A review of: Optimal feature configuration for dynamic malware detection

[EN] Applying machine learning techniques to malware detection is a common approach to try to overcome the limitations of signature-based methods. However, it is difficult to engineer a set of features that characterizes the samples properly, especially when various file types may be a vector of infection. In this work, we configure several feature sets for dynamic malware detection extracted from API calls, network activity, signatures from the Cuckoo sandbox report, and some interactions with the file system and registry. We test combinations of these feature sets to ascertain whether they are good enough to distinguish between benign and malicious samples from a dataset containing several file types, obtained from public sources. The datasets present class imbalance to evaluate the model performance on more realistic scenarios in which not many malware samples are availableInstituto Nacional de Cibersegurida

Optimal feature configuration for dynamic malware detection

[EN] Applying machine learning techniques to malware detection is a common approach to try to overcome the limitations of signature-based methods. However, it is difficult to engineer a set of features that characterizes the samples properly, especially when various file types may be a vector of infection. In this work, we configure several feature sets for dynamic malware detection extracted from API calls, including an alternative scheme grouping calls in categories, network activity, signatures from the Cuckoo sandbox report, and some interactions with the file system and registry. We test combinations of these feature sets to ascertain whether they are good enough to distinguish between benign and malicious samples from a dataset containing several file types, obtained from public sources. We apply statistical inference to measure the differences in the performance between the feature sets, and the hyperparameter optimization algorithms applied to construct the models. We also unbalance the datasets to evaluate the model performance on more realistic scenarios in which not many malware samples are available. Although all studied feature configurations provide accuracies greater than 0.98, and several of them a Matthews correlation coefficient greater than 0.95 in the unbalanced datasets, statistically meaningful differences appear, so we analyze the results to determine which is the optimal set of features. We obtain a model that achieves an accuracy of 0.9937 in the balanced dataset and a Matthews correlation coefficient of 0.964 in the unbalanced dataset with 5% of malware.SIInstituto Nacional de Cibersegurida

Idolatría a las matemáticas

El trabajo es un análisis, desde el punto de vista axiomático, de los números realistas y la geometría discreta creados en "Idolatría en las matemáticas". Primero se irán viendo las diferentes recomendaciones y errores que se han encontrado en el libro, para finalizar con una propuesta para comenzar una formalización que se considera absolutamente necesaria

Towards Supercomputing Categorizing the Maliciousness upon Cybersecurity Blacklists with Concept Drift

[EN] In this article, we have carried out a case study to optimize the classification of the maliciousness of cybersecurity events by IP addresses using machine learning techniques. The optimization is studied focusing on time complexity. Firstly, we have used the extreme gradient boosting model, and secondly, we have parallelized the machine learning algorithm to study the effect of using a different number of cores for the problem. We have classified the cybersecurity events' maliciousness in a biclass and a multiclass scenario. All the experiments have been carried out with a well-known optimal set of features: the geolocation information of the IP address. However, the geolocation features of an IP address can change over time. Also, the relation between the IP address and its label of maliciousness can be modified if we test the address several times. Then, the models' performance could degrade because the information acquired from training on past samples may not generalize well to new samples. This situation is known as concept drift. For this reason, it is necessary to study if the optimization proposed works in a concept drift scenario. The results show that the concept drift does not degrade the models. Also, boosting algorithms achieving competitive or better performance compared to similar research works for the biclass scenario and an effective categorization for the multiclass case. The best efficient setting is reached using five nodes regarding high-performance computation resources.SIInstituto Nacional de SeguridadPartial support was received from the Spanish National Cybersecurity Institute (INCIBE) under the contract art (83, 203 key: X54

RHOASo: An Early Stop Hyper-Parameter Optimization Algorithm

[EN] This work proposes a new algorithm for optimizing hyper-parameters of a machine learning algorithm, RHOASo, based on conditional optimization of concave asymptotic functions. A comparative analysis of the algorithm is presented, giving particular emphasis to two important properties: the capability of the algorithm to work efficiently with a small part of a dataset and to finish the tuning process automatically, that is, without making explicit, by the user, the number of iterations that the algorithm must perform. Statistical analyses over 16 public benchmark datasets comparing the performance of seven hyper-parameter optimization algorithms with RHOASo were carried out. The efficiency of RHOASo presents the positive statistically significant differences concerning the other hyper-parameter optimization algorithms considered in the experiments. Furthermore, it is shown that, on average, the algorithm needs around 70% of the iterations needed by other algorithms to achieve competitive performance. The results show that the algorithm presents significant stability regarding the size of the used dataset partition.SIInstituto Nacional de Cibersegurida

Partitions, diophantine equations, and control systems

[EN] Ordered partitions of elements of a reduced abelian monoid are defined and studied by means of the solutions of linear diophantine equations. Links to feedback classification of linear dynamical systems over certain commutative rings are given in the same way as partitions of integers are related to feedback classification of linear dynamical systems over fields in the classical literature.S

On the State Approach Representations of Convolutional Codes over Rings of Modular Integers

[EN] In this study, we prove the existence of minimal first-order representations for convolutional codes with the predictable degree property over principal ideal artinian rings. Further, we prove that any such first-order representation leads to an input/state/output representation of the code provided the base ring is local. When the base ring is a finite field, we recover the classical construction, studied in depth by J. Rosenthal and E. V. York. This allows us to construct observable convolutional codes over such rings in the same way as is carried out in classical convolutional coding theory. Furthermore, we prove the minimality of the obtained representations. This completes the study of the existence of input/state/output representations of convolutional codes over rings of modular integers.S

Enumeration of locally Brunovsky linear systems over C(S1)-modules. A procedure

pp. 72-76In this paper we describe a procedure to visit all feedback classes of locally Brunovsky linear system over fixed R=C(S1) the ring of real continuos functions defined on the unit circle. Furthermore, we give the exact number of such classes throughout partitions of integers, binary strings and colored Ferrers diagrams.S

Iniciación al ajedrez en Educación Infantil y su aplicación al desarrollo del pensamiento lógico-matemático

En el documento se desarrolla el proyecto de innovación docente titulado "Iniciación al ajedrez en Educación Infantil y su aplicación al desarrollo del pensamiento-lógico". Este proyecto se ha llevado a cabo en el tercer curso del Grado de Educación Infantil en la asignatura de Recursos para la Enseñanza de las Matemáticas durante el curso escolar 2014/201

Iniciación al ajedrez en Educación Infantil y su aplicación al desarrollo del pensamiento lógico-matemático

Accésit 2016[ES] En el contexto educativo actual, nos hemos encontrado con algunas debilidades en los procesos de enseñanza y aprendizaje de las matemáticas de Educación Infantil, a las que debemos prestar especial atención. La principal dificultad reconocida en la Educación Matemática, a este nivel, está relacionada con la habilidad para enseñar conceptos matemáticos que, desde el punto de vista adulto, son naturales, así como con la capacidad de poder desarrollar en los niños el pensamiento lógico que los estudiantes universitarios ya tienen integrado