AI ATAC 1: An Evaluation of Prominent Commercial Malware Detectors

This work presents an evaluation of six prominent commercial endpoint malware detectors, a network malware detector, and a file-conviction algorithm from a cyber technology vendor. The evaluation was administered as the first of the Artificial Intelligence Applications to Autonomous Cybersecurity (AI ATAC) prize challenges, funded by / completed in service of the US Navy. The experiment employed 100K files (50/50% benign/malicious) with a stratified distribution of file types, including ~1K zero-day program executables (increasing experiment size two orders of magnitude over previous work). We present an evaluation process of delivering a file to a fresh virtual machine donning the detection technology, waiting 90s to allow static detection, then executing the file and waiting another period for dynamic detection; this allows greater fidelity in the observational data than previous experiments, in particular, resource and time-to-detection statistics. To execute all 800K trials (100K files $\times$ 8 tools), a software framework is designed to choreographed the experiment into a completely automated, time-synced, and reproducible workflow with substantial parallelization. A cost-benefit model was configured to integrate the tools' recall, precision, time to detection, and resource requirements into a single comparable quantity by simulating costs of use. This provides a ranking methodology for cyber competitions and a lens through which to reason about the varied statistical viewpoints of the results. These statistical and cost-model results provide insights on state of commercial malware detection

Beyond the Hype: A Real-World Evaluation of the Impact and Cost of Machine Learning-Based Malware Detection

There is a lack of scientific testing of commercially available malware detectors, especially those that boast accurate classification of never-before-seen (i.e., zero-day) files using machine learning (ML). The result is that the efficacy and gaps among the available approaches are opaque, inhibiting end users from making informed network security decisions and researchers from targeting gaps in current detectors. In this paper, we present a scientific evaluation of four market-leading malware detection tools to assist an organization with two primary questions: (Q1) To what extent do ML-based tools accurately classify never-before-seen files without sacrificing detection ability on known files? (Q2) Is it worth purchasing a network-level malware detector to complement host-based detection? We tested each tool against 3,536 total files (2,554 or 72% malicious, 982 or 28% benign) including over 400 zero-day malware, and tested with a variety of file types and protocols for delivery. We present statistical results on detection time and accuracy, consider complementary analysis (using multiple tools together), and provide two novel applications of a recent cost-benefit evaluation procedure by Iannaconne & Bridges that incorporates all the above metrics into a single quantifiable cost. While the ML-based tools are more effective at detecting zero-day files and executables, the signature-based tool may still be an overall better option. Both network-based tools provide substantial (simulated) savings when paired with either host tool, yet both show poor detection rates on protocols other than HTTP or SMTP. Our results show that all four tools have near-perfect precision but alarmingly low recall, especially on file types other than executables and office files -- 37% of malware tested, including all polyglot files, were undetected.Comment: Includes Actionable Takeaways for SOC

B-Cyclin/CDKs Regulate Mitotic Spindle Assembly by Phosphorylating Kinesins-5 in Budding Yeast

Although it has been known for many years that B-cyclin/CDK complexes regulate the assembly of the mitotic spindle and entry into mitosis, the full complement of relevant CDK targets has not been identified. It has previously been shown in a variety of model systems that B-type cyclin/CDK complexes, kinesin-5 motors, and the SCFCdc4 ubiquitin ligase are required for the separation of spindle poles and assembly of a bipolar spindle. It has been suggested that, in budding yeast, B-type cyclin/CDK (Clb/Cdc28) complexes promote spindle pole separation by inhibiting the degradation of the kinesins-5 Kip1 and Cin8 by the anaphase-promoting complex (APCCdh1). We have determined, however, that the Kip1 and Cin8 proteins are present at wild-type levels in the absence of Clb/Cdc28 kinase activity. Here, we show that Kip1 and Cin8 are in vitro targets of Clb2/Cdc28 and that the mutation of conserved CDK phosphorylation sites on Kip1 inhibits spindle pole separation without affecting the protein's in vivo localization or abundance. Mass spectrometry analysis confirms that two CDK sites in the tail domain of Kip1 are phosphorylated in vivo. In addition, we have determined that Sic1, a Clb/Cdc28-specific inhibitor, is the SCFCdc4 target that inhibits spindle pole separation in cells lacking functional Cdc4. Based on these findings, we propose that Clb/Cdc28 drives spindle pole separation by direct phosphorylation of kinesin-5 motors

A Global Census of Fission Yeast Deubiquitinating Enzyme Localization and Interaction Networks Reveals Distinct Compartmentalization Profiles and Overlapping Functions in Endocytosis and Polarity

Proteomic, localization, and enzymatic activity screens in fission yeast reveal how deubiquitinating enzyme localization and function are tuned

Large-Eddy Simulations of Magnetohydrodynamic Turbulence in Heliophysics and Astrophysics

We live in an age in which high-performance computing is transforming the way we do science. Previously intractable problems are now becoming accessible by means of increasingly realistic numerical simulations. One of the most enduring and most challenging of these problems is turbulence. Yet, despite these advances, the extreme parameter regimes encountered in space physics and astrophysics (as in atmospheric and oceanic physics) still preclude direct numerical simulation. Numerical models must take a Large Eddy Simulation (LES) approach, explicitly computing only a fraction of the active dynamical scales. The success of such an approach hinges on how well the model can represent the subgrid-scales (SGS) that are not explicitly resolved. In addition to the parameter regime, heliophysical and astrophysical applications must also face an equally daunting challenge: magnetism. The presence of magnetic fields in a turbulent, electrically conducting fluid flow can dramatically alter the coupling between large and small scales, with potentially profound implications for LES/SGS modeling. In this review article, we summarize the state of the art in LES modeling of turbulent magnetohydrodynamic (MHD) ows. After discussing the nature of MHD turbulence and the small-scale processes that give rise to energy dissipation, plasma heating, and magnetic reconnection, we consider how these processes may best be captured within an LES/SGS framework. We then consider several special applications in heliophysics and astrophysics, assessing triumphs, challenges,and future directions