77,797 research outputs found
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
Algorithmic complexity vulnerabilities occur when the worst-case time/space
complexity of an application is significantly higher than the respective
average case for particular user-controlled inputs. When such conditions are
met, an attacker can launch Denial-of-Service attacks against a vulnerable
application by providing inputs that trigger the worst-case behavior. Such
attacks have been known to have serious effects on production systems, take
down entire websites, or lead to bypasses of Web Application Firewalls.
Unfortunately, existing detection mechanisms for algorithmic complexity
vulnerabilities are domain-specific and often require significant manual
effort. In this paper, we design, implement, and evaluate SlowFuzz, a
domain-independent framework for automatically finding algorithmic complexity
vulnerabilities. SlowFuzz automatically finds inputs that trigger worst-case
algorithmic behavior in the tested binary. SlowFuzz uses resource-usage-guided
evolutionary search techniques to automatically find inputs that maximize
computational resource utilization for a given application.Comment: ACM CCS '17, October 30-November 3, 2017, Dallas, TX, US
Generative Adversarial Networks for Financial Trading Strategies Fine-Tuning and Combination
Systematic trading strategies are algorithmic procedures that allocate assets
aiming to optimize a certain performance criterion. To obtain an edge in a
highly competitive environment, the analyst needs to proper fine-tune its
strategy, or discover how to combine weak signals in novel alpha creating
manners. Both aspects, namely fine-tuning and combination, have been
extensively researched using several methods, but emerging techniques such as
Generative Adversarial Networks can have an impact into such aspects.
Therefore, our work proposes the use of Conditional Generative Adversarial
Networks (cGANs) for trading strategies calibration and aggregation. To this
purpose, we provide a full methodology on: (i) the training and selection of a
cGAN for time series data; (ii) how each sample is used for strategies
calibration; and (iii) how all generated samples can be used for ensemble
modelling. To provide evidence that our approach is well grounded, we have
designed an experiment with multiple trading strategies, encompassing 579
assets. We compared cGAN with an ensemble scheme and model validation methods,
both suited for time series. Our results suggest that cGANs are a suitable
alternative for strategies calibration and combination, providing
outperformance when the traditional techniques fail to generate any alpha
The STRESS Method for Boundary-point Performance Analysis of End-to-end Multicast Timer-Suppression Mechanisms
Evaluation of Internet protocols usually uses random scenarios or scenarios
based on designers' intuition. Such approach may be useful for average-case
analysis but does not cover boundary-point (worst or best-case) scenarios. To
synthesize boundary-point scenarios a more systematic approach is needed.In
this paper, we present a method for automatic synthesis of worst and best case
scenarios for protocol boundary-point evaluation.
Our method uses a fault-oriented test generation (FOTG) algorithm for
searching the protocol and system state space to synthesize these scenarios.
The algorithm is based on a global finite state machine (FSM) model. We extend
the algorithm with timing semantics to handle end-to-end delays and address
performance criteria. We introduce the notion of a virtual LAN to represent
delays of the underlying multicast distribution tree. The algorithms used in
our method utilize implicit backward search using branch and bound techniques
and start from given target events. This aims to reduce the search complexity
drastically. As a case study, we use our method to evaluate variants of the
timer suppression mechanism, used in various multicast protocols, with respect
to two performance criteria: overhead of response messages and response time.
Simulation results for reliable multicast protocols show that our method
provides a scalable way for synthesizing worst-case scenarios automatically.
Results obtained using stress scenarios differ dramatically from those obtained
through average-case analyses. We hope for our method to serve as a model for
applying systematic scenario generation to other multicast protocols.Comment: 24 pages, 10 figures, IEEE/ACM Transactions on Networking (ToN) [To
appear
Bad Data Injection Attack and Defense in Electricity Market using Game Theory Study
Applications of cyber technologies improve the quality of monitoring and
decision making in smart grid. These cyber technologies are vulnerable to
malicious attacks, and compromising them can have serious technical and
economical problems. This paper specifies the effect of compromising each
measurement on the price of electricity, so that the attacker is able to change
the prices in the desired direction (increasing or decreasing). Attacking and
defending all measurements are impossible for the attacker and defender,
respectively. This situation is modeled as a zero sum game between the attacker
and defender. The game defines the proportion of times that the attacker and
defender like to attack and defend different measurements, respectively. From
the simulation results based on the PJM 5 Bus test system, we can show the
effectiveness and properties of the studied game.Comment: To appear in IEEE Transactions on Smart Grid, Special Issue on Cyber,
Physical, and System Security for Smart Gri
- …