Binder free and flexible asymmetric supercapacitor exploiting Mn3O4 and MoS2 nanoflakes on carbon fibers

Emerging technologies, such as portable electronics, have had a huge impact on societal norms, such as access to real time information. To perform these tasks, portable electronic devices need more and more accessories for the processing and dispensation of the data, resulting in higher demand for energy and power. To overcome this problem, a low cost high-performing flexible fiber shaped asymmetric supercapacitor was fabricated, exploiting 3D-spinel manganese oxide Mn3O4 as cathode and 2D molybdenum disulfide MoS2 as anode. These asymmetric supercapacitors with stretched operating voltage window of 1.8 V exhibit high specific capacitance and energy density, good rate capability and cyclic stability after 3000 cycles, with a capacitance retention of more than 80%. This device has also shown an excellent bending stability at different bending conditions

BOTection: bot detection by building Markov Chain models of bots network behavior

This paper was presented at the 15th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2020), 5-9 October 2020, Taipei, Taiwan. This is the accepted manuscript version of the paper. The final version is available online from the Association for Computing Machinery at: https://doi.org/10.1145/3320269.3372202.Botnets continue to be a threat to organizations, thus various machine learning-based botnet detectors have been proposed. However, the capability of such systems in detecting new or unseen botnets is crucial to ensure its robustness against the rapid evolution of botnets. Moreover, it prolongs the effectiveness of the system in detecting bots, avoiding frequent and time-consuming classifier re-training. We present BOTection, a privacy-preserving bot detection system that models the bot network flow behavior as a Markov Chain. The Markov Chain state transitions capture the bots' network behavior using high-level flow features as states, producing content-agnostic and encryption resilient behavioral features. These features are used to train a classifier to first detect flows produced by bots, and then identify their bot families. We evaluate our system on a dataset of over 7M malicious flows from 12 botnet families, showing its capability of detecting bots' network traffic with 99.78% F-measure and classifying it to a malware family with a 99.09% F-measure. Notably, due to the modeling of general bot network behavior by the Markov Chains, BOTection can detect traffic belonging to unseen bot families with an F-measure of 93.03% making it robust against malware evolution.Accepted manuscrip

Global, regional, and national burden of disorders affecting the nervous system, 1990–2021: a systematic analysis for the Global Burden of Disease Study 2021

BackgroundDisorders affecting the nervous system are diverse and include neurodevelopmental disorders, late-life neurodegeneration, and newly emergent conditions, such as cognitive impairment following COVID-19. Previous publications from the Global Burden of Disease, Injuries, and Risk Factor Study estimated the burden of 15 neurological conditions in 2015 and 2016, but these analyses did not include neurodevelopmental disorders, as defined by the International Classification of Diseases (ICD)-11, or a subset of cases of congenital, neonatal, and infectious conditions that cause neurological damage. Here, we estimate nervous system health loss caused by 37 unique conditions and their associated risk factors globally, regionally, and nationally from 1990 to 2021.MethodsWe estimated mortality, prevalence, years lived with disability (YLDs), years of life lost (YLLs), and disability-adjusted life-years (DALYs), with corresponding 95% uncertainty intervals (UIs), by age and sex in 204 countries and territories, from 1990 to 2021. We included morbidity and deaths due to neurological conditions, for which health loss is directly due to damage to the CNS or peripheral nervous system. We also isolated neurological health loss from conditions for which nervous system morbidity is a consequence, but not the primary feature, including a subset of congenital conditions (ie, chromosomal anomalies and congenital birth defects), neonatal conditions (ie, jaundice, preterm birth, and sepsis), infectious diseases (ie, COVID-19, cystic echinococcosis, malaria, syphilis, and Zika virus disease), and diabetic neuropathy. By conducting a sequela-level analysis of the health outcomes for these conditions, only cases where nervous system damage occurred were included, and YLDs were recalculated to isolate the non-fatal burden directly attributable to nervous system health loss. A comorbidity correction was used to calculate total prevalence of all conditions that affect the nervous system combined.FindingsGlobally, the 37 conditions affecting the nervous system were collectively ranked as the leading group cause of DALYs in 2021 (443 million, 95% UI 378–521), affecting 3·40 billion (3·20–3·62) individuals (43·1%, 40·5–45·9 of the global population); global DALY counts attributed to these conditions increased by 18·2% (8·7–26·7) between 1990 and 2021. Age-standardised rates of deaths per 100 000 people attributed to these conditions decreased from 1990 to 2021 by 33·6% (27·6–38·8), and age-standardised rates of DALYs attributed to these conditions decreased by 27·0% (21·5–32·4). Age-standardised prevalence was almost stable, with a change of 1·5% (0·7–2·4). The ten conditions with the highest age-standardised DALYs in 2021 were stroke, neonatal encephalopathy, migraine, Alzheimer's disease and other dementias, diabetic neuropathy, meningitis, epilepsy, neurological complications due to preterm birth, autism spectrum disorder, and nervous system cancer.InterpretationAs the leading cause of overall disease burden in the world, with increasing global DALY counts, effective prevention, treatment, and rehabilitation strategies for disorders affecting the nervous system are needed

FIRMA: Malware clustering and network signature generation with mixed network behaviors

The ever-increasing number of malware families and polymorphic variants creates a pressing need for automatic tools to cluster the collected malware into families and generate behavioral signatures for their detection. Among these, network traffic is a powerful behavioral signature and network signatures are widely used by network administrators. In this paper we present FIRMA, a tool that given a large pool of network traffic obtained by executing unlabeled malware binaries, generates a clustering of the malware binaries into families and a set of network signatures for each family. Compared with prior tools, FIRMA produces network signatures for each of the network behaviors of a family, regardless of the type of traffic the malware uses (e.g., HTTP, IRC, SMTP, TCP, UDP). We have implemented FIRMA and evaluated it on two recent datasets comprising nearly 16,000 unique malware binaries. Our results show that FIRMA’s clustering has very high precision (100% on a labeled dataset) and recall (97.7%). We compare FIRMA’s signatures with manually generated ones, showing that they are as good (often better), while generated in a fraction of the time.status: publishe

Graph-based learning model for detection of SMS spam on smart phones

Short Message Service (SMS) has been increasingly exploited through spam propagation schemes in recent years. This paper presents a new method for graph-based learning and classification of spam SMS on mobile devices and smart phones. Our approach is based on modeling the content and patterns of SMS syntax into a direct ed-weighted graph through exploiting modern composition style of messages. The graph attributes are then used to classify spam messages in real-time by using KL-Divergence measure. Experimental results on two real-world datasets show that our proposed method achieves high detection accuracy with less false alarm rate to detect spam messages. Moreover, our approach requires relatively less memory and processing power, making it suitable to deploy on resource-constrained mobile devices and smart phones.status: publishe

Evaluating dos attacks against sip-based voip systems

The multimedia communication is rapidly converging towards Voice over Internet-commonly known as Voice over Internet Protocol (VoIP). Session Initiation Protocol (SIP) is the standard used for session signaling in VoIP. Crafty attackers can launch a number of Denial of Service (DoS) attacks on a SIP based VoIP infrastructure that can severely compromise its reliability. In contrast, little work is done to analyze the robustness and reliability of SIP severs under DoS attacks. In this paper, we show that the robustness and reliability of generic SIP servers is inadequate than commonly perceived. We have done our study using a customized analysis tool that has the ability to synthesize and launch different types of attacks. We have integrated the tool in a real SIP test bed environment to measure the performance of SIP servers. Our measurements show that a standard SIP server can be easily overloaded by sending simple call requests. We define the performance metrics to measure the effects of flooding attacks on real time services - VoIP in SIP environment - and show the results on different SIP server implementations. Our results also provide insight into resources' usage by SIP servers under flooding attacks. Moreover, we show that how a well known open source SIP server can be crashed through 'INVITE of Death' - a malformed SIP packet maliciously crafted by our tool.status: publishe

The MALICIA dataset: Identification and Analysis of drive-by download Operations

Drive-by downloads are the preferred distribution vector for many malware families. In the drive-by ecosystem, many exploit servers run the same exploit kit and it is a challenge understanding whether the exploit server is part of a larger operation. In this paper, we propose a technique to identify exploit servers managed by the same organization. We collect over time how exploit servers are configured, which exploits they use, and what malware they distribute, grouping servers with similar configurations into operations. Our operational analysis reveals that although individual exploit servers have a median lifetime of 16 h, long-lived operations exist that operate for several months. To sustain long-lived operations, miscreants are turning to the cloud, with 60 % of the exploit servers hosted by specialized cloud hosting services. We also observe operations that distribute multiple malware families and that pay-per-install affiliate programs are managing exploit servers for their affiliates to convert traffic into installations. Furthermore, we analyze the exploit polymorphism problem, measuring the repacking rate for different exploit types. To understand how difficult is to takedown exploit servers, we analyze the abuse reporting process and issue abuse reports for 19 long-lived servers. We describe the interaction with ISPs and hosting providers and monitor the result of the report. We find that 61 % of the reports are not even acknowledged. On average, an exploit server still lives for 4.3 days after a report. Finally, we detail the Malicia dataset we have collected and are making available to other researchers.status: publishe

Application of evolutionary algorithms in detecting sms spam at access layer

In recent years, Short Message Service (SMS) has been widely exploited in arbitrary advertising campaigns and the propagation of scam. In this paper, we first analyze the role of SMS spam as an increasing threat to mobile and smart phone users. Afterward, we present a filtering method for controlling SMS spam on the access layer of mobile devices. We analyze the role of different evolutionary and non evolutionary classifiers for our spam filter by assimilating the byte-level features of SMS. We evaluated our framework on real-world benign and spam datasets collected from Grumbletext and the users in our social networking community. The results of carefully designed experiments demonstrated that the evolutionary classifiers, like the Structural Learning Algorithm in Vague Environment (SLAVE), could efficiently detect spam messages at the access layer of a mobile device. To the best of our knowledge, the current work is the first SMS spam filter based on evolutionary classifier that works on the access layer of a mobile device. The results of our experiments show that our framework, using evolutionary algorithms, achieves a detection accuracy of more than 93%, with false alarm rate of 0.13$% in classifying spam SMS. Moreover, the memory requirement for incorporating SMS features is relatively small, and it takes less than one second to classify a message as spam or benign.status: publishe

Evolutionary algorithms for classification of malware families through different network behaviors

The staggering increase of malware families and their di- versity poses a significant threat and creates a compelling need for automatic classification techniques. In this paper, we first analyze the role of network behavior as a pow- erful technique to automatically classify malware families and their polymorphic variants. Afterwards, we present a framework to efficiently classify malware families by mod- eling their different network behaviors (such as HTTP, SMTP, UDP, and TCP). We propose protocol-aware and state-space modeling schemes to extract features from malware network behaviors. We analyze the applicability of various evolu- tionary and non-evolutionary algorithms for our malware family classification framework. To evaluate our framework, we collected a real-world dataset of 6, 000 unique and active malware samples belonging to 20 different malware fami- lies. We provide a detailed analysis of network behaviors exhibited by these prevalent malware families. The results of our experiments shows that evolutionary algorithms, like sUpervised Classifier System (UCS), can effectively classify malware families through different network behaviors in real- time. To the best of our knowledge, the current work is the first malware classification framework based on evolutionary classifier that uses different network behaviors.status: publishe

Network dialog minimization and network dialog diffing: Two novel primitives for network security applications

In this work, we present two fundamental primitives for network security: network dialog minimization and network dialog diffing. Network dialog minimization (NDM) simplifies an original dialog with respect to a goal, so that the minimized dialog when replayed still achieves the goal, but requires minimal network communication, achieving significant time and bandwidth savings. We present network delta debugging, the first technique to solve NDM. Network dialog diffing compares two dialogs, aligns them, and identifies their common and different parts. We propose a novel dialog diffing technique that aligns two dialogs by finding a mapping that maximizes similarity. We have applied our techniques to 5 applications. We apply our dialog minimization approach for: building drive-by download milkers for 9 exploit kits, integrating them in a infrastructure that has collected over 14,000 malware samples running from a single machine; efficiently measuring the percentage of popular sites that allow cookie replay, finding that 31% do not destroy the server-side state when a user logs out and that 17% provide cookies that live over a month; simplifying a cumbersome user interface, saving our institution 3 hours of time per year and employee; and finding a new vulnerability in a SIP server. We apply our dialog diffing approach for clustering benign (F-Measure = 100%) and malicious (F-Measure = 87.6%) dialogs.status: publishe