No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone

It is generally recognized that the traffic generated by an individual connected to a network acts as his biometric signature. Several tools exploit this fact to fingerprint and monitor users. Often, though, these tools assume to access the entire traffic, including IP addresses and payloads. This is not feasible on the grounds that both performance and privacy would be negatively affected. In reality, most ISPs convert user traffic into NetFlow records for a concise representation that does not include, for instance, any payloads. More importantly, large and distributed networks are usually NAT'd, thus a few IP addresses may be associated to thousands of users. We devised a new fingerprinting framework that overcomes these hurdles. Our system is able to analyze a huge amount of network traffic represented as NetFlows, with the intent to track people. It does so by accurately inferring when users are connected to the network and which IP addresses they are using, even though thousands of users are hidden behind NAT. Our prototype implementation was deployed and tested within an existing large metropolitan WiFi network serving about 200,000 users, with an average load of more than 1,000 users simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned out to be very effective, with an accuracy greater than 90%. We also devised new tools and refined existing ones that may be applied to other contexts related to NetFlow analysis

No Place to Hide that Bytes won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position

News reports of the last few years indicated that several intelligence agencies are able to monitor large networks or entire portions of the Internet backbone. Such a powerful adversary has only recently been considered by the academic literature. In this paper, we propose a new adversary model for Location Based Services (LBSs). The model takes into account an unauthorized third party, different from the LBS provider itself, that wants to infer the location and monitor the movements of a LBS user. We show that such an adversary can extrapolate the position of a target user by just analyzing the size and the timing of the encrypted traffic exchanged between that user and the LBS provider. We performed a thorough analysis of a widely deployed location based app that comes pre-installed with many Android devices: GoogleNow. The results are encouraging and highlight the importance of devising more effective countermeasures against powerful adversaries to preserve the privacy of LBS users.Comment: 14 pages, 9th International Conference on Network and System Security (NSS 2015

The Cyclicality of the Income Elasticity of Trade

In 2011-2015 global trade volumes have systematically surprised on the downside, to a much larger extent than real GDP. We show that two key features of real trade flows --- their high volatility and their procyclicality --- determine a cyclicality of the income elasticity of trade. This property is such that when real GDP growth is positive but lower than its long-run trend, then the income elasticity of trade is also smaller than its own long-run trend. As a consequence, when real GDP growth turns out to be weaker than expected, the forecast error on trade volumes is amplified by the fact that also the income elasticity of trade happens to be smaller than predicted. Our analysis shows, in particular, that long-run and cyclical forces have contributed to a similar extent to the recent weakness of trade volumes. As a by-product, we also explain how the high volatility and procyclicality of real trade flows, together with the size of the non-tradeable-goods sector, contribute to determine cross-country differences in the income elasticity of trade

The Cyclicality of the Income Elasticity of Trade

In 2011-2015 global trade volumes have systematically surprised on the downside, to a much larger extent than real GDP. We show that two key features of real trade flows --- their high volatility and their procyclicality --- determine a cyclicality of the income elasticity of trade. This property is such that when real GDP growth is positive but lower than its long-run trend, then the income elasticity of trade is also smaller than its own long-run trend. As a consequence, when real GDP growth turns out to be weaker than expected, the forecast error on trade volumes is amplified by the fact that also the income elasticity of trade happens to be smaller than predicted. Our analysis shows, in particular, that long-run and cyclical forces have contributed to a similar extent to the recent weakness of trade volumes. As a by-product, we also explain how the high volatility and procyclicality of real trade flows, together with the size of the non-tradeable-goods sector, contribute to determine cross-country differences in the income elasticity of trade

The Cyclicality of the Income Elasticity of Trade

In 2011-2015 global trade has disappointed, to a much larger extent than global GDP. We show that two key features of real trade flows - their high volatility and their procyclicality - determine a cyclicality of the income elasticity of trade. This property is such that when real GDP growth is positive but lower than its long-run trend, then the income elasticity of trade is also smaller than its own long-run trend. Therefore, when real GDP growth turns out to be weaker than expected, the forecast error on trade volumes is amplified by the fact that also the income elasticity of trade happens to be smaller than predicted. We then analyze the implications of our findings for the cross-country differences in the elasticity, the role of long-run and cyclical factors for the recent weakness of trade, and the accuracy of existing trade forecasts, which we significantly improve by exploiting real-time data on business conditions

Functional architecture of reward learning in mushroom body extrinsic neurons of larval Drosophila.

The brain adaptively integrates present sensory input, past experience, and options for future action. The insect mushroom body exemplifies how a central brain structure brings about such integration. Here we use a combination of systematic single-cell labeling, connectomics, transgenic silencing, and activation experiments to study the mushroom body at single-cell resolution, focusing on the behavioral architecture of its input and output neurons (MBINs and MBONs), and of the mushroom body intrinsic APL neuron. Our results reveal the identity and morphology of almost all of these 44 neurons in stage 3 Drosophila larvae. Upon an initial screen, functional analyses focusing on the mushroom body medial lobe uncover sparse and specific functions of its dopaminergic MBINs, its MBONs, and of the GABAergic APL neuron across three behavioral tasks, namely odor preference, taste preference, and associative learning between odor and taste. Our results thus provide a cellular-resolution study case of how brains organize behavior

Effects of hospital facilities on patient outcomes after cancer surgery: an international, prospective, observational study

Background Early death after cancer surgery is higher in low-income and middle-income countries (LMICs) compared with in high-income countries, yet the impact of facility characteristics on early postoperative outcomes is unknown. The aim of this study was to examine the association between hospital infrastructure, resource availability, and processes on early outcomes after cancer surgery worldwide.Methods A multimethods analysis was performed as part of the GlobalSurg 3 study-a multicentre, international, prospective cohort study of patients who had surgery for breast, colorectal, or gastric cancer. The primary outcomes were 30-day mortality and 30-day major complication rates. Potentially beneficial hospital facilities were identified by variable selection to select those associated with 30-day mortality. Adjusted outcomes were determined using generalised estimating equations to account for patient characteristics and country-income group, with population stratification by hospital.Findings Between April 1, 2018, and April 23, 2019, facility-level data were collected for 9685 patients across 238 hospitals in 66 countries (91 hospitals in 20 high-income countries; 57 hospitals in 19 upper-middle-income countries; and 90 hospitals in 27 low-income to lower-middle-income countries). The availability of five hospital facilities was inversely associated with mortality: ultrasound, CT scanner, critical care unit, opioid analgesia, and oncologist. After adjustment for case-mix and country income group, hospitals with three or fewer of these facilities (62 hospitals, 1294 patients) had higher mortality compared with those with four or five (adjusted odds ratio [OR] 3.85 [95% CI 2.58-5.75]; p<0.0001), with excess mortality predominantly explained by a limited capacity to rescue following the development of major complications (63.0% vs 82.7%; OR 0.35 [0.23-0.53]; p<0.0001). Across LMICs, improvements in hospital facilities would prevent one to three deaths for every 100 patients undergoing surgery for cancer.Interpretation Hospitals with higher levels of infrastructure and resources have better outcomes after cancer surgery, independent of country income. Without urgent strengthening of hospital infrastructure and resources, the reductions in cancer-associated mortality associated with improved access will not be realised

Can't you hear me knocking: Identification of user actions on Android apps via traffic analysis

none4noneMauro Conti; Luigi V. Mancini; Riccardo Spolaor; Nino Vincenzo VerdeConti, Mauro; Luigi V., Mancini; Spolaor, Riccardo; Nino Vincenzo, Verd

Aminergic neuromodulation of associative visual learning in harnessed honey bees

International audienc