23,234 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Properties of a model of sequential random allocation

    Get PDF
    Probabilistic models of allocating shots to boxes according to a certain probability distribution have commonly been used for processes involving agglomeration. Such processes are of interest in many areas of research such as ecology, physiology, chemistry and genetics. Time could be incorporated into the shots-and-boxes model by considering multiple layers of boxes through which the shots move, where the layers represent the passing of time. Such a scheme with multiple layers, each with a certain number of occupied boxes is naturally associated with a random tree. It lends itself to genetic applications where the number of ancestral lineages of a sample changes through the generations. This multiple-layer scheme also allows us to explore the difference in the number of occupied boxes between layers, which gives a measure of how quickly merges are happening. In particular, results for the multiple-layer scheme corresponding to those known for a single-layer scheme, where, under certain conditions, the limiting distribution of the number of occupied boxes is either Poisson or normal, are derived. To provide motivation and demonstrate which methods work well, a detailed study of a small, finite example is provided. A common approach for establishing a limiting distribution for a random variable of interest is to first show that it can be written as a sum of independent Bernoulli random variables as this then allows us to apply standard central limit theorems. Additionally, it allows us to, for example, provide an upper bound on the distance to a Poisson distribution. One way of showing that a random variable can be written as a sum of independent Bernoulli random variables is to show that its probability generating function (p.g.f.) has all real roots. Various methods are presented and considered for proving the p.g.f. of the number of occupied boxes in any given layer of the scheme has all real roots. By considering small finite examples some of these methods could be ruled out for general N. Finally, the scheme for general N boxes and n shots is considered, where again a uniform allocation of shots is used. It is shown that, under certain conditions, the distribution of the number of occupied boxes tends towards either a normal or Poisson limit. Equivalent results are also demonstrated for the distribution of the difference in the number of occupied boxes between consecutive layers

    Big Ramsey degrees and infinite languages

    Full text link
    This paper investigates big Ramsey degrees of unrestricted relational structures in (possibly) infinite languages. While significant progress has been made in studying big Ramsey degrees, many classes of structures with finite small Ramsey degrees still lack an understanding of their big Ramsey degrees. We show that if there are only finitely many relations of every arity greater than one, then unrestricted relational structures have finite big Ramsey degrees, and give some evidence that this is tight. This is the first time that finiteness of big Ramsey degrees has been established for an infinite-language random structure. Our results represent an important step towards a better understanding of big Ramsey degrees for structures with relations of arity greater than two.Comment: 21 pages. An updated version strengthening the statement of the positive results and fixing a mistake in the earlier version of the negative result which now needs an extra assumptio

    Multi-Attribute Utility Preference Robust Optimization: A Continuous Piecewise Linear Approximation Approach

    Full text link
    In this paper, we consider a multi-attribute decision making problem where the decision maker's (DM's) objective is to maximize the expected utility of outcomes but the true utility function which captures the DM's risk preference is ambiguous. We propose a maximin multi-attribute utility preference robust optimization (UPRO) model where the optimal decision is based on the worst-case utility function in an ambiguity set of plausible utility functions constructed using partially available information such as the DM's specific preferences between some lotteries. Specifically, we consider a UPRO model with two attributes, where the DM's risk attitude is multivariate risk-averse and the ambiguity set is defined by a linear system of inequalities represented by the Lebesgue-Stieltjes (LS) integrals of the DM's utility functions. To solve the maximin problem, we propose an explicit piecewise linear approximation (EPLA) scheme to approximate the DM's true unknown utility so that the inner minimization problem reduces to a linear program, and we solve the approximate maximin problem by a derivative-free (Dfree) method. Moreover, by introducing binary variables to locate the position of the reward function in a family of simplices, we propose an implicit piecewise linear approximation (IPLA) representation of the approximate UPRO and solve it using the Dfree method. Such IPLA technique prompts us to reformulate the approximate UPRO as a single mixed-integer program (MIP) and extend the tractability of the approximate UPRO to the multi-attribute case. Furthermore, we extend the model to the expected utility maximization problem with expected utility constraints where the worst-case utility functions in the objective and constraints are considered simultaneously. Finally, we report the numerical results about performances of the proposed models.Comment: 50 pages,18 figure

    Negative moments of orthogonal polynomials

    Get PDF
    If a sequence indexed by nonnegative integers satisfies a linear recurrence without constant terms, one can extend the indices of the sequence to negative integers using the recurrence. Recently, Cigler and Krattenthaler showed that the negative version of the number of bounded Dyck paths is the number of bounded alternating sequences. In this paper, we provide two methods to compute the negative versions of sequences related to moments of orthogonal polynomials. We give a combinatorial model for the negative version of the number of bounded Motzkin paths. We also prove two conjectures of Cigler and Krattenthaler on reciprocity between determinants

    Model Diagnostics meets Forecast Evaluation: Goodness-of-Fit, Calibration, and Related Topics

    Get PDF
    Principled forecast evaluation and model diagnostics are vital in fitting probabilistic models and forecasting outcomes of interest. A common principle is that fitted or predicted distributions ought to be calibrated, ideally in the sense that the outcome is indistinguishable from a random draw from the posited distribution. Much of this thesis is centered on calibration properties of various types of forecasts. In the first part of the thesis, a simple algorithm for exact multinomial goodness-of-fit tests is proposed. The algorithm computes exact pp-values based on various test statistics, such as the log-likelihood ratio and Pearson\u27s chi-square. A thorough analysis shows improvement on extant methods. However, the runtime of the algorithm grows exponentially in the number of categories and hence its use is limited. In the second part, a framework rooted in probability theory is developed, which gives rise to hierarchies of calibration, and applies to both predictive distributions and stand-alone point forecasts. Based on a general notion of conditional T-calibration, the thesis introduces population versions of T-reliability diagrams and revisits a score decomposition into measures of miscalibration, discrimination, and uncertainty. Stable and efficient estimators of T-reliability diagrams and score components arise via nonparametric isotonic regression and the pool-adjacent-violators algorithm. For in-sample model diagnostics, a universal coefficient of determination is introduced that nests and reinterprets the classical R2R^2 in least squares regression. In the third part, probabilistic top lists are proposed as a novel type of prediction in classification, which bridges the gap between single-class predictions and predictive distributions. The probabilistic top list functional is elicited by strictly consistent evaluation metrics, based on symmetric proper scoring rules, which admit comparison of various types of predictions

    Supersolvability of built lattices and Koszulness of generalized Chow rings

    Full text link
    We give an explicit quadratic Grobner basis for generalized Chow rings of supersolvable built lattices, with the help of the operadic structure on geometric lattices introduced in a previous article. This shows that the generalized Chow rings associated to minimal building sets of supersolvable lattices are Koszul. As another consequence, we get that the cohomology algebras of the components of the extended modular operad in genus 0 are Koszul.Comment: Second version. Cleaned up a few proofs. Comments are welcom

    Explicit spectral gap for Schottky subgroups of SL(2,Z)\mathrm{SL} (2,\mathbb{Z})

    Full text link
    Let Γ\Gamma be a Schottky subgroup of SL(2,Z)\mathrm{SL} (2,\mathbb{Z}). We establish a uniform and explicit lower bound of the second eigenvalue of the Laplace-Beltrami operator of congruence coverings of the hyperbolic surface Γ\H2\Gamma \backslash \mathbb{H}^2 provided the limit set of Γ\Gamma is thick enough.Comment: 31 page

    Toward Optimization of Medical Therapies with a Little Help from Knowledge Management

    Get PDF
    This chapter emphasizes the importance of identifying and managing knowledge from Informally Structured Domains, especially in the medical field, where very short and repeated serial measurements are often present. This information is made up of attributes of both patients and their treatments that influence their state of health and usually includes measurements of various parameters taken at different times during the duration of treatment and usually after the application of the therapeutic resource. The chapter communicates the use of the KDSM methodology through a case study and the importance of paying attention to the characteristics of the domain to perform appropriate knowledge management in the domain

    A novel graph-based method for clustering human activities

    Get PDF
    corecore