Graph Sketches: Sparsification, Spanners, and Subgraphs

When processing massive data sets, a core task is to construct synopses of the data. To be useful, a synopsis data structure should be easy to construct while also yielding good approximations of the relevant properties of the data set. A particularly useful class of synopses are sketches, i.e., those based on linear projections of the data. These are applicable in many models including various parallel, stream, and compressed sensing settings. A rich body of analytic and empirical work exists for sketching numerical data such as the frequencies of a set of entities. Our work investigates graph sketching where the graphs of interest encode the relationships between these entities. The main challenge is to capture this richer structure and build the necessary synopses with only linear measurements. In this paper we consider properties of graphs including the size of the cuts, the distances between nodes, and the prevalence of dense sub-graphs. Our main result is a sketch-based sparsifier construction: we show that O̅(nε-2) random linear projections of a graph on n nodes suffice to (1 + ε) approximate all cut values. Similarly, we show that O(ε-2) linear projections suffice for (additively) approximating the fraction of induced sub-graphs that match a given pattern such as a small clique. Finally, for distance estimation we present sketch-based spanner constructions. In this last result the sketches are adaptive, i.e., the linear projections are performed in a small number of batches where each projection may be chosen dependent on the outcome of earlier sketches. All of the above results immediately give rise to data stream algorithms that also apply to dynamic graph streams where edges are both inserted and deleted. The non-adaptive sketches, such as those for sparsification and subgraphs, give us single-pass algorithms for distributed data streams with insertion and deletions. The adaptive sketches can be used to analyze MapReduce algorithms that use a small number of rounds

Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework

With advances in cyber threats and increased intelligence, incidents continue to occur related to new ways of using new technologies. In addition, as intelligent and advanced cyberattack technologies gradually increase, the limit of inefficient malicious code detection and analysis has been reached, and inaccurate detection rates for unknown malicious codes are increasing. Thus, this study used a machine learning algorithm to achieve a malicious file detection accuracy of more than 99%, along with a method for visualizing data for the detection of malicious files using the dynamic-analysis-based MITRE ATT&CK framework. The PE malware dataset was classified into Random Forest, Adaboost, and Gradient Boosting models. These models achieved accuracies of 99.3%, 98.4%, and 98.8%, respectively, and malicious file analysis results were derived through visualization by applying the MITRE ATT&CK matrix

Mission Impact Analysis by Measuring the Effect on Physical Combat Operations Associated With Cyber Asset Damage

As operations previously undertaken only in physical space in the past have changed to operations that include cyberspace, it is crucial to define the concept of “cyber missions” clearly. In this study, “cyber mission” refers to any military operation or process that utilizes cyber systems to perform actions in accordance with orders delivered to them. Because a weapon system that utilizes a cyber system executes actions based on the commands transmitted to the cyber system, it is necessary to analyze how attacks from cyberspace affects such a weapon system. To this end, it would be meaningful to analyze the tools used to analyze the mission impact of physical weapon systems linked to cyber-attacks. The US military’s Joint Munitions Effectiveness Manual (JMEM), which contains the results of analyzing the effects of weapon systems, does not include analysis results for the effects of weapon systems on cyber-attacks. In this study, based on the analysis of the effectiveness of physical warfare, the damage to cyber assets was quantified and associated to calculate the cyber index for the analysis of operational efficiency. In connection with JMEM, the results of combat in cyberspace and the effects of physical operations were compared and analyzed to propose a framework to judge the impact of missions, and the performance was tested. To verify the effectiveness of the proposed framework, domestic and foreign operational scenarios were analyzed and designed, assets were defined, and experiments were conducted. These experiments showed that a greater decrease in the cyber mission effect value was related to a greater effect on physical operations. This framework could be used in a variety of operations to predict the physical impact of a cyber-attack and will help determine the next step in an operation

Diagnostic accuracy and efficiency of combined acquisition of low-dose time-resolved and single-phase high-resolution contrast-enhanced magnetic resonance angiography in a single session for pre-angiographic evaluation of spinal vascular disease.

BACKGROUND/PURPOSE:The purpose of this study was to evaluate the utility and efficacy of combined low-dose, time-resolved (TR) and single-phase high-resolution (HR) contrast-enhanced MRA (CE-MRA) as a pre-angiographic study for spinal vascular disease. MATERIALS AND METHODS:Seventeen consecutive patients with suspected spinal vascular disease were retrospectively reviewed. All patients underwent combined low-dose TR CE-MRA and three-dimensional single-phase HR CE-MRA at 3 Tesla, followed by conventional spinal digital subtraction angiography (DSA) within 90 days. Six patients underwent additional spinal MRA and DSA for treatment follow-up. Spinal lesions were analyzed in terms of presence, disease type, laterality, spinal level, and number of arterial feeders. RESULTS:Low-dose TR CE-MRA helped proper localization of subsequent HR CE-MRA in two patients with high or low level of the lesion. For initial detection of spinal vascular disease, sensitivity, specificity and accuracy of CE-MRA were 93.3% (n = 14/15), 100% (n = 3/3), and 94.4% (n = 17/18), respectively. In characterization of dural arteriovenous fistula (AVF), perimedullary AVF, spinal cord arteriovenous malformation (AVM), and extraspinal AVM, CE-MRA correctly characterized in 86.7% (n = 13/15) among the positive findings, and in 88.9% (n = 16/18) among the several patients including negative results. CE-MRA showed matched per-case localization of arterial feeders within 1 vertebral level in 80% (n = 12/15), and matched per-lesion localization in 78.3% (n = 18/23). CONCLUSION:Combined low-dose TR CE-MRA and single-phase HR CE-MRA at 3 Tesla was an effective and accurate non-invasive tool for the pre-angiographic evaluation of spinal vascular diseases in a single session