Smashing the Stack with Hydra: The Many Heads of Advanced Polymorphic Shellcode

Recent work on the analysis of polymorphic shellcode engines suggests that modern obfuscation methods would soon eliminate the usefulness of signature-based network intrusion detection methods and supports growing views that the new generation of shellcode cannot be accurately and efficiently represented by the string signatures which current IDS and AV scanners rely upon. In this paper, we expand on this area of study by demonstrating never before seen concepts in advanced shellcode polymorphism with a proof-of-concept engine which we call Hydra. Hydra distinguishes itself by integrating an array of obfuscation techniques, such as recursive NOP sleds and multi-layer ciphering into one system while offering multiple improvements upon existing strategies. We also introduce never before seen attack methods such as byte-splicing statistical mimicry, safe-returns with forking shellcode and syscall-time-locking. In total, Hydra simultaneously attacks signature, statistical, disassembly, behavioral and emulation-based sensors, as well as frustrates offline forensics. This engine was developed to present an updated view of the frontier of modern polymorphic shellcode and provide an effective tool for evaluation of IDS systems, Cyber test ranges and other related security technologies

Markov Models for Network-Behavior Modeling and Anonymization

Modern network security research has demonstrated a clear need for open sharing of traffic datasets between organizations, a need that has so far been superseded by the challenge of removing sensitive content beforehand. Network Data Anonymization (NDA) is emerging as a field dedicated to this problem, with its main direction focusing on removal of identifiable artifacts that might pierce privacy, such as usernames and IP addresses. However, recent research has demonstrated that more subtle statistical artifacts, also present, may yield fingerprints that are just as differentiable as the former. This result highlights certain shortcomings in current anonymization frameworks -- particularly, ignoring the behavioral idiosyncrasies of network protocols, applications, and users. Recent anonymization results have shown that the extent to which utility and privacy can be obtained is mainly a function of the information in the data that one is aware and not aware of. This paper leverages the predictability of network behavior in our favor to augment existing frameworks through a new machine-learning-driven anonymization technique. Our approach uses the substitution of individual identities with group identities where members are divided based on behavioral similarities, essentially providing anonymity-by-crowds in a statistical mix-net. We derive time-series models for network traffic behavior which quantifiably models the discriminative features of network "behavior" and introduce a kernel-based framework for anonymity which fits together naturally with network-data modeling

On the Infeasibility of Modeling Polymorphic Shellcode

Polymorphic malcode remains a troubling threat. The ability formal code to automatically transform into semantically equivalent variants frustrates attempts to rapidly construct a single, simple, easily verifiable representation. We present a quantitative analysis of the strengths and limitations of shellcode polymorphism and consider its impact on current intrusion detection practice. We focus on the nature of shellcode decoding routines. The empirical evidence we gather helps show that modeling the class of self-modifying code is likely intractable by known methods, including both statistical constructs and string signatures. In addition, we develop and present measures that provide insight into the capabilities, strengths, and weaknesses of polymorphic engines. In order to explore countermeasures to future polymorphic threats, we show how to improve polymorphic techniques and create a proof-of-concept engine expressing these improvements. Our results indicate that the class of polymorphic behavior is too greatly spread and varied to model effectively. Our analysis also supplies a novel way to understand the limitations of current signature-based techniques. We conclude that modeling normal content is ultimately a more promising defense mechanism than modeling malicious or abnormal content

Impacts of Drought on Maize and Soybean Production in Northeast China During the Past Five Decades.

Climate change has a distinct impact on agriculture in China, particularly in the northeast, a key agriculture area sensitive to extreme hydroclimate events. Using monthly climate and agriculture data, the influence of drought on maize and soybean yields-two of the main crops in the region-in northeast China since 1961 to 2017 were investigated. The results showed that the temperature in the growing season increased by 1.0 °C from the period 1998-2017 to the period 1961-1980, while the annual precipitation decreased slightly. However, precipitation trends varied throughout the growing season (May-September), increasing slightly in May and June, but decreasing in July, August and September, associated with the weakening of the East Asian summer monsoon. Consequently, the annual and growing season drought frequency increased by 15%, and 25%, respectively, in the period 1998-2017 relative to the period 1961-1980. The highest drought frequency (55%) was observed in September. At the same time, the drought intensity during the growing season increased by 7.8%. The increasing frequency and intensity of drought had negative influences on the two crops. During moderate drought years in the period 1961-2017, 3.2% and 10.4% of the provincial maize and soybean yields were lost, respectively. However, during more severe drought years, losses doubled for soybean (21.8%), but increased more than four-fold for maize (14.0%). Moreover, in comparison to the period 1961-1980, a higher proportion of the yields were lost in the period 1998-2017, particularly for maize, which increased by 15% (increase for soybean was 2.4%). This change largely depends on increasing droughts in August and September, when both crops are in their filling stages. The impact of drought on maize and soybean production was different during different growth stages, where a strong relationship was noted between drought and yield loss of soybean in its filling stage. Given the sensitivity of maize and soybean yields in northeast China to drought, and the observed production trends, climate change will likely have significant negative impacts on productivity in the future

PHD-GIFs: Personalized Highlight Detection for Automatic GIF Creation

Highlight detection models are typically trained to identify cues that make visual content appealing or interesting for the general public, with the objective of reducing a video to such moments. However, the "interestingness" of a video segment or image is subjective. Thus, such highlight models provide results of limited relevance for the individual user. On the other hand, training one model per user is inefficient and requires large amounts of personal information which is typically not available. To overcome these limitations, we present a global ranking model which conditions on each particular user's interests. Rather than training one model per user, our model is personalized via its inputs, which allows it to effectively adapt its predictions, given only a few user-specific examples. To train this model, we create a large-scale dataset of users and the GIFs they created, giving us an accurate indication of their interests. Our experiments show that using the user history substantially improves the prediction accuracy. On our test set of 850 videos, our model improves the recall by 8% with respect to generic highlight detectors. Furthermore, our method proves more precise than the user-agnostic baselines even with just one person-specific example.Comment: Accepted for publication at the 2018 ACM Multimedia Conference (MM '18

Small anisotropy of the lower critical field and s±s_\pm-wave two-gap feature in single crystal LiFeAs

The in- and out-of-plane lower critical fields and magnetic penetration depths for LiFeAs were examined. The anisotropy ratio $\gamma_{H_{c1}}(0)$ is smaller than the expected theoretical value, and increased slightly with increasing temperature from 0.6$T_c$ to $T_c$. This small degree of anisotropy was numerically confirmed by considering electron correlation effect. The temperature dependence of the penetration depths followed a power law($\sim$$T^n$) below 0.3$T_c$, with $n$$>$3.5 for both $\lambda_{ab}$ and $\lambda_c$. Based on theoretical studies of iron-based superconductors, these results suggest that the superconductivity of LiFeAs can be represented by an extended $s_\pm$-wave due to weak impurity scattering effect. And the magnitudes of the two gaps were also evaluted by fitting the superfluid density for both the in- and out-of-plane to the two-gap model. The estimated values for the two gaps are consistent with the results of angle resolved photoemission spectroscopy and specific heat experiments.Comment: 10 pages, 5 figure

Erratum: Author Correction: Midbrain Circuit Regulation of Individual Alcohol Drinking Behaviors in Mice (Nature Communications (2017) 8 1 (2220))

The original version of this Article contained an error in the spelling of the author Scott Edwards, which was incorrectly given as Scott Edward. This has now been corrected in both the PDF and HTML versions of the Article

Strong optical response and light emission from a monolayer molecular crystal

Excitons in two-dimensional (2D) materials are tightly bound and exhibit rich physics. So far, the optical excitations in 2D semiconductors are dominated by Wannier-Mott excitons, but molecular systems can host Frenkel excitons (FE) with unique properties. Here, we report a strong optical response in a class of monolayer molecular J-aggregates. The exciton exhibits giant oscillator strength and absorption (over 30% for monolayer) at resonance, as well as photoluminescence quantum yield in the range of 60-100%. We observe evidence of superradiance (including increased oscillator strength, bathochromic shift, reduced linewidth and lifetime) at room-temperature and more progressively towards low temperature. These unique properties only exist in monolayer owing to the large unscreened dipole interactions and suppression of charge-transfer processes. Finally, we demonstrate light-emitting devices with the monolayer J-aggregate. The intrinsic device speed could be beyond 30 GHz, which is promising for next-generation ultrafast on-chip optical communications

Midbrain circuit regulation of individual alcohol drinking behaviors in mice

Alcohol-use disorder (AUD) is the most prevalent substance-use disorder worldwide. There is substantial individual variability in alcohol drinking behaviors in the population, the neural circuit mechanisms of which remain elusive. Utilizing in vivo electrophysiological techniques, we find that low alcohol drinking (LAD) mice have dramatically higher ventral tegmental area (VTA) dopamine neuron firing and burst activity. Unexpectedly, VTA dopamine neuron activity in high alcohol drinking (HAD) mice does not differ from alcohol naive mice. Optogenetically enhancing VTA dopamine neuron burst activity in HAD mice decreases alcohol drinking behaviors. Circuit-specific recordings reveal that spontaneous activity of nucleus accumbens-projecting VTA (VTA-NAc) neurons is selectively higher in LAD mice. Specifically activating this projection is sufficient to reduce alcohol consumption in HAD mice. Furthermore, we uncover ionic and cellular mechanisms that suggest unique neuroadaptations between the alcohol drinking groups. Together, these data identify a neural circuit responsible for individual alcohol drinking behaviors