When Web Meets Mobile: Novel Security Threats and Defenses in Web/Mobile Hybrid Apps

Nowadays, mobile app developers are enjoying the benefits of the amalgamation of web and mobile platforms. Developers can easily and smoothly integrate all sorts of web services in their mobile apps by embedding a browser-like UI component, called “WebView”, which can render web content and run JavaScript code within mobile apps (call hybrid apps for convenience). WebView is easy to use and popular. A recent study showed ~80% of Android apps used WebView. WebView is also as powerful as regular browsers (e.g., Chrome/Chromium), and well supports web features and behaviors. In regular browsers, there exist several sensitive web behaviors that are often the root reason of critical security issues. In past years, they have been well studied, and a variety of mature defense solutions have been deployed. However, these sensitive web behaviors are seldom understood and scrutinized in WebView, which provides a totally new working environment. Different from regular browsers, WebView offers mobile developers freedom to customize their WebView instances by enabling several unique programming features. For example, WebView allows mobile code to control and customize web behaviors through WebView setting and event handler APIs. Considering these WebView features may heavily impact above sensitive web behaviors, it is unclear whether the corresponding defense solutions are still effective in WebView. Motivated by above security concerns, in this dissertation, we conduct the systematic security study of several sensitive web behaviors (e.g., web events, web messaging, and the utilization of iframes and popups) in WebView of the Android platform, which is open and the biggest mobile operating system (OS). As a consequence, we discover several novel security vulnerabilities and fundamental design flaws. To demonstrate the security implications, we devise several concrete attacks. Through these attacks, untrusted code (e.g., ads) loaded in WebView can open holes on existing defense solutions, and obtain risky privileges and abilities, such as stealing users’ private data (e.g., GPS location), unauthorizedly accessing sensitive hardware (e.g., microphone), and performing phishing attacks. Then, we study and assess the security impacts of these security issues on real-world hybrid apps. For this purpose, we develop novel tools that can automatically apply program analysis techniques to vet Android apps. By analyzing a large number of most popular apps collected from the official Android marketplace, we find the vulnerabilities are prevalent. Many high-profile apps are verified to be impacted, such as Facebook, Instagram, Facebook Messenger, Google News, Skype, Uber, Yelp, and U.S. Bank. To mitigate these security issues from the root, we design multi-level defense solutions that enhance the security of WebView. Our evaluation on real-world apps shows our mitigation solutions are effective and scalable, with negligible overhead

Attention-based CNN-LSTM and XGBoost hybrid model for stock prediction

Stock market plays an important role in the economic development. Due to the complex volatility of the stock market, the research and prediction on the change of the stock price, can avoid the risk for the investors. The traditional time series model ARIMA can not describe the nonlinearity, and can not achieve satisfactory results in the stock prediction. As neural networks are with strong nonlinear generalization ability, this paper proposes an attention-based CNN-LSTM and XGBoost hybrid model to predict the stock price. The model constructed in this paper integrates the time series model, the Convolutional Neural Networks with Attention mechanism, the Long Short-Term Memory network, and XGBoost regressor in a non-linear relationship, and improves the prediction accuracy. The model can fully mine the historical information of the stock market in multiple periods. The stock data is first preprocessed through ARIMA. Then, the deep learning architecture formed in pretraining-finetuning framework is adopted. The pre-training model is the Attention-based CNN-LSTM model based on sequence-to-sequence framework. The model first uses convolution to extract the deep features of the original stock data, and then uses the Long Short-Term Memory networks to mine the long-term time series features. Finally, the XGBoost model is adopted for fine-tuning. The results show that the hybrid model is more effective and the prediction accuracy is relatively high, which can help investors or institutions to make decisions and achieve the purpose of expanding return and avoiding risk. Source code is available at https://github.com/zshicode/Attention-CLX-stock-prediction.Comment: arXiv admin note: text overlap with arXiv:2202.1380

Novel muon imaging techniques

Owing to the high penetrating power of high-energy cosmic ray muons, muon imaging techniques can be used to image large bulky objects, especially objects with heavy shielding. Muon imaging systems work just like CT scanners in the medical imaging field—that is, they can reveal information inside of a target. There are two forms of muon imaging techniques: muon absorption imaging and muon multiple scattering imaging. The former is based on the flux attenuation of muons, and the latter is based on the multiple scattering of muons in matter. The muon absorption imaging technique is capable of imaging very large objects such as volcanoes and large buildings, and also smaller objects like spent fuel casks; the muon multiple scattering imaging technique is best suited to inspect smaller objects such as nuclear waste containers. Muon imaging techniques can be applied in a broad variety of fields, i.e. from measuring the magma thickness of volcanoes to searching for secret cavities in pyramids, and from monitoring the borders of countries checking for special nuclear materials to monitoring the spent fuel casks for nuclear safeguards applications. In this paper, the principles of muon imaging are reviewed. Image reconstruction algorithms such as Filtered Back Projection and Maximum Likelihood Expectation Maximization are discussed. The capability of muon imaging techniques is demonstrated through a Geant4 simulation study for imaging a nuclear spent fuel cask

SFNet: Faster and Accurate Semantic Segmentation via Semantic Flow

In this paper, we focus on exploring effective methods for faster and accurate semantic segmentation. A common practice to improve the performance is to attain high-resolution feature maps with strong semantic representation. Two strategies are widely used: atrous convolutions and feature pyramid fusion, while both are either computationally intensive or ineffective. Inspired by the Optical Flow for motion alignment between adjacent video frames, we propose a Flow Alignment Module (FAM) to learn \textit{Semantic Flow} between feature maps of adjacent levels and broadcast high-level features to high-resolution features effectively and efficiently. Furthermore, integrating our FAM to a standard feature pyramid structure exhibits superior performance over other real-time methods, even on lightweight backbone networks, such as ResNet-18 and DFNet. Then to further speed up the inference procedure, we also present a novel Gated Dual Flow Alignment Module to directly align high-resolution feature maps and low-resolution feature maps where we term the improved version network as SFNet-Lite. Extensive experiments are conducted on several challenging datasets, where results show the effectiveness of both SFNet and SFNet-Lite. In particular, when using Cityscapes test set, the SFNet-Lite series achieve 80.1 mIoU while running at 60 FPS using ResNet-18 backbone and 78.8 mIoU while running at 120 FPS using STDC backbone on RTX-3090. Moreover, we unify four challenging driving datasets into one large dataset, which we named Unified Driving Segmentation (UDS) dataset. It contains diverse domain and style information. We benchmark several representative works on UDS. Both SFNet and SFNet-Lite still achieve the best speed and accuracy trade-off on UDS, which serves as a strong baseline in such a challenging setting. The code and models are publicly available at https://github.com/lxtGH/SFSegNets.Comment: IJCV-2023; Extension of Previous work arXiv:2002.1012

Do Rural Migrants Benefit from Labor Market Agglomeration Economies? Evidence from Chinese Cities

We combine the 2005 China Inter-Census Population Survey data and the 2004 China Manufacturing Census to test whether workers, particularly rural migrants, benefit from labor market Marshallian externalities. We find that workers in general, and rural migrants in particular, benefit from labor market pooling effect (measured by total employment in a city-industry cell) and human capital externalities (measured by share of workers with a college degree or above in a city-industry cell). These findings are robust to various sorting bias tests. However, rural migrants benefit much less than do local or urban workers, possibly because rural migrants lack social networks and are discriminated doubly in terms of being both “rural” and “migrants.” Our findings have policy implications on how Chinese cities can become skilled during the rapid urbanization process coupled with global competition

Do Rural Migrants Benefit from Labor Market Agglomeration Economies? Evidence from Chinese Cities

We combine the 2005 China Inter-Census Population Survey data and the 2004 China Manufacturing Census to test whether workers, particularly rural migrants, benefit from labor market Marshallian externalities. We find that workers in general, and rural migrants in particular, benefit from labor market pooling effect (measured by total employment in a city-industry cell) and human capital externalities (measured by share of workers with a college degree or above in a city-industry cell). These findings are robust to various sorting bias tests. However, rural migrants benefit much less than do local or urban workers, possibly because rural migrants lack social networks and are discriminated doubly in terms of being both “rural” and “migrants.” Our findings have policy implications on how Chinese cities can become skilled during the rapid urbanization process coupled with global competition

Muography applied to nuclear waste storage sites

Legacy storage sites for nuclear waste can pose a serious environmental problem. In fact, since certain sites date from the middle of the last century when safety protocols had not been properly established and strict bookkeeping was not enforced, a situation has evolved where the content of storage silos is basically known only with a large uncertainty both on quantity and quality. At the same time maintenance work on old storage structures is becoming ever more urgent and yet this work requires exactly that information which is now lacking on the type of waste that was stored inside. Because of the difficulty in accessing the storage silos and the near impossibility of making visual inspections inside, techniques have to be developed which can determine the presence or absence of heavy elements (i.e. uranium) within the structures. Muography is a very promising technique which could allow the survey of previously inaccessible structures. We have begun an evaluation performing feasibility studies using simulations based on real case scenarios. This paper will outline the storage site scenarios and then present some of the results obtained from the Monte Carlo simulations

Suitability evaluation of territorial space development from the perspective of “form-flow integration”: A case study of the Nanjing Metropolitan Area

[Objective] The rapid advancements in information technology and transportation have greatly augmented the influence of flow elements on shaping spatial patterns. The integration of flow elements with geospatial morphological elements is gaining significance in optimizing territorial spatial planning. This study aimed to explore the approaches and methodologies for assessing the suitability of territorial space development by integrating forms and flows, which may provide essential support for the optimizing of territorial spatial patterns. [Methods] In this study, we employed mobile signaling data, geospatial data, and other diverse information sources to develop an evaluation indicator system known as “form-flow integration”. This system was designed to assess the suitability of territorial space development. Spatial overlay, k-means clustering, and hierarchical analysis methods were used to perform an integrated evaluation of the suitability of territorial space development in the Nanjing Metropolitan Area. [Results] (1) The territorial space development suitability in the Nanjing Metropolitan Area shows distinct characteristics of concentrated agglomeration around a single center and spatial differentiation. Suitable regions are primarily concentrated in the urbanized areas of Nanjing-Ma’anshan-Chuzhou and Nanjing-Zhenjiang-Yangzhou, as well as the Jinshan District and Liyang City of Changzhou. On the contrary, the regions that are not suitable are predominantly situated in Chuzhou, Ma’anshan, and Xuancheng. (2) The evaluation findings pertaining to the geospatial morphological elements indicate that Nanjing City functions as the central hub of the metropolitan area, while multiple city center areas serve as diverse high development suitability hubs. This exemplifies a spatial distribution characteristic known as “one core and multiple poles”. Geospatial morphological elements play a pivotal role in the development of territorial space. (3) The evaluation results of flow elements partially depict the genuine dynamic characteristics of the territorial spatial structure, thereby unveiling a spatial pattern characterized by a “core-periphery” nature. There are substantial variations in the development suitability of Nanjing, Chuzhou, and Xuancheng Cities. The existence of a significant “siphon effect” in Nanjing City, along with persistent administrative obstacles across different regions, is apparent. [Conclusion] This study contributes to the advancement of evaluating the suitability of territorial space development by integrating “form” and “flow” elements. The evaluation method for development suitability is optimized, with regional functionality as the central focus. Additionally, this study proves the applicability of the new method at the scale of metropolitan area, which provides theoretical reference for the optimization of territorial spatial pattern in metropolitan area

TransVOD: End-to-End Video Object Detection with Spatial-Temporal Transformers

Detection Transformer (DETR) and Deformable DETR have been proposed to eliminate the need for many hand-designed components in object detection while demonstrating good performance as previous complex hand-crafted detectors. However, their performance on Video Object Detection (VOD) has not been well explored. In this paper, we present TransVOD, the first end-to-end video object detection system based on spatial-temporal Transformer architectures. The first goal of this paper is to streamline the pipeline of VOD, effectively removing the need for many hand-crafted components for feature aggregation, e.g., optical flow model, relation networks. Besides, benefited from the object query design in DETR, our method does not need complicated post-processing methods such as Seq-NMS. In particular, we present a temporal Transformer to aggregate both the spatial object queries and the feature memories of each frame. Our temporal transformer consists of two components: Temporal Query Encoder (TQE) to fuse object queries, and Temporal Deformable Transformer Decoder (TDTD) to obtain current frame detection results. These designs boost the strong baseline deformable DETR by a significant margin (3%-4% mAP) on the ImageNet VID dataset. Then, we present two improved versions of TransVOD including TransVOD++ and TransVOD Lite. The former fuses object-level information into object query via dynamic convolution while the latter models the entire video clips as the output to speed up the inference time. We give detailed analysis of all three models in the experiment part. In particular, our proposed TransVOD++ sets a new state-of-the-art record in terms of accuracy on ImageNet VID with 90.0% mAP. Our proposed TransVOD Lite also achieves the best speed and accuracy trade-off with 83.7% mAP while running at around 30 FPS on a single V100 GPU device.Comment: Accepted to IEEE Transactions on Pattern Analysis and Machine Intelligence (IEEE TPAMI), extended version of arXiv:2105.1092