On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

Learning without recall in directed circles and rooted trees

This work investigates the case of a network of agents that attempt to learn some unknown state of the world amongst the finitely many possibilities. At each time step, agents all receive random, independently distributed private signals whose distributions are dependent on the unknown state of the world. However, it may be the case that some or any of the agents cannot distinguish between two or more of the possible states based only on their private observations, as when several states result in the same distribution of the private signals. In our model, the agents form some initial belief (probability distribution) about the unknown state and then refine their beliefs in accordance with their private observations, as well as the beliefs of their neighbors. An agent learns the unknown state when her belief converges to a point mass that is concentrated at the true state. A rational agent would use the Bayes' rule to incorporate her neighbors' beliefs and own private signals over time. While such repeated applications of the Bayes' rule in networks can become computationally intractable; in this paper, we show that in the canonical cases of directed star, circle or path networks and their combinations, one can derive a class of memoryless update rules that replicate that of a single Bayesian agent but replace the self beliefs with the beliefs of the neighbors. This way, one can realize an exponentially fast rate of learning similar to the case of Bayesian (fully rational) agents. The proposed rules are a special case of the Learning without Recall approach that we develop in a companion paper, and it has the advantage that while preserving essential features of the Bayesian inference, they are made tractable. In particular, the agents can rely on the observational abilities of their neighbors and their neighbors' neighbors etc. to learn the unknown state; even though they themselves cannot distinguish the truth

Distributed estimation and learning over heterogeneous networks

We consider several estimation and learning problems that networked agents face when making decisions given their uncertainty about an unknown variable. Our methods are designed to efficiently deal with heterogeneity in both size and quality of the observed data, as well as heterogeneity over time (intermittence). The goal of the studied aggregation schemes is to efficiently combine the observed data that is spread over time and across several network nodes, accounting for all the network heterogeneities. Moreover, we require no form of coordination beyond the local neighborhood of every network agent or sensor node. The three problems that we consider are (i) maximum likelihood estimation of the unknown given initial data sets, (ii) learning the true model parameter from streams of data that the agents receive intermittently over time, and (iii) minimum variance estimation of a complete sufficient statistic from several data points that the networked agents collect over time. In each case, we rely on an aggregation scheme to combine the observations of all agents; moreover, when the agents receive streams of data over time, we modify the update rules to accommodate the most recent observations. In every case, we demonstrate the efficiency of our algorithms by proving convergence to the globally efficient estimators given the observations of all agents. We supplement these results by investigating the rate of convergence and providing finite-time performance guarantees

Bayesian learning without recall

We analyze a model of learning and belief formation in networks in which agents follow Bayes rule yet they do not recall their history of past observations and cannot reason about how other agents' beliefs are formed. They do so by making rational inferences about their observations which include a sequence of independent and identically distributed private signals as well as the actions of their neighboring agents at each time. Successive applications of Bayes rule to the entire history of past observations lead to forebodingly complex inferences: due to lack of knowledge about the global network structure, and unavailability of private observations, as well as third party interactions preceding every decision. Such difficulties make Bayesian updating of beliefs an implausible mechanism for social learning. To address these complexities, we consider a Bayesian without Recall model of inference. On the one hand, this model provides a tractable framework for analyzing the behavior of rational agents in social networks. On the other hand, this model also provides a behavioral foundation for the variety of non-Bayesian update rules in the literature. We present the implications of various choices for the structure of the action space and utility functions for such agents and investigate the properties of learning, convergence, and consensus in special cases

Analytical and Numerical Evaluations of Flexible V-Band Rotman Lens Beamforming Network Performance for Conformal Wireless Subsystems

This paper presents the analytical design and numerical performance evaluation of novel V-band millimetre-wave (mm-wave) beamforming networks (BFNs), based on the Rotman lens array feeding concept. The devices are intended for operation in the unlicensed 60-GHz frequency band. The primary objective of this work is to study the feasibility of designing flexible V-band beamformers, based on liquid-crystal polymer (LCP) substrates. The planar Rotman lens device has been initially developed, and the output performances, in terms of the scattering parameters and accuracy, have been analysed. This is further continued with the detailed designs of the Rotman lens BFNs based on the four different proposed flexural cases, namely the concave-axial bending, the convex-axial bending, the concave-circumferential bending, and the convex-circumferential bending. Each of the flexures has been analysed, and the performance in terms of the surface currents and phase distributions, as the primary functionality indicators, has been presented. The presented flexible beamformers exhibit significant characteristics to be potentially employed as low-cost and efficient units of the mm-wave transceivers with the in-built electronic beam steering capabilities for the conformal wireless subsystems

A Tuned and Scalable Fast Multipole Method as a Preeminent Algorithm for Exascale Systems

Among the algorithms that are likely to play a major role in future exascale computing, the fast multipole method (FMM) appears as a rising star. Our previous recent work showed scaling of an FMM on GPU clusters, with problem sizes in the order of billions of unknowns. That work led to an extremely parallel FMM, scaling to thousands of GPUs or tens of thousands of CPUs. This paper reports on a a campaign of performance tuning and scalability studies using multi-core CPUs, on the Kraken supercomputer. All kernels in the FMM were parallelized using OpenMP, and a test using 10^7 particles randomly distributed in a cube showed 78% efficiency on 8 threads. Tuning of the particle-to-particle kernel using SIMD instructions resulted in 4x speed-up of the overall algorithm on single-core tests with 10^3 - 10^7 particles. Parallel scalability was studied in both strong and weak scaling. The strong scaling test used 10^8 particles and resulted in 93% parallel efficiency on 2048 processes for the non-SIMD code and 54% for the SIMD-optimized code (which was still 2x faster). The weak scaling test used 10^6 particles per process, and resulted in 72% efficiency on 32,768 processes, with the largest calculation taking about 40 seconds to evaluate more than 32 billion unknowns. This work builds up evidence for our view that FMM is poised to play a leading role in exascale computing, and we end the paper with a discussion of the features that make it a particularly favorable algorithm for the emerging heterogeneous and massively parallel architectural landscape

Digraphs with distinguishable dynamics under the multi-agent agreement protocol

This work studies the ability to distinguish digraphs from the output response of some observing agents in a multi-agent network under the agreement protocol. Given a fixed observation point, it is desired to find sufficient graphical conditions under which the failure of a set of edges in the network information flow digraph is distinguishable from another set. When the latter is empty, this corresponds to the detectability of the former link set given the response of the observing agent. In developing the results, a powerful extension of the all-minors matrix tree theorem in algebraic graph theory is proved which relates the minors of the transformed Laplacian of a directed graph to the number and length of the shortest paths between its vertices. The results reveal an intricate relationship between the ability to distinguish the responses of a healthy and a faulty multi-agent network and the inter-nodal paths in their information flow digraphs. The results have direct implications for the operation and design of multi-agent systems subject to multiple link losses. Simulations and examples are presented to illustrate the analytic findings

Millimetre-Wave Rotman Lens-Based Array Beamforming Networks for Next-Generation Wireless Subsystems

PhDThis thesis undertakes thorough analytical designs, as well as numerical and experimental performance evaluations, of millimetre-wave beamforming networks based on the Rotman lens-based feeding concept. The developed passive switched-beam networks are intended for operation in the 28-GHz and 60-GHz bands, covering the whole frequency ranges of 18–38 GHz and 50–70 GHz, respectively. The primary objective of this work is to investigate the feasibility of designing a number of high-performance and low-profile array beamformers. This has been accomplished based on the flexible liquid-crystal polymer substrates, for the potential deployment in the next-generation wireless communications. The developed lens devices, and their output characteristics, in terms of the scattering parameters, accuracy, device efficiency, and surface current distributions, have been comprehensively evaluated. Moreover, this has been extended to the detailed designs of the lens beamformers based on the four different proposed flexural cases, namely the concave-axial bending, convex-axial bending, concave-circumferential bending, and convex-circumferential bending. Each of the flexures has been analysed in detail, and the performance in terms of the linear progressive phase behaviour, as the primary figure of merit, has been reported. Furthermore, based on the conducted analytical designs and validations a prototype has been accurately fabricated, using the laser-centric radio frequency circuit structuring technique, and a setup has been further deployed to carry out the measurements. This has been done in order to validate the analytical results, as well as to demonstrate the experimental 28-GHz beamforming. The presented array beamformers outperform other existing millimetre-wave beamformers, to be potentially utilised as the efficient integrated units of the transceiver modules and large-scale antennas, mostly in the multiple-input multiple-output systems. Lastly, the developed lens beamformers provide the next-generation conformal and flexible subsystems with the essential functional requirements for the millimetre-wave beam steering mechanisms