Hardening DGA classifiers utilizing IVAP

Domain Generation Algorithms (DGAs) are used by malware to generate a deterministic set of domains, usually by utilizing a pseudo-random seed. A malicious botmaster can establish connections between their command-and-control center (C&C) and any malware-infected machines by registering domains that will be DGA-generated given a specific seed, rendering traditional domain blacklisting ineffective. Given the nature of this threat, the real-time detection of DGA domains based on incoming DNS traffic is highly important. The use of neural network machine learning (ML) models for this task has been well-studied, but there is still substantial room for improvement. In this paper, we propose to use Inductive Venn-Abers predictors (IVAPs) to calibrate the output of existing ML models for DGA classification. The IVAP is a computationally efficient procedure which consistently improves the predictive accuracy of classifiers at the expense of not offering predictions for a small subset of inputs and consuming an additional amount of training data

CharBot: A Simple and Effective Method for Evading DGA Classifiers

Domain generation algorithms (DGAs) are commonly leveraged by malware to create lists of domain names which can be used for command and control (C&C) purposes. Approaches based on machine learning have recently been developed to automatically detect generated domain names in real-time. In this work, we present a novel DGA called CharBot which is capable of producing large numbers of unregistered domain names that are not detected by state-of-the-art classifiers for real-time detection of DGAs, including the recently published methods FANCI (a random forest based on human-engineered features) and LSTM.MI (a deep learning approach). CharBot is very simple, effective and requires no knowledge of the targeted DGA classifiers. We show that retraining the classifiers on CharBot samples is not a viable defense strategy. We believe these findings show that DGA classifiers are inherently vulnerable to adversarial attacks if they rely only on the domain name string to make a decision. Designing a robust DGA classifier may, therefore, necessitate the use of additional information besides the domain name alone. To the best of our knowledge, CharBot is the simplest and most efficient black-box adversarial attack against DGA classifiers proposed to date

Multiyear trend in reproduction underpins interannual variation in gametogenic development of an Antarctic urchin.

Ecosystems and their biota operate on cyclic rhythms, often entrained by predictable, small-scale changes in their natural environment. Recording and understanding these rhythms can detangle the effect of human induced shifts in the climate state from natural fluctuations. In this study, we assess long-term patterns of reproductive investment in the Antarctic sea urchin, Sterechinus neumayeri, in relation to changes in the environment to identify drivers of reproductive processes. Polar marine biota are sensitive to small changes in their environment and so serve as a barometer whose responses likely mirror effects that will be seen on a wider global scale in future climate change scenarios. Our results indicate that seasonal reproductive periodicity in the urchin is underpinned by a multiyear trend in reproductive investment beyond and in addition to, the previously reported 18–24 month gametogenic cycle. Our model provides evidence that annual reproductive investment could be regulated by an endogenous rhythm since environmental factors only accounted for a small proportion of the residual variation in gonad index. This research highlights a need for multiyear datasets and the combination of biological time series data with large-scale climate metrics that encapsulate multi-factorial climate state shifts, rather than using single explanatory variables to inform changes in biological processes

The Presence and Distribution of HI Absorbing Gas in Sub-galactic Sized Radio Sources

We consider the incidence of HI absorption in intrinsically small sub-galactic sized extragalactic sources selected from sources classified as Gigahertz Peaked Spectrum (GPS) and Compact Steep Spectrum (CSS) sources. We find that the smaller sources (<0.5 kpc) have larger HI column densities than the larger sources (>0.5 kpc). Both a spherical and an axi-symmetric gas distribution, with a radial power law density profile, can be used to explain this anti-correlation between projected linear size and HI column density. Since most detections occur in objects classified as galaxies, we argue that if the unified schemes apply to GPS/CSSs a disk distribution for the HI is more likely. The most favoured explanation for the compact sizes of the GPS/CSSs is that they are young sources evolving in a power law density medium. For the GPSs with measured expansion velocities, our derived densities are within an order of magnitude of those estimated from ram-pressure confinement of the lobes assuming equipartition. Our results therefore support the youth model.Comment: 12 pages, 8 figures, accepted for publication in A&

Training telescope operators and support astronomers at Paranal

The operations model of the Paranal Observatory relies on the work of efficient staff to carry out all the daytime and nighttime tasks. This is highly dependent on adequate training. The Paranal Science Operations department (PSO) has a training group that devises a well-defined and continuously evolving training plan for new staff, in addition to broadening and reinforcing courses for the whole department. This paper presents the training activities for and by PSO, including recent astronomical and quality control training for operators, as well as adaptive optics and interferometry training of all staff. We also present some future plans.Comment: Paper 9910-123 presented at SPIE 201

Dynamics of Fixation of Advantageous Mutations

We investigate the process of fixation of advantageous mutations in an asexual population. We assume that the effect of each beneficial mutation is exponentially distributed with mean value $\omega_{med}=1/\beta$. The model also considers that the effect of each new deleterious mutation reduces the fitness of the organism independent on the previous number of mutations. We use the branching process formulation and also extensive simulations to study the model. The agreement between the analytical predictions and the simulational data is quite satisfactory. Surprisingly, we observe that the dependence of the probability of fixation $P_{fix}$ on the parameter $\omega_{med}$ is precisely described by a power-law relation, $P_{fix} \sim \omega_{med}^{\gamma}$. The exponent $\gamma$ is an increase function of the rate of deleterious mutations $U$, whereas the probability $P_{fix}$ is a decreasing function of $U$. The mean value $\omega_{fix}$ of the beneficial mutations which reach ultimate fixation depends on $U$ and $\omega_{med}$. The ratio $\omega_{fix}/\omega_{med}$ increases as we consider higher values of mutation value $U$ in the region of intermediate to large values of $\omega_{med}$, whereas for low $\omega_{med}$ we observe the opposite behavior.Comment: 13 page

Biodiversity in marine invertebrate responses to acute warming revealed by a comparative multi-omics approach

Understanding species' responses to environmental change underpins our abilities to make predictions on future biodiversity under any range of scenarios. In spite of the huge biodiversity in most ecosystems, a model species approach is often taken in environmental studies. To date, we still do not know how many species we need to study to input into models and inform on ecosystem-level responses to change. In this study, we tested current paradigms on factors setting thermal limits by investigating the acute warming response of six Antarctic marine invertebrates: a crustacean Paraceradocus miersi, a brachiopod Liothyrella uva, two bivalve molluscs, Laternula elliptica, Aequiyoldia eightsii, a gastropod mollusc Marseniopsis mollis and an echinoderm Cucumaria georgiana. Each species was warmed at the rate of 1 °C h−1 and taken to the same physiological end point (just prior to heat coma). Their molecular responses were evaluated using complementary metabolomics and transcriptomics approaches with the aim of discovering the underlying mechanisms of their resilience or sensitivity to warming. The responses were species-specific; only two showed accumulation of anaerobic end products and three exhibited the classical heat shock response with expression of HSP70 transcripts. These diverse cellular measures did not directly correlate with resilience to heat stress and suggested that each species may have a different critical point of failure. Thus, one unifying molecular mechanism underpinning response to warming could not be assigned, and no overarching paradigm was supported. This biodiversity in response makes future ecosystems predictions extremely challenging, as we clearly need to develop a macrophysiology-type approach to cellular evaluations of the environmental stress response, studying a range of well-rationalized members from different community levels and of different phylogenetic origins rather than extrapolating from one or two arbitrary model species

Inline detection of DGA domains using side information

Malware applications typically use a command and control (C&C) server to manage bots to perform malicious activities. Domain Generation Algorithms (DGAs) are popular methods for generating pseudo-random domain names that can be used to establish a communication between an infected bot and the C&C server. In recent years, machine learning based systems have been widely used to detect DGAs. There are several well known state-of-the-art classifiers in the literature that can detect DGA domain names in real-time applications with high predictive performance. However, these DGA classifiers are highly vulnerable to adversarial attacks in which adversaries purposely craft domain names to evade DGA detection classifiers. In our work, we focus on hardening DGA classifiers against adversarial attacks. To this end, we train and evaluate state-of-the-art deep learning and random forest (RF) classifiers for DGA detection using side information that is harder for adversaries to manipulate than the domain name itself. Additionally, the side information features are selected such that they are easily obtainable in practice to perform inline DGA detection. The performance and robustness of these models is assessed by exposing them to one day of real-traffic data as well as domains generated by adversarial attack algorithms. We found that the DGA classifiers that rely on both the domain name and side information have high performance and are more robust against adversaries

Refractive Index of Humid Air in the Infrared: Model Fits

The theory of summation of electromagnetic line transitions is used to tabulate the Taylor expansion of the refractive index of humid air over the basic independent parameters (temperature, pressure, humidity, wavelength) in five separate infrared regions from the H to the Q band at a fixed percentage of Carbon Dioxide. These are least-squares fits to raw, highly resolved spectra for a set of temperatures from 10 to 25 C, a set of pressures from 500 to 1023 hPa, and a set of relative humidities from 5 to 60%. These choices reflect the prospective application to characterize ambient air at mountain altitudes of astronomical telescopes.Comment: Corrected exponents of c0ref, c1ref and c1p in Table