On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

Learning without recall in directed circles and rooted trees

This work investigates the case of a network of agents that attempt to learn some unknown state of the world amongst the finitely many possibilities. At each time step, agents all receive random, independently distributed private signals whose distributions are dependent on the unknown state of the world. However, it may be the case that some or any of the agents cannot distinguish between two or more of the possible states based only on their private observations, as when several states result in the same distribution of the private signals. In our model, the agents form some initial belief (probability distribution) about the unknown state and then refine their beliefs in accordance with their private observations, as well as the beliefs of their neighbors. An agent learns the unknown state when her belief converges to a point mass that is concentrated at the true state. A rational agent would use the Bayes' rule to incorporate her neighbors' beliefs and own private signals over time. While such repeated applications of the Bayes' rule in networks can become computationally intractable; in this paper, we show that in the canonical cases of directed star, circle or path networks and their combinations, one can derive a class of memoryless update rules that replicate that of a single Bayesian agent but replace the self beliefs with the beliefs of the neighbors. This way, one can realize an exponentially fast rate of learning similar to the case of Bayesian (fully rational) agents. The proposed rules are a special case of the Learning without Recall approach that we develop in a companion paper, and it has the advantage that while preserving essential features of the Bayesian inference, they are made tractable. In particular, the agents can rely on the observational abilities of their neighbors and their neighbors' neighbors etc. to learn the unknown state; even though they themselves cannot distinguish the truth

Distributed estimation and learning over heterogeneous networks

We consider several estimation and learning problems that networked agents face when making decisions given their uncertainty about an unknown variable. Our methods are designed to efficiently deal with heterogeneity in both size and quality of the observed data, as well as heterogeneity over time (intermittence). The goal of the studied aggregation schemes is to efficiently combine the observed data that is spread over time and across several network nodes, accounting for all the network heterogeneities. Moreover, we require no form of coordination beyond the local neighborhood of every network agent or sensor node. The three problems that we consider are (i) maximum likelihood estimation of the unknown given initial data sets, (ii) learning the true model parameter from streams of data that the agents receive intermittently over time, and (iii) minimum variance estimation of a complete sufficient statistic from several data points that the networked agents collect over time. In each case, we rely on an aggregation scheme to combine the observations of all agents; moreover, when the agents receive streams of data over time, we modify the update rules to accommodate the most recent observations. In every case, we demonstrate the efficiency of our algorithms by proving convergence to the globally efficient estimators given the observations of all agents. We supplement these results by investigating the rate of convergence and providing finite-time performance guarantees

Bayesian learning without recall

We analyze a model of learning and belief formation in networks in which agents follow Bayes rule yet they do not recall their history of past observations and cannot reason about how other agents' beliefs are formed. They do so by making rational inferences about their observations which include a sequence of independent and identically distributed private signals as well as the actions of their neighboring agents at each time. Successive applications of Bayes rule to the entire history of past observations lead to forebodingly complex inferences: due to lack of knowledge about the global network structure, and unavailability of private observations, as well as third party interactions preceding every decision. Such difficulties make Bayesian updating of beliefs an implausible mechanism for social learning. To address these complexities, we consider a Bayesian without Recall model of inference. On the one hand, this model provides a tractable framework for analyzing the behavior of rational agents in social networks. On the other hand, this model also provides a behavioral foundation for the variety of non-Bayesian update rules in the literature. We present the implications of various choices for the structure of the action space and utility functions for such agents and investigate the properties of learning, convergence, and consensus in special cases

Analytical and Numerical Evaluations of Flexible V-Band Rotman Lens Beamforming Network Performance for Conformal Wireless Subsystems

This paper presents the analytical design and numerical performance evaluation of novel V-band millimetre-wave (mm-wave) beamforming networks (BFNs), based on the Rotman lens array feeding concept. The devices are intended for operation in the unlicensed 60-GHz frequency band. The primary objective of this work is to study the feasibility of designing flexible V-band beamformers, based on liquid-crystal polymer (LCP) substrates. The planar Rotman lens device has been initially developed, and the output performances, in terms of the scattering parameters and accuracy, have been analysed. This is further continued with the detailed designs of the Rotman lens BFNs based on the four different proposed flexural cases, namely the concave-axial bending, the convex-axial bending, the concave-circumferential bending, and the convex-circumferential bending. Each of the flexures has been analysed, and the performance in terms of the surface currents and phase distributions, as the primary functionality indicators, has been presented. The presented flexible beamformers exhibit significant characteristics to be potentially employed as low-cost and efficient units of the mm-wave transceivers with the in-built electronic beam steering capabilities for the conformal wireless subsystems

A Tuned and Scalable Fast Multipole Method as a Preeminent Algorithm for Exascale Systems

Among the algorithms that are likely to play a major role in future exascale computing, the fast multipole method (FMM) appears as a rising star. Our previous recent work showed scaling of an FMM on GPU clusters, with problem sizes in the order of billions of unknowns. That work led to an extremely parallel FMM, scaling to thousands of GPUs or tens of thousands of CPUs. This paper reports on a a campaign of performance tuning and scalability studies using multi-core CPUs, on the Kraken supercomputer. All kernels in the FMM were parallelized using OpenMP, and a test using 10^7 particles randomly distributed in a cube showed 78% efficiency on 8 threads. Tuning of the particle-to-particle kernel using SIMD instructions resulted in 4x speed-up of the overall algorithm on single-core tests with 10^3 - 10^7 particles. Parallel scalability was studied in both strong and weak scaling. The strong scaling test used 10^8 particles and resulted in 93% parallel efficiency on 2048 processes for the non-SIMD code and 54% for the SIMD-optimized code (which was still 2x faster). The weak scaling test used 10^6 particles per process, and resulted in 72% efficiency on 32,768 processes, with the largest calculation taking about 40 seconds to evaluate more than 32 billion unknowns. This work builds up evidence for our view that FMM is poised to play a leading role in exascale computing, and we end the paper with a discussion of the features that make it a particularly favorable algorithm for the emerging heterogeneous and massively parallel architectural landscape

Digraphs with distinguishable dynamics under the multi-agent agreement protocol

This work studies the ability to distinguish digraphs from the output response of some observing agents in a multi-agent network under the agreement protocol. Given a fixed observation point, it is desired to find sufficient graphical conditions under which the failure of a set of edges in the network information flow digraph is distinguishable from another set. When the latter is empty, this corresponds to the detectability of the former link set given the response of the observing agent. In developing the results, a powerful extension of the all-minors matrix tree theorem in algebraic graph theory is proved which relates the minors of the transformed Laplacian of a directed graph to the number and length of the shortest paths between its vertices. The results reveal an intricate relationship between the ability to distinguish the responses of a healthy and a faulty multi-agent network and the inter-nodal paths in their information flow digraphs. The results have direct implications for the operation and design of multi-agent systems subject to multiple link losses. Simulations and examples are presented to illustrate the analytic findings

Assessing the Physical Activity of Health Volunteers Based on the Pender's Health Promotion Model

Abstract Aims: Physical inactivity has been identified as the 4th leading risk factor for global mortality causing an estimated of 3.2million deaths per year. This study aimed to assess the physical activity of health volunteers with Pender's Health Promotion Model. Instrument & Methods: This cross-sectional analytical study was performed on 80 health volunteers in Torbat-e-Jam City, Iran, in 2015. A researcher-made questionnaire with the following sections was used to gather data; perceived benefits, perceived barriers, self-efficacy, interpersonal influences, positive emotion, commitment, modeling and competing preferences. SPSS 16 sofware was used to analyze data by independent T, Pearson's correlation coefficient and linear regression tests. Findings: There was no significant difference between the scores according to educational levels, age groups, BMI score, marital status, habitat and experience as a health volunteer duration. Physical activity had positive correlation with perceived benefits, self-efficacy, commitment, positive emotion and situational influences and a negative correlation with perceived barriers. Situational influences, as the strongest predictor of the physical activity, predicted 35.1 of it and then positive emotions predicted 34.7 and self-efficacy predicted 23.4 of physical activity. Conclusion: The level of physical activity in health volunteers of Torbat-e-Jam City, Iran, is not appropriate and is less than moderate