13,224 research outputs found
Securing Interactive Sessions Using Mobile Device through Visual Channel and Visual Inspection
Communication channel established from a display to a device's camera is
known as visual channel, and it is helpful in securing key exchange protocol.
In this paper, we study how visual channel can be exploited by a network
terminal and mobile device to jointly verify information in an interactive
session, and how such information can be jointly presented in a user-friendly
manner, taking into account that the mobile device can only capture and display
a small region, and the user may only want to authenticate selective
regions-of-interests. Motivated by applications in Kiosk computing and
multi-factor authentication, we consider three security models: (1) the mobile
device is trusted, (2) at most one of the terminal or the mobile device is
dishonest, and (3) both the terminal and device are dishonest but they do not
collude or communicate. We give two protocols and investigate them under the
abovementioned models. We point out a form of replay attack that renders some
other straightforward implementations cumbersome to use. To enhance
user-friendliness, we propose a solution using visual cues embedded into the 2D
barcodes and incorporate the framework of "augmented reality" for easy
verifications through visual inspection. We give a proof-of-concept
implementation to show that our scheme is feasible in practice.Comment: 16 pages, 10 figure
Identifiying High Risk Areas of Zika Virus Infection by Meteorological Factors in Columbia
Background Several Zika virus (ZIKV) outbreaks have occurred since October 2015. Because there is no effective treatment for ZIKV infection, developing an effective surveillance and warning system is currently a high priority to prevent ZIKV infection. Despite Aedes mosquitos having been known to spread ZIKV, the calculation approach is diverse, and only applied to local areas. This study used meteorological measurements to monitor ZIKV infection due to the high correlation between climate change and Aedes mosquitos and the convenience to obtain meteorological data from weather monitoring stations. Methods This study applied the Bayesian structured additive regression modeling approach to include spatial interactive terms with meteorological factors and a geospatial function in a zero-inflated Poisson model. The study area contained 32 administrative departments in Colombia from October 2015 to December 2017. Weekly ZIKV infection cases and daily meteorological measurements were collected. Mapping techniques were adopted to visualize spatial findings. A series of model selections determined the best combinations of meteorological factors in the same model. Results When multiple meteorological factors are considered in the same model, both total rainfall and average temperature can best assess the geographic disparities of ZIKV infection. Meanwhile, a 1-in. increase in rainfall is associated with an increase in the logarithm of relative risk (logRR) of ZIKV infection of at most 1.66 (95% credible interval [CI] = 1.09, 2.15) as well as a 1 °F increase in average temperature is significantly associated with at most 0.79 (95% CI = 0.12, 1.22) increase in the logRR of ZIKV. Moreover, after controlling rainfall and average temperature, an independent geospatial function in the model results in two departments with an excessive ZIKV risk which may be explained by unobserved factors other than total rainfall and average temperature. Conclusion Our study found that meteorological factors are significantly associated with ZIKV infection across departments. The study determined both total rainfall and average temperature as the best meteorological factors to identify high risk departments of ZIKV infection. These findings can help governmental agencies monitor at risk areas according to meteorological measurements, and develop preventions in those at risk areas in priority
Evading Classifiers by Morphing in the Dark
Learning-based systems have been shown to be vulnerable to evasion through
adversarial data manipulation. These attacks have been studied under
assumptions that the adversary has certain knowledge of either the target model
internals, its training dataset or at least classification scores it assigns to
input samples. In this paper, we investigate a much more constrained and
realistic attack scenario wherein the target classifier is minimally exposed to
the adversary, revealing on its final classification decision (e.g., reject or
accept an input sample). Moreover, the adversary can only manipulate malicious
samples using a blackbox morpher. That is, the adversary has to evade the
target classifier by morphing malicious samples "in the dark". We present a
scoring mechanism that can assign a real-value score which reflects evasion
progress to each sample based on the limited information available. Leveraging
on such scoring mechanism, we propose an evasion method -- EvadeHC -- and
evaluate it against two PDF malware detectors, namely PDFRate and Hidost. The
experimental evaluation demonstrates that the proposed evasion attacks are
effective, attaining evasion rate on the evaluation dataset.
Interestingly, EvadeHC outperforms the known classifier evasion technique that
operates based on classification scores output by the classifiers. Although our
evaluations are conducted on PDF malware classifier, the proposed approaches
are domain-agnostic and is of wider application to other learning-based
systems
- …