An Evasion Attack against ML-based Phishing URL Detectors

Background: Over the year, Machine Learning Phishing URL classification (MLPU) systems have gained tremendous popularity to detect phishing URLs proactively. Despite this vogue, the security vulnerabilities of MLPUs remain mostly unknown. Aim: To address this concern, we conduct a study to understand the test time security vulnerabilities of the state-of-the-art MLPU systems, aiming at providing guidelines for the future development of these systems. Method: In this paper, we propose an evasion attack framework against MLPU systems. To achieve this, we first develop an algorithm to generate adversarial phishing URLs. We then reproduce 41 MLPU systems and record their baseline performance. Finally, we simulate an evasion attack to evaluate these MLPU systems against our generated adversarial URLs. Results: In comparison to previous works, our attack is: (i) effective as it evades all the models with an average success rate of 66% and 85% for famous (such as Netflix, Google) and less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively; (ii) realistic as it requires only 23ms to produce a new adversarial URL variant that is available for registration with a median cost of only $11.99/year. We also found that popular online services such as Google SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that Adversarial training (successful defence against evasion attack) does not significantly improve the robustness of these systems as it decreases the success rate of our attack by only 6% on average for all the models. (iv) Further, we identify the security vulnerabilities of the considered MLPU systems. Our findings lead to promising directions for future research. Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but also highlights implications for future study towards assessing and improving these systems.Comment: Draft for ACM TOP

Understanding the Heterogeneity of Contributors in Bug Bounty Programs

Background: While bug bounty programs are not new in software development, an increasing number of companies, as well as open source projects, rely on external parties to perform the security assessment of their software for reward. However, there is relatively little empirical knowledge about the characteristics of bug bounty program contributors. Aim: This paper aims to understand those contributors by highlighting the heterogeneity among them. Method: We analyzed the histories of 82 bug bounty programs and 2,504 distinct bug bounty contributors, and conducted a quantitative and qualitative survey. Results: We found that there are project-specific and non-specific contributors who have different motivations for contributing to the products and organizations. Conclusions: Our findings provide insights to make bug bounty programs better and for further studies of new software development roles.Comment: 6 pages, ESEM 201

Impact of Fashion Consciousness on Hijabistas’ Buying Behavior

The basic purpose of this research is to establish a methodology for studying and understanding contributing factors towards fashion consciousness and its impact on hijab buying behavior of hijabistas present in Universities of Lahore. This population was represented by 100 respondents taken from top five universities of Lahore. These respondents were asked to fill a questionnaire and return. The data collected was statistically analyzed by using Pearson’s correlation technique and linear regression analysis which supported the hypotheses and generated evidence in favor of the hypotheses. It is clearly evident from the results that way of dressing, sources of fashion information, fashion motivation and uniqueness of fashion are the determinants of fashion consciousness of hijabistas. Fashion consciousness positively impacts hijabistas hijab buying behavior as evident by the significance of the impact. Keywords: Fashion Consciousness, Hijab Fashion Consumption, Fashion Uniqueness, Dressing Style, Motivation

Measuring the level of Customer satisfaction in private banking sector

Purpose: The purpose of this study is to measure the level of customer satisfaction in private banking sector  by discussing variables such as service quality and  loyalty. Design/methodology/approach: Being descriptive study, survey method was adopted for data collection to find out the factors. A sample of 250 private bank customer of Bahawalpur was selected for the survey. Data was analyzed by using Cronbach?s Alpha, correlation and regression in SPSS software. Originality/value – The paper reveals there exist relationship between the performance of teachers and factors affecting in the private schools in Bahawalpur. Keywords: customer satisfaction, service quality, loyalty of customer

Miniaturized Microwave Devices and Antennas for Wearable, Implantable and Wireless Applications

This thesis presents a number of microwave devices and antennas that maintain high operational efficiency and are compact in size at the same time. One goal of this thesis is to address several miniaturization challenges of antennas and microwave components by using the theoretical principles of metamaterials, Metasurface coupling resonators and stacked radiators, in combination with the elementary antenna and transmission line theory. While innovating novel solutions, standards and specifications of next generation wireless and bio-medical applications were considered to ensure advancement in the respective scientific fields. Compact reconfigurable phase-shifter and a microwave cross-over based on negative-refractive-index transmission-line (NRI-TL) materialist unit cells is presented. A Metasurface based wearable sensor architecture is proposed, containing an electromagnetic band-gap (EBG) structure backed monopole antenna for off-body communication and a fork shaped antenna for efficient radiation towards the human body. A fully parametrized solution for an implantable antenna is proposed using metallic coated stacked substrate layers. Challenges and possible solutions for off-body, on-body, through-body and across-body communication have been investigated with an aid of computationally extensive simulations and experimental verification. Next, miniaturization and implementation of a UWB antenna along with an analytical model to predict the resonance is presented. Lastly, several miniaturized rectifiers designed specifically for efficient wireless power transfer are proposed, experimentally verified, and discussed. The study answered several research questions of applied electromagnetic in the field of bio-medicine and wireless communication.Comment: A thesis submitted for the degree of Ph

The 2004 UTfit Collaboration Report on the Status of the Unitarity Triangle in the Standard Model

Using the latest determinations of several theoretical and experimental parameters, we update the Unitarity Triangle analysis in the Standard Model. The basic experimental constraints come from the measurements of |V_ub/V_cb|, Delta M_d, the lower limit on Delta M_s, epsilon_k, and the measurement of the phase of the B_d - anti B_d mixing amplitude through the time-dependent CP asymmetry in B^0 to J/psi K^0 decays. In addition, we consider the direct determination of alpha, gamma, 2 beta + gamma and cos(2 beta) from the measurements of new CP-violating quantities, recently performed at the B factories. We also discuss the opportunities offered by improving the precision of the various physical quantities entering in the determination of the Unitarity Triangle parameters. The results and the plots presented in this paper can also be found at http://www.utfit.org, where they are continuously updated with the newest experimental and theoretical results.Comment: 32 pages, 17 figures. High resolution figures and updates can be found at http://www.utfit.org v2: misprints correcte

An Empirical Evaluation of an Activity-Based Infrastructure for Supporting Cooperation in Software Engineering

[Background] Software Engineering (SE) is predominantly a team effort that needs close cooperation among several people who may be geographically distributed. It has been recognized that appropriate tool support is a prerequisite to improve cooperation within SE teams. In an effort to contribute to this line of research, we have designed and developed an infrastructure, called ABC4GSD, based on the models of Activity Theory (AT) and the principles of the Activity-Based Computing (ABC) paradigm. [Aim] In this paper, we present a study that empirically evaluates the ability of ABC4GSD in supporting teams cooperation. [Method] We designed and executed a study based on a scenario that simulated the Follow-The-Sun (FTS) strategy of Global SE (GSE). Our research design allowed us to ensure cooperation to be both computer-mediated as well as contained within observable short time-windows-the hand-off activities of the FTS strategy. [Results] Overall, the results show that the cooperation support provided by the ABC4GSD system has been positively perceived by the participants. Nonetheless, open issues stimulating further investigations have been raised especially due to a few mixed results. [Conclusions] Aware of the limitations of the simulated scenario, we conclude that the approach followed by the ABC4GSD system based on activities is desirable to improve the cooperation support in SE. Finally, our research approach based on simulating a scenario with geographical and temporal distribution can providePaolo Tell, Muhammad Ali Baba