1,653 research outputs found
An Evasion Attack against ML-based Phishing URL Detectors
Background: Over the year, Machine Learning Phishing URL classification
(MLPU) systems have gained tremendous popularity to detect phishing URLs
proactively. Despite this vogue, the security vulnerabilities of MLPUs remain
mostly unknown. Aim: To address this concern, we conduct a study to understand
the test time security vulnerabilities of the state-of-the-art MLPU systems,
aiming at providing guidelines for the future development of these systems.
Method: In this paper, we propose an evasion attack framework against MLPU
systems. To achieve this, we first develop an algorithm to generate adversarial
phishing URLs. We then reproduce 41 MLPU systems and record their baseline
performance. Finally, we simulate an evasion attack to evaluate these MLPU
systems against our generated adversarial URLs. Results: In comparison to
previous works, our attack is: (i) effective as it evades all the models with
an average success rate of 66% and 85% for famous (such as Netflix, Google) and
less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively;
(ii) realistic as it requires only 23ms to produce a new adversarial URL
variant that is available for registration with a median cost of only
$11.99/year. We also found that popular online services such as Google
SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that
Adversarial training (successful defence against evasion attack) does not
significantly improve the robustness of these systems as it decreases the
success rate of our attack by only 6% on average for all the models. (iv)
Further, we identify the security vulnerabilities of the considered MLPU
systems. Our findings lead to promising directions for future research.
Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but
also highlights implications for future study towards assessing and improving
these systems.Comment: Draft for ACM TOP
Understanding the Heterogeneity of Contributors in Bug Bounty Programs
Background: While bug bounty programs are not new in software development, an
increasing number of companies, as well as open source projects, rely on
external parties to perform the security assessment of their software for
reward. However, there is relatively little empirical knowledge about the
characteristics of bug bounty program contributors. Aim: This paper aims to
understand those contributors by highlighting the heterogeneity among them.
Method: We analyzed the histories of 82 bug bounty programs and 2,504 distinct
bug bounty contributors, and conducted a quantitative and qualitative survey.
Results: We found that there are project-specific and non-specific contributors
who have different motivations for contributing to the products and
organizations. Conclusions: Our findings provide insights to make bug bounty
programs better and for further studies of new software development roles.Comment: 6 pages, ESEM 201
Entanglement-assisted quantum turbo codes
An unexpected breakdown in the existing theory of quantum serial turbo coding
is that a quantum convolutional encoder cannot simultaneously be recursive and
non-catastrophic. These properties are essential for quantum turbo code
families to have a minimum distance growing with blocklength and for their
iterative decoding algorithm to converge, respectively. Here, we show that the
entanglement-assisted paradigm simplifies the theory of quantum turbo codes, in
the sense that an entanglement-assisted quantum (EAQ) convolutional encoder can
possess both of the aforementioned desirable properties. We give several
examples of EAQ convolutional encoders that are both recursive and
non-catastrophic and detail their relevant parameters. We then modify the
quantum turbo decoding algorithm of Poulin et al., in order to have the
constituent decoders pass along only "extrinsic information" to each other
rather than a posteriori probabilities as in the decoder of Poulin et al., and
this leads to a significant improvement in the performance of unassisted
quantum turbo codes. Other simulation results indicate that
entanglement-assisted turbo codes can operate reliably in a noise regime 4.73
dB beyond that of standard quantum turbo codes, when used on a memoryless
depolarizing channel. Furthermore, several of our quantum turbo codes are
within 1 dB or less of their hashing limits, so that the performance of quantum
turbo codes is now on par with that of classical turbo codes. Finally, we prove
that entanglement is the resource that enables a convolutional encoder to be
both non-catastrophic and recursive because an encoder acting on only
information qubits, classical bits, gauge qubits, and ancilla qubits cannot
simultaneously satisfy them.Comment: 31 pages, software for simulating EA turbo codes is available at
http://code.google.com/p/ea-turbo/ and a presentation is available at
http://markwilde.com/publications/10-10-EA-Turbo.ppt ; v2, revisions based on
feedback from journal; v3, modification of the quantum turbo decoding
algorithm that leads to improved performance over results in v2 and the
results of Poulin et al. in arXiv:0712.288
Flavor SU(3) analysis of charmless B meson decays to two pseudoscalar mesons
Global fits to charmless B --> PP decays in the framework of flavor SU(3)
symmetry are updated and improved without reference to the \sin2\beta measured
from the charmonium decay modes. Fit results directly constrain the
(\bar\rho,\bar\eta) vertex of the unitarity triangle, and are used to predict
the branching ratios and CP asymmetries of all decay modes, including those of
the B_s system. Different schemes of SU(3) breaking in decay amplitude sizes
are analyzed. The major breaking effect between strangeness-conserving and
strangeness-changing decays can be accounted for by including a ratio of decay
constants in tree and color-suppressed amplitudes. The possibility of having a
new physics contribution to K \pi decays is also examined from the data fitting
point of view.Comment: 22 pages and 2 figures; some comments and references added; more
references added, version to appear in journa
The 2004 UTfit Collaboration Report on the Status of the Unitarity Triangle in the Standard Model
Using the latest determinations of several theoretical and experimental
parameters, we update the Unitarity Triangle analysis in the Standard Model.
The basic experimental constraints come from the measurements of |V_ub/V_cb|,
Delta M_d, the lower limit on Delta M_s, epsilon_k, and the measurement of the
phase of the B_d - anti B_d mixing amplitude through the time-dependent CP
asymmetry in B^0 to J/psi K^0 decays. In addition, we consider the direct
determination of alpha, gamma, 2 beta + gamma and cos(2 beta) from the
measurements of new CP-violating quantities, recently performed at the B
factories. We also discuss the opportunities offered by improving the precision
of the various physical quantities entering in the determination of the
Unitarity Triangle parameters. The results and the plots presented in this
paper can also be found at http://www.utfit.org, where they are continuously
updated with the newest experimental and theoretical results.Comment: 32 pages, 17 figures. High resolution figures and updates can be
found at http://www.utfit.org v2: misprints correcte
Can there be any new physics in b -> d penguins
We analyze the possibility of observing new physics effects in the
penguin amplitudes. For this purpose, we consider the decay mode , which has only penguin contributions. Using the QCD
factorization approach, we find very tiny CP violating effects in the standard
model for this process. Furthermore, we show that the minimal supersymmetric
standard model with mass insertion and R-parity violating supersymmetric
model can provide substantial CP violation effects. Observation of sizable CP
violation in this mode would be a clear signal of new physics.Comment: Published versio
- …