Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers

In this paper, we present a black-box attack against API call based machine learning malware classifiers, focusing on generating adversarial sequences combining API calls and static features (e.g., printable strings) that will be misclassified by the classifier without affecting the malware functionality. We show that this attack is effective against many classifiers due to the transferability principle between RNN variants, feed forward DNNs, and traditional machine learning classifiers such as SVM. We also implement GADGET, a software framework to convert any malware binary to a binary undetected by malware classifiers, using the proposed attack, without access to the malware source code.Comment: Accepted as a conference paper at RAID 201

Android Malware Clustering through Malicious Payload Mining

Clustering has been well studied for desktop malware analysis as an effective triage method. Conventional similarity-based clustering techniques, however, cannot be immediately applied to Android malware analysis due to the excessive use of third-party libraries in Android application development and the widespread use of repackaging in malware development. We design and implement an Android malware clustering system through iterative mining of malicious payload and checking whether malware samples share the same version of malicious payload. Our system utilizes a hierarchical clustering technique and an efficient bit-vector format to represent Android apps. Experimental results demonstrate that our clustering approach achieves precision of 0.90 and recall of 0.75 for Android Genome malware dataset, and average precision of 0.98 and recall of 0.96 with respect to manually verified ground-truth.Comment: Proceedings of the 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017

Fractionation of MG Isotopes between the Sun’s Photosphere and the Solar Wind

The Genesis mission goal is to precisely determine the elemental and isotopic composition of the solar photosphere through measurements of solar wind; the photospheric composition being a proxy for the early solar nebula. So, how elements and isotopes are fractionated (or not) when accelerated out of the photosphere is fundamental to interpreting Genesis data

Determining the Elemental and Isotopic Composition of the preSolar Nebula from Genesis Data Analysis: The Case of Oxygen

We compare element and isotopic fractionations measured in solar wind samples collected by NASA's Genesis mission with those predicted from models incorporating both the ponderomotive force in the chromosphere and conservation of the first adiabatic invariant in the low corona. Generally good agreement is found, suggesting that these factors are consistent with the process of solar wind fractionation. Based on bulk wind measurements, we also consider in more detail the isotopic and elemental abundances of O. We find mild support for an O abundance in the range 8.75 - 8.83, with a value as low as 8.69 disfavored. A stronger conclusion must await solar wind regime specific measurements from the Genesis samples.Comment: 6 pages, accepted by Astrophysical Journal Letter

Expression of Rb2/p130 in breast and endometrial cancer: correlations with hormone receptor status

Rb2/p130 is a member of the retinoblastoma family of proteins, consisting of Rb, Rb2 and p107, which are important negative regulators of cell cycle progression and differentiation. While Rb2 downregulation was observed in several malignant tumours including endometrial cancer, the role of p130 in breast carcinomas is still unknown. We investigated Rb2 protein expression in tumour tissue from 68 mammary and 41 endometrial carcinomas, 4 mammary cell lines, and normal tissue samples. Therefore, we performed Western blot experiments for Rb2, Rb, and the oestrogen and progesterone receptors (ER, PR-A, PR-B). Weak or absent Rb2 expression was more often found in endometrial (59%) than in mammary carcinomas (24%). We found significant positive correlations of Rb2 expression with Rb, ER, and PR-B in breast cancer samples, and of Rb2 with Rb, PR-A, PR-B, and younger age in endometrial carcinomas. No significant associations with histological grading, stage, nodal involvement, or Ki67 staining were detected. Rb2 mRNA expression was studied by semi-quantitative RT-PCR in 56 endometrial or mammary tissue samples and correlated significantly with Western blot results. Our results indicate that loss of Rb2 expression, mostly by transcriptional down-regulation, may be associated with the development and dedifferentiation of most endometrial and a subset of mammary carcinomas. © 2001 Cancer Research Campaign http://bjcancer.co

Anisotropy of the upper critical field in superconductors with anisotropic gaps. Anisotropy parameters of MgB2

The upper critical field Hc2 is evaluated for weakly-coupled two-band superconductors. By modeling the actual bands and the gap distribution of MgB2 by two Fermi surface spheroids with average parameters of the real material, we show that H_{c2,ab}/H_{c2,c} increases with decreasing temperature in agreement with available data.Comment: 4 pages, 2 figure

Entropy and Spin Susceptibility of s-wave Type-II Superconductors near Hc2H_{c2}

A theoretical study is performed on the entropy $S_{\rm s}$ and the spin susceptibility $\chi_{\rm s}$ near the upper critical field $H_{c2}$ of s-wave type-II superconductors with arbitrary impurity concentrations. The changes of these quantities through $H_{c2}$ may be expressed as $[S_{\rm s}(T,B)-S_{\rm s}(T,0)]/[S_{\rm n}(T)-S_{\rm s}(T,0)]=1-\alpha_{S}(1-B/H_{c2})\approx (B/H_{c2})^{\alpha_{S}}$, for example, where $B$ is the average flux density and $S_{\rm n}$ denotes entropy in the normal state. It is found that the slopes $\alpha_{S}$ and $\alpha_{\chi}$ at T=0 are identical, connected directly with the zero-energy density of states, and vary from 1.72 in the dirty limit to $0.5\sim 0.6$ in the clean limit. This mean-free-path dependence of $\alpha_{S}$ and $\alpha_{\chi}$ at T=0 is quantitatively the same as that of the slope $\alpha_{\rho}(T=0)$ for the flux-flow resistivity studied previously. The result suggests that $S_{\rm s}(B)$ and $\chi_{\rm s}(B)$ near T=0 are convex downward (upward) in the dirty (clean) limit, deviating substantially from the linear behavior $\propto B/H_{c2}$. The specific-heat jump at $H_{c2}$ also shows fairly large mean-free-path dependence.Comment: 8 pages, 5 figure

T Cells Contain an RNase-Insensitive Inhibitor of APOBEC3G Deaminase Activity

The deoxycytidine deaminase APOBEC3G (A3G) is expressed in human T cells and inhibits HIV-1 replication. When transfected into A3G-deficient epithelial cell lines, A3G induces catastrophic hypermutation by deaminating the HIV-1 genome. Interestingly, studies suggest that endogenous A3G in T cells induces less hypermutation than would be expected. However, to date, the specific deaminase activity of endogenous A3G in human CD4+ T cells has not been examined directly. Here, we compared deaminase activity of endogenous and exogenous A3G in various human cell lines using a standard assay and a novel, quantitative, high-throughput assay. Exogenous A3G in epithelial cell lysates displayed deaminase activity only following RNase treatment, as expected given that A3G is known to form an enzymatically inactive RNA-containing complex. Surprisingly, comparable amounts of endogenous A3G from T cell lines or from resting or activated primary CD4+ T cells exhibited minimal deaminase activity, despite RNase treatment. Specific deaminase activity of endogenous A3G in H9, CEM, and other T cell lines was up to 36-fold lower than specific activity of exogenous A3G in epithelial-derived cell lines. Furthermore, RNase-treated T cell lysates conferred a dose-dependent inhibition to epithelial cell lysates expressing enzymatically active A3G. These studies suggest that T cells, unlike epithelial-derived cell lines, express an unidentified RNase-resistant factor that inhibits A3G deaminase activity. This factor could be responsible for reduced levels of hypermutation in T cells, and its identification and blockade could offer a means for increasing antiretroviral intrinsic immunity of T cells