Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier

Android OS is one of the most popular operating systems worldwide, making it a desirable target for malware attacks. Some of the latest and most important defensive systems are based on machine learning (ML) and cybercriminals continuously search for ways to overcome the barriers posed by these systems. Thus, the focus of this work is on evasion attacks in the attempt to show the weaknesses of state of the art research and how more resilient systems can be built. Evasion attacks consist of manipulating either the actual malicious application (problem-based) or its extracted feature vector (feature-based), to avoid being detected by ML systems. This study presents a set of innovative problem-based evasion attacks against well-known Android malware detection systems, which decrease their detection rate by up to 97%. Moreover, an analysis of the effectiveness of these attacks against VirusTotal (VT) scanners was conducted, empirically showing their efficiency against well-known scanners (e.g., McAfee and Comodo) as well. The VT system proved to be a great candidate for the attacks, as in 98% of the apps, less scanners detected the manipulated apps than the original malicious apps. As not all the attacks are effective in the same manner against the VT scanners, the attack efficiency classifiers are advised. Each classifier predicts the applicability of one of the attacks. The set of classifiers creates an ensemble, which shows high success rates, allowing the attacker to decide which attack is best to use for each malicious app and defense system

Clobetasol 17-Propionate Cream as an Effective Preventive Treatment for Drug Induced Superficial Thrombophlebitis

Commonly used therapies for thrombophlebitis have a high failure rate. There are scant data on the application  of topical corticosteroids to treat thrombophlebitis. The present study investigated if the potent topical  corticosteroid clobetasol 17-propionate cream (Dermovate, Glaxo Wellcome) can be an effective treatment  for drug-induced thrombophlebitis. DP-b99, a neuroprotective agent currently undergoing development for acute stroke, can cause injectionsite  phlebitis. DP-b99 was administered at doses of 1 and 2 mg/kg by a 1 hour intravenous infusion into the  lateral ear vein of groups of 6 and 5 rabbits, respectively. Each rabbit served as its own control by injecting  both ears with DP-b99, while treating only one ear with clobetasol cream immediately after treatment, with  subsequent applications twice daily for 3 days. Phlebitis was evaluated 1, 3, 5, 24, 32, 48, 56 and 72 hours  after DP-b99 treatment using a clinical score ranging from 0 (no reaction) to 4. After 3 days the rabbits were  sacrificed for histological analysis of the ears. The phlebitis score was highest at 24 hours. Clobetasol treatment reduced the clinical scores at all time points and shortened the course of phlebitis. Maximal effect was observed 24-48 hours after the first application  of clobetasol cream. Histologically, there were fewer cases of thrombophlebitis in the clobetasoltreated  ears, and those seen were milder and more focal. To the best of the authors’ knowledge this appears  to be the only study to report a phlebitis-ameliorating effect of a topical corticosteroid.

Holevo's bound from a general quantum fluctuation theorem

We give a novel derivation of Holevo's bound using an important result from nonequilibrium statistical physics, the fluctuation theorem. To do so we develop a general formalism of quantum fluctuation theorems for two-time measurements, which explicitly accounts for the back action of quantum measurements as well as possibly non-unitary time evolution. For a specific choice of observables this fluctuation theorem yields a measurement-dependent correction to the Holevo bound, leading to a tighter inequality. We conclude by analyzing equality conditions for the improved bound.Comment: 5 page

How to Extract Useful Randomness from Unreliable Sources

For more than 30 years, cryptographers have been looking for public sources of uniform randomness in order to use them as a set-up to run appealing cryptographic protocols without relying on trusted third parties. Unfortunately, nowadays it is fair to assess that assuming the existence of physical phenomena producing public uniform randomness is far from reality. It is known that uniform randomness cannot be extracted from a single weak source. A well-studied way to overcome this is to consider several independent weak sources. However, this means we must trust the various sampling processes of weak randomness from physical processes. Motivated by the above state of affairs, this work considers a set-up where players can access multiple potential sources of weak randomness, several of which may be jointly corrupted by a computationally unbounded adversary. We introduce SHELA (Somewhere Honest Entropic Look Ahead) sources to model this situation. We show that there is no hope of extracting uniform randomness from a SHELA source. Instead, we focus on the task of Somewhere-Extraction (i.e., outputting several candidate strings, some of which are uniformly distributed -- yet we do not know which). We give explicit constructions of Somewhere-Extractors for SHELA sources with good parameters. Then, we present applications of the above somewhere-extractor where the public uniform randomness can be replaced by the output of such extraction from corruptible sources, greatly outperforming trivial solutions. The output of somewhere-extraction is also useful in other settings, such as a suitable source of random coins for many randomized algorithms. In another front, we comprehensively study the problem of Somewhere-Extraction from a weak source, resulting in a series of bounds. Our bounds highlight the fact that, in most regimes of parameters (including those relevant for applications), SHELA sources significantly outperform weak sources of comparable parameters both when it comes to the process of Somewhere-Extraction, or in the task of amplification of success probability in randomized algorithms. Moreover, the low quality of somewhere-extraction from weak sources excludes its use in various efficient applications

Sub-logarithmic Distributed Oblivious RAM with Small Block Size

Oblivious RAM (ORAM) is a cryptographic primitive that allows a client to securely execute RAM programs over data that is stored in an untrusted server. Distributed Oblivious RAM is a variant of ORAM, where the data is stored in $m>1$ servers. Extensive research over the last few decades have succeeded to reduce the bandwidth overhead of ORAM schemes, both in the single-server and the multi-server setting, from $O(\sqrt{N})$ to $O(1)$. However, all known protocols that achieve a sub-logarithmic overhead either require heavy server-side computation (e.g. homomorphic encryption), or a large block size of at least $\Omega(\log^3 N)$. In this paper, we present a family of distributed ORAM constructions that follow the hierarchical approach of Goldreich and Ostrovsky [GO96]. We enhance known techniques, and develop new ones, to take better advantage of the existence of multiple servers. By plugging efficient known hashing schemes in our constructions, we get the following results: 1. For any $m\geq 2$, we show an $m$-server ORAM scheme with $O(\log N/\log\log N)$ overhead, and block size $\Omega(\log^2 N)$. This scheme is private even against an $(m-1)$-server collusion. 2. A 3-server ORAM construction with $O(\omega(1)\log N/\log\log N)$ overhead and a block size almost logarithmic, i.e. $\Omega(\log^{1+\epsilon}N)$. We also investigate a model where the servers are allowed to perform a linear amount of light local computations, and show that constant overhead is achievable in this model, through a simple four-server ORAM protocol

Network Physiology reveals relations between network topology and physiological function

The human organism is an integrated network where complex physiologic systems, each with its own regulatory mechanisms, continuously interact, and where failure of one system can trigger a breakdown of the entire network. Identifying and quantifying dynamical networks of diverse systems with different types of interactions is a challenge. Here, we develop a framework to probe interactions among diverse systems, and we identify a physiologic network. We find that each physiologic state is characterized by a specific network structure, demonstrating a robust interplay between network topology and function. Across physiologic states the network undergoes topological transitions associated with fast reorganization of physiologic interactions on time scales of a few minutes, indicating high network flexibility in response to perturbations. The proposed system-wide integrative approach may facilitate the development of a new field, Network Physiology.Comment: 12 pages, 9 figure

Microparticles from tumors exposed to radiation promote immune evasion in part by PD-L1

Radiotherapy induces immune-related responses in cancer patients by various mechanisms. Here, we investigate the immunomodulatory role of tumor-derived microparticles (TMPs)-extracellular vesicles shed from tumor cells-following radiotherapy. We demonstrate that breast carcinoma cells exposed to radiation shed TMPs containing elevated levels of immune-modulating proteins, one of which is programmed death-ligand 1 (PD-L1). These TMPs inhibit cytotoxic T lymphocyte (CTL) activity both in vitro and in vivo, and thus promote tumor growth. Evidently, adoptive transfer of CTLs pre-cultured with TMPs from irradiated breast carcinoma cells increases tumor growth rates in mice recipients in comparison with control mice receiving CTLs pre-cultured with TMPs from untreated tumor cells. In addition, blocking the PD-1-PD-L1 axis, either genetically or pharmacologically, partially alleviates TMP-mediated inhibition of CTL activity, suggesting that the immunomodulatory effects of TMPs in response to radiotherapy is mediated, in part, by PD-L1. Overall, our findings provide mechanistic insights into the tumor immune surveillance state in response to radiotherapy and suggest a therapeutic synergy between radiotherapy and immune checkpoint inhibitors