Realistic Website Fingerprinting Attacks

Identifying the website based solely from the network packets’ size and number from anonymized and encrypted network traffic is called website fingerprinting. Previous research on website fingerprinting attacks have focused on visiting one website at a time; the accuracy of the attack is 90%. However, this is highly unrealistic as a user visits multiple sites at the same time. This research project aims to increase the realism of website fingerprinting by allowing two website visits at the same time; the proposed algorithm could be further extended to deal with more than two simultaneous website visits. The goal is to identify when each website download begins and ends. This allows separating the two websites into two individual websites, which then allows previous methods to be used to identify each website. When two websites are run at the same time, identifying both sources is difficult since the network packets overlap. The data for the websites will be examined to find some patterns which indicate the start (or end) of a website. Uncovering the pattern between the websites allows for additional research to protect users’ privacy

Analysis of Defenses against Distributed Denial of Service Attacks

Distributed Denial of Service (DDoS) attacks are attempts to overwhelm a computer system in order to deny access by legitimate users. They are generally unstoppable, but there is a good deal of on-going research on methods to reduce their negative effects. This paper will deal with the design of a model that simulates such an attack. The simulation model is then used to study possible ways to defend against these attacks. Three experiments are run: 1) using a priority queue to sort messages from clients based on how many connections they have open on the server; 2) limiting the number of connections each client can create; and 3) having the server forcefully delete the oldest established connection, whenever its connection table becomes full. Results show that method 1 is totally ineffective while method 2 somewhat improves the overall performance of the system. However, method 3, combined with method 2, produces significantly improved performance against a DDoS attack

Personality Types, Passwords, and Cybersecurity Nudges

The goal of this research was to determine if there was any link between personality types and password usage. The SONA system and the Amazon Mechanical Turk was used to recruit users to participate in the research study. Each user’s personality was obtained through a survey. The survey asked users to enter a strong password. Passwords were scored from zero to four with zero being classified as “too guessable” and four being classified as “very unguessable.” A second aspect of this research was to determine if a targeted message, based on the personality, had an effect on password behavior

Personality Types and Passwords

People often create passwords for their accounts that are insecure and then reused across multiple platforms. This leaves users vulnerable to hackers. This research tries to discover what personality types choose stronger passwords and whether people agree if strong passwords are necessary

Emoji Use in Social Media Posts: Relationships with Personality Traits and Word Usage

Prior research has demonstrated relationships between personality traits of social media users and the language used in their posts. Few studies have examined whether there are relationships between personality traits of users and how they use emojis in their social media posts. Emojis are digital pictographs used to express ideas and emotions. There are thousands of emojis, which depict faces with expressions, objects, animals, and activities. We conducted a study with two samples (n = 76 and n = 245) in which we examined how emoji use on X (formerly Twitter) related to users’ personality traits and language use in posts. Personality traits were assessed from participants in an online survey. With participants’ consent, we analyzed word usage in posts. Word frequencies were calculated using the Linguistic Inquiry Word Count (LIWC). In both samples, the results showed that those who used the most emojis had the lowest levels of openness to experience. Emoji use was unrelated to the other personality traits. In sample 1, emoji use was also related to use of words related to family, positive emotion, and sadness and less frequent use of articles and words related to insight. In sample 2, more frequent use of emojis in posts was related to more frequent use of you pronouns, I pronouns, and more frequent use of negative function words and words related to time. The results support the view that social media users’ characteristics may be gleaned from the content of their social media posts

Unveiling Vulnerabilities in Interpretable Deep Learning Systems with Query-Efficient Black-box Attacks

Deep learning has been rapidly employed in many applications revolutionizing many industries, but it is known to be vulnerable to adversarial attacks. Such attacks pose a serious threat to deep learning-based systems compromising their integrity, reliability, and trust. Interpretable Deep Learning Systems (IDLSes) are designed to make the system more transparent and explainable, but they are also shown to be susceptible to attacks. In this work, we propose a novel microbial genetic algorithm-based black-box attack against IDLSes that requires no prior knowledge of the target model and its interpretation model. The proposed attack is a query-efficient approach that combines transfer-based and score-based methods, making it a powerful tool to unveil IDLS vulnerabilities. Our experiments of the attack show high attack success rates using adversarial examples with attribution maps that are highly similar to those of benign samples which makes it difficult to detect even by human analysts. Our results highlight the need for improved IDLS security to ensure their practical reliability.Comment: arXiv admin note: text overlap with arXiv:2307.0649

Poster: Userland Containers for Mobile Systems

Mobile platforms are not rising to their potential as ubiquitous computers, in large part because of the constraints we impose on their apps in the name of security. Mobile operating systems have long struggled with the challenge of isolating untrusted apps. In pursuit of a secure runtime environment, Android and iOS isolate apps inside a gulag of platform-imposed programming languages and runtime libraries, leaving few design decisions to the application developers. These thick layers of custom software eschew app portability and maintainability, as development teams must continually tweak their apps to support modifications to the OS\u27s runtime libraries. Nonstandard and ever-changing interfaces to those APIs invite bugs in the operating system and apps alike. Mobile-only APIs have bifurcated the population of software running on our devices. On one side sits the conventional PC and server programs: compilers, shells, servers, daemons, and many others that use the standard libraries and programming models to interface with the computer and the outside world. On the other side lives the apps: mobile-only and purpose-built, they often serve as user interfaces to some larger cloud-based system. Under the weight of the numerous OS-imposed platform constraints, it is difficult for app developers to innovate: large classes of applications are simply impossible to port to mobile devices because the required APIs are unsupported. To deal with these cross platform dependencies, it is necessary to maintain multiple code bases. In the past, dependency issues have typically been solved through the use of containers. However, deploying containers on mobile systems present unique challenges. To maintain security, mobile operating systems do not give users permission to launch Docker containers. To solve this issue, we consider an older idea known as user-land containerization. Userland containerization allows userland containers to be launched by regular unprivileged users in any Linux or Android based system. Userland containerization works by inserting a modified operating system kernel between the host kernel and the guest processes. We have done an in depth study on the performance of user-mode containers like the user mode linux (UML) kernel [1], repurposing it as a userland hypervisor between the host kernel and the guest processes. We prototype a proof-of-concept usermode kernel with an implementation that is guided by the findings of our empirical study. Our kernel introduces a new technique---similar to paravirtualization---to optimize the syscall interface between the guest process and the usermode kernel to improve its I/O performance. The redesigned syscall interface provides I/O performance that approaches that of conventional virtualization techniques. Our paravirtualization strategies outperform UML by a factor of 3--6X for I/O bound workloads. Furthermore, we achieve 3.5--5X more network throughput and equal disk write speed compared to VMWare Workstation. Although there is still ample opportunity for performance improvements, our approach demonstrates the promise and potential of a usable userland virtualization platform that balances security with performance

The psychophysiological effects of Tai-chi and exercise in residential Schizophrenic patients: a 3-arm randomized controlled trial

BACKGROUND: Patients with schizophrenia are characterized by high prevalence rates and chronicity that often leads to long-term institutionalization. Under the traditional medical model, treatment usually emphasizes the management of psychotic symptoms through medication, even though anti-psychotic drugs are associated with severe side effects, which can diminish patients’ physical and psychological well-being. Tai-chi, a mind-body exercise rooted in Eastern health philosophy, emphasizes the motor coordination and relaxation. With these potential benefits, a randomized controlled trial (RCT) is planned to investigate the effects of Tai-chi intervention on the cognitive and motor deficits characteristic of patients with schizophrenia. METHODS/DESIGN: A 3-arm RCT with waitlist control design will be used in this study. One hundred and fifty three participants will be randomized into (i) Tai-chi, (ii) exercise or (iii) waitlist control groups. Participants in both the Tai-chi and exercise groups will receive 12-weeks of specific intervention, in addition to the standard medication and care received by the waitlist control group. The exercise group will serve as a comparison, to delineate any unique benefits of Tai-chi that are independent of moderate aerobic exercise. All three groups will undergo three assessment phases: (i) at baseline, (ii) at 12 weeks (post-intervention), and (iii) at 24 weeks (maintenance). All participants will be assessed in terms of symptom management, motor coordination, memory, daily living function, and stress levels based on self-perceived responses and a physiological marker. DISCUSSION: Based on a promising pilot study conducted prior to this RCT, subjects in the Tai-chi intervention group are expected to be protected against deterioration of motor coordination and interpersonal functioning. They are also expected to have better symptoms management and lower stress level than the other treatment groups. TRIAL REGISTRATION: The trail has been registered in the Clinical Trials Center of the University of Hong Kong (HKCTR-1453)

Genome-wide trans-ancestry meta-analysis provides insight into the genetic architecture of type 2 diabetes susceptibility.

To further understanding of the genetic basis of type 2 diabetes (T2D) susceptibility, we aggregated published meta-analyses of genome-wide association studies (GWAS), including 26,488 cases and 83,964 controls of European, east Asian, south Asian and Mexican and Mexican American ancestry. We observed a significant excess in the directional consistency of T2D risk alleles across ancestry groups, even at SNPs demonstrating only weak evidence of association. By following up the strongest signals of association from the trans-ethnic meta-analysis in an additional 21,491 cases and 55,647 controls of European ancestry, we identified seven new T2D susceptibility loci. Furthermore, we observed considerable improvements in the fine-mapping resolution of common variant association signals at several T2D susceptibility loci. These observations highlight the benefits of trans-ethnic GWAS for the discovery and characterization of complex trait loci and emphasize an exciting opportunity to extend insight into the genetic architecture and pathogenesis of human diseases across populations of diverse ancestry