232 research outputs found
Evaluating Explanation Methods for Deep Learning in Security
Deep learning is increasingly used as a building block of security systems.
Unfortunately, neural networks are hard to interpret and typically opaque to
the practitioner. The machine learning community has started to address this
problem by developing methods for explaining the predictions of neural
networks. While several of these approaches have been successfully applied in
the area of computer vision, their application in security has received little
attention so far. It is an open question which explanation methods are
appropriate for computer security and what requirements they need to satisfy.
In this paper, we introduce criteria for comparing and evaluating explanation
methods in the context of computer security. These cover general properties,
such as the accuracy of explanations, as well as security-focused aspects, such
as the completeness, efficiency, and robustness. Based on our criteria, we
investigate six popular explanation methods and assess their utility in
security systems for malware detection and vulnerability discovery. We observe
significant differences between the methods and build on these to derive
general recommendations for selecting and applying explanation methods in
computer security.Comment: IEEE European Symposium on Security and Privacy, 202
Effiziente und erklärbare Erkennung von mobiler Schadsoftware mittels maschineller Lernmethoden
In recent years, mobile devices shipped with Google’s Android operating system
have become ubiquitous. Due to their popularity and the high concentration of
sensitive user data on these devices, however, they have also become a
profitable target of malware authors. As a result, thousands of new malware
instances targeting Android are found almost every day. Unfortunately, common
signature-based methods often fail to detect these applications, as these
methods can- not keep pace with the rapid development of new malware.
Consequently, there is an urgent need for new malware detection methods to
tackle this growing threat.
In this thesis, we address the problem by combining concepts of static analysis
and machine learning, such that mobile malware can be detected directly on the
mobile device with low run-time overhead. To this end, we first discuss our
analysis results of a sophisticated malware that uses an ultrasonic side
channel to spy on unwitting smartphone users. Based on the insights we gain
throughout this thesis, we gradually develop a method that allows detecting
Android malware in general. The resulting method performs a broad static
analysis, gathering a large number of features associated with an application.
These features are embedded in a joint vector space, where typical patterns
indicative of malware can be automatically identified and used for explaining
the decisions of our method. In addition to an evaluation of its overall
detection and run-time performance, we also examine the interpretability of the
underlying detection model and strengthen the classifier against realistic
evasion attacks.
In a large set of experiments, we show that the method clearly outperforms
several related approaches, including popular anti-virus scanners. In most
experiments, our approach detects more than 90% of all malicious samples in the
dataset at a low false positive rate of only 1%. Furthermore, even on older
devices, it offers a good run-time performance, and can output a decision along
with a proper explanation within a few seconds, despite the use of machine
learning techniques directly on the mobile device.
Overall, we find that the application of machine learning techniques is a
promising research direction to improve the security of mobile devices. While
these techniques alone cannot defeat the threat of mobile malware, they at
least raise the bar for malicious actors significantly, especially if combined
with existing techniques.Die Verbreitung von Smartphones, insbesondere mit dem Android-Betriebssystem,
hat in den vergangenen Jahren stark zugenommen. Aufgrund ihrer hohen
Popularität haben sich diese Geräte jedoch zugleich auch zu einem lukrativen
Ziel für Entwickler von Schadsoftware entwickelt, weshalb mittlerweile täglich
neue Schadprogramme für Android gefunden werden.
Obwohl verschiedene Lösungen existieren, die Schadprogramme auch auf mobilen
Endgeräten identifizieren sollen, bieten diese in der Praxis häufig keinen
ausreichenden Schutz. Dies liegt vor allem daran, dass diese Verfahren zumeist
signaturbasiert arbeiten und somit schädliche Programme erst zuverlässig
identifizieren können, sobald entsprechende Erkennungssignaturen vorhanden
sind. Jedoch wird es für Antiviren-Hersteller immer schwieriger, die zur
Erkennung notwendigen Signaturen rechtzeitig bereitzustellen. Daher ist die
Entwicklung von neuen Verfahren nötig, um der wachsenden Bedrohung durch mobile
Schadsoftware besser begegnen zu können.
In dieser Dissertation wird ein Verfahren vorgestellt und eingehend untersucht,
das Techniken der statischen Code-Analyse mit Methoden des maschinellen Lernens
kombiniert, um so eine zuverlässige Erkennung von mobiler Schadsoftware direkt
auf dem Mobilgerät zu ermöglichen. Die Methode analysiert hierfür mobile
Anwendungen zunächst statisch und extrahiert dabei spezielle Merkmale, die eine
Abbildung einer Applikation in einen hochdimensionalen Vektorraum ermöglichen.
In diesem Vektorraum sind schließlich maschinelle Lernmethoden in der Lage,
automatisch Muster zur Erkennung von Schadprogrammen zu finden. Die gefundenen
Muster können dabei nicht nur zur Erkennung, sondern darüber hinaus auch zur
Erklärung einer getroffenenen Entscheidung dienen.
Im Rahmen einer ausführlichen Evaluation wird nicht nur die Erkennungsleistung
und die Laufzeit der vorgestellten Methode untersucht, sondern darüber hinaus
das gelernte Erkennungsmodell im Detail analysiert. Hierbei wird auch die
Robustheit des Modells gegenüber gezielten Angriffe untersucht und verbessert.
In einer Reihe von Experimenten kann gezeigt werden, dass mit dem
vorgeschlagenen Verfahren bessere Ergebnisse erzielt werden können als mit
vergleichbaren Methoden, sogar einschließlich einiger populärer
Antivirenprogramme. In den meisten Experimenten kann die Methode Schadprogramme
zuverlässig erkennen und erreicht Erkennungsraten von über 90% bei einer
geringen Falsch-Positiv-Rate von 1%
Evolutionarily Conserved Histone Methylation Dynamics during Seed Life-Cycle Transitions
Plants have a remarkable ability to react to seasonal changes by synchronizing life-cycle transitions with environmental conditions. We addressed the question of how transcriptional re-programming occurs in response to an environmental cue that triggers the major life cycle transition from seed dormancy to germination and seedling growth. We elucidated an important mechanistic aspect of this process by following the chromatin dynamics of key regulatory genes with a focus on the two antagonistic marks, H3K4me3 and H3K27me3. Histone methylation patterns of major dormancy regulators changed during the transition to germination and seedling growth. We observed a switch from H3K4me3 and high transcription levels to silencing by the repressive H3K27me3 mark when dormancy was broken through exposure to moist chilling, underscoring that a functional PRC2 complex is necessary for this transition. Moreover, this reciprocal regulation by H3K4me3 and H3K27me3 is evolutionarily conserved from gymnosperms to angiosperms
Role of a Fur homolog in iron metabolism in Nitrosomonas europaea
<p>Abstract</p> <p>Background</p> <p>In response to environmental iron concentrations, many bacteria coordinately regulate transcription of genes involved in iron acquisition via the ferric uptake regulation (Fur) system. The genome of <it>Nitrosomonas europaea</it>, an ammonia-oxidizing bacterium, carries three genes (NE0616, NE0730 and NE1722) encoding proteins belonging to Fur family.</p> <p>Results</p> <p>Of the three <it>N. europaea fur </it>homologs, only the Fur homolog encoded by gene NE0616 complemented the <it>Escherichia coli </it>H1780 <it>fur </it>mutant. A <it>N. europaea fur:kanP </it>mutant strain was created by insertion of kanamycin-resistance cassette in the promoter region of NE0616 <it>fur </it>homolog. The total cellular iron contents of the <it>fur:kanP </it>mutant strain increased by 1.5-fold compared to wild type when grown in Fe-replete media. Relative to the wild type, the <it>fur:kanP </it>mutant exhibited increased sensitivity to iron at or above 500 μM concentrations. Unlike the wild type, the <it>fur:kanP </it>mutant was capable of utilizing iron-bound ferrioxamine without any lag phase and showed over expression of several outer membrane TonB-dependent receptor proteins irrespective of Fe availability.</p> <p>Conclusions</p> <p>Our studies have clearly indicated a role in Fe regulation by the Fur protein encoded by <it>N. europaea </it>NE0616 gene. Additional studies are required to fully delineate role of this <it>fur </it>homolog.</p
The Wolf effect and the Redshift of Quasars
We consider a simple model, based on currently accepted models for active
galactic nuclei, for a quasi-stellar object (QSO or ``quasar'') and examine the
influence that correlation- induced spectral changes (``The Wolf Effect'') may
have upon the redshifts of the optical emission lines.Comment: 13 pages, 3 figures. To be published in J. European Optical Soc. A:
Pure and Applied Optic
Dos and Don'ts of Machine Learning in Computer Security
With the growing processing power of computing systems and the increasing
availability of massive datasets, machine learning algorithms have led to major
breakthroughs in many different areas. This development has influenced computer
security, spawning a series of work on learning-based security systems, such as
for malware detection, vulnerability discovery, and binary code analysis.
Despite great potential, machine learning in security is prone to subtle
pitfalls that undermine its performance and render learning-based systems
potentially unsuitable for security tasks and practical deployment. In this
paper, we look at this problem with critical eyes. First, we identify common
pitfalls in the design, implementation, and evaluation of learning-based
security systems. We conduct a study of 30 papers from top-tier security
conferences within the past 10 years, confirming that these pitfalls are
widespread in the current security literature. In an empirical analysis, we
further demonstrate how individual pitfalls can lead to unrealistic performance
and interpretations, obstructing the understanding of the security problem at
hand. As a remedy, we propose actionable recommendations to support researchers
in avoiding or mitigating the pitfalls where possible. Furthermore, we identify
open problems when applying machine learning in security and provide directions
for further research.Comment: to appear at USENIX Security Symposium 202
- …