23,234 research outputs found
The Viability and Potential Consequences of IoT-Based Ransomware
With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested.
As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed.
For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim.
Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research
Properties of a model of sequential random allocation
Probabilistic models of allocating shots to boxes according to a certain probability distribution have commonly been used for processes involving agglomeration. Such processes are of interest in many areas of research such as ecology, physiology, chemistry and genetics. Time could be incorporated into the shots-and-boxes model by considering multiple layers of boxes through which the shots move, where the layers represent the passing of time. Such a scheme with multiple layers, each with a certain number of occupied boxes is naturally associated with a random tree. It lends itself to genetic applications where the number of ancestral lineages of a sample changes through the generations. This multiple-layer scheme also allows us to explore the difference in the number of occupied boxes between layers, which gives a measure of how quickly merges are happening. In particular, results for the multiple-layer scheme corresponding to those known for a single-layer scheme, where, under certain conditions, the limiting distribution of the number of occupied boxes is either Poisson or normal, are derived. To provide motivation and demonstrate which methods work well, a detailed study of a small, finite example is provided. A common approach for establishing a limiting distribution for a random variable of interest is to first show that it can be written as a sum of independent Bernoulli random variables as this then allows us to apply standard central limit theorems. Additionally, it allows us to, for example, provide an upper bound on the distance to a Poisson distribution. One way of showing that a random variable can be written as a sum of independent Bernoulli random variables is to show that its probability generating function (p.g.f.) has all real roots. Various methods are presented and considered for proving the p.g.f. of the number of occupied boxes in any given layer of the scheme has all real roots. By considering small finite examples some of these methods could be ruled out for general N. Finally, the scheme for general N boxes and n shots is considered, where again a uniform allocation of shots is used. It is shown that, under certain conditions, the distribution of the number of occupied boxes tends towards either a normal or Poisson limit. Equivalent results are also demonstrated for the distribution of the difference in the number of occupied boxes between consecutive layers
Big Ramsey degrees and infinite languages
This paper investigates big Ramsey degrees of unrestricted relational
structures in (possibly) infinite languages. While significant progress has
been made in studying big Ramsey degrees, many classes of structures with
finite small Ramsey degrees still lack an understanding of their big Ramsey
degrees. We show that if there are only finitely many relations of every arity
greater than one, then unrestricted relational structures have finite big
Ramsey degrees, and give some evidence that this is tight. This is the first
time that finiteness of big Ramsey degrees has been established for an
infinite-language random structure. Our results represent an important step
towards a better understanding of big Ramsey degrees for structures with
relations of arity greater than two.Comment: 21 pages. An updated version strengthening the statement of the
positive results and fixing a mistake in the earlier version of the negative
result which now needs an extra assumptio
Multi-Attribute Utility Preference Robust Optimization: A Continuous Piecewise Linear Approximation Approach
In this paper, we consider a multi-attribute decision making problem where
the decision maker's (DM's) objective is to maximize the expected utility of
outcomes but the true utility function which captures the DM's risk preference
is ambiguous. We propose a maximin multi-attribute utility preference robust
optimization (UPRO) model where the optimal decision is based on the worst-case
utility function in an ambiguity set of plausible utility functions constructed
using partially available information such as the DM's specific preferences
between some lotteries. Specifically, we consider a UPRO model with two
attributes, where the DM's risk attitude is multivariate risk-averse and the
ambiguity set is defined by a linear system of inequalities represented by the
Lebesgue-Stieltjes (LS) integrals of the DM's utility functions. To solve the
maximin problem, we propose an explicit piecewise linear approximation (EPLA)
scheme to approximate the DM's true unknown utility so that the inner
minimization problem reduces to a linear program, and we solve the approximate
maximin problem by a derivative-free (Dfree) method. Moreover, by introducing
binary variables to locate the position of the reward function in a family of
simplices, we propose an implicit piecewise linear approximation (IPLA)
representation of the approximate UPRO and solve it using the Dfree method.
Such IPLA technique prompts us to reformulate the approximate UPRO as a single
mixed-integer program (MIP) and extend the tractability of the approximate UPRO
to the multi-attribute case. Furthermore, we extend the model to the expected
utility maximization problem with expected utility constraints where the
worst-case utility functions in the objective and constraints are considered
simultaneously. Finally, we report the numerical results about performances of
the proposed models.Comment: 50 pages,18 figure
Negative moments of orthogonal polynomials
If a sequence indexed by nonnegative integers satisfies a linear recurrence without constant terms, one can extend the indices of the sequence to negative integers using the recurrence. Recently, Cigler and Krattenthaler showed that the negative version of the number of bounded Dyck paths is the number of bounded alternating sequences. In this paper, we provide two methods to compute the negative versions of sequences related to moments of orthogonal polynomials. We give a combinatorial model for the negative version of the number of bounded Motzkin paths. We also prove two conjectures of Cigler and Krattenthaler on reciprocity between determinants
Model Diagnostics meets Forecast Evaluation: Goodness-of-Fit, Calibration, and Related Topics
Principled forecast evaluation and model diagnostics are vital in fitting probabilistic models and forecasting outcomes of interest. A common principle is that fitted or predicted distributions ought to be calibrated, ideally in the sense that the outcome is indistinguishable from a random draw from the posited distribution. Much of this thesis is centered on calibration properties of various types of forecasts.
In the first part of the thesis, a simple algorithm for exact multinomial goodness-of-fit tests is proposed. The algorithm computes exact -values based on various test statistics, such as the log-likelihood ratio and Pearson\u27s chi-square. A thorough analysis shows improvement on extant methods. However, the runtime of the algorithm grows exponentially in the number of categories and hence its use is limited.
In the second part, a framework rooted in probability theory is developed, which gives rise to hierarchies of calibration, and applies to both predictive distributions and stand-alone point forecasts. Based on a general notion of conditional T-calibration, the thesis introduces population versions of T-reliability diagrams and revisits a score decomposition into measures of miscalibration, discrimination, and uncertainty. Stable and efficient estimators of T-reliability diagrams and score components arise via nonparametric isotonic regression and the pool-adjacent-violators algorithm. For in-sample model diagnostics, a universal coefficient of determination is introduced that nests and reinterprets the classical in least squares regression.
In the third part, probabilistic top lists are proposed as a novel type of prediction in classification, which bridges the gap between single-class predictions and predictive distributions. The probabilistic top list functional is elicited by strictly consistent evaluation metrics, based on symmetric proper scoring rules, which admit comparison of various types of predictions
Supersolvability of built lattices and Koszulness of generalized Chow rings
We give an explicit quadratic Grobner basis for generalized Chow rings of
supersolvable built lattices, with the help of the operadic structure on
geometric lattices introduced in a previous article. This shows that the
generalized Chow rings associated to minimal building sets of supersolvable
lattices are Koszul. As another consequence, we get that the cohomology
algebras of the components of the extended modular operad in genus 0 are
Koszul.Comment: Second version. Cleaned up a few proofs. Comments are welcom
Explicit spectral gap for Schottky subgroups of
Let be a Schottky subgroup of . We
establish a uniform and explicit lower bound of the second eigenvalue of the
Laplace-Beltrami operator of congruence coverings of the hyperbolic surface
provided the limit set of is thick
enough.Comment: 31 page
Toward Optimization of Medical Therapies with a Little Help from Knowledge Management
This chapter emphasizes the importance of identifying and managing knowledge from Informally Structured Domains, especially in the medical field, where very short and repeated serial measurements are often present. This information is made up of attributes of both patients and their treatments that influence their state of health and usually includes measurements of various parameters taken at different times during the duration of treatment and usually after the application of the therapeutic resource. The chapter communicates the use of the KDSM methodology through a case study and the importance of paying attention to the characteristics of the domain to perform appropriate knowledge management in the domain
- …