Anomaly Detection by Recombining Gated Unsupervised Experts

Inspired by mixture-of-experts models and the analysis of the hidden activations of neural networks, we introduce a novel unsupervised anomaly detection method called ARGUE. Current anomaly detection methods struggle when the training data does contain multiple notions of normal. We designed ARGUE as a combination of multiple expert networks, which specialise on parts of the input data. For its final decision, ARGUE fuses the distributed knowledge across the expert systems using a gated mixture-of-experts architecture. ARGUE achieves superior detection performance across several domains in a purely data-driven way and is more robust to noisy data sets than other state-of-the-art anomaly detection methods

Identification of a protein encoded in the EB-viral open reading frame BMRF2

Using monospecific rabbit sera against a peptide derived from a potential antigenic region of the Epstein-Barr viral amino acid sequence encoded in the open reading frame BMRF2 we could identify a protein-complex of 53/55 kDa in chemically induced B95-8, P3HR1 and Raji cell lines. This protein could be shown to be membrane-associated, as predicted by previous computer analysis of the secondary structure and hydrophilicity pattern, and may be a member of EBV-induced membrane proteins in lytically infected cells

Hunting bugs with Lévy flight foraging

We present a new method for random testing of binary executables inspired by biology. In our approach we introduce the first fuzzer based on a mathematical model for optimal foraging. To minimize search time for possible vulnerabilities we generate test cases with Lévy flights in the input space. In order to dynamically adapt test generation behavior to actual path exploration performance we define a suitable measure for quality evaluation of test cases. This measure takes into account previously discovered code regions and allows us to construct a feedback mechanism. By controlling diffusivity of the test case generating Lévy processes with evaluation feedback from dynamic instrumentation we are able to define a fully self-adaptive fuzzing algorithm

Fuzzing binaries with Lévy flight swarms

We present a new method for random testing of binary executables inspired by biology. In our approach, we introduce the first fuzzer based on a mathematical model for optimal foraging. To minimize search time for possible vulnerabilities, we generate test cases with Lévy flights in the input space. In order to dynamically adapt test generation behavior to actual path exploration performance, we define a suitable measure for quality evaluation of test cases. This measure takes into account previously discovered code regions and allows us to construct a feedback mechanism. By controlling diffusivity of the test case generating Lévy processes with evaluation feedback from dynamic instrumentation, we are able to define a fully self-adaptive fuzzing algorithm. We aggregate multiple instances of such Lévy flights to fuzzing swarms which reveal flexible, robust, decentralized, and self-organized behavior

Chemotactic test case recombination for large-scale fuzzing

We present a bio-inspired method for large-scale fuzzing to detect vulnerabilities in binary executables. In our approach we deploy small groups of feedback-driven explorers that guide colonies of high throughput fuzzers to promising regions in input space. We achieve this by applying the biological concept of chemotaxis: The explorer fuzzers mark test case regions that drive the target binary to previously undiscovered execution paths with an attractant. This allows us to construct a force of attraction that draws the trailing fuzzers to high-quality test cases. By introducing hierarchies of explorers we construct a colony of fuzzers that is divided into multiple subgroups. Each subgroup is guiding a trailing group and simultaneously drawn itself by the traces of their respective explorers. We implement a prototype and evaluate our presented algorithm to show the feasibility of our approach