589 research outputs found
Controlled Data Sharing for Collaborative Predictive Blacklisting
Although sharing data across organizations is often advocated as a promising
way to enhance cybersecurity, collaborative initiatives are rarely put into
practice owing to confidentiality, trust, and liability challenges. In this
paper, we investigate whether collaborative threat mitigation can be realized
via a controlled data sharing approach, whereby organizations make informed
decisions as to whether or not, and how much, to share. Using appropriate
cryptographic tools, entities can estimate the benefits of collaboration and
agree on what to share in a privacy-preserving way, without having to disclose
their datasets. We focus on collaborative predictive blacklisting, i.e.,
forecasting attack sources based on one's logs and those contributed by other
organizations. We study the impact of different sharing strategies by
experimenting on a real-world dataset of two billion suspicious IP addresses
collected from Dshield over two months. We find that controlled data sharing
yields up to 105% accuracy improvement on average, while also reducing the
false positive rate.Comment: A preliminary version of this paper appears in DIMVA 2015. This is
the full version. arXiv admin note: substantial text overlap with
arXiv:1403.212
A Critical Overview of Privacy in Machine Learning
This article reviews privacy challenges in machine learning and provides a critical overview of the relevant research literature. The possible adversarial models are discussed, a wide range of attacks related to sensitive information leakage is covered, and several open problems are highlighted
Genetic and morphological studies of Trichosirocalus species introduced to North America, Australia and New Zealand for the biological control of thistles
Trichosirocalus horridus sensu lato has been used as a biological control agent of several invasive thistles (Carduus spp., Cirsium spp. and Onopordum spp.) since 1974. It has been recognized as a single species until 2002, when it was split into three species based on morphological characters: T. horridus, Trichosirocalus briesei and Trichosirocalus mortadelo, each purported to have different host plants. Because of this taxonomic change, uncertainty exists as to which species were released in various countries; furthermore, there appears to be some exceptions to the purported host plants of some of these species. To resolve these questions, we conducted an integrative taxonomic study of the T. horridus species complex using molecular genetic and morphological analyses of specimens from three continents. Both mitochondrial cytochrome c oxidase subunit I and nuclear elongation factor 1Ī± markers clearly indicate that there are only two distinct species, T. horridus and T. briesei. Molecular evidence, morphological analysis and host plant associations support the synonymy of T. horridus (Panzer, 1801) and T. mortadelo Alonso-Zarazaga & SĆ”nchez-Ruiz, 2002. We determine that T. horridus has been established in Canada, USA, New Zealand and Australia and that T. briesei is established in Australia. The former species was collected from Carduus, Cirsium and Onopordum spp. in the field, whereas the latter appears to be specific to Onopordum
Undetectable Communication: The Online Social Networks Case
Online Social Networks (OSNs) provide users with
an easy way to share content, communicate, and update others
about their activities. They also play an increasingly fundamental
role in coordinating and amplifying grassroots movements, as
demonstrated by recent uprisings in, e.g., Egypt, Tunisia, and
Turkey. At the same time, OSNs have become primary targets
of tracking, profiling, as well as censorship and surveillance. In
this paper, we explore the notion of undetectable communication
in OSNs and introduce formal definitions, alongside system and
adversarial models, that complement better understood notions
of anonymity and confidentiality. We present a novel scheme
for secure covert information sharing that, to the best of our
knowledge, is the first to achieve undetectable communication
in OSNs. We demonstrate, via an open-source prototype, that
additional costs are tolerably low
Recommended from our members
The Asp272-Glu282 Region of Platelet Glycoprotein Ib Interacts with the Heparin-binding Site of -Thrombin and Protects the Enzyme from the Heparin-catalyzed Inhibition by Antithrombin III
Platelet glycoprotein Ib (GpIb) mediates interaction with both von Willebrand factor and thrombin. Thrombin binds to GpIb via its heparin-binding site (HBS) (De Candia, E., De Cristofaro, R., De Marco, L., Mazzucato, M., Picozzi, M., and Landolfi, R. (1997) Thromb. Haemostasis 77, 735ā740; De Cristofaro, R., De Candia, E., Croce, G., Morosetti, R., and Landolfi, R. (1998) Biochem. J. 332, 643ā650). To identify the thrombin-binding domain on GpIbĪ±, we examined the effect of GpIbĪ±1ā282, a GpIbĪ± fragment released by the cobra venom mocarhagin on the heparin-catalyzed rate of thrombin inhibition by antithrombin III (AT). GpIbĪ±1ā282 inhibited the reaction in a dose-dependent and competitive fashion. In contrast, the GpIbĪ±1ā271 fragment, produced by exposing GpIbĪ±1ā282 to carboxypeptidase Y, had no effect on thrombin inhibition by the heparin-AT complex. Measurements of the apparent equilibrium constant of the GpIbĪ±1ā282 binding to thrombin as a function of different salts (NaCl and tetramethyl-ammonium chloride) concentration (0.1ā0.2 M) indicated a large salt dependence (ĪĀ± = ā4.5), similar to that pertaining to the heparin binding to thrombin. The importance of thrombin HBS in its interaction with GpIbĪ± was confirmed using DNA aptamers, which specifically bind to either HBS (HD22) or the fibrinogen recognition site of thrombin (HD1). HD22, but not HD1, inhibited thrombin binding to GpIbĪ±1ā282. Furthermore, the proteolytic derivative Ī³T-thrombin, which lacks the fibrinogen recognition site, binds to GpIbĪ± via its intact HBS in a reaction that is inhibited by HD22. Neither Ī±- nor Ī³T-thrombin bound to GpIbĪ±1ā271, suggesting that the Asp272āGlu282 region of GpIbĪ± may act as a āheparin-likeā ligand for the thrombin HBS, thereby inhibiting heparin binding to thrombin. It was also demonstrated that intact platelets may dose-dependently inhibit the heparin-catalyzed thrombin inhibition by AT at enzyme concentrations <5 nM. Altogether, these findings show that thrombin HBS binds to the region of GpIbĪ± involving the Asp272āGlu282 segment, protecting the enzyme from the inactivation by the heparin-AT system
How Much Does GenoGuard Really "Guard"? An Empirical Analysis of Long-Term Security for Genomic Data
Due to its hereditary nature, genomic data is not only linked to its owner but to that of close relatives as well. As a result, its sensitivity does not really degrade over time; in fact, the relevance of a genomic sequence is likely to be longer than the security provided by encryption. This prompts the need for specialized techniques providing long-term security for genomic data, yet the only available tool for this purpose is GenoGuard~\citehuang_genoguard:_2015. By relying on \em Honey Encryption, GenoGuard is secure against an adversary that can brute force all possible keys; i.e., whenever an attacker tries to decrypt using an incorrect password, she will obtain an incorrect but plausible looking decoy sequence. In this paper, we set to analyze the real-world security guarantees provided by GenoGuard; specifically, assess how much more information does access to a ciphertext encrypted using GenoGuard yield, compared to one that was not. Overall, we find that, if the adversary has access to side information in the form of partial information from the target sequence, the use of GenoGuard does appreciably increase her power in determining the rest of the sequence. We show that, in the case of a sequence encrypted using an easily guessable (low-entropy) password, the adversary is able to rule out most decoy sequences, and obtain the target sequence with just 2.5% of it available as side information. In the case of a harder-to-guess (high-entropy) password, we show that the adversary still obtains, on average, better accuracy in guessing the rest of the target sequences than using state-of-the-art genomic sequence inference methods, obtaining up to 15% improvement in accuracy
An Exploratory Study of User Perceptions of Payment Methods in the UK and the US
This paper presents the design and the results of a
cross-cultural study of user perceptions and attitudes toward electronic payment methods. We conduct a series of semi-structured interviews involving forty participants (20 in London, UK, and 20 in Manhattan, KS, USA) to explore how individuals use the mechanisms available to them within their routine payment and banking activities. We also study their comprehension of payment processes, the perceived effort and impact of using different methods, as well as direct or indirect recollections of (suspected or actual) fraud and related interactions with banks and retailers. By comparing UK and US participants, we also elicit commonalities and differences that may help better understand, if not predict, attitudes of US customers once technologies like Chip-and-PIN are rolled out ā for instance, several US participants were confused by how to use it, while UK participants found it convenient. Our results show that purchasing habits as well as the availability of rewards schemes are primary criteria influencing choices relating to payment technologies, and that inconsistencies, glitches, and other difficulties with newer technologies generate frustration sometimes leading to complete avoidance of new payment methods
MaMaDroid: Detecting Android malware by building markov chains of behavioral models (extended version)
As Android has become increasingly popular, so has malware targeting it, thus motivating the research community
to propose different detection techniques. However, the constant evolution of the Android ecosystem,
and of malware itself, makes it hard to design robust tools that can operate for long periods of time without
the need for modifications or costly re-training. Aiming to address this issue, we set to detect malware from
a behavioral point of view, modeled as the sequence of abstracted API calls. We introduce MaMaDroid, a
static-analysis based system that abstracts appās API calls to their class, package, or family, and builds a model
from their sequences obtained from the call graph of an app as Markov chains. This ensures that the model is
more resilient to API changes and the features set is of manageable size. We evaluate MaMaDroid using a
dataset of 8.5K benign and 35.5K malicious apps collected over a period of six years, showing that it effectively
detects malware (with up to 0.99 F-measure) and keeps its detection capabilities for long periods of time
(up to 0.87 F-measure two years after training). We also show that MaMaDroid remarkably overperforms
DroidAPIMiner, a state-of-the-art detection system that relies on the frequency of (raw) API calls. Aiming to
assess whether MaMaDroidās effectiveness mainly stems from the API abstraction or from the sequencing
modeling, we also evaluate a variant of it that uses frequency (instead of sequences), of abstracted API calls.
We find that it is not as accurate, failing to capture maliciousness when trained on malware samples that
include API calls that are equally or more frequently used by benign apps
Paying for Likes? Understanding Facebook like fraud using honeypots
Facebook pages offer an easy way to reach out to a very large audience as they can easily be promoted using Facebook's advertising platform. Recently, the number of likes of a Facebook page has become a measure of its popularity and profitability, and an underground market of services boosting page likes, aka like farms, has emerged. Some reports have suggested that like farms use a network of profiles that also like other pages to elude fraud protection algorithms, however, to the best of our knowledge, there has been no systematic analysis of Facebook pages' promotion methods. This paper presents a comparative measurement study of page likes garnered via Facebook ads and by a few like farms. We deploy a set of honeypot pages, promote them using both methods, and analyze garnered likes based on likers' demographic, temporal, and social characteristics. We highlight a few interesting findings, including that some farms seem to be operated by bots and do not really try to hide the nature of their operations, while others follow a stealthier approach, mimicking regular users' behavior
Soros, Child Sacrifices, and {5G}: {U}nderstanding the Spread of Conspiracy Theories on {Web} Communities
This paper presents a multi-platform computational pipeline geared to identify social media posts discussing (known) conspiracy theories. We use 189 conspiracy claims collected by Snopes, and find 66k posts and 277k comments on Reddit, and 379k tweets discussing them. Then, we study how conspiracies are discussed on different Web communities and which ones are particularly influential in driving the discussion about them. Our analysis sheds light on how conspiracy theories are discussed and spread online, while highlighting multiple challenges in mitigating them
- ā¦