Bitcoin Redux

We study how attempts to regulate cryptocurrencies, or at least to mitigate the harm they do, are misdirected. We started by looking at how one might blacklist stolen bitcoin, and find that two established legal principles – the nemo dat rule and the Clayton's case precedent -- make tracing crime proceeds much simpler than researchers previously thought; they support a first-in first-out rule for taint tracking, which turns out to be much more efficient. However once we published initial results and were approached by theft victims, we discovered a more serious problem. Many bitcoin exchanges do not now give their customers actual bitcoin, but rather do off-chain transactions with other exchange customers or transact on customers' behalf with outsiders. Except where customers withdraw cryptocurrency into self-hosted wallets, the ownership of these assets is unclear. The number of off-blockchain transactions has increased enormously in the last eighteen months; we can't find good figures but the volume is sufficient to raise serious concerns and the practice falls under e-money regulations that are not being enforced. In short, the security, economics and regulatory problems of cryptocurrencies in 2018 turn out to be rather different from those described in the academic literature. The real problem is that we are seeing the emergence of a shadow banking system. Cryptocurrencies do not solve the underlying problems that made bank regulation necessary, and we sadly predict that many of the familiar second-order problems will also reappear. We discuss the implications for regulating cryptocurrencies and smart contracts more generally, and suggest eight things that regulators and central banks might usefully do

Computational Analysis of Valence and Arousal in Virtual Reality Gaming using Lower Arm Electromyograms

Progress in the affective computing field has led to the creation of affect-aware games that aim to adapt to the emotions experienced by the players. In this paper we focus on affect recognition in virtual reality (VR) gaming, a problem that to the best of our knowledge has not yet been sufficiently explored. We aim to answer two research questions: (i) Is it possible to reliably capture and recognize the affective state of a person based on EMG sensors placed on their lower arms, while they interact with the virtual environment? and (ii) Is EMG signal from one arm sufficient for detecting affect? We conducted a study in which 8 people were playing a set of VR games with two EMG sensors placed on their arms. We analysed the EMG signals and extracted a number of features to infer the affective states of the players. Our experimental results show that the EMG measures from left and right arms provide sufficient information to detect emotions experienced by a player of a VR game. Our results also show that classifying a DWT-db1 signal with Support Vector Machine (SVM) yields F1=0.91 for predicting low/high arousal and F1=0.85 for predicting positive/negative valence when using just the left-arm EMG signal. To the best of our knowledge, this is the first work that uses EMG data from arm movements as a single source of affective information and addresses affect recognition in VR gaming.The work of H. Gunes is partially supported by the Innovate UK project Sensing Feeling (project no. 102547)

Snitches get stitches: On the difficulty of whistleblowing

One of the most critical security protocol problems for humans is when you are betraying a trust, perhaps for some higher purpose, and the world can turn against you if you're caught. In this short paper, we report on efforts to enable whistleblowers to leak sensitive documents to journalists more safely. Following a survey of cases where whistleblowers were discovered due to operational or technological issues, we propose a game-theoretic model capturing the power dynamics involved in whistleblowing. We find that the whistleblower is often at the mercy of motivations and abilities of others. We identify specific areas where technology may be used to mitigate the whistleblower's risk. However we warn against technical solutionism: the main constraints are often institutional.Thales e-Securit

Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information

Recent research on reinforcement learning (RL) has suggested that trained agents are vulnerable to maliciously crafted adversarial samples. In this work, we show how such samples can be generalised from White-box and Grey-box attacks to a strong Black-box case, where the attacker has no knowledge of the agents, their training parameters and their training methods. We use sequence-to-sequence models to predict a single action or a sequence of future actions that a trained agent will make. First, we show our approximation model, based on time-series information from the agent, consistently predicts RL agents' future actions with high accuracy in a Black-box setup on a wide range of games and RL algorithms. Second, we find that although adversarial samples are transferable from the target model to our RL agents, they often outperform random Gaussian noise only marginally. This highlights a serious methodological deficiency in previous work on such agents; random jamming should have been taken as the baseline for evaluation. Third, we propose a novel use for adversarial samplesin Black-box attacks of RL agents: they can be used to trigger a trained agent to misbehave after a specific time delay. This appears to be a genuinely new type of attack. It potentially enables an attacker to use devices controlled by RL agents as time bombs

Revisiting Automated Prompting: Are We Actually Doing Better?

Current literature demonstrates that Large Language Models (LLMs) are great few-shot learners, and prompting significantly increases their performance on a range of downstream tasks in a few-shot learning setting. An attempt to automate human-led prompting followed, with some progress achieved. In particular, subsequent work demonstrates that automation can outperform fine-tuning in certain K-shot learning scenarios (Shin et al., 2020; Zhang et al., 2021). In this paper, we revisit techniques for automated prompting on six different downstream tasks and a larger range of K-shot learning settings. We find that automated prompting does not consistently outperform simple manual prompting. Our work suggests that, in addition to fine-tuning, manual prompting should be used as a baseline in this line of research

Rapid Model Architecture Adaption for Meta-Learning

Network Architecture Search (NAS) methods have recently gathered much attention. They design networks with better performance and use a much shorter search time compared to traditional manual tuning. Despite their efficiency in model deployments, most NAS algorithms target a single task on a fixed hardware system. However, real-life few-shot learning environments often cover a great number of tasks (T) and deployments on a wide variety of hardware platforms (H). The combinatorial search complexity T × H creates a fundamental search efficiency challenge if one naively applies existing NAS methods to these scenarios. To overcome this issue, we show, for the first time, how to rapidly adapt model architectures to new tasks in a many-task many-hardware few-shot learning setup by integrating Model Agnostic Meta Learning (MAML) into the NAS flow. The proposed NAS method (H-Meta-NAS) is hardware-aware and performs optimisation in the MAML framework. H-Meta-NAS shows a Pareto dominance compared to a variety of NAS and manual baselines in popular few-shot learning benchmarks with various hardware platforms and constraints. In particular, on the 5-way 1-shot Mini-ImageNet classification task, the proposed method outperforms the best manual baseline by a large margin (5.21% in accuracy) using 60% less computation

Turning up the Dial: The Evolution of a Cybercrime Market through Set-up, Stable, and Covid-19 Eras

Trust and reputation play a core role in underground cybercrime markets, where participants are anonymous and there is little legal recourse for dispute arbitration. These underground markets exist in tension between two opposing forces: the drive to hide incriminating information, and the trust and stability benefits that greater openness yields. Revealing information about transactions to mitigate scams also provides valuable data about the market. We analyse the first dataset, of which we are aware, about the transactions created and completed on a well-known and high-traffic underground marketplace, Hack Forums, along with the associated threads and posts made by its users over two recent years, from June 2018 to June 2020. We use statistical modelling approaches to analyse the economic and social characteristics of the market over three eras, especially its performance as an infrastructure for trust. In the Set-up era, we observe the growth of users making only one transaction, as well as 'power-users' who make many transactions. In the Stable era, we observe a wide range of activities (including large-scale transfers of intermediate currencies such as Amazon Giftcards) which declines slowly from an initial peak. Finally, we analyse the effects of the Covid-19 pandemic, concluding that while we see a significant increase in transactions across all categories, this reflects a stimulus of the market, rather than a transformation. New users overcome the 'cold start' problem by engaging in low-level currency exchanges to prove their trustworthiness. We observe currency exchange accounts for most contracts, and Bitcoin and PayPal are the preferred payment methods by trading values and number of contracts involved. The market is becoming more centralised over time around influential users and threads, with significant changes observed during the Set-up and Covid-19 eras.EPSRC Doctoral Training Studentship (Jack Hughes

Architectural Backdoors in Neural Networks

Machine learning is vulnerable to adversarial manipulation. Previous literature demonstrated that at the training stage attackers can manipulate data [14] and data sampling procedures [29] to control model behaviour. A common attack goal is to plant backdoors i.e. force the victim model to learn to recognise a trigger known only by the adversary. In this paper, we introduce a new class of backdoor attacks that hide inside model architectures i.e. in the inductive bias of the functions used to train. These backdoors are simple to implement, for instance by publishing open-source code for a backdoored model architecture that others will reuse unknowingly. We demonstrate that model architectural backdoors represent a real threat and, unlike other approaches, can survive a complete re-training from scratch. We formalise the main construction principles behind architectural backdoors, such as a connection between the input and the output, and describe some possible protections against them. We evaluate our attacks on computer vision benchmarks of different scales and demonstrate the underlying vulnerability is pervasive in a variety of common training settings

Facial Electromyography-based Adaptive Virtual Reality Gaming for Cognitive Training.

Cognitive training has shown promising results for delivering improvements in human cognition related to attention, problem solving, reading comprehension and information retrieval. However, two frequently cited problems in cognitive training literature are a lack of user engagement with the training programme, and a failure of developed skills to generalise to daily life. This paper introduces a new cognitive training (CT) paradigm designed to address these two limitations by combining the benefits of gamification, virtual reality (VR), and affective adaptation in the development of an engaging, ecologically valid, CT task. Additionally, it incorporates facial electromyography (EMG) as a means of determining user affect while engaged in the CT task. This information is then utilised to dynamically adjust the game’s difficulty in real-time as users play, with the aim of leading them into a state of flow. Affect recognition rates of 64.1% and 76.2%, for valence and arousal respectively, were achieved by classifying a DWT-Haar approximation of the input signal using kNN. The affect-aware VR cognitive training intervention was then evaluated with a control group of older adults. The results obtained substantiate the notion that adaptation techniques can lead to greater feelings of competence and a more appropriate challenge of the user’s skills