A Categorical Treatment of Malicious Behavioral Obfuscation

International audienceThis paper studies malicious behavioral obfuscation through the use of a new abstract model for process and kernel interactions based on monoidal categories. In this model, program observations are consid-ered to be finite lists of system call invocations. In a first step, we show how malicious behaviors can be obfuscated by simulating the observa-tions of benign programs. In a second step, we show how to generate such malicious behaviors through a technique called path replaying and we extend the class of captured malwares by using some algorithmic transformations on morphisms graphical representation. In a last step, we show that all the obfuscated versions we obtained can be used to detect well-known malwares in practice

Photometric selection of high-redshift type Ia supernovae

We present a method for selecting high-redshift type Ia supernovae (SNe Ia) located via rolling SN searches. The technique, using both color and magnitude information of events from only 2-3 epochs of multi-band real-time photometry, is able to discriminate between SNe Ia and core collapse SNe. Furthermore, for the SNe Ia, the method accurately predicts the redshift, phase and light-curve parameterization of these events based only on pre-maximum-light data. We demonstrate the effectiveness of the technique on a simulated survey of SNe Ia and core-collapse SNe, where the selection method effectively rejects most core-collapse SNe while retaining SNe Ia. We also apply the selection code to real-time data acquired as part of the Canada-France-Hawaii Telescope Supernova Legacy Survey (SNLS). During the period May 2004 to January 2005 in the SNLS, 440 SN candidates were discovered of which 70 were confirmed spectroscopically as SNe Ia and 15 as core-collapse events. For this test dataset, the selection technique correctly identifies 100% of the identified SNe II as non-SNe Ia with only a 1-2% false rejection rate. The predicted parameterization of the SNe Ia has a precision of |delta_z|/(1+z_spec)<0.09 in redshift, and +/- 2-3 rest-frame days in phase, providing invaluable information for planning spectroscopic follow-up observations. We also investigate any bias introduced by this selection method on the ability of surveys such as SNLS to measure cosmological parameters (e.g., w and omega matter), and find any effect to be negligible.Comment: Accepted for publication in A

The Rise Time of Type Ia Supernovae from the Supernova Legacy Survey

We compare the rise times of nearby and distant Type Ia supernovae (SNe Ia) as a test for evolution using 73 high-redshift spectroscopically-confirmed SNe Ia from the first two years of the five year Supernova Legacy Survey (SNLS) and published observations of nearby SN. Because of the ``rolling'' search nature of the SNLS, our measurement is approximately 6 times more precise than previous studies, allowing for a more sensitive test of evolution between nearby and distant supernovae. Adopting a simple $t^2$ early-time model (as in previous studies), we find that the rest-frame $B$ rise times for a fiducial SN Ia at high and low redshift are consistent, with values $19.10^{+0.18}_{-0.17}({stat}) \pm 0.2 ({syst})$ and $19.58^{+0.22}_{-0.19}$ days, respectively; the statistical significance of this difference is only 1.4 \sg . The errors represent the uncertainty in the mean rather than any variation between individual SN. We also compare subsets of our high-redshift data set based on decline rate, host galaxy star formation rate, and redshift, finding no substantive evidence for any subsample dependence.Comment: Accepted for publication in AJ; minor changes (spelling and grammatical) to conform with published versio

Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium

CRYPTO 2008 saw the introduction of the hash function MD6 and of cube attacks, a type of algebraic attack applicable to cryptographic functions having a low-degree algebraic normal form over GF(2). This paper applies cube attacks to reduced round MD6, finding the full 128-bit key of a 14-round MD6 with complexity 2^22 (which takes less than a minute on a single PC). This is the best key recovery attack announced so far for MD6. We then introduce a new class of attacks called cube testers, based on efficient property-testing algorithms, and apply them to MD6 and to the stream cipher Trivium. Unlike the standard cube attacks, cube testers detect nonrandom behavior rather than performing key extraction, but they can also attack cryptographic schemes described by nonrandom polynomials of relatively high degree. Applied to MD6, cube testers detect nonrandomness over 18 rounds in 2^17 complexity; applied to a slightly modified version of the MD6 compression function, they can distinguish 66 rounds from random in 2^24 complexity. Cube testers give distinguishers on Trivium reduced to 790 rounds from random with 2^30 complexity and detect nonrandomness over 885 rounds in 2^27, improving on the original 767-round cube attack

Advanced Detection Tool for PDF Threats

In this paper we introduce an efficient application for malicious PDF detection: ADEPT. With targeted attacks rising over the recent past, exploring a new detection and mitigation paradigm becomes mandatory. The use of malicious PDF files that exploit vulnerabilities in well-known PDF readers has become a popular vector for targeted at- tacks, for which few efficient approaches exist. Although simple in theory, parsing followed by analysis of such files is resource-intensive and may even be impossible due to several obfuscation and reader-specific artifacts. Our paper describes a new approach for detecting such malicious payloads that leverages machine learning techniques and an efficient feature selection mechanism for rapidly detecting anomalies. We assess our approach on a large selection of malicious files and report the experimental performance results for the developed prototype

SALT2: using distant supernovae to improve the use of Type Ia supernovae as distance indicators

We present an empirical model of Type Ia supernovae spectro-photometric evolution with time. The model is built using a large data set including light-curves and spectra of both nearby and distant supernovae, the latter being observed by the SNLS collaboration. We derive the average spectral sequence of Type Ia supernovae and their main variability components including a color variation law. The model allows us to measure distance moduli in the spectral range 2500-8000 A with calculable uncertainties, including those arising from variability of spectral features. Thanks to the use of high-redshift SNe to model the rest-frame UV spectral energy distribution, we are able to derive improved distance estimates for SNe Ia in the redshift range 0.8<z<1.1. The model can also be used to improve spectroscopic identification algorithms, and derive photometric redshifts of distant Type Ia supernovae.Comment: Accepted for publication in A&A. Data and source code available at : http://supernovae.in2p3.fr/~guy/salt

On Hardware Implementation of Tang-Maitra Boolean Functions

In this paper, we investigate the hardware circuit complexity of the class of Boolean functions recently introduced by Tang and Maitra (IEEE-TIT 64(1): 393 402, 2018). While this class of functions has very good cryptographic properties, the exact hardware requirement is an immediate concern as noted in the paper itself. In this direction, we consider different circuit architectures based on finite field arithmetic and Boolean optimization. An estimation of the circuit complexity is provided for such functions given any input size n. We study different candidate architectures for implementing these functions, all based on the finite field arithmetic. We also show different implementations for both ASIC and FPGA, providing further analysis on the practical aspects of the functions in question and the relation between these implementations and the theoretical bound. The practical results show that the Tang-Maitra functions are quite competitive in terms of area, while still maintaining an acceptable level of throughput performance for both ASIC and FPGA implementations