On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

Optimal Solution of Nonlinear Equations Satisfying a Lipschitz Condition

For a given nonnegative e we seek a point x* such that if(x*)[ l) satisfying a Lipschitz condition with the constant K and having a zero in B. The information operator on f consists of n values of arbitrary linear functionals which are computed adaptively. The point x* is constructed by means of an algorithm which is a mapping depending on the information operator. We find an optimal algorithm, i.e., algorithm with the smallest error, which uses n function evaluations computed adaptively. We also exhibit nearly optimal information operators, i.e., the linear functionals for which the error of an optimal algorithm that uses them is almost minimal. Nearly optimal information operators consists of n nonadaptive function evaluations at equispaced points xj in the cube B. This result exhibits the superiority of the T. Aird and J. Rice procedure ZSRCH (IMSL library [1]) over Sobol's approach [7] for solving nonlinear equations in our class of functions. We also prove that the simple search algorithm which yields a point x*=x k such that If(Xk)]= min If(xj)l is nearly optimal. The complexity, i.e., the minimal cost of solving our problem is roughly equal to (K/e)m

Minimal number of function evaluations for computing topological degree in two dimensions

A lower bound n-min roughly equal log-2 (diam(T)/m) is established for the minimal number of function evaluations necessary to compute the topological degree of every function f in a class F. The class F consists of continuous functions f = (f1, f2) defined on a triangle T, f: T → R squared, such that the minimal distance between zeros of f1 and zeros of f2 on the boundary of T is not less than m, m > 0. Information is exhibited which permits the computation of the degree for every f in F with at most 2n-min function evaluations. An algorithm, due to Kearfott, uses this information to compute the degree. These results lead to tight lower and upper complexity bounds for this problem

Study of Linear Information for Classes of Polynomial Equations

Linear adaptive information for approximating a zero of f is studied where f belongs to the class of polynomials of unbounded degree. A theorem on constrained approximation of smooth functions by polynomials is established

The Analysis of Large Order Bessel Functions in Gravitational Wave Signals from Pulsars

In this work, we present the analytic treatment of the large order Bessel functions that arise in the Fourier Transform (FT) of the Gravitational Wave (GW) signal from a pulsar. We outline several strategies which employ asymptotic expansions in evaluation of such Bessel functions which also happen to have large argument. Large order Bessel functions also arise in the Peters-Mathews model of binary inspiralling stars emitting GW and several problems in potential scattering theory. Other applications also arise in a variety of problems in Applied Mathematics as well as in the Natural Sciences and present a challenge for High Performance Computing(HPC).Comment: 8 pages, Uses IEEE style files: Ieee.cls, Ieee.clo and floatsty.sty. Accepted for publication in High Performance Computing Symposium, May 15-18 (HPCS 2005) Guelph, Ontario, Canad

For Which Error Criteria Can We Solve Nonlinear Equations?

For which error criteria can we solve a nonlinear scalar equation f(x) = 0 where f is a real function on the interval [a,b]

Pseudo-finite hard instances for a student-teacher game with a Nisan-Wigderson generator

For an NP intersect coNP function g of the Nisan-Wigderson type and a string b outside its range we consider a two player game on a common input a to the function. One player, a computationally limited Student, tries to find a bit of g(a) that differs from the corresponding bit of b. He can query a computationally unlimited Teacher for the witnesses of the values of constantly many bits of g(a). The Student computes the queries from a and from Teacher's answers to his previous queries. It was proved by Krajicek (2011) that if g is based on a hard bit of a one-way permutation then no Student computed by a polynomial size circuit can succeed on all a. In this paper we give a lower bound on the number of inputs a any such Student must fail on. Using that we show that there is a pseudo-finite set of hard instances on which all uniform students must fail. The hard-core set is defined in a non-standard model of true arithmetic and has applications in a forcing construction relevant to proof complexity

Asymptotic Optimality of the Bisection Method

The bisection method is shown to possess the asymptotically best rate of convergence for infinitely differentiable functions having zeros of arbitrary multiplicity. If the multiplicity of zeros is bounded methods are known which have asymptotically at least quadratic rate of convergence

Learning Koopman eigenfunctions of stochastic diffusions with optimal importance sampling and ISOKANN

The dominant eigenfunctions of the Koopman operator characterize the metastabilities and slow-timescale dynamics of stochastic diffusion processes. In the context of molecular dynamics and Markov state modeling, they allow for a description of the location and frequencies of rare transitions, which are hard to obtain by direct simulation alone. In this article, we reformulate the eigenproblem in terms of the ISOKANN framework, an iterative algorithm that learns the eigenfunctions by alternating between short burst simulations and a mixture of machine learning and classical numerics, which naturally leads to a proof of convergence. We furthermore show how the intermediate iterates can be used to reduce the sampling variance by importance sampling and optimal control (enhanced sampling), as well as to select locations for further training (adaptive sampling). We demonstrate the usage of our proposed method in experiments, increasing the approximation accuracy by several orders of magnitude