15 research outputs found
Effiziente und erklärbare Erkennung von mobiler Schadsoftware mittels maschineller Lernmethoden
In recent years, mobile devices shipped with Google’s Android operating system
have become ubiquitous. Due to their popularity and the high concentration of
sensitive user data on these devices, however, they have also become a
profitable target of malware authors. As a result, thousands of new malware
instances targeting Android are found almost every day. Unfortunately, common
signature-based methods often fail to detect these applications, as these
methods can- not keep pace with the rapid development of new malware.
Consequently, there is an urgent need for new malware detection methods to
tackle this growing threat.
In this thesis, we address the problem by combining concepts of static analysis
and machine learning, such that mobile malware can be detected directly on the
mobile device with low run-time overhead. To this end, we first discuss our
analysis results of a sophisticated malware that uses an ultrasonic side
channel to spy on unwitting smartphone users. Based on the insights we gain
throughout this thesis, we gradually develop a method that allows detecting
Android malware in general. The resulting method performs a broad static
analysis, gathering a large number of features associated with an application.
These features are embedded in a joint vector space, where typical patterns
indicative of malware can be automatically identified and used for explaining
the decisions of our method. In addition to an evaluation of its overall
detection and run-time performance, we also examine the interpretability of the
underlying detection model and strengthen the classifier against realistic
evasion attacks.
In a large set of experiments, we show that the method clearly outperforms
several related approaches, including popular anti-virus scanners. In most
experiments, our approach detects more than 90% of all malicious samples in the
dataset at a low false positive rate of only 1%. Furthermore, even on older
devices, it offers a good run-time performance, and can output a decision along
with a proper explanation within a few seconds, despite the use of machine
learning techniques directly on the mobile device.
Overall, we find that the application of machine learning techniques is a
promising research direction to improve the security of mobile devices. While
these techniques alone cannot defeat the threat of mobile malware, they at
least raise the bar for malicious actors significantly, especially if combined
with existing techniques.Die Verbreitung von Smartphones, insbesondere mit dem Android-Betriebssystem,
hat in den vergangenen Jahren stark zugenommen. Aufgrund ihrer hohen
Popularität haben sich diese Geräte jedoch zugleich auch zu einem lukrativen
Ziel für Entwickler von Schadsoftware entwickelt, weshalb mittlerweile täglich
neue Schadprogramme für Android gefunden werden.
Obwohl verschiedene Lösungen existieren, die Schadprogramme auch auf mobilen
Endgeräten identifizieren sollen, bieten diese in der Praxis häufig keinen
ausreichenden Schutz. Dies liegt vor allem daran, dass diese Verfahren zumeist
signaturbasiert arbeiten und somit schädliche Programme erst zuverlässig
identifizieren können, sobald entsprechende Erkennungssignaturen vorhanden
sind. Jedoch wird es für Antiviren-Hersteller immer schwieriger, die zur
Erkennung notwendigen Signaturen rechtzeitig bereitzustellen. Daher ist die
Entwicklung von neuen Verfahren nötig, um der wachsenden Bedrohung durch mobile
Schadsoftware besser begegnen zu können.
In dieser Dissertation wird ein Verfahren vorgestellt und eingehend untersucht,
das Techniken der statischen Code-Analyse mit Methoden des maschinellen Lernens
kombiniert, um so eine zuverlässige Erkennung von mobiler Schadsoftware direkt
auf dem Mobilgerät zu ermöglichen. Die Methode analysiert hierfür mobile
Anwendungen zunächst statisch und extrahiert dabei spezielle Merkmale, die eine
Abbildung einer Applikation in einen hochdimensionalen Vektorraum ermöglichen.
In diesem Vektorraum sind schließlich maschinelle Lernmethoden in der Lage,
automatisch Muster zur Erkennung von Schadprogrammen zu finden. Die gefundenen
Muster können dabei nicht nur zur Erkennung, sondern darüber hinaus auch zur
Erklärung einer getroffenenen Entscheidung dienen.
Im Rahmen einer ausführlichen Evaluation wird nicht nur die Erkennungsleistung
und die Laufzeit der vorgestellten Methode untersucht, sondern darüber hinaus
das gelernte Erkennungsmodell im Detail analysiert. Hierbei wird auch die
Robustheit des Modells gegenüber gezielten Angriffe untersucht und verbessert.
In einer Reihe von Experimenten kann gezeigt werden, dass mit dem
vorgeschlagenen Verfahren bessere Ergebnisse erzielt werden können als mit
vergleichbaren Methoden, sogar einschließlich einiger populärer
Antivirenprogramme. In den meisten Experimenten kann die Methode Schadprogramme
zuverlässig erkennen und erreicht Erkennungsraten von über 90% bei einer
geringen Falsch-Positiv-Rate von 1%
Sustainability in design: now! Challenges and opportunities for design research, education and practice in the XXI century
Copyright @ 2010 Greenleaf PublicationsLeNS project funded by the Asia Link Programme, EuropeAid, European Commission
Data and the city – accessibility and openness. a cybersalon paper on open data
This paper showcases examples of bottom–up open data and smart city applications and identifies lessons for future such efforts. Examples include Changify, a neighbourhood-based platform for residents, businesses, and companies; Open Sensors, which provides APIs to help businesses, startups, and individuals develop applications for the Internet of Things; and Cybersalon’s Hackney Treasures. a location-based mobile app that uses Wikipedia entries geolocated in Hackney borough to map notable local residents. Other experiments with sensors and open data by Cybersalon members include Ilze Black and Nanda Khaorapapong's The Breather, a "breathing" balloon that uses high-end, sophisticated sensors to make air quality visible; and James Moulding's AirPublic, which measures pollution levels. Based on Cybersalon's experience to date, getting data to the people is difficult, circuitous, and slow, requiring an intricate process of leadership, public relations, and perseverance. Although there are myriad tools and initiatives, there is no one solution for the actual transfer of that data
CORPORATE SOCIAL RESPONSIBILITY IN ROMANIA
The purpose of this paper is to identify the main opportunities and limitations of corporate social responsibility (CSR). The survey was defined with the aim to involve the highest possible number of relevant CSR topics and give the issue a more wholesome perspective. It provides a basis for further comprehension and deeper analyses of specific CSR areas. The conditions determining the success of CSR in Romania have been defined in the paper on the basis of the previously cumulative knowledge as well as the results of various researches. This paper provides knowledge which may be useful in the programs promoting CSR.Corporate social responsibility, Supportive policies, Romania
Terminology policies and communication for social change
Die vorliegende Dissertation untersucht die PR- und Kommunikationsstrategie südafrikanischer Regierungsinstitutionen hinsichtlich der Sprach- und Terminologiepolitik des Landes.
Südafrika nutzt derzeit noch nicht alle Möglichkeiten konsequent aus und vergibt auf diese Weise viele Gelegenheiten, die linguistische und kulturelle Vielfalt der Nation zu kommunizieren, sowie Fachkommunikation in den offiziellen Sprachen, mit Ausnahme von Englisch, zu fördern. Um diese Hypothese zu unterlegen, untersuche ich den Prozess der Politikgestaltung, wie er in den UNESCO Guidelines for Terminology Policies beschrieben wurde, um auf diese Weise Kommunikationsprozesse zu identifizieren, die besondere Planung erfordern.
Dabei wird die Entwicklung und Umsetzung der Strategie als komplexe Management-Aktivität beschrieben, die eigene Regeln und Charakteristika besitzt. Weiterhin werden Erkenntnisse aus den Kommunikationswissenschaften, insbesondere des Unterbereiches Development Communication, bzw. Communication for Social Change sowie Beispiele aus anderen Fachgebieten untersucht auf deren Anwendbarkeit im Bereich Terminologiepolitik.
Erfolgskriterien werden extrahiert, gegen welche anschliessend die reale Situation in Südafrika verglichen wird. Den Hauptteil der vorliegenden Studie stellt eine Analyse der südafrikanischen Geschichte, Gesellschaft, sowie des Politik- und Mediensektors. Diese Faktoren haben einen besonderen Einfluß auf die Sprach- und Terminologiepolitik des Landes, wie auch mögliche und tatsächliche PR-Strategien.
Die Studie schliesst mit Empfehlungen für eine Verbesserung dieser Strategie sowie einem Ausblick auf die erwartete Richtung der nächsten Generation südafrikanischer Terminologiepolitik und die Entwicklung des Mediensektors.This doctoral thesis examines the communication strategy employed by the South African government institutions concerning their terminology and language policy.
South Africa does not make consequent use of all possibilities to the best possible extent, thus giving away many opportunities to promote linguistic and cultural diversity in the country and facilitate subject-field communication in the official languages other than English.
To prove the hypothesis I examine the policy-making process as it is described in the UNESCO Guidelines for Terminology Policies in order to identify communication processes that require careful planning. By doing so, the policy process is exposed as a complex management activity with its own rules and characteristics. Furthermore, communication science, and there especially the fields of Development Communication or Communication for Social Change, as well as benchmarking from other fields, is analyzed with the aim to evaluate these fields for their application in terminology policies.
Success criteria are derived from this analysis against which the actual situation is compared. The main part of the thesis is a thorough analysis of South Africa’s history, society, as well as political and media sector. These factors have an important impact on the country’s language and terminology policy as well as on possible and actual communication strategies.
The study concludes with recommendations to improve the communication strategy and an outlook on the expected direction of the next generation terminology policy, as well as media and communication development
Матеріали 4-го Міжнародного семінару з доповненої реальності в освіті (AREdu 2021). Кривий Ріг, Україна. 11 травня 2021 року
Proceedings of the 4th International Workshop on Augmented Reality in Education (AREdu 2021). Kryvyi Rih, Ukraine. May 11, 2021.Матеріали 4-го Міжнародного семінару з доповненої реальності в освіті (AREdu 2021). Кривий Ріг, Україна. 11 травня 2021 рок
Manager’s and citizen’s perspective of positive and negative risks for small probabilities
So far „risk‟ has been mostly defined as the expected value of a loss, mathematically PL, being P the probability of an adverse event and L the loss incurred as a consequence of the event. The so called risk matrix is based on this definition. Also for favorable events one usually refers to the expected gain PG, being G the gain incurred as a consequence of the positive event. These “measures” are generally violated in practice. The case of insurances (on the side of losses, negative risk) and the case of lotteries (on the side of gains, positive risk) are the most obvious. In these cases a single person is available to pay a higher price than that stated by the mathematical expected value, according to (more or less theoretically justified) measures. The higher the risk, the higher the unfair accepted price. The definition of risk as expected value is justified in a long term “manager‟s” perspective, in which it is conceivable to distribute the effects of an adverse event on a large number of subjects or a large number of recurrences. In other words, this definition is mostly justified on frequentist terms. Moreover, according to this definition, in two extreme situations (high-probability/low-consequence and low-probability/high-consequence), the estimated risk is low. This logic is against the principles of sustainability and continuous improvement, which should impose instead both a continuous search for lower probabilities of adverse events (higher and higher reliability) and a continuous search for lower impact of adverse events (in accordance with the fail-safe principle). In this work a different definition of risk is proposed, which stems from the idea of safeguard: (1Risk)=(1P)(1L). According to this definition, the risk levels can be considered low only when both the probability of the adverse event and the loss are small. Such perspective, in which the calculation of safeguard is privileged to the calculation of risk, would possibly avoid exposing the Society to catastrophic consequences, sometimes due to wrong or oversimplified use of probabilistic models. Therefore, it can be seen as the citizen‟s perspective to the definition of risk
ASYMMETRY INFORMATION: INVESTORS TRUST REFLECTION TOWARD QUALITY OF EARNINGS
This article aims to describe the investors' trust toward quality of earnings reflection proxied by earnings response coeffisient (ERC). The study was conducted on 296 manufacturing companies that meet the criteria of observations in 2011 to 2015. The variables used in this research is the board of directors, audit comitee, the independent board as exogenous variables, information asymmetry as an intervening variable and earnings response coeffisient (ERC) as an endogenous variable by means of persistency as control variables. The board of directors and the independent board in this article as a proxy of corporate governance show the effect on the information gap represented by information asymmetry, while the audit comitee Showed the opposite effect. Information gaps provide explanatory power on the reflection of investor confidence in the quality of earnings that are Reported company
Factors Influencing Customer Satisfaction towards E-shopping in Malaysia
Online shopping or e-shopping has changed the world of business and quite a few people have
decided to work with these features. What their primary concerns precisely and the responses from
the globalisation are the competency of incorporation while doing their businesses. E-shopping has
also increased substantially in Malaysia in recent years. The rapid increase in the e-commerce
industry in Malaysia has created the demand to emphasize on how to increase customer satisfaction
while operating in the e-retailing environment. It is very important that customers are satisfied with
the website, or else, they would not return. Therefore, a crucial fact to look into is that companies
must ensure that their customers are satisfied with their purchases that are really essential from the ecommerce’s
point of view. With is in mind, this study aimed at investigating customer satisfaction
towards e-shopping in Malaysia. A total of 400 questionnaires were distributed among students
randomly selected from various public and private universities located within Klang valley area.
Total 369 questionnaires were returned, out of which 341 questionnaires were found usable for
further analysis. Finally, SEM was employed to test the hypotheses. This study found that customer
satisfaction towards e-shopping in Malaysia is to a great extent influenced by ease of use, trust,
design of the website, online security and e-service quality. Finally, recommendations and future
study direction is provided.
Keywords: E-shopping, Customer satisfaction, Trust, Online security, E-service quality, Malaysia