On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

Correlating Pedestrian Flows and Search Engine Queries

An important challenge for ubiquitous computing is the development of techniques that can characterize a location vis-a-vis the richness and diversity of urban settings. In this paper we report our work on correlating urban pedestrian flows with Google search queries. Using longitudinal data we show pedestrian flows at particular locations can be correlated with the frequency of Google search terms that are semantically relevant to those locations. Our approach can identify relevant content, media, and advertisements for particular locations.Comment: 4 pages, 1 figure, 1 tabl

Are we teaching our students what they need to know about ageing? Results from the National Survey of Undergraduate Teaching in Ageing and Geriatric Medicine

Introduction - Learning about ageing and the appropriate management of older patients is important for all doctors. This survey set out to evaluate what medical undergraduates in the UK are taught about ageing and geriatric medicine and how this teaching is delivered. Methods – An electronic questionnaire was developed and sent to the 28/31 UK medical schools which agreed to participate. Results – Full responses were received from 17 schools. 8/21 learning objectives were recorded as taught, and none were examined, across every school surveyed. Elder abuse and terminology and classification of health were taught in only 8/17 and 2/17 schools respectively. Pressure ulcers were taught about in 14/17 schools but taught formally in only 7 of these and examined in only 9. With regard to bio- and socio- gerontology, only 9/17 schools reported teaching in social ageing, 7/17 in cellular ageing and 9/17 in the physiology of ageing. Discussion – Even allowing for the suboptimal response rate, this study presents significant cause for concern with UK undergraduate education related to ageing. The failure to teach comprehensively on elder abuse and pressure sores, in particular, may be significantly to the detriment of older patients

Mobile Communication Signatures of Unemployment

The mapping of populations socio-economic well-being is highly constrained by the logistics of censuses and surveys. Consequently, spatially detailed changes across scales of days, weeks, or months, or even year to year, are difficult to assess; thus the speed of which policies can be designed and evaluated is limited. However, recent studies have shown the value of mobile phone data as an enabling methodology for demographic modeling and measurement. In this work, we investigate whether indicators extracted from mobile phone usage can reveal information about the socio-economical status of microregions such as districts (i.e., average spatial resolution < 2.7km). For this we examine anonymized mobile phone metadata combined with beneficiaries records from unemployment benefit program. We find that aggregated activity, social, and mobility patterns strongly correlate with unemployment. Furthermore, we construct a simple model to produce accurate reconstruction of district level unemployment from their mobile communication patterns alone. Our results suggest that reliable and cost-effective economical indicators could be built based on passively collected and anonymized mobile phone data. With similar data being collected every day by telecommunication services across the world, survey-based methods of measuring community socioeconomic status could potentially be augmented or replaced by such passive sensing methods in the future

Gamma-ray emission revealed at the western edge of SNR G344.7-0.1

We report on the investigation of a very high energy (VHE), Galactic gamma-ray source recently discovered at >50GeV using the Large Area Telescope (LAT) on board the Fermi Gamma-Ray Space Telescope. This object, 2FHL J1703.4-4145, displays a very hard >50GeV spectrum with a photon index ~1.2 in the 2FHL catalog and, as such, is one of the most extreme sources in the 2FHL sub-sample of Galactic objects. A detailed analysis of the available multi-wavelength data shows that this source is located on the western edge of the supernova remnant (SNR) G344.7--0.1, along with extended TeV source, HESS J1702-420. The observations and the spectral energy distribution modeling support a scenario where this gamma-ray source is the byproduct of the interaction between the SNR shock and the dense surrounding medium, with escaping cosmic rays (CRs) diffusing into the dense environment and interacting with a large local cloud, generating the observed TeV emission. If confirmed, an interaction between the SNR CRs and a nearby cloud would make 2FHL J1703.4-4145 another promising candidate for efficient particle acceleration of the 2FHL Galactic sample, following the first candidate from our previous investigation of a likely shock-cloud interaction occurring on the West edge of the Vela SNR.Comment: 9 pages, 7 figures, Submitted to ApJ June 15, 2020. Accepted for publication Oct 2, 202

Handling oversampling in dynamic networks using link prediction

Oversampling is a common characteristic of data representing dynamic networks. It introduces noise into representations of dynamic networks, but there has been little work so far to compensate for it. Oversampling can affect the quality of many important algorithmic problems on dynamic networks, including link prediction. Link prediction seeks to predict edges that will be added to the network given previous snapshots. We show that not only does oversampling affect the quality of link prediction, but that we can use link prediction to recover from the effects of oversampling. We also introduce a novel generative model of noise in dynamic networks that represents oversampling. We demonstrate the results of our approach on both synthetic and real-world data.Comment: ECML/PKDD 201

Detecting Community Structure in Dynamic Social Networks Using the Concept of Leadership

Detecting community structure in social networks is a fundamental problem empowering us to identify groups of actors with similar interests. There have been extensive works focusing on finding communities in static networks, however, in reality, due to dynamic nature of social networks, they are evolving continuously. Ignoring the dynamic aspect of social networks, neither allows us to capture evolutionary behavior of the network nor to predict the future status of individuals. Aside from being dynamic, another significant characteristic of real-world social networks is the presence of leaders, i.e. nodes with high degree centrality having a high attraction to absorb other members and hence to form a local community. In this paper, we devised an efficient method to incrementally detect communities in highly dynamic social networks using the intuitive idea of importance and persistence of community leaders over time. Our proposed method is able to find new communities based on the previous structure of the network without recomputing them from scratch. This unique feature, enables us to efficiently detect and track communities over time rapidly. Experimental results on the synthetic and real-world social networks demonstrate that our method is both effective and efficient in discovering communities in dynamic social networks

From Relational Data to Graphs: Inferring Significant Links using Generalized Hypergeometric Ensembles

The inference of network topologies from relational data is an important problem in data analysis. Exemplary applications include the reconstruction of social ties from data on human interactions, the inference of gene co-expression networks from DNA microarray data, or the learning of semantic relationships based on co-occurrences of words in documents. Solving these problems requires techniques to infer significant links in noisy relational data. In this short paper, we propose a new statistical modeling framework to address this challenge. It builds on generalized hypergeometric ensembles, a class of generative stochastic models that give rise to analytically tractable probability spaces of directed, multi-edge graphs. We show how this framework can be used to assess the significance of links in noisy relational data. We illustrate our method in two data sets capturing spatio-temporal proximity relations between actors in a social system. The results show that our analytical framework provides a new approach to infer significant links from relational data, with interesting perspectives for the mining of data on social systems.Comment: 10 pages, 8 figures, accepted at SocInfo201

Revisiting \u3csup\u3e228\u3c/sup\u3eTh as a Tool for Determining Sedimentation and Mass Accumulation Rates

The use of 228Th has seen limited application for determining sedimentation and mass accumulation rates in coastal and marine environments. Recent analytical advances have enabled rapid, precise measurements of particle-bound 228Th using a radium delayed coincidence counting system (RaDeCC). Herein we review the 228Th cycle in the marine environment and revisit the historical use of 228Th as a tracer for determining sediment vertical accretion and mass accumulation rates in light of new measurement techniques. Case studies comparing accumulation rates from 228Th and 210Pb are presented for a micro-tidal salt marsh and a marginal sea environment. 228Th and 210Pb have been previously measured in mangrove, deltaic, continental shelf and ocean basin environments, and a literature synthesis reveals that 228Th (measured via alpha or gamma spectrometry) derived accumulation rates are generally equal to or greater than estimates derived from 210Pb, reflecting different integration periods. Use of 228Th is well-suited for shallow (\u3c15 cm) cores over decadal timescales. Application is limited to relatively homogenous sediment profiles with minor variations in grain size and minimal bioturbation. When appropriate conditions are met, complimentary use of 228Th and 210Pb can demonstrate that the upper layers of a core are undisturbed and can improve spatial coverage in mapping accumulation rates due to the higher sample throughput for sediment 228Th