44 research outputs found
AI ATAC 1: An Evaluation of Prominent Commercial Malware Detectors
This work presents an evaluation of six prominent commercial endpoint malware
detectors, a network malware detector, and a file-conviction algorithm from a
cyber technology vendor. The evaluation was administered as the first of the
Artificial Intelligence Applications to Autonomous Cybersecurity (AI ATAC)
prize challenges, funded by / completed in service of the US Navy. The
experiment employed 100K files (50/50% benign/malicious) with a stratified
distribution of file types, including ~1K zero-day program executables
(increasing experiment size two orders of magnitude over previous work). We
present an evaluation process of delivering a file to a fresh virtual machine
donning the detection technology, waiting 90s to allow static detection, then
executing the file and waiting another period for dynamic detection; this
allows greater fidelity in the observational data than previous experiments, in
particular, resource and time-to-detection statistics. To execute all 800K
trials (100K files 8 tools), a software framework is designed to
choreographed the experiment into a completely automated, time-synced, and
reproducible workflow with substantial parallelization. A cost-benefit model
was configured to integrate the tools' recall, precision, time to detection,
and resource requirements into a single comparable quantity by simulating costs
of use. This provides a ranking methodology for cyber competitions and a lens
through which to reason about the varied statistical viewpoints of the results.
These statistical and cost-model results provide insights on state of
commercial malware detection
Beyond the Hype: A Real-World Evaluation of the Impact and Cost of Machine Learning-Based Malware Detection
There is a lack of scientific testing of commercially available malware
detectors, especially those that boast accurate classification of
never-before-seen (i.e., zero-day) files using machine learning (ML). The
result is that the efficacy and gaps among the available approaches are opaque,
inhibiting end users from making informed network security decisions and
researchers from targeting gaps in current detectors. In this paper, we present
a scientific evaluation of four market-leading malware detection tools to
assist an organization with two primary questions: (Q1) To what extent do
ML-based tools accurately classify never-before-seen files without sacrificing
detection ability on known files? (Q2) Is it worth purchasing a network-level
malware detector to complement host-based detection? We tested each tool
against 3,536 total files (2,554 or 72% malicious, 982 or 28% benign) including
over 400 zero-day malware, and tested with a variety of file types and
protocols for delivery. We present statistical results on detection time and
accuracy, consider complementary analysis (using multiple tools together), and
provide two novel applications of a recent cost-benefit evaluation procedure by
Iannaconne & Bridges that incorporates all the above metrics into a single
quantifiable cost. While the ML-based tools are more effective at detecting
zero-day files and executables, the signature-based tool may still be an
overall better option. Both network-based tools provide substantial (simulated)
savings when paired with either host tool, yet both show poor detection rates
on protocols other than HTTP or SMTP. Our results show that all four tools have
near-perfect precision but alarmingly low recall, especially on file types
other than executables and office files -- 37% of malware tested, including all
polyglot files, were undetected.Comment: Includes Actionable Takeaways for SOC
B-Cyclin/CDKs Regulate Mitotic Spindle Assembly by Phosphorylating Kinesins-5 in Budding Yeast
Although it has been known for many years that B-cyclin/CDK complexes regulate the assembly of the mitotic spindle and entry into mitosis, the full complement of relevant CDK targets has not been identified. It has previously been shown in a variety of model systems that B-type cyclin/CDK complexes, kinesin-5 motors, and the SCFCdc4 ubiquitin ligase are required for the separation of spindle poles and assembly of a bipolar spindle. It has been suggested that, in budding yeast, B-type cyclin/CDK (Clb/Cdc28) complexes promote spindle pole separation by inhibiting the degradation of the kinesins-5 Kip1 and Cin8 by the anaphase-promoting complex (APCCdh1). We have determined, however, that the Kip1 and Cin8 proteins are present at wild-type levels in the absence of Clb/Cdc28 kinase activity. Here, we show that Kip1 and Cin8 are in vitro targets of Clb2/Cdc28 and that the mutation of conserved CDK phosphorylation sites on Kip1 inhibits spindle pole separation without affecting the protein's in vivo localization or abundance. Mass spectrometry analysis confirms that two CDK sites in the tail domain of Kip1 are phosphorylated in vivo. In addition, we have determined that Sic1, a Clb/Cdc28-specific inhibitor, is the SCFCdc4 target that inhibits spindle pole separation in cells lacking functional Cdc4. Based on these findings, we propose that Clb/Cdc28 drives spindle pole separation by direct phosphorylation of kinesin-5 motors
A Global Census of Fission Yeast Deubiquitinating Enzyme Localization and Interaction Networks Reveals Distinct Compartmentalization Profiles and Overlapping Functions in Endocytosis and Polarity
Proteomic, localization, and enzymatic activity screens in fission yeast reveal how deubiquitinating enzyme localization and function are tuned
Large-Eddy Simulations of Magnetohydrodynamic Turbulence in Heliophysics and Astrophysics
We live in an age in which high-performance computing is transforming the way we do science. Previously intractable problems are now becoming accessible by means of increasingly realistic numerical simulations. One of the most enduring and most challenging of these problems is turbulence. Yet, despite these advances, the extreme parameter regimes encountered in space physics and astrophysics (as in atmospheric and oceanic physics) still preclude direct numerical simulation. Numerical models must take a Large Eddy Simulation (LES) approach, explicitly computing only a fraction of the active dynamical scales. The success of such an approach hinges on how well the model can represent the subgrid-scales (SGS) that are not explicitly resolved. In addition to the parameter regime, heliophysical and astrophysical applications must also face an equally daunting challenge: magnetism. The presence of magnetic fields in a turbulent, electrically conducting fluid flow can dramatically alter the coupling between large and small scales, with potentially profound implications for LES/SGS modeling. In this review article, we summarize the state of the art in LES modeling of turbulent magnetohydrodynamic (MHD) ows. After discussing the nature of MHD turbulence and the small-scale processes that give rise to energy dissipation, plasma heating, and magnetic reconnection, we consider how these processes may best be captured within an LES/SGS framework. We then consider several special applications in heliophysics and astrophysics, assessing triumphs, challenges,and future directions