On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

Spatiotemporal correlations of handset-based service usages

We study spatiotemporal correlations and temporal diversities of handset-based service usages by analyzing a dataset that includes detailed information about locations and service usages of 124 users over 16 months. By constructing the spatiotemporal trajectories of the users we detect several meaningful places or contexts for each one of them and show how the context affects the service usage patterns. We find that temporal patterns of service usages are bound to the typical weekly cycles of humans, yet they show maximal activities at different times. We first discuss their temporal correlations and then investigate the time-ordering behavior of communication services like calls being followed by the non-communication services like applications. We also find that the behavioral overlap network based on the clustering of temporal patterns is comparable to the communication network of users. Our approach provides a useful framework for handset-based data analysis and helps us to understand the complexities of information and communications technology enabled human behavior.Comment: 11 pages, 15 figure

High resolution nighttime cloud-cover radiometer Quarterly report XVII, 1 Oct. 1965 - 1 Jan. 1966

Electronic, optical, mechanical, and electron packaging component and system design reviews for high resolution cloud cover infrared radiomete

Mobile Communication Signatures of Unemployment

The mapping of populations socio-economic well-being is highly constrained by the logistics of censuses and surveys. Consequently, spatially detailed changes across scales of days, weeks, or months, or even year to year, are difficult to assess; thus the speed of which policies can be designed and evaluated is limited. However, recent studies have shown the value of mobile phone data as an enabling methodology for demographic modeling and measurement. In this work, we investigate whether indicators extracted from mobile phone usage can reveal information about the socio-economical status of microregions such as districts (i.e., average spatial resolution < 2.7km). For this we examine anonymized mobile phone metadata combined with beneficiaries records from unemployment benefit program. We find that aggregated activity, social, and mobility patterns strongly correlate with unemployment. Furthermore, we construct a simple model to produce accurate reconstruction of district level unemployment from their mobile communication patterns alone. Our results suggest that reliable and cost-effective economical indicators could be built based on passively collected and anonymized mobile phone data. With similar data being collected every day by telecommunication services across the world, survey-based methods of measuring community socioeconomic status could potentially be augmented or replaced by such passive sensing methods in the future

From Relational Data to Graphs: Inferring Significant Links using Generalized Hypergeometric Ensembles

The inference of network topologies from relational data is an important problem in data analysis. Exemplary applications include the reconstruction of social ties from data on human interactions, the inference of gene co-expression networks from DNA microarray data, or the learning of semantic relationships based on co-occurrences of words in documents. Solving these problems requires techniques to infer significant links in noisy relational data. In this short paper, we propose a new statistical modeling framework to address this challenge. It builds on generalized hypergeometric ensembles, a class of generative stochastic models that give rise to analytically tractable probability spaces of directed, multi-edge graphs. We show how this framework can be used to assess the significance of links in noisy relational data. We illustrate our method in two data sets capturing spatio-temporal proximity relations between actors in a social system. The results show that our analytical framework provides a new approach to infer significant links from relational data, with interesting perspectives for the mining of data on social systems.Comment: 10 pages, 8 figures, accepted at SocInfo201

Interplay between telecommunications and face-to-face interactions - a study using mobile phone data

In this study we analyze one year of anonymized telecommunications data for over one million customers from a large European cellphone operator, and we investigate the relationship between people's calls and their physical location. We discover that more than 90% of users who have called each other have also shared the same space (cell tower), even if they live far apart. Moreover, we find that close to 70% of users who call each other frequently (at least once per month on average) have shared the same space at the same time - an instance that we call co-location. Co-locations appear indicative of coordination calls, which occur just before face-to-face meetings. Their number is highly predictable based on the amount of calls between two users and the distance between their home locations - suggesting a new way to quantify the interplay between telecommunications and face-to-face interactions

Robust modeling of human contact networks across different scales and proximity-sensing techniques

The problem of mapping human close-range proximity networks has been tackled using a variety of technical approaches. Wearable electronic devices, in particular, have proven to be particularly successful in a variety of settings relevant for research in social science, complex networks and infectious diseases dynamics. Each device and technology used for proximity sensing (e.g., RFIDs, Bluetooth, low-power radio or infrared communication, etc.) comes with specific biases on the close-range relations it records. Hence it is important to assess which statistical features of the empirical proximity networks are robust across different measurement techniques, and which modeling frameworks generalize well across empirical data. Here we compare time-resolved proximity networks recorded in different experimental settings and show that some important statistical features are robust across all settings considered. The observed universality calls for a simplified modeling approach. We show that one such simple model is indeed able to reproduce the main statistical distributions characterizing the empirical temporal networks

High resolution dynamical mapping of social interactions with active RFID

In this paper we present an experimental framework to gather data on face-to-face social interactions between individuals, with a high spatial and temporal resolution. We use active Radio Frequency Identification (RFID) devices that assess contacts with one another by exchanging low-power radio packets. When individuals wear the beacons as a badge, a persistent radio contact between the RFID devices can be used as a proxy for a social interaction between individuals. We present the results of a pilot study recently performed during a conference, and a subsequent preliminary data analysis, that provides an assessment of our method and highlights its versatility and applicability in many areas concerned with human dynamics

Macrofossils and pollen representing forests of the pre-Taupo volcanic eruption (c. 1850 yr BP) era at Pureora and Benneydale, central North Island, New Zealand.

Micro- and macrofossil data from the remains of forests overwhelmed and buried at Pureora and Benneydale during the Taupo eruption (c. 1850 conventional radiocarbon yr BP) were compared. Classification of relative abundance data separated the techniques, rather than the locations, because the two primary clusters comprised pollen and litter/wood. This indicates that the pollen:litter/wood within-site comparisons (Pureora and Benneydale are 20 km apart) are not reliable. Plant macrofossils represented mainly local vegetation, while pollen assemblages represented a combination of local and regional vegetation. However, using ranked abundance and presence/absence data, both macrofossils and pollen at Pureora and Benneydale indicated conifer/broadleaved forest, of similar forest type and species composition at each site. This suggests that the forests destroyed by the eruption were typical of mid-altitude west Taupo forests, and that either data set (pollen or macrofossils) would have been adequate for regional forest interpretation. The representation of c. 1850 yr BP pollen from the known buried forest taxa was generally consistent with trends determined by modern comparisons between pollen and their source vegetation, but with a few exceptions. A pollen profile from between the Mamaku Tephra (c. 7250 yr BP) and the Taupo Ignimbrite indicated that the Benneydale forest had been markedly different in species dominance compared with the forest that was destroyed during the Taupo eruption. These differences probably reflect changes in drainage, and improvements in climate and/or soil fertility over the middle Holocene

Fluticasone Propionate Orally Disintegrating Tablet (APT-1011) for Eosinophilic Esophagitis: Randomized Controlled Trial.

Topical steroids are effective treatments for eosinophilic esophagitis (EoE). The FLUTE (Fluticasone in EoE) trial evaluated safety and efficacy of APT-1011 (fluticasone propionate oral disintegrating tablet) vs placebo for treatment of EoE. In this randomized, double-blind, placebo-controlled, dose-finding, phase 2b trial, 106 adults with EoE received 1 of 4 APT-1011 doses or placebo for a 12-week induction period and 40 weeks of maintenance. Primary outcome was histologic response (≤6 eosinophils per high-power field) at Week 12. Secondary outcomes included endoscopic features and dysphagia frequency. Histologic response rates were 0% for placebo, 80% for APT-1011 3 mg twice daily (BID), 67% for 3 mg at bedtime (HS), 86% for 1.5 mg BID, 48% for 1.5 mg HS (P &amp;lt; .001 for all groups vs placebo). At Week 12, mean Edema/Rings/Exudates/Furrows/Strictures (EoE Endoscopic Reference Score) total score (max, 9.0) improved from 4.5 to 2.3 for 3 mg BID, 5.3 to 2.1 for 3 mg HS, 4.6 to 1.7 for 1.5 mg BID, 5.3 to 2.9 for 1.5 mg HS vs 5.2 to 4.5 for placebo. Mean dysphagia frequency over 14 days improved from baseline to Week 12 with all active groups improving more than placebo. Improvements were sustained to Week 52. APT-1011 was safe and well-tolerated, with higher incidence of candidiasis noted at the higher twice daily doses. APT-1011 dosing regimens were superior for histologic and endoscopic responses, and for reduction in dysphagia frequency vs placebo. Based on the symptom improvement and assessment of adverse events together with the histologic response rate, 3 mg once daily at bedtime dose showed the most favorable risk-benefit profile. gov, Number: NCT03191864