937 research outputs found
An Evasion Attack against ML-based Phishing URL Detectors
Background: Over the year, Machine Learning Phishing URL classification
(MLPU) systems have gained tremendous popularity to detect phishing URLs
proactively. Despite this vogue, the security vulnerabilities of MLPUs remain
mostly unknown. Aim: To address this concern, we conduct a study to understand
the test time security vulnerabilities of the state-of-the-art MLPU systems,
aiming at providing guidelines for the future development of these systems.
Method: In this paper, we propose an evasion attack framework against MLPU
systems. To achieve this, we first develop an algorithm to generate adversarial
phishing URLs. We then reproduce 41 MLPU systems and record their baseline
performance. Finally, we simulate an evasion attack to evaluate these MLPU
systems against our generated adversarial URLs. Results: In comparison to
previous works, our attack is: (i) effective as it evades all the models with
an average success rate of 66% and 85% for famous (such as Netflix, Google) and
less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively;
(ii) realistic as it requires only 23ms to produce a new adversarial URL
variant that is available for registration with a median cost of only
$11.99/year. We also found that popular online services such as Google
SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that
Adversarial training (successful defence against evasion attack) does not
significantly improve the robustness of these systems as it decreases the
success rate of our attack by only 6% on average for all the models. (iv)
Further, we identify the security vulnerabilities of the considered MLPU
systems. Our findings lead to promising directions for future research.
Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but
also highlights implications for future study towards assessing and improving
these systems.Comment: Draft for ACM TOP
Impact of Fashion Consciousness on Hijabistas’ Buying Behavior
The basic purpose of this research is to establish a methodology for studying and understanding contributing factors towards fashion consciousness and its impact on hijab buying behavior of hijabistas present in Universities of Lahore. This population was represented by 100 respondents taken from top five universities of Lahore. These respondents were asked to fill a questionnaire and return. The data collected was statistically analyzed by using Pearson’s correlation technique and linear regression analysis which supported the hypotheses and generated evidence in favor of the hypotheses. It is clearly evident from the results that way of dressing, sources of fashion information, fashion motivation and uniqueness of fashion are the determinants of fashion consciousness of hijabistas. Fashion consciousness positively impacts hijabistas hijab buying behavior as evident by the significance of the impact. Keywords: Fashion Consciousness, Hijab Fashion Consumption, Fashion Uniqueness, Dressing Style, Motivation
An Empirical Evaluation of an Activity-Based Infrastructure for Supporting Cooperation in Software Engineering
[Background] Software Engineering (SE) is predominantly a team effort that needs close cooperation among several people who may be geographically distributed. It has been recognized that appropriate tool support is a prerequisite to improve cooperation within SE teams. In an effort to contribute to this line of research, we have designed and developed an infrastructure, called ABC4GSD, based on the models of Activity Theory (AT) and the principles of the Activity-Based Computing (ABC) paradigm. [Aim] In this paper, we present a study that empirically evaluates the ability of ABC4GSD in supporting teams cooperation. [Method] We designed and executed a study based on a scenario that simulated the Follow-The-Sun (FTS) strategy of Global SE (GSE). Our research design allowed us to ensure cooperation to be both computer-mediated as well as contained within observable short time-windows-the hand-off activities of the FTS strategy. [Results] Overall, the results show that the cooperation support provided by the ABC4GSD system has been positively perceived by the participants. Nonetheless, open issues stimulating further investigations have been raised especially due to a few mixed results. [Conclusions] Aware of the limitations of the simulated scenario, we conclude that the approach followed by the ABC4GSD system based on activities is desirable to improve the cooperation support in SE. Finally, our research approach based on simulating a scenario with geographical and temporal distribution can providePaolo Tell, Muhammad Ali Baba
Installing and Scaling out Ubuntu Enterprise Cloud in Virtual Environment:Supplement to “Guidelines for Building a Private Cloud Infrastructure”
- …