A Novel Malware Target Recognition Architecture for Enhanced Cyberspace Situation Awareness

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. MaTR outperforms leading static heuristic methods with a statistically significant 1% improvement in detection accuracy and 85% and 94% reductions in false positive and false negative rates respectively. Against a set of publicly unknown malware, MaTR detection accuracy is 98.56%, a 65% performance improvement over the combined effectiveness of three commercial antivirus products

Malware Target Recognition via Static Heuristics

Organizations increasingly rely on the confidentiality, integrity and availability of their information and communications technologies to conduct effective business operations while maintaining their competitive edge. Exploitation of these networks via the introduction of undetected malware ultimately degrades their competitive edge, while taking advantage of limited network visibility and the high cost of analyzing massive numbers of programs. This article introduces the novel Malware Target Recognition (MaTR) system which combines the decision tree machine learning algorithm with static heuristic features for malware detection. By focusing on contextually important static heuristic features, this research demonstrates superior detection results. Experimental results on large sample datasets demonstrate near ideal malware detection performance (99.9+% accuracy) with low false positive (8.73e-4) and false negative rates (8.03e-4) at the same point on the performance curve. Test results against a set of publicly unknown malware, including potential advanced competitor tools, show MaTR’s superior detection rate (99%) versus the union of detections from three commercial antivirus products (60%). The resulting model is a fine granularity sensor with potential to dramatically augment cyberspace situation awareness

The RING-CH ligase K5 antagonizes restriction of KSHV and HIV-1 particle release by mediating ubiquitin-dependent endosomal degradation of tetherin

Tetherin (CD317/BST2) is an interferon-induced membrane protein that inhibits the release of diverse enveloped viral particles. Several mammalian viruses have evolved countermeasures that inactivate tetherin, with the prototype being the HIV-1 Vpu protein. Here we show that the human herpesvirus Kaposi's sarcoma-associated herpesvirus (KSHV) is sensitive to tetherin restriction and its activity is counteracted by the KSHV encoded RING-CH E3 ubiquitin ligase K5. Tetherin expression in KSHV-infected cells inhibits viral particle release, as does depletion of K5 protein using RNA interference. K5 induces a species-specific downregulation of human tetherin from the cell surface followed by its endosomal degradation. We show that K5 targets a single lysine (K18) in the cytoplasmic tail of tetherin for ubiquitination, leading to relocalization of tetherin to CD63-positive endosomal compartments. Tetherin degradation is dependent on ESCRT-mediated endosomal sorting, but does not require a tyrosine-based sorting signal in the tetherin cytoplasmic tail. Importantly, we also show that the ability of K5 to substitute for Vpu in HIV-1 release is entirely dependent on K18 and the RING-CH domain of K5. By contrast, while Vpu induces ubiquitination of tetherin cytoplasmic tail lysine residues, mutation of these positions has no effect on its antagonism of tetherin function, and residual tetherin is associated with the trans-Golgi network (TGN) in Vpu-expressing cells. Taken together our results demonstrate that K5 is a mechanistically distinct viral countermeasure to tetherin-mediated restriction, and that herpesvirus particle release is sensitive to this mode of antiviral inhibition

In Search of the High Road: Meaning and Evidence

This article is the first in a series to celebrate the 70th anniversary of the ILR Review. We will be highlighting important research themes that have been featured in the journal over its many years of publication. In this article, Paul Osterman reviews research on the quality of jobs and recent debates over “High Road” and “Low Road” approaches to employment practices. Scholars and policy advocates frequently utilize the distinction between High Road and Low Road firms as a framework for efforts to improve the quality of work in low-wage employers. This article assesses the logic and evidence that underlies this construct. The author provides a definition of the concept and examines the evidence behind the assumption that firms have a choice in how they design their employment policies. He then takes up the assertion that firms that adopt a High Road model can “do well by doing good” and adds precision to this claim by reviewing the evidence that a profit-maximizing firm would benefit from following the High Road path. The article concludes by suggesting a research agenda and providing a framework for policy that flows from the conclusions drawn from the existing research base

Single hadron response measurement and calorimeter jet energy scale uncertainty with the ATLAS detector at the LHC

The uncertainty on the calorimeter energy response to jets of particles is derived for the ATLAS experiment at the Large Hadron Collider (LHC). First, the calorimeter response to single isolated charged hadrons is measured and compared to the Monte Carlo simulation using proton-proton collisions at centre-of-mass energies of sqrt(s) = 900 GeV and 7 TeV collected during 2009 and 2010. Then, using the decay of K_s and Lambda particles, the calorimeter response to specific types of particles (positively and negatively charged pions, protons, and anti-protons) is measured and compared to the Monte Carlo predictions. Finally, the jet energy scale uncertainty is determined by propagating the response uncertainty for single charged and neutral particles to jets. The response uncertainty is 2-5% for central isolated hadrons and 1-3% for the final calorimeter jet energy scale.Comment: 24 pages plus author list (36 pages total), 23 figures, 1 table, submitted to European Physical Journal

Measurement of χ c1 and χ c2 production with s√ = 7 TeV pp collisions at ATLAS

The prompt and non-prompt production cross-sections for the χ c1 and χ c2 charmonium states are measured in pp collisions at s√ = 7 TeV with the ATLAS detector at the LHC using 4.5 fb−1 of integrated luminosity. The χ c states are reconstructed through the radiative decay χ c → J/ψγ (with J/ψ → μ + μ −) where photons are reconstructed from γ → e + e − conversions. The production rate of the χ c2 state relative to the χ c1 state is measured for prompt and non-prompt χ c as a function of J/ψ transverse momentum. The prompt χ c cross-sections are combined with existing measurements of prompt J/ψ production to derive the fraction of prompt J/ψ produced in feed-down from χ c decays. The fractions of χ c1 and χ c2 produced in b-hadron decays are also measured

Search for squarks and gluinos in events with isolated leptons, jets and missing transverse momentum at s√=8 TeV with the ATLAS detector

The results of a search for supersymmetry in final states containing at least one isolated lepton (electron or muon), jets and large missing transverse momentum with the ATLAS detector at the Large Hadron Collider are reported. The search is based on proton-proton collision data at a centre-of-mass energy s√=8 TeV collected in 2012, corresponding to an integrated luminosity of 20 fb−1. No significant excess above the Standard Model expectation is observed. Limits are set on supersymmetric particle masses for various supersymmetric models. Depending on the model, the search excludes gluino masses up to 1.32 TeV and squark masses up to 840 GeV. Limits are also set on the parameters of a minimal universal extra dimension model, excluding a compactification radius of 1/R c = 950 GeV for a cut-off scale times radius (ΛR c) of approximately 30

Evidence for the Higgs-boson Yukawa coupling to tau leptons with the ATLAS detector

Results of a search for H → τ τ decays are presented, based on the full set of proton-proton collision data recorded by the ATLAS experiment at the LHC during 2011 and 2012. The data correspond to integrated luminosities of 4.5 fb−1 and 20.3 fb−1 at centre-of-mass energies of √s = 7 TeV and √s = 8 TeV respectively. All combinations of leptonic (τ → `νν¯ with ` = e, µ) and hadronic (τ → hadrons ν) tau decays are considered. An excess of events over the expected background from other Standard Model processes is found with an observed (expected) significance of 4.5 (3.4) standard deviations. This excess provides evidence for the direct coupling of the recently discovered Higgs boson to fermions. The measured signal strength, normalised to the Standard Model expectation, of µ = 1.43 +0.43 −0.37 is consistent with the predicted Yukawa coupling strength in the Standard Model

Measurement of the production of a W boson in association with a charm quark in pp collisions at √s = 7 TeV with the ATLAS detector

The production of a W boson in association with a single charm quark is studied using 4.6 fb−1 of pp collision data at s√ = 7 TeV collected with the ATLAS detector at the Large Hadron Collider. In events in which a W boson decays to an electron or muon, the charm quark is tagged either by its semileptonic decay to a muon or by the presence of a charmed meson. The integrated and differential cross sections as a function of the pseudorapidity of the lepton from the W-boson decay are measured. Results are compared to the predictions of next-to-leading-order QCD calculations obtained from various parton distribution function parameterisations. The ratio of the strange-to-down sea-quark distributions is determined to be 0.96+0.26−0.30 at Q 2 = 1.9 GeV2, which supports the hypothesis of an SU(3)-symmetric composition of the light-quark sea. Additionally, the cross-section ratio σ(W + +c¯¯)/σ(W − + c) is compared to the predictions obtained using parton distribution function parameterisations with different assumptions about the s−s¯¯¯ quark asymmetry