Detecting Abnormal Behavior in Web Applications

The rapid advance of web technologies has made the Web an essential part of our daily lives. However, network attacks have exploited vulnerabilities of web applications, and caused substantial damages to Internet users. Detecting network attacks is the first and important step in network security. A major branch in this area is anomaly detection. This dissertation concentrates on detecting abnormal behaviors in web applications by employing the following methodology. For a web application, we conduct a set of measurements to reveal the existence of abnormal behaviors in it. We observe the differences between normal and abnormal behaviors. By applying a variety of methods in information extraction, such as heuristics algorithms, machine learning, and information theory, we extract features useful for building a classification system to detect abnormal behaviors.;In particular, we have studied four detection problems in web security. The first is detecting unauthorized hotlinking behavior that plagues hosting servers on the Internet. We analyze a group of common hotlinking attacks and web resources targeted by them. Then we present an anti-hotlinking framework for protecting materials on hosting servers. The second problem is detecting aggressive behavior of automation on Twitter. Our work determines whether a Twitter user is human, bot or cyborg based on the degree of automation. We observe the differences among the three categories in terms of tweeting behavior, tweet content, and account properties. We propose a classification system that uses the combination of features extracted from an unknown user to determine the likelihood of being a human, bot or cyborg. Furthermore, we shift the detection perspective from automation to spam, and introduce the third problem, namely detecting social spam campaigns on Twitter. Evolved from individual spammers, spam campaigns manipulate and coordinate multiple accounts to spread spam on Twitter, and display some collective characteristics. We design an automatic classification system based on machine learning, and apply multiple features to classifying spam campaigns. Complementary to conventional spam detection methods, our work brings efficiency and robustness. Finally, we extend our detection research into the blogosphere to capture blog bots. In this problem, detecting the human presence is an effective defense against the automatic posting ability of blog bots. We introduce behavioral biometrics, mainly mouse and keyboard dynamics, to distinguish between human and bot. By passively monitoring user browsing activities, this detection method does not require any direct user participation, and improves the user experience

Emergence of Blind Areas in Information Spreading

Recently, contagion-based (disease, information, etc.) spreading on social networks has been extensively studied. In this paper, other than traditional full interaction, we propose a partial interaction based spreading model, considering that the informed individuals would transmit information to only a certain fraction of their neighbors due to the transmission ability in real-world social networks. Simulation results on three representative networks (BA, ER, WS) indicate that the spreading efficiency is highly correlated with the network heterogeneity. In addition, a special phenomenon, namely \emph{Information Blind Areas} where the network is separated by several information-unreachable clusters, will emerge from the spreading process. Furthermore, we also find that the size distribution of such information blind areas obeys power-law-like distribution, which has very similar exponent with that of site percolation. Detailed analyses show that the critical value is decreasing along with the network heterogeneity for the spreading process, which is complete the contrary to that of random selection. Moreover, the critical value in the latter process is also larger that of the former for the same network. Those findings might shed some lights in in-depth understanding the effect of network properties on information spreading

Associations of plasma very-long-chain SFA and the metabolic syndrome in adults

Plasma levels of very-long-chain SFA (VLCSFA) are associated with the metabolic syndrome (MetS). However, the associations may vary by different biological activities of individual VLCSFA or population characteristics. We aimed to examine the associations of VLCSFA and MetS risk in Chinese adults. Totally, 2008 Chinese population aged 35–59 years were recruited and followed up from 2010 to 2012. Baseline MetS status and plasma fatty acids data were available for 1729 individuals without serious diseases. Among 899 initially metabolically healthy individuals, we identified 212 incident MetS during the follow-up. Logistic regression analysis was used to estimate OR and 95 % CI. Cross-sectionally, each VLCSFA was inversely associated with MetS risk; comparing with the lowest quartile, the multivariate-adjusted OR for the highest quartile were 0·18 (95 % CI 0·13, 0·25) for C20 : 0, 0·26 (95 % CI 0·18, 0·35) for C22 : 0, 0·19 (95 % CI 0·13, 0·26) for C24 : 0 and 0·16 (0·11, 0·22) for total VLCSFA (all Pfor trend<0·001). The associations remained significant after further adjusting for C16 : 0, C18 : 0, C18 : 3n-3, C22 : 6n-3, n-6 PUFA and MUFA, respectively. Based on follow-up data, C20 : 0 or C22 : 0 was also inversely associated with incident MetS risk. Among the five individual MetS components, higher levels of VLCSFA were most strongly inversely associated with elevated TAG (≥1·7 mmol/l). Plasma levels of VLCSFA were significantly and inversely associated with MetS risk and individual MetS components, especially TAG. Further studies are warranted to confirm the findings and explore underlying mechanisms

Repeating Fast Radio Bursts with High Burst Rates by Plate Collisions in Neutron Star Crusts

Some repeating fast radio burst (FRB) sources show high burst rates, and the physical origin is still unknown. Outstandingly, the first repeater FRB 121102 appears extremely high burst rate with the maximum value reaching $122\,\mathrm{h^{-1}}$ or even higher. In this work, we propose that the high burst rate of an FRB repeater may be due to plate collisions in the crust of young neutron stars (NSs). In the crust of an NS, vortex lines are pinned to the lattice nuclei. When the relative angular velocity between the superfluid neutrons and the NS lattices is nonzero, a pinned force will act on the vortex lines, which will cause the lattice displacement and the strain on the NS crust growing. With the spin evolution, the crustal strain reaches a critical value, then the crust may crack into plates, and each of plates will collide with its adjacent ones. The Aflv\'en wave could be launched by the plate collisions and further produce FRBs. In this scenario, the predicted burst rate can reach $\sim 770\,\mathrm{h}^{-1}$ for an NS with the magnetic field of $10^{13}\,\rm{G}$ and the spin period of $0.01\,\rm{s}$. We further apply this model to FRB 121102, and predict the waiting time and energy distribution to be $P(t_{\mathrm{w}}) \propto t_{\text{w}}^{\alpha_{t_{\text{w}}}}$ with $\alpha_{t_{\text{w}}} \simeq -1.75$ and $N(E)\text{d}E \propto E^{\alpha_{E}}\text{d}E$ with $\alpha_{E} \simeq -1.67$, respectively. These properties are consistent with the observations of FRB 121102.Comment: 8 pages, 4 figures, accepted for publication in MNRA

Correlated states in twisted double bilayer graphene

Electron-electron interactions play an important role in graphene and related systems and can induce exotic quantum states, especially in a stacked bilayer with a small twist angle. For bilayer graphene where the two layers are twisted by a "magic angle", flat band and strong many-body effects lead to correlated insulating states and superconductivity. In contrast to monolayer graphene, the band structure of untwisted bilayer graphene can be further tuned by a displacement field, providing an extra degree of freedom to control the flat band that should appear when two bilayers are stacked on top of each other. Here, we report the discovery and characterization of such displacement-field tunable electronic phases in twisted double bilayer graphene. We observe insulating states at a half-filled conduction band in an intermediate range of displacement fields. Furthermore, the resistance gap in the correlated insulator increases with respect to the in-plane magnetic fields and we find that the g factor according to spin Zeeman effect is ~2, indicating spin polarization at half filling. These results establish the twisted double bilayer graphene as an easily tunable platform for exploring quantum many-body states

Robust Counterfactual Explanations on Graph Neural Networks

Massive deployment of Graph Neural Networks (GNNs) in high-stake applications generates a strong demand for explanations that are robust to noise and align well with human intuition. Most existing methods generate explanations by identifying a subgraph of an input graph that has a strong correlation with the prediction. These explanations are not robust to noise because independently optimizing the correlation for a single input can easily overfit noise. Moreover, they do not align well with human intuition because removing an identified subgraph from an input graph does not necessarily change the prediction result. In this paper, we propose a novel method to generate robust counterfactual explanations on GNNs by explicitly modelling the common decision logic of GNNs on similar input graphs. Our explanations are naturally robust to noise because they are produced from the common decision boundaries of a GNN that govern the predictions of many similar input graphs. The explanations also align well with human intuition because removing the set of edges identified by an explanation from the input graph changes the prediction significantly. Exhaustive experiments on many public datasets demonstrate the superior performance of our method