Beyond the Hype: A Real-World Evaluation of the Impact and Cost of Machine Learning-Based Malware Detection

There is a lack of scientific testing of commercially available malware detectors, especially those that boast accurate classification of never-before-seen (i.e., zero-day) files using machine learning (ML). The result is that the efficacy and gaps among the available approaches are opaque, inhibiting end users from making informed network security decisions and researchers from targeting gaps in current detectors. In this paper, we present a scientific evaluation of four market-leading malware detection tools to assist an organization with two primary questions: (Q1) To what extent do ML-based tools accurately classify never-before-seen files without sacrificing detection ability on known files? (Q2) Is it worth purchasing a network-level malware detector to complement host-based detection? We tested each tool against 3,536 total files (2,554 or 72% malicious, 982 or 28% benign) including over 400 zero-day malware, and tested with a variety of file types and protocols for delivery. We present statistical results on detection time and accuracy, consider complementary analysis (using multiple tools together), and provide two novel applications of a recent cost-benefit evaluation procedure by Iannaconne & Bridges that incorporates all the above metrics into a single quantifiable cost. While the ML-based tools are more effective at detecting zero-day files and executables, the signature-based tool may still be an overall better option. Both network-based tools provide substantial (simulated) savings when paired with either host tool, yet both show poor detection rates on protocols other than HTTP or SMTP. Our results show that all four tools have near-perfect precision but alarmingly low recall, especially on file types other than executables and office files -- 37% of malware tested, including all polyglot files, were undetected.Comment: Includes Actionable Takeaways for SOC

Global burden of respiratory infections associated with seasonal influenza in children under 5 years in 2018: a systematic review and modelling study

Background: Seasonal influenza virus is a common cause of acute lower respiratory infection (ALRI) in young children. In 2008, we estimated that 20 million influenza-virus-associated ALRI and 1 million influenza-virus-associated severe ALRI occurred in children under 5 years globally. Despite this substantial burden, only a few low-income and middle-income countries have adopted routine influenza vaccination policies for children and, where present, these have achieved only low or unknown levels of vaccine uptake. Moreover, the influenza burden might have changed due to the emergence and circulation of influenza A/H1N1pdm09. We aimed to incorporate new data to update estimates of the global number of cases, hospital admissions, and mortality from influenza-virus-associated respiratory infections in children under 5 years in 2018. Methods: We estimated the regional and global burden of influenza-associated respiratory infections in children under 5 years from a systematic review of 100 studies published between Jan 1, 1995, and Dec 31, 2018, and a further 57 high-quality unpublished studies. We adapted the Newcastle-Ottawa Scale to assess the risk of bias. We estimated incidence and hospitalisation rates of influenza-virus-associated respiratory infections by severity, case ascertainment, region, and age. We estimated in-hospital deaths from influenza virus ALRI by combining hospital admissions and in-hospital case-fatality ratios of influenza virus ALRI. We estimated the upper bound of influenza virus-associated ALRI deaths based on the number of in-hospital deaths, US paediatric influenza-associated death data, and population-based childhood all-cause pneumonia mortality data in six sites in low-income and lower-middle-income countries. Findings: In 2018, among children under 5 years globally, there were an estimated 109·5 million influenza virus episodes (uncertainty range [UR] 63·1–190·6), 10·1 million influenza-virus-associated ALRI cases (6·8–15·1); 870 000 influenza-virus-associated ALRI hospital admissions (543 000–1 415 000), 15 300 in-hospital deaths (5800–43 800), and up to 34 800 (13 200–97 200) overall influenza-virus-associated ALRI deaths. Influenza virus accounted for 7% of ALRI cases, 5% of ALRI hospital admissions, and 4% of ALRI deaths in children under 5 years. About 23% of the hospital admissions and 36% of the in-hospital deaths were in infants under 6 months. About 82% of the in-hospital deaths occurred in low-income and lower-middle-income countries. Interpretation: A large proportion of the influenza-associated burden occurs among young infants and in low-income and lower middle-income countries. Our findings provide new and important evidence for maternal and paediatric influenza immunisation, and should inform future immunisation policy particularly in low-income and middle-income countries. Funding: WHO; Bill & Melinda Gates Foundation.Fil: Wang, Xin. University of Edinburgh; Reino UnidoFil: Li, You. University of Edinburgh; Reino UnidoFil: O'Brien, Katherine L.. University Johns Hopkins; Estados UnidosFil: Madhi, Shabir A.. University of the Witwatersrand; SudáfricaFil: Widdowson, Marc Alain. Centers for Disease Control and Prevention; Estados UnidosFil: Byass, Peter. Umea University; SueciaFil: Omer, Saad B.. Yale School Of Public Health; Estados UnidosFil: Abbas, Qalab. Aga Khan University; PakistánFil: Ali, Asad. Aga Khan University; PakistánFil: Amu, Alberta. Dodowa Health Research Centre; GhanaFil: Azziz-Baumgartner, Eduardo. Centers for Disease Control and Prevention; Estados UnidosFil: Bassat, Quique. University Of Barcelona; EspañaFil: Abdullah Brooks, W.. University Johns Hopkins; Estados UnidosFil: Chaves, Sandra S.. Centers for Disease Control and Prevention; Estados UnidosFil: Chung, Alexandria. University of Edinburgh; Reino UnidoFil: Cohen, Cheryl. National Institute For Communicable Diseases; SudáfricaFil: Echavarría, Marcela Silvia. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Parque Centenario. CEMIC-CONICET. Centro de Educaciones Médicas e Investigaciones Clínicas "Norberto Quirno". CEMIC-CONICET; ArgentinaFil: Fasce, Rodrigo A.. Public Health Institute; ChileFil: Gentile, Angela. Gobierno de la Ciudad de Buenos Aires. Hospital General de Niños "Ricardo Gutiérrez"; ArgentinaFil: Gordon, Aubree. University of Michigan; Estados UnidosFil: Groome, Michelle. University of the Witwatersrand; SudáfricaFil: Heikkinen, Terho. University Of Turku; FinlandiaFil: Hirve, Siddhivinayak. Kem Hospital Research Centre; IndiaFil: Jara, Jorge H.. Universidad del Valle de Guatemala; GuatemalaFil: Katz, Mark A.. Clalit Research Institute; IsraelFil: Khuri Bulos, Najwa. University Of Jordan School Of Medicine; JordaniaFil: Krishnan, Anand. All India Institute Of Medical Sciences; IndiaFil: de Leon, Oscar. Universidad del Valle de Guatemala; GuatemalaFil: Lucero, Marilla G.. Research Institute For Tropical Medicine; FilipinasFil: McCracken, John P.. Universidad del Valle de Guatemala; GuatemalaFil: Mira-Iglesias, Ainara. Fundación Para El Fomento de la Investigación Sanitaria; EspañaFil: Moïsi, Jennifer C.. Agence de Médecine Préventive; FranciaFil: Munywoki, Patrick K.. No especifíca;Fil: Ourohiré, Millogo. No especifíca;Fil: Polack, Fernando Pedro. Fundación para la Investigación en Infectología Infantil; ArgentinaFil: Rahi, Manveer. University of Edinburgh; Reino UnidoFil: Rasmussen, Zeba A.. National Institutes Of Health; Estados UnidosFil: Rath, Barbara A.. Vienna Vaccine Safety Initiative; AlemaniaFil: Saha, Samir K.. Child Health Research Foundation; BangladeshFil: Simões, Eric A.F.. University of Colorado; Estados UnidosFil: Sotomayor, Viviana. Ministerio de Salud de Santiago de Chile; ChileFil: Thamthitiwat, Somsak. Thailand Ministry Of Public Health; TailandiaFil: Treurnicht, Florette K.. University of the Witwatersrand; SudáfricaFil: Wamukoya, Marylene. African Population & Health Research Center; KeniaFil: Lay-Myint, Yoshida. Nagasaki University; JapónFil: Zar, Heather J.. University of Cape Town; SudáfricaFil: Campbell, Harry. University of Edinburgh; Reino UnidoFil: Nair, Harish. University of Edinburgh; Reino Unid

A Framework for Attribute-Based Access Control in Processing Big Data with Multiple Sensitivities

There is an increasing demand for processing large volumes of unstructured data for a wide variety of applications. However, protection measures for these big data sets are still in their infancy, which could lead to significant security and privacy issues. Attribute-based access control (ABAC) provides a dynamic and flexible solution that is effective for mediating access. We analyzed and implemented a prototype application of ABAC to large dataset processing in Amazon Web Services, using open-source versions of Apache Hadoop, Ranger, and Atlas. The Hadoop ecosystem is one of the most popular frameworks for large dataset processing and storage and is adopted by major cloud service providers. We conducted a rigorous analysis of cybersecurity in implementing ABAC policies in Hadoop, including developing a synthetic dataset of information at multiple sensitivity levels that realistically represents healthcare and connected social media data. We then developed Apache Spark programs that extract, connect, and transform data in a manner representative of a realistic use case. Our result is a framework for securing big data. Applying this framework ensures that serious cybersecurity concerns are addressed. We provide details of our analysis and experimentation code in a GitHub repository for further research by the community

Conjugated linoleic acid supplementation, insulin sensitivity, and lipoprotein metabolism in patients with type 2 diabetes mellitus.

BACKGROUND: Some animal studies have suggested that conjugated linoleic acid (CLA) supplementation may have therapeutic potential with respect to insulin sensitivity and lipid metabolism, which are important cardiovascular disease (CVD) risk factors associated with type 2 diabetes mellitus. OBJECTIVE: We investigated the effect of CLA supplementation on markers of glucose and insulin metabolism, lipoprotein metabolism, and inflammatory markers of CVD in subjects with type 2 diabetes. DESIGN: The study was a randomized, double-blind, placebo-controlled trial. Thirty-two subjects with stable, diet-controlled type 2 diabetes received CLA (3.0 g/d; 50:50 blend of cis-9,trans-11 CLA and trans-10,cis-12 CLA) or control for 8 wk. A 3-h 75-g oral-glucose-tolerance test was performed, and fasting plasma lipid concentrations and inflammatory markers were measured before and after the intervention. RESULTS: CLA supplementation significantly increased fasting glucose concentrations (6.3%; P < 0.05) and reduced insulin sensitivity as measured by homeostasis model assessment, oral glucose insulin sensitivity, and the insulin sensitivity index (composite) (P = 0.05). Total HDL-cholesterol concentrations increased by 8% (P < 0.05), which was due to a significant increase in HDL(2)-cholesterol concentrations (P < 0.05). The ratio of LDL to HDL cholesterol was significantly reduced (P < 0.01). CLA supplementation reduced fibrinogen concentrations (P < 0.01) but had no effect on the inflammatory markers of CVD (C-reactive protein and interleukin 6). CONCLUSIONS: CLA supplementation had an adverse effect on insulin and glucose metabolism. Whereas CLA had positive effects on HDL metabolism and fibrinogen, a therapeutic nutrient should not be associated with potentially adverse effects on other clinical markers of type 2 diabetes

Cholesteryl ester transfer protein modulates the effect of liver X receptor agonists on cholesterol transport and excretion in the mouse

International audienceHuman plasma, unlike mouse plasma, contains the cholesteryl ester transfer protein (CETP) that may influence the reverse cholesterol transport. Liver X receptor (LXR), an oxysterol-activated nuclear receptor induces CETP transcription via a direct repeat 4 element in the CETP gene promoter. The aim of the study was to assess in vivo the impact of LXR activation on CETP expression and its consequences on plasma lipid metabolism and hepatic and bile lipid content. Wild-type and humanized mice expressing CETP were treated for five days with T0901317 LXR agonist. This treatment produced marked rises in both hepatic CETP mRNA and plasma CETP activity levels. Interestingly, the LXR agonist-mediated, 2-fold rise in both total and HDL cholesterol levels in treated wild-type mice was not observed in CETPTg mice, and the accumulation of cholesterol in the liver of CETPTg mice was reversed by LXR agonist treatment. Moreover, LXR activation induced a 2-fold increase in hepatic LDL-receptor expression in wild-type and CETPTg mice, and it produced a significantly greater rise in biliary cholesterol concentration in CETPTg mice as compared with wild-type mice. In conclusion, induction of CETP constitutes a major determinant of the effect of LXR agonists on cholesterol transport and excretion

Phospholipid transfer protein (PLTP) deficiency reduces brain vitamin E content and increases anxiety in mice

DOI: 10.1096/fj.04-2400fjeInternational audienceVitamin E supplementation constitutes a promising strategy in the prevention of neurodegenerative diseases. Here, we show that a phospholipid transfer protein (PLTP) is widely expressed in the brain where it appears to function as a transfer factor for α-tocopherol, the main isomer of vitamin E. PLTP deficiency results in significant depletion of brain α-tocopherol in both homozygous (-30.1%, P<0.0002) and heterozygous (–18.0%, P<0.05) PLTP knocked-out mice. α-tocopherol depletion in PLTP-deficient homozygotes is associated with the elevation of lipofuscin (+25% and +450% increases in cortex and substantia nigra, respectively), cholesterol oxides (+54.5%, P<0.05), and cellular peroxides (+32.3%, P<0.01) in the brain. Complete PLTP deficiency in homozygotes is accompanied by increased anxiety as shown by fewer entries (8.3% vs. 44.4% in controls, P<0.01) and less time spent (1.7% vs. 41.3% in controls, P<0.05) in the open arms of an elevated plus-maze, in the absence of locomotor deterioration. Thus, the vitamin E transfer activity of PLTP appears to be a key process in preventing oxidative damage in the brain, and PLTP-deficient mice could be a new model of the contribution of oxidative brain injury in the etiology of neurodegenerative diseases

Impact of Perturbed Pancreatic β-Cell Cholesterol Homeostasis on Adipose Tissue and Skeletal Muscle Metabolism

International audienc