You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning

As Deep Packet Inspection (DPI) middleboxes become increasingly popular, a spectrum of adversarial attacks have emerged with the goal of evading such middleboxes. Many of these attacks exploit discrepancies between the middlebox network protocol implementations, and the more rigorous/complete versions implemented at end hosts. These evasion attacks largely involve subtle manipulations of packets to cause different behaviours at DPI and end hosts, to cloak malicious network traffic that is otherwise detectable. With recent automated discovery, it has become prohibitively challenging to manually curate rules for detecting these manipulations. In this work, we propose CLAP, the first fully-automated, unsupervised ML solution to accurately detect and localize DPI evasion attacks. By learning what we call the packet context, which essentially captures inter-relationships across both (1) different packets in a connection; and (2) different header fields within each packet, from benign traffic traces only, CLAP can detect and pinpoint packets that violate the benign packet contexts (which are the ones that are specially crafted for evasion purposes). Our evaluations with 73 state-of-the-art DPI evasion attacks show that CLAP achieves an Area Under the Receiver Operating Characteristic Curve (AUC-ROC) of 0.963, an Equal Error Rate (EER) of only 0.061 in detection, and an accuracy of 94.6% in localization. These results suggest that CLAP can be a promising tool for thwarting DPI evasion attacks.Comment: 12 pages, 12 figures; accepted to ACM CoNEXT 202

3D-IDS: Doubly Disentangled Dynamic Intrusion Detection

Network-based intrusion detection system (NIDS) monitors network traffic for malicious activities, forming the frontline defense against increasing attacks over information infrastructures. Although promising, our quantitative analysis shows that existing methods perform inconsistently in declaring various unknown attacks (e.g., 9% and 35% F1 respectively for two distinct unknown threats for an SVM-based method) or detecting diverse known attacks (e.g., 31% F1 for the Backdoor and 93% F1 for DDoS by a GCN-based state-of-the-art method), and reveals that the underlying cause is entangled distributions of flow features. This motivates us to propose 3D-IDS, a novel method that aims to tackle the above issues through two-step feature disentanglements and a dynamic graph diffusion scheme. Specifically, we first disentangle traffic features by a non-parameterized optimization based on mutual information, automatically differentiating tens and hundreds of complex features of various attacks. Such differentiated features will be fed into a memory model to generate representations, which are further disentangled to highlight the attack-specific features. Finally, we use a novel graph diffusion method that dynamically fuses the network topology for spatial-temporal aggregation in evolving data streams. By doing so, we can effectively identify various attacks in encrypted traffics, including unknown threats and known ones that are not easily detected. Experiments show the superiority of our 3D-IDS. We also demonstrate that our two-step feature disentanglements benefit the explainability of NIDS.Comment: Accepted and appeared in the proceedings of the KDD 2023 Research Trac

Lithium titanate hydrates with superfast and stable cycling in lithium ion batteries

Lithium titanate and titanium dioxide are two best-known high-performance electrodes that can cycle around 10,000 times in aprotic lithium ion electrolytes. Here we show there exists more lithium titanate hydrates with superfast and stable cycling. That is, water promotes structural diversity and nanostructuring of compounds, but does not necessarily degrade electrochemical cycling stability or performance in aprotic electrolytes. As a lithium ion battery anode, our multi-phase lithium titanate hydrates show a specific capacity of about 130 mA h g⁻¹ at ∼35 C (fully charged within ∼100 s) and sustain more than 10,000 cycles with capacity fade of only 0.001% per cycle. In situ synchrotron diffraction reveals no 2-phase transformations, but a single solid-solution behavior during battery cycling. So instead of just a nanostructured intermediate to be calcined, lithium titanate hydrates can be the desirable final destination.United States. Department of Energy (Contract DE-AC0206CH11357

Evaluation of left ventricular function in patients with coronary slow flow: A systematic review and meta-analysis

Background: Coronary slow flow (CSF) is an angiographic finding defined as delayed distal vessel perfusion without severe stenosis of the epicardial coronary arteries. However, definite alterations in left ventricular (LV) function in patients with CSF remains inconsistent. This study aimed to clarify the changes in LV function in patients with CSF and explore the factors that may influence LV function. Methods: PubMed, Embase, and Cochrane Library databases were systematically searched. Standardized mean differences and 95% confidence intervals (CI) for the LV function parameters were calculated. Subgroup analysis, meta-regression analysis, and correlation analysis were performed to explore the factors influencing LV function. Results: Twenty-two studies (1101 patients with CSF) were included after searching three databases. In patients with CSF, LV ejection function in patients with CSF was marginally lower (61.8%; 95% CI: 61.0%, 62.7%), global longitudinal strain was decreased (–18.2%; 95% CI: –16.7%, –19.7%). Furthermore, left atrial diameter, left atrial volume index, and E/e′ were significantly increased, while E/A and e’ were significantly decreased. The mean thrombolysis in myocardial infarction frame count (TFC) was linearly associated with LV function; the larger the mean TFC, the greater the impairment of LV function. Conclusions: Left ventricular systolic and diastolic functions were impaired in patients with CSF, and this impairment was aggravated with increasing mean TFC

Metabolic Engineering to Improve Docosahexaenoic Acid Production in Marine Protist Aurantiochytrium sp. by Disrupting 2,4-Dienoyl-CoA Reductase

Docosahexaenoic acid (DHA) has attracted attention from researchers because of its pharmacological and nutritional importance. Currently, DHA production costs are high due to fermentation inefficiency; however, improving DHA yield by metabolic engineering in thraustochytrids is one approach to reduce these costs. In this study, a high-yielding (53.97% of total fatty acids) DHA production strain was constructed by disrupting polyunsaturated fatty acid beta-oxidation via knockout of the 2,4-dienyl-CoA reductase (DECR) gene (KO strain) in Aurantiochytrium sp. Slight differences in cell growth was observed in the wild-type and transformants (OE and KO), with cell concentrations in stationary of 2.65×106, 2.36×106 and 2.56×106 cells mL-1 respectively. Impressively, the KO strain yielded 21.62% more neutral lipids and 57.34% greater DHA production; moreover, the opposite was observed when overexpressing DECR (OE strain), with significant decreases of 30.49% and 64.61%, respectively. Furthermore, the KO strain showed a prolonged DHA production period with a sustainable increase from 63 to 90 h (170.03 to 203.27 mg g−1 DCW), while that of the wildtype strain decreased significantly from 150.58 to 140.10 mg g−1 DCW. This new approach provides an advanced proxy for the construction of sustainable DHA production strains for industrial purposes and deepens our understanding of the metabolic pathways of Aurantiochytrium sp

Accuracy of digital guided implant surgery: expert consensus on nonsurgical factors and their treatments

The standardized workflow of computer-aided static guided implant surgery includes preoperative examination, data acquisition, guide design, guide fabrication and surgery. Errors may occur at each step, leading to irreversible cumulative effects and thus impacting the accuracy of implant placement. However, clinicians tend to focus on factors causing errors in surgical operations, ignoring the possibility of irreversible errors in nonstandard guided surgery. Based on the clinical practice of domestic experts and research progress at home and abroad, this paper summarizes the sources of errors in guided implant surgery from the perspectives of preoperative inspection, data collection, guide designing and manufacturing and describes strategies to resolve errors so as to gain expert consensus. Consensus recommendation: 1. Preoperative considerations: the appropriate implant guide type should be selected according to the patient's oral condition before surgery, and a retaining screw-assisted support guide should be selected if necessary. 2. Data acquisition should be standardized as much as possible, including beam CT and extraoral scanning. CBCT performed with the patient’s head fixed and with a small field of view is recommended. For patients with metal prostheses inside the mouth, a registration marker guide should be used, and the ambient temperature and light of the external oral scanner should be reasonably controlled. 3. Optimization of computer-aided design: it is recommended to select a handle-guided planting system and a closed metal sleeve and to register images by overlapping markers. Properly designing the retaining screws, extending the support structure of the guide plate and increasing the length of the guide section are methods to feasibly reduce the incidence of surgical errors. 4. Improving computer-aided production: it is also crucial to set the best printing parameters according to different printing technologies and to choose the most appropriate postprocessing procedures