14,626 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Microplastics in European sea salts – An example of exposure through consumer choice and of interstudy methodological discrepancies

    Get PDF
    Microplastics are contaminants of emerging concern, not least due to their global presence in marine surface waters. Unsurprisingly, microplastics have been reported in salts harvested from numerous locations. We extracted microplastics from 13 European sea salts through 30% H2O2 digestion and filtration over 5-µm filters. Filters were visually inspected at magnifications to x100. A subsample of potential microplastics was subjected to Raman spectroscopy. Particle mass was estimated, and human dose exposure calculated. After blank corrections, median concentrations were 466 ± 152 microplastics kg-1 ranging from 74 to 1155 items kg-1. Traditionally harvested salts contained fewer microplastics than most industrially harvested ones (t-test, p < 0.01). Approximately 14 µg of microplastics (< 12 particles) may be absorbed by the human body annually, of which a quarter may derive from a consumer choosing sea salt. We reviewed existing studies, showing that targeting different particle sizes and incomplete filtrations hinder interstudy comparison, indicating the importance of method harmonisation for future studies. Excess salt consumption is detrimental to human health; the hazardousness of ingesting microplastics on the other hand has yet to be shown. A portion of microplastics may enter sea salts through production processes rather than source materials

    Perfect is the enemy of test oracle

    Full text link
    Automation of test oracles is one of the most challenging facets of software testing, but remains comparatively less addressed compared to automated test input generation. Test oracles rely on a ground-truth that can distinguish between the correct and buggy behavior to determine whether a test fails (detects a bug) or passes. What makes the oracle problem challenging and undecidable is the assumption that the ground-truth should know the exact expected, correct, or buggy behavior. However, we argue that one can still build an accurate oracle without knowing the exact correct or buggy behavior, but how these two might differ. This paper presents SEER, a learning-based approach that in the absence of test assertions or other types of oracle, can determine whether a unit test passes or fails on a given method under test (MUT). To build the ground-truth, SEER jointly embeds unit tests and the implementation of MUTs into a unified vector space, in such a way that the neural representation of tests are similar to that of MUTs they pass on them, but dissimilar to MUTs they fail on them. The classifier built on top of this vector representation serves as the oracle to generate "fail" labels, when test inputs detect a bug in MUT or "pass" labels, otherwise. Our extensive experiments on applying SEER to more than 5K unit tests from a diverse set of open-source Java projects show that the produced oracle is (1) effective in predicting the fail or pass labels, achieving an overall accuracy, precision, recall, and F1 measure of 93%, 86%, 94%, and 90%, (2) generalizable, predicting the labels for the unit test of projects that were not in training or validation set with negligible performance drop, and (3) efficient, detecting the existence of bugs in only 6.5 milliseconds on average.Comment: Published in ESEC/FSE 202

    Deep Transfer Learning Applications in Intrusion Detection Systems: A Comprehensive Review

    Full text link
    Globally, the external Internet is increasingly being connected to the contemporary industrial control system. As a result, there is an immediate need to protect the network from several threats. The key infrastructure of industrial activity may be protected from harm by using an intrusion detection system (IDS), a preventive measure mechanism, to recognize new kinds of dangerous threats and hostile activities. The most recent artificial intelligence (AI) techniques used to create IDS in many kinds of industrial control networks are examined in this study, with a particular emphasis on IDS-based deep transfer learning (DTL). This latter can be seen as a type of information fusion that merge, and/or adapt knowledge from multiple domains to enhance the performance of the target task, particularly when the labeled data in the target domain is scarce. Publications issued after 2015 were taken into account. These selected publications were divided into three categories: DTL-only and IDS-only are involved in the introduction and background, and DTL-based IDS papers are involved in the core papers of this review. Researchers will be able to have a better grasp of the current state of DTL approaches used in IDS in many different types of networks by reading this review paper. Other useful information, such as the datasets used, the sort of DTL employed, the pre-trained network, IDS techniques, the evaluation metrics including accuracy/F-score and false alarm rate (FAR), and the improvement gained, were also covered. The algorithms, and methods used in several studies, or illustrate deeply and clearly the principle in any DTL-based IDS subcategory are presented to the reader

    Evaluating the Code Quality of AI-Assisted Code Generation Tools: An Empirical Study on GitHub Copilot, Amazon CodeWhisperer, and ChatGPT

    Full text link
    Context: AI-assisted code generation tools have become increasingly prevalent in software engineering, offering the ability to generate code from natural language prompts or partial code inputs. Notable examples of these tools include GitHub Copilot, Amazon CodeWhisperer, and OpenAI's ChatGPT. Objective: This study aims to compare the performance of these prominent code generation tools in terms of code quality metrics, such as Code Validity, Code Correctness, Code Security, Code Reliability, and Code Maintainability, to identify their strengths and shortcomings. Method: We assess the code generation capabilities of GitHub Copilot, Amazon CodeWhisperer, and ChatGPT using the benchmark HumanEval Dataset. The generated code is then evaluated based on the proposed code quality metrics. Results: Our analysis reveals that the latest versions of ChatGPT, GitHub Copilot, and Amazon CodeWhisperer generate correct code 65.2%, 46.3%, and 31.1% of the time, respectively. In comparison, the newer versions of GitHub CoPilot and Amazon CodeWhisperer showed improvement rates of 18% for GitHub Copilot and 7% for Amazon CodeWhisperer. The average technical debt, considering code smells, was found to be 8.9 minutes for ChatGPT, 9.1 minutes for GitHub Copilot, and 5.6 minutes for Amazon CodeWhisperer. Conclusions: This study highlights the strengths and weaknesses of some of the most popular code generation tools, providing valuable insights for practitioners. By comparing these generators, our results may assist practitioners in selecting the optimal tool for specific tasks, enhancing their decision-making process

    Wildlife trade in Latin America: people, economy and conservation

    Get PDF
    Wildlife trade is among the main threats to biodiversity conservation and may pose a risk to human health because of the spread of zoonotic diseases. To avoid social, economic and environmental consequences of illegal trade, it is crucial to understand the factors influencing the wildlife market and the effectiveness of policies already in place. I aim to unveil the biological and socioeconomic factors driving wildlife trade, the health risks imposed by the activity, and the effectiveness of certified captive-breeding as a strategy to curb the illegal market in Latin America through a multidisciplinary approach. I assess socioeconomic correlates of the emerging international trade in wild cat species from Latin America using a dataset of >1,000 seized cats, showing that high levels of corruption and Chinese private investment and low income per capita were related to higher numbers of jaguar seizures. I assess the effectiveness of primate captive-breeding programmes as an intervention to curb wildlife trafficking. Illegal sources held >70% of the primate market share. Legal primates are more expensive, and the production is not sufficiently high to fulfil the demand. I assess the scale of the illegal trade and ownership of venomous snakes in Brazil. Venomous snake taxa responsible for higher numbers of snakebites were those most often kept as pets. I uncover how online wildlife pet traders and consumers responded to campaigns associating the origin of the COVID-19 pandemic. Of 20,000 posts on Facebook groups, only 0.44% mentioned COVID-19 and several stimulated the trade in wild species during lockdown. Despite the existence of international and national wildlife trade regulations, I conclude that illegal wildlife trade is still an issue that needs further addressing in Latin America. I identify knowledge gaps and candidate interventions to amend the current loopholes to reduce wildlife trafficking. My aspiration with this thesis is to provide useful information that can inform better strategies to tackle illegal wildlife trade in Latin America

    The Adirondack Chronology

    Get PDF
    The Adirondack Chronology is intended to be a useful resource for researchers and others interested in the Adirondacks and Adirondack history.https://digitalworks.union.edu/arlpublications/1000/thumbnail.jp

    TkT: Automatic Inference of Timed and Extended Pushdown Automata

    Get PDF
    To mitigate the cost of manually producing and maintaining models capturing software specifications, specification mining techniques can be exploited to automatically derive up-to-date models that faithfully represent the behavior of software systems. So far, specification mining solutions focused on extracting information about the functional behavior of the system, especially in the form of models that represent the ordering of the operations. Well-known examples are finite state models capturing the usage protocol of software interfaces and temporal rules specifying relations among system events. Although the functional behavior of a software system is a primary aspect of concern, there are several other non-functional characteristics that must be typically addressed jointly with the functional behavior of a software system. Efficiency is one of the most relevant characteristics. In fact, an application delivering the right functionalities inefficiently has a big chance to not satisfy the expectation of its users. Interestingly, the timing behavior is strongly dependent on the functional behavior of a software system. For instance, the timing of an operation depends on the functional complexity and size of the computation that is performed. Consequently, models that combine the functional and timing behaviors, as well as their dependencies, are extremely important to precisely reason on the behavior of software systems. In this paper, we address the challenge of generating models that capture both the functional and timing behavior of a software system from execution traces. The result is the Timed k-Tail (TkT) specification mining technique, which can mine finite state models that capture such an interplay: the functional behavior is represented by the possible order of the events accepted by the transitions, while the timing behavior is represented through clocks and clock constraints of different nature associated with transitions. Our empirical evaluation with several libraries and applications show that TkT can generate accurate models, capable of supporting the identification of timing anomalies due to overloaded environment and performance faults. Furthermore, our study shows that TkT outperforms state-of-the-art techniques in terms of scalability and accuracy of the mined models

    Examining the Impact of Personal Social Media Use at Work on Workplace Outcomes

    Get PDF
    A noticable shift is underway in today’s multi-generational workforce. As younger employees propel digital workforce transformation and embrace technology adoption in the workplace, organisations need to show they are forward-thinking in their digital transformation strategies, and the emergent integration of social media in organisations is reshaping internal communication strategies, in a bid to improve corporate reputations and foster employee engagement. However, the impact of personal social media use on psychological and behavioural workplace outcomes is still debatebale with contrasting results in the literature identifying both positive and negative effects on workplace outcomes among organisational employees. This study seeks to examine this debate through the lens of social capital theory and study personal social media use at work using distinct variables of social use, cognitive use, and hedonic use. A quantitative analysis of data from 419 organisational employees in Jordan using SEM-PLS reveals that personal social media use at work is a double-edged sword as its impact differs by usage types. First, the social use of personal social media at work reduces job burnout, turnover intention, presenteeism, and absenteeism; it also increases job involvement and organisational citizen behaviour. Second, the cognitive use of personal social media at work increases job involvement, organisational citizen behaviour, employee adaptability, and decreases presenteeism and absenteeism; it also increases job burnout and turnover intention. Finally, the hedonic use of personal social media at work carries only negative effects by increasing job burnout and turnover intention. This study contributes to managerial understanding by showing the impact of different types of personal social media usage and recommends that organisations not limit employee access to personal social media within work time, but rather focus on raising awareness of the negative effects of excessive usage on employee well-being and encourage low to moderate use of personal social media at work and other personal and work-related online interaction associated with positive workplace outcomes. It also clarifies the need for further research in regions such as the Middle East with distinct cultural and socio-economic contexts

    Cooking the wild: the role of the Lundayeh of the Ulu Padas, (Sabah, Malaysia) in managing forest foods and shaping the landscape

    Get PDF
    This thesis provides an account of the Lundayeh subsistence system as found in the villages of Long Pasia and Long Mio, situated in the Ulu Padas, Sabah. The research focuses on Lundayeh food and diet, describing the diversity of resources used and the importance of forest foods. Comparison with studies from elsewhere in Borneo suggests that there are many similarities between Lundayeh practices and those of other highland peoples. These data are used to critically examine the concepts of 'wild' and 'wilderness', considering whether these concepts are meaningful, either analytically or for the Lundayeh. Investigation of the way in which the Lundayeh manipulate and manage their resources suggests that they have had a profound influence on their environment. Consequently, the Ulu Padas cannot be described as a wilderness, nor its resources as wild. The extent to which the Lundayeh themselves construct the categories of 'wild' and 'cultivated' foods is investigated through examining how these resources are owned, and their different roles in the diet. These data suggest that the Lundayeh recognise that there is no simple dichotomy of 'wild' and 'cultivated', but rather, that there is a gradation between these two categories. There is also evidence to suggest that the Lundayeh do not consider any resources as wild, in the sense of being uninfluenced by people. The environmental perceptions of the Lundayeh are also investigated, and how these have been shaped by their particular way of life, history, beliefs and knowledge systems. It is apparent that for the Lundayeh, the Ulu Padas is a cultural landscape. However, this is changing, as a result of recent social and environmental changes. This thesis concludes by examining the impact of changing perceptions on how the Lundayeh are managing their environment, and on their attitudes towards conservation
    • …
    corecore