PROVIDE: hiding from automated network scans with proofs of identity

Network scanners are a valuable tool for researchers and administrators, however they are also used by malicious actors to identify vulnerable hosts on a network. Upon the disclosure of a security vulnerability, scans are launched within hours. These opportunistic attackers enumerate blocks of IP addresses in hope of discovering an exploitable host. Fortunately, defensive measures such as port knocking protocols (PKPs) allow a service to remain stealth to unauthorized IP addresses. The service is revealed only when a client includes a special authentication token (AT) in the IP/TCP header. However this AT is generated from a secret shared between the clients/servers and distributed manually to each endpoint. As a result, these defense measures have failed to be widely adopted by other protocols such as HTTP/S due to challenges in distributing the shared secrets. In this paper we propose a scalable solution to this problem for services accessed by domain name. We make the following observation: automated network scanners access servers by IP address, while legitimate clients access the server by name. Therefore a service should only reveal itself to clients who know its name. Based on this principal, we have created a proof of the verifier’s identity (a.k.a. PROVIDE) protocol that allows a prover (legitimate user) to convince a verifier (service) that it is knowledgeable of the verifier’s identity. We present a PROVIDE implementation using a PKP and DNS (PKP+DNS) that uses DNS TXT records to distribute identification tokens (IDT) while DNS PTR records for the service’s domain name are prohibited to prevent reverse DNS lookups. Clients are modified to make an additional DNS TXT query to obtain the IDT which is used by the PKP to generate an AT. The inclusion of an AT in the packet header, generated from the DNS TXT query, is proof the client knows the service’s identity. We analyze the effectiveness of this mechanism with respect to brute force attempts for various strength ATs and discuss practical considerations.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798

Hyp3rArmor: reducing web application exposure to automated attacks

Web applications (webapps) are subjected constantly to automated, opportunistic attacks from autonomous robots (bots) engaged in reconnaissance to discover victims that may be vulnerable to specific exploits. This is a typical behavior found in botnet recruitment, worm propagation, largescale fingerprinting and vulnerability scanners. Most anti-bot techniques are deployed at the application layer, thus leaving the network stack of the webapp’s server exposed. In this paper we present a mechanism called Hyp3rArmor, that addresses this vulnerability by minimizing the webapp’s attack surface exposed to automated opportunistic attackers, for JavaScriptenabled web browser clients. Our solution uses port knocking to eliminate the webapp’s visible network footprint. Clients of the webapp are directed to a visible static web server to obtain JavaScript that authenticates the client to the webapp server (using port knocking) before making any requests to the webapp. Our implementation of Hyp3rArmor, which is compatible with all webapp architectures, has been deployed and used to defend single and multi-page websites on the Internet for 114 days. During this time period the static web server observed 964 attempted attacks that were deflected from the webapp, which was only accessed by authenticated clients. Our evaluation shows that in most cases client-side overheads were negligible and that server-side overheads were minimal. Hyp3rArmor is ideal for critical systems and legacy applications that must be accessible on the Internet. Additionally Hyp3rArmor is composable with other security tools, adding an additional layer to a defense in depth approach.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798

Cortical cells should fire regularly, but do not

When a typical nerve cell is injected with enough current, it fires a regular stream of action potentials. But cortical cells in vivo usually fire irregularly, reflecting synaptic input from presynaptic cells as well as intrinsic biophysical properties. We have applied the theory of stochastic processes to spike trains recorded from cortical neurons (Tuckwell 1989) and find a fundamental contradiction between the large interspike variability observed and the much lower values predicted by well-accepted biophysical models of single cells

Reinforcement Learning for UAV Attitude Control

Autopilot systems are typically composed of an "inner loop" providing stability and control, while an "outer loop" is responsible for mission-level objectives, e.g. way-point navigation. Autopilot systems for UAVs are predominately implemented using Proportional, Integral Derivative (PID) control systems, which have demonstrated exceptional performance in stable environments. However more sophisticated control is required to operate in unpredictable, and harsh environments. Intelligent flight control systems is an active area of research addressing limitations of PID control most recently through the use of reinforcement learning (RL) which has had success in other applications such as robotics. However previous work has focused primarily on using RL at the mission-level controller. In this work, we investigate the performance and accuracy of the inner control loop providing attitude control when using intelligent flight control systems trained with the state-of-the-art RL algorithms, Deep Deterministic Gradient Policy (DDGP), Trust Region Policy Optimization (TRPO) and Proximal Policy Optimization (PPO). To investigate these unknowns we first developed an open-source high-fidelity simulation environment to train a flight controller attitude control of a quadrotor through RL. We then use our environment to compare their performance to that of a PID controller to identify if using RL is appropriate in high-precision, time-critical flight control.Comment: 13 pages, 9 figure

Neutral and Cationic Bis-Chelate Monoorganosilicon(IV) Complexes of 1-Hydroxy-2-pyridinone

A series of spirocyclic monoorganosilicon compounds of the form RSi(OPO)2Cl [R = phenyl (1); p-tolyl (2); benzyl (3); Me (4); tBu (5); thexyl (6)] (OPO = 1-oxo-2-pyridinone) was synthesized and characterized by 1H , 13C, and 29Si NMR spectroscopy, X-ray crystallography, and elemental analysis. In the solid state, complexes 1, 2, and 3 are neutral and possess cis-OPO ligands in an octahedral arrangement, and complexes 4, 5, and 6 are cationic and possess effectively trans­-OPO ligands in nearly ideal square pyramidal geometries along the Berry-pseudorotation coordinate. In 4-6, chloride dissociation is attributed to the additive effect of multiple intermolecular C—H∙∙∙Cl interactions in their crystals. In DMSO-d6 solution, compounds 1-6 form cationic hexacoordinate DMSO adducts with trans-OPO ligands, all of which undergo dynamic isomerization with energy barriers of ~18-19 kcal/mol. Compounds with better leaving groups, (p-tolyl)Si(OPO)2X [X = I (7); X = triflate (8)], exhibit identical solution NMR spectra as 2, supporting anion dissociation in each. The fluoride derivatives RSi(OPO)2F [R = benzyl (9); Me (10)] exhibit hexacoordinate geometries with cis­-OPO ligands in the solid state and exhibit dynamic isomerization in solution. Overall, these studies indicate, in both the solid and solution states, that the trans-OPO ligand arrangement is favored when anions are dissociated and a cis­-OPO ligand arrangement when anions are coordinated

Flight controller synthesis via deep reinforcement learning

Traditional control methods are inadequate in many deployment settings involving autonomous control of Cyber-Physical Systems (CPS). In such settings, CPS controllers must operate and respond to unpredictable interactions, conditions, or failure modes. Dealing with such unpredictability requires the use of executive and cognitive control functions that allow for planning and reasoning. Motivated by the sport of drone racing, this dissertation addresses these concerns for state-of-the-art flight control by investigating the use of deep artificial neural networks to bring essential elements of higher-level cognition to bear on the design, implementation, deployment, and evaluation of low level (attitude) flight controllers. First, this thesis presents a feasibility analyses and results which confirm that neural networks, trained via reinforcement learning, are more accurate than traditional control methods used by commercial uncrewed aerial vehicles (UAVs) for attitude control. Second, armed with these results, this thesis reports on the development and release of an open source, full solution stack for building neuro-flight controllers. This stack consists of a tuning framework for implementing training environments (GymFC) and firmware for the world’s first neural network supported flight controller (Neuroflight). GymFC’s novel approach fuses together the digital twinning paradigm with flight control training to provide seamless transfer to hardware. Third, to transfer models synthesized by GymFC to hardware, this thesis reports on the toolchain that has been released for compiling neural networks into Neuroflight, which can be flashed to off-the-shelf microcontrollers. This toolchain includes detailed procedures for constructing a multicopter digital twin to allow the research and development community to synthesize flight controllers unique to their own aircraft. Finally, this thesis examines alternative reward system functions as well as changes to the software environment to bridge the gap between simulation and real world deployment environments. The design, evaluation, and experimental work summarized in this thesis demonstrates that deep reinforcement learning is able to be leveraged for the design and implementation of neural network controllers capable not only of maintaining stable flight, but also precision aerobatic maneuvers in real world settings. As such, this work provides a foundation for developing the next generation of flight control systems

Cost accounting in the soap industry

The cost accountant who undertakes to install a cost system in a soap manufacturing establishment will naturally encounter many difficulties peculiar to that business. This article deals with these difficulties. Since volumes have been written on the proper distribution of burden, it is not the intention in this article to suggest the proper method to be used in burden distribution in the soap industry. Therefore, where reference is made to any of the details of burden distribution in connection with the system outlined in this article, such references are only incidental, and it will be understood that the method best suited to all of the local conditions which obtain in any individual plant would be the method to use

Elucidating Mechanisms of Canonical Wnt - ephrin-B Crosstalk

Throughout development, canonical Wnt signaling contributes to the formation and maintenance of a wide array of cells, tissues, and organs. Dys-regulated Wnt signaling during embryonic development is implicated in developmental defects known as neurochristopathies, including craniofacial and heart defects, as well as defects in neural development. Due to its roles in stem cell maintenance and self-renewal, tissue homeostasis, and regeneration, aberrant Wnt signaling in adult tissues can result in various forms of cancer, including colorectal cancer, breast cancer, lung cancer, and gastro-intestinal cancer, among others. Dys-regulated Wnt signaling is also implicated in other pathologies including bone disease, and metabolic diseases, such as Type II diabetes. Our lab has previously identified a novel crosstalk between canonical Wnt signaling and ephrin signaling. Ephrin signaling occurs through the interaction of ephrin ligands and Eph receptor tyrosine kinases, and is bidirectional. Due to the roles of ephrin signaling in tissue development and maintenance, aberrant ephrin signaling is implicated in many diseases including bone remodeling diseases, diabetes, and cancer. The molecular mechanism of the crosstalk between canonical Wnt signaling and ephrin-B signaling remains unknown. beta-catenin is a key intracellular effector of canonical Wnt signaling that transduces the signal to the nucleus, where beta-catenin interacts with the TCF/LEF transcription factors and activates transcription of target genes. Due to its central role in transducing the canonical Wnt signal to the nucleus, we predict that ephrin-B signaling antagonizes canonical Wnt signaling by affecting the stability and/or sub-cellular localization of beta-catenin, or the interaction between beta-catenin and TCF/LEF transcription factors. By employing mouse ephrin-B constructs in human cell lines, we show that the canonical Wnt - ephrin-B crosstalk is conserved between frogs and mammals. We also found that ephrin-B antagonism of canonical Wnt signaling is likely independent of ubiquitin proteasome system (UPS)-mediated degradation of beta-catenin. Furthermore, confocal immunofluorescence microscopy revealed that overexpression of ephrin-B in HEK293T cells treated with lithium chloride (LiCl) seems to promote membrane localization of beta-catenin, particularly at the apical Z sections. These results suggests that re-localization of beta-catenin to the cell membrane may contribute to the ephrin-B antagonism of canonical Wnt signaling