game: A Deep Sequence Classification Approach 61 1. Introduction 62 2. Definition of Churn 64 3. Related Works 65 4. Data 66 5. Methodology 66 5.1 Data Preparation 66 5.2 Prediction Model 71 6. Result and Discussion 74 7. References 77Docto

Origin and evolution of planetary atmospheres

This report concerns several research tasks related to the origin and evolution of planetary atmospheres and the large-scale distribution of volatile elements in the Solar System. These tasks and their present status are as follows: (1) we have conducted an analysis of the volatility and condensation behavior of compounds of iron, aluminum, and phosphorus in the atmosphere of Venus in response to publish interpretations of the Soviet Venera probe XRF experiment data, to investigate the chemistry of volcanic gases, injection of volatiles by cometary and asteroidal impactors, and reactions in the troposphere; (2) we have completed and are now writing up our research on condensation-accretion modeling of the terrestrial planets; (3) we have laid the groundwork for a detailed study of the effects of water transport in the solar nebula on the bulk composition, oxidation state, and volatile content of preplanetary solids; (4) we have completed an extensive laboratory study of cryovolcanic materials in the outer solar system; (5) we have begun to study the impact erosion and shock alteration of the atmosphere of Mars resulting from cometary and asteroidal bombardment; and (6) we have developed a new Monte Carlo model of the cometary and asteroidal bombardment flux on the terrestrial planets, including all relevant chemical and physical processes associated with atmospheric entry and impact, to assess both the hazards posed by this bombardment to life on Earth and the degree of cross-correlation between the various phenomena (NO(x) production, explosive yield, crater production, iridium signature, etc.) that characterize this bombardment. The purpose of these investigations has been to contribute to the developing understanding of both the dynamics of long-term planetary atmosphere evolution and the short-term stability of planetary surface environments