3,522 research outputs found
Getting ahead of the arms race: hothousing the coevolution of VirusTotal with a Packer
Malware detection is in a coevolutionary arms race where the attackers and defenders are constantly seeking advantage. This arms race is asymmetric: detection is harder and more expensive than evasion. White hats must be conservative to avoid false positives when searching for malicious behaviour. We seek to redress this imbalance. Most of the time, black hats need only make incremental changes to evade them. On occasion, white hats make a disruptive move and find a new technique that forces black hats to work harder. Examples include system calls, signatures and machine learning. We present a method, called Hothouse, that combines simulation and search to accelerate the white hat’s ability to counter the black hat’s incremental moves, thereby forcing black hats to perform disruptive moves more often. To realise Hothouse, we evolve EEE, an entropy-based polymorphic packer for Windows executables. Playing the role of a black hat, EEE uses evolutionary computation to disrupt the creation of malware signatures. We enter EEE into the detection arms race with VirusTotal, the most prominent cloud service for running anti-virus tools on software. During our 6 month study, we continually improved EEE in response to VirusTotal, eventually learning a packer that produces packed malware whose evasiveness goes from an initial 51.8% median to 19.6%. We report both how well VirusTotal learns to detect EEE-packed binaries and how well VirusTotal forgets in order to reduce false positives. VirusTotal’s tools learn and forget fast, actually in about 3 days. We also show where VirusTotal focuses its detection efforts, by analysing EEE’s variants
The Sampling-and-Learning Framework: A Statistical View of Evolutionary Algorithms
Evolutionary algorithms (EAs), a large class of general purpose optimization
algorithms inspired from the natural phenomena, are widely used in various
industrial optimizations and often show excellent performance. This paper
presents an attempt towards revealing their general power from a statistical
view of EAs. By summarizing a large range of EAs into the sampling-and-learning
framework, we show that the framework directly admits a general analysis on the
probable-absolute-approximate (PAA) query complexity. We particularly focus on
the framework with the learning subroutine being restricted as a binary
classification, which results in the sampling-and-classification (SAC)
algorithms. With the help of the learning theory, we obtain a general upper
bound on the PAA query complexity of SAC algorithms. We further compare SAC
algorithms with the uniform search in different situations. Under the
error-target independence condition, we show that SAC algorithms can achieve
polynomial speedup to the uniform search, but not super-polynomial speedup.
Under the one-side-error condition, we show that super-polynomial speedup can
be achieved. This work only touches the surface of the framework. Its power
under other conditions is still open
Learning in a Landscape: Simulation-building as Reflexive Intervention
This article makes a dual contribution to scholarship in science and
technology studies (STS) on simulation-building. It both documents a specific
simulation-building project, and demonstrates a concrete contribution to
interdisciplinary work of STS insights. The article analyses the struggles that
arise in the course of determining what counts as theory, as model and even as
a simulation. Such debates are especially decisive when working across
disciplinary boundaries, and their resolution is an important part of the work
involved in building simulations. In particular, we show how ontological
arguments about the value of simulations tend to determine the direction of
simulation-building. This dynamic makes it difficult to maintain an interest in
the heterogeneity of simulations and a view of simulations as unfolding
scientific objects. As an outcome of our analysis of the process and
reflections about interdisciplinary work around simulations, we propose a
chart, as a tool to facilitate discussions about simulations. This chart can be
a means to create common ground among actors in a simulation-building project,
and a support for discussions that address other features of simulations
besides their ontological status. Rather than foregrounding the chart's
classificatory potential, we stress its (past and potential) role in discussing
and reflecting on simulation-building as interdisciplinary endeavor. This chart
is a concrete instance of the kinds of contributions that STS can make to
better, more reflexive practice of simulation-building.Comment: 37 page
Troping the Enemy: Metaphor, Culture, and the Big Data Black Boxes of National Security
This article considers how cultural understanding is being brought into the work of the Intelligence Advanced Research Projects Activity (IARPA), through an analysis of its Metaphor program. It examines the type of social science underwriting this program, unpacks implications of the agency’s conception of metaphor for understanding so-called cultures of interest, and compares IARPA’s to competing accounts of how metaphor works to create cultural meaning. The article highlights some risks posed by key deficits in the Intelligence Community\u27s (IC) approach to culture, which relies on the cognitive linguistic theories of George Lakoff and colleagues. It also explores the problem of the opacity of these risks for analysts, even as such predictive cultural analytics are becoming a part of intelligence forecasting. This article examines the problem of information secrecy in two ways, by unpacking the opacity of “black box,” algorithm-based social science of culture for end users with little appreciation of their potential biases, and by evaluating the IC\u27s nontransparent approach to foreign cultures, as it underwrites national security assessments
Social learning strategies modify the effect of network structure on group performance
The structure of communication networks is an important determinant of the
capacity of teams, organizations and societies to solve policy, business and
science problems. Yet, previous studies reached contradictory results about the
relationship between network structure and performance, finding support for the
superiority of both well-connected efficient and poorly connected inefficient
network structures. Here we argue that understanding how communication networks
affect group performance requires taking into consideration the social learning
strategies of individual team members. We show that efficient networks
outperform inefficient networks when individuals rely on conformity by copying
the most frequent solution among their contacts. However, inefficient networks
are superior when individuals follow the best member by copying the group
member with the highest payoff. In addition, groups relying on conformity based
on a small sample of others excel at complex tasks, while groups following the
best member achieve greatest performance for simple tasks. Our findings
reconcile contradictory results in the literature and have broad implications
for the study of social learning across disciplines
The Explicit Economics of Knowledge Codification and Tacitness
not availableeconomics of technology ;
- …