An Evasion Attack against ML-based Phishing URL Detectors

Background: Over the year, Machine Learning Phishing URL classification (MLPU) systems have gained tremendous popularity to detect phishing URLs proactively. Despite this vogue, the security vulnerabilities of MLPUs remain mostly unknown. Aim: To address this concern, we conduct a study to understand the test time security vulnerabilities of the state-of-the-art MLPU systems, aiming at providing guidelines for the future development of these systems. Method: In this paper, we propose an evasion attack framework against MLPU systems. To achieve this, we first develop an algorithm to generate adversarial phishing URLs. We then reproduce 41 MLPU systems and record their baseline performance. Finally, we simulate an evasion attack to evaluate these MLPU systems against our generated adversarial URLs. Results: In comparison to previous works, our attack is: (i) effective as it evades all the models with an average success rate of 66% and 85% for famous (such as Netflix, Google) and less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively; (ii) realistic as it requires only 23ms to produce a new adversarial URL variant that is available for registration with a median cost of only $11.99/year. We also found that popular online services such as Google SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that Adversarial training (successful defence against evasion attack) does not significantly improve the robustness of these systems as it decreases the success rate of our attack by only 6% on average for all the models. (iv) Further, we identify the security vulnerabilities of the considered MLPU systems. Our findings lead to promising directions for future research. Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but also highlights implications for future study towards assessing and improving these systems.Comment: Draft for ACM TOP

ANALYSIS OF PHYTO-CONSTITUENTS, ANTIOXIDANT, AND ALPHA AMYLASE INHIBITORY ACTIVITIES OF PERSEA AMERICANA MILL., RHODODENDRON ARBORETUM SM. RUBUS ELLIPTICUS SM. FROM ARGHAKHANCHI DISTRICT NEPAL

Objective: To evaluate the phytochemical, antioxidant activities, and α-amylase inhibition assay for methanolic extract of three ethnomedicinal plants, namely Persea americana Mill., Rubus ellipticus Sm., and Rhododendron arboretum Sm. collected from Arghakhanchi District of Nepal using in vitro studies.Methods: Methanolic plant extracts were prepared by cold percolation method. Analysis of phytochemical constituents was carried out using standard methods. The 2,2-diphenyl-1-picrylhydrazyl (DPPH) assay was used to evaluate in vitro antioxidants activities. Furthermore, inhibition effect of extracts on α- amylase enzyme was carried out by using starch as a substrate, pancreatic α-amylase as the enzyme, and acarbose as standard.Results: Phytochemical screening of methanolic extract of all three selected plants displayed the presence of different chemical constituents such as alkaloids, polyphenols, flavonoids, terpenoids, saponins, glycosides, and tannins. The results of DPPH assay revealed that R. ellipticus and R. arboreum were most active with half maximal inhibitory concentration (IC50) values 33.41 μg/ml and 47.28 μg/ml, respectively. R. ellipticus was found to be effective toward α-amylase inhibition with IC50 values 269.94 μg/ml.Conclusion: The preliminary results of this study have put forward R. ellipticus into promising herbs with good antioxidant activities and α-amylase inhibition potential although further studies are needed to assess its mechanism of action

Formulation and In-vitro Evaluation of Tolterodine Tartrate Tablets by Using High Performance Liquid Chromatographic (HPLC)

Tolterodine tartrate, is a new, potent and competitive muscarinic receptor antagonist in clinical development for the treatment of urge incontinence and other symptoms of unstable bladder. The purpose of this study is to formulation and invitro evaluation of Tolterodine tartrate by high performance liquid chromatography with ultraviolet detection (HPLC-UV). A simple, rapid, and sensitive high-performance liquid chromatographic method was developed and evaluated for invitro formulation of Tolterodine tartrate Tablets. Tablets were analysed by measuring different parameters: lubricated granules content of Tolterodine tartrate having bulk density, tap densities and angle of r content uniformity, assay and related substances. Separation of Tolterodine tartrate was achieved within a single chromatographic run on 5µm 4.6x250mm with UV detection at 280 nm, under isocratic conditions, using Acetonitrile and A mixture of 65 volumes of buffer solution prepared by mixing 2.2 ml of orthophosphoric acid to 1000 ml with water, adjusted to pH 3.0 with triethylamine in 35:65 ratio with a flow rate of 1.5 ml/min. From the results, it was clear that designed formulations among f7 displayed drug release in the range of 55.66% to 102.067% in 10 min, which showed improved invitro dissolution rate compared to other formulations as well as others parameters were found to be good as compared to other formulations. Similarly, the average content of formulation f7 was found to be 104.58% and Related substances should comply the test. Assays of f7 were found to be 96.04%, the limit is 90% - 110% of the label claim having weight variation range from  82.50 mg-91.50 mg. epose And flim coated Tolterodine tartrate tablets having friability, thickness, hardness, weight variation, invitro dissolution

PrivGenDB: Efficient and privacy-preserving query executions over encrypted SNP-Phenotype database

Searchable symmetric encryption (SSE) has been used to protect the confidentiality of genomic data while providing substring search and range queries on a sequence of genomic data, but it has not been studied for protecting single nucleotide polymorphism (SNP)-phenotype data. In this article, we propose a novel model, PrivGenDB, for securely storing and efficiently conducting different queries on genomic data outsourced to an honest-but-curious cloud server. To instantiate PrivGenDB, we use SSE to ensure confidentiality while conducting different types of queries on encrypted genomic data, phenotype and other information of individuals to help analysts/clinicians in their analysis/care. To the best of our knowledge, PrivGenDB construction is the first SSE-based approach ensuring the confidentiality of shared SNP-phenotype data through encryption while making the computation/query process efficient and scalable for biomedical research and care. Furthermore, it supports a variety of query types on genomic data, including count queries, Boolean queries, and k'-out-of-k match queries. Finally, the PrivGenDB model handles the dataset containing both genotype and phenotype, and it also supports storing and managing other metadata like gender and ethnicity privately. Computer evaluations on a dataset with 5,000 records and 1,000 SNPs demonstrate that a count/Boolean query and a k'-out-of-k match query over 40 SNPs take approximately 4.3s and 86.4{\mu}s, respectively, that outperforms the existing schemes